Setting up SSL/TLS on multiple IP addresses can be tricky and confusing.
You must bind each port to EACH IP ADDRESS, giving the corresponding port for each different IP addresses a unique name.
If the IP addresses are natted, then you must have them mapped to STATIC, PUBLIC IP addresses.
Additionally, you must map a fully qualified domain name to each PUBLIC IP address, with at least one of them mapping to the FQDN of the SmarterMail server.
I would also consider moving to SmarterMail 14.1, as SmarterMail 11.X is considered "legacy," and, technically, no longer supported.
SmarterMail 14.1 also brings TLS 1.2 support for SmarterMail, which is NOT available in any of the earlier versions.
Remember, SSL 3.0 is enabled, by default, in all installations of Server 2008 and Server 2012, and must be patched to disable SSL 3.0 and enable TLS 1.1 and TLS 1.2. See:
for more information. If you like, I can send you two mergable, .REG files which can be merged with your registry to bring everything into compliance and enable all of the require ciphers and protocols. Contact me off list, via https://portal.chicagonettech.com
, if you are interested.
Finally, remember that you need to run registry patches to DISABLE ALL SSL and ENABLE TLS, if you haven't already done so. All SSL, SSL 1.0, SSL 2.0, and SSL 3.0 have been depreciated and, if you accept credit cards on any web service with SSL enabled after 1 October, 2015, your credit card account will be SUSPENDED on all devices until you are compliant.
With regard to your question about SSL certificate bindings: your SSL certificates needing to be bound to EACH of the IP addresses you are mapping the SmarterMail ports to in IIS, the answer is YES, the WILDCARD SSL Certificate needs to be bound to EACH of the IP addresses you will be working with in IIS - on PORT 443. You will also have to bind port 80 to the IP address, but can enforce secure connections - which is done differently depending on the version of IIS you are using and the application and coding used for the application.
It's also a good idea to setup separate .NET workspaces for EACH IP address, according the specifications set forth by SmarterMail's setup procedure for mapping SmarterMail to IIS.
Finally, remember that you will have to also setup rDNS for EACH of the PUBLIC IP addresses you are using with SmarterMail. Failure to setup rDNS on each of the addresses WILL result in your e-mail being non-deliverable to many ISPs as the validation of rDNS is now a major part of antispam measures and there is even an RBL to validate rDNS mappings which is now part of the antispam document I publish at:
Phonr: (773) 491-9019
Phone: (224) 444-0169
E-Mail and DNS Security Specialist
Network Security Specialist
Customer Service Portal: https://portal.chicagonettech.com
Security Blog: http://networkbastion.blogspot.com/
Web and E-Mail Hosting, E-Mail Security and Consulting