Re: SSL/TLS Setup - SM 13.x
Question asked by Hemen Shah - January 1, 2015 at 6:38 AM
Unanswered
Hi,
 
I am trying to configure SSL/TLS on my mail server running SM 13.x
 
1) I have procured SSL cert
2) Running SM on IIS 7.0 and SSL cert is installed, able to test the same via https host
3) Have added new required TLS/SSL ports in SM server settings
4) IP is binded to these new ports
 
Questions:
1) To begin with i just want to use SSL/TLS for few domains before forcing all users to change their client settings
hence scenario will be some users/domains using SSL/TLS and some not, here my server should support both ways
So while binding IP to new ports, if i select TLS ports will it affect normal domains (i assume YES)
 
2) I tried keeping current ports selected with new selection of only SSL ports (465,993,995)
 
3) When i tried my Outlook client listen to outgoing port 465 and imap 993 (SSL) its failing and not giving success.
 
So is it required to bind the IP to new TLS ports as well inorder for this to work and have to force all users to change their client settings ?
 
Pls advice.
 
Thanks

7 Replies

Reply to Thread
0
Hemen Shah Replied
Requesting experienced users to help..
0
Bruce Barnes Replied
Check out my KB article on configuring SmarterMail's SSL/TLS ports at:
 
 
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Hemen Shah Replied
Hi Bruce,
 
thanks but have already gone through the same but still has confusion, I need to know can I keep both ways wherein customer can use ssl or without ssl for this when we bind the IP address it only allows to select port 25 or TLS port 25 so how should I do this..
 
tks
0
Bruce Barnes Replied
The answer is YES. Following the instructions in the guide will maintain that capability, AND will give your SmarterMail server TLS capability with other MX servers which support TLS, but both other servers, and hosted accounts, will still have non-encrypted capabilities. Finally, remember that SSL, versions 1.0, 1.1, and 1.2 have been depreciated, and are no longer supported or considered safe.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Hemen Shah Replied
Hi,
 
I have selected TLS ports in bindings and I see that I am able to connect from outlook in both the ways with TLS or without TLS, but when I tested the same from iphone with SSL port its failing so I did the test by sending mail to unlocktheinbox and in result it says Unable to establish connection for all SSL ports...what could be the reason here..
 
Thanks    
0
Steve Reid Replied
Check your firewall, or port and IP assignment within Smartermail
0
Linda Collins Replied
Also be advised. SSL does not work when using the Outgoing Gateway port 465. There is no binding to the certificate.This is a bug in Smartmail

Reply to Thread