SmarterMail 16.x SSL not working in Mail section
Problem reported by webmaster - August 13 at 1:49 PM
Submitted
Just upgraded to SmarterMail 16.x. Added code to the web.config file to force SSL to the webmail application as was done in previous versions. When logging in, SSL in forced and works well. When impersonating a domain user, SSL if forced and works well ... sort of ... when viewing any section that IS NOT the email section. As soon as I navigate to the Email section, SSL is disabled (green lock disappears). If I copy the URL from the browser address bar and paste into notepad, the https prefix is present so that means SSL is runing but the page is loading insecure content. The insecure content is not from email messages, its somewhere in the UI. 

6 Replies

Reply to Thread
0
Andrea Rogers Replied
Employee Post
Thanks for reaching out! In SmarterMail 16.x, we introduced a new feature for forcing SSL. In each domain's configuration, you'll find a setting on the Security card for "Force all traffic over HTTPS". Please follow the steps in the article below, and let me know if this help to resolve the issue:

Andrea Rogers
Communications Specialist
SmarterTools Inc.
(877) 357-6278

www.smartertools.com

0
webmaster Replied
Andrea, Thank you for your response but it does not address the issue. The issue isn't that SSL is not being enforced, its that the email section is calling on insecure content which breaks the security. I'd post a screenshot but I can't do that here.
0
Kevin McNally Replied
I am also experiencing this issue when I view an email the SSL Certificate says the site is not secure.

The SSL works fine everywhere else in the Webmail Interface as well as the Admin Area. It only becomes an issue when I go to view an email.

I do have the Force SSL enabled, just FYI.

Are there any updates on this?

Kevin McNally
Interactive Palette, Inc.
0
Matt Petty Replied
Employee Post
The reason for this is likely because the browser is having to sometimes load non-secure content in emails from external sources such as images. The website is still running over a secure connection. This is a tough challenge to tackle as in order to maintain this green lock or secure messages, we'd need to block external content that is loaded unsecurely, like images in an email. There are ways of maybe proxying images through the SmarterMail connection but this could increase bandwidth and load since now your server (not the client) would have to fetch and cache, then re-serve the images from itself replacing the links in the email.

Not saying this couldn't be done, it's just very challenging and is not something that we have yet figured out.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Kevin McNally Replied
Hi Matt,

Thank you for the explanation.

Kevin
Kevin McNally
Interactive Palette, Inc.
0
Paul Blank Replied
We are only up to SM v15, but I block all non-SSL traffic (besides port 25*) at the firewall (Sonicwall), keeping ports 80, 110, 143, and 587 closed to the outside world, so SSL is effectively forced, using ports 443, 465, 993, and 995. I'm not using TLS. My installed certificates for SM's protocols are x509, as exported from the installed IIS certs.
 
Folks going to [webmail.mydomain.com] are redirected to https://[email.mydomain.com] by zone file settings.
 
It all seems to be working pretty well.
 
Am I missing something?
 
*We filter inbound 25 at the firewall to only accept mail from the IP ranges of our smarthosts, Microsoft EOP and Symantec Email Security.cloud. Outgoing email is relayed through those hosts only, depending upon domain. 

Reply to Thread