1
Question About New Installation (IIS-Related)
Question asked by Nick DelMedico - September 11, 2015 at 5:38 PM
Answered
I'm currently in the planning stages of a migration to SmarterMail. I'll be using IIS and, even though I can find information on using IIS after installation (a2814 -- not allowed to post links), I'd rather not install SmarterMail's web server at all. Is there an option during install to specify an existing IIS site to use (or an option to create one) or will I have to install SmarterMail's server and then change the configuration after installation is complete?
 
If I can do it during installation, does it matter if I setup the site in IIS first (before starting the install)?

1 Reply

Reply to Thread
2
Bruce Barnes Replied
September 11, 2015 at 8:59 PM
Run the EXE installer and then disable the SmarterMail IIS server in Windows services.
 
There used to be an option to do a "manual" installation, but, with the requirement of .NET 4.5 and Windows C++ Redistributables (both 32 and 64 bit) that option is no longer available.
 
So, the best option is now to run the full installer, configure your IIS, and then disable the SmarterMail webserver, via the Windows server services. 
 
The only issue you will encounter is when you update with major version updates when you have to do a complete uninstall of the old version, reboot the server, and then install the new version.
 
When doing minor version upgrades, be certain to STOP the SmarterMail service, STOP IIS, and then do the minor version upgrade.  The SmarterMail service will auto-restart as the minor version upgrade is installed and you will only have to restart the IIS services.
 
While I probably don't have to tell you this, based on the fact that you referenced A2814, but you should make certain you have disabled SSL 1.0, SSL 2.0, and SSL 3.0 and updated both the CIPHERS and keys to enable TLS 1.1 and TLS 1.2.

You might want to enable TLS 1.0, but, if the A2814 protocol mandates that it's disabled, you will  have to disable it.  Disabling TLS 1.0 will also disable all Android devices with Android 4.4 and below. 

I have a knowledge base article, along with some detailed instructions, and the information to construct the .REG merge files regarding the CIPHERS and SECURITY PROVIDERS at:


https://portal.chicagonettech.com/kb/c20/mailserver-security.aspx
 
If you would prefer to have the actual .REG merge files sent to you, please contact me off list and we can make that arrangement.

The files are simply merged with your existing registry and then you reboot the server and you will test at an A rating at
https://www.ssllabs.com/ssltest/index.html
 
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread