Back to Community Threads
2
SmarterMail 16.x SSL not working in Mail section
Problem reported by webmaster - 8/13/2018 at 1:49 PM
Submitted
Just upgraded to SmarterMail 16.x. Added code to the web.config file to force SSL to the webmail application as was done in previous versions. When logging in, SSL in forced and works well. When impersonating a domain user, SSL if forced and works well ... sort of ... when viewing any section that IS NOT the email section. As soon as I navigate to the Email section, SSL is disabled (green lock disappears). If I copy the URL from the browser address bar and paste into notepad, the https prefix is present so that means SSL is runing but the page is loading insecure content. The insecure content is not from email messages, its somewhere in the UI. 

7 Replies

Reply to Thread
0
Employee Replied
8/14/2018 at 8:07 AM
Employee Post
Thanks for reaching out! In SmarterMail 16.x, we introduced a new feature for forcing SSL. In each domain's configuration, you'll find a setting on the Security card for "Force all traffic over HTTPS". Please follow the steps in the article below, and let me know if this help to resolve the issue:
0
webmaster Replied
8/14/2018 at 9:26 AM
Andrea, Thank you for your response but it does not address the issue. The issue isn't that SSL is not being enforced, its that the email section is calling on insecure content which breaks the security. I'd post a screenshot but I can't do that here.
0
Kevin McNally Replied
9/7/2018 at 7:44 AM
I am also experiencing this issue when I view an email the SSL Certificate says the site is not secure.

The SSL works fine everywhere else in the Webmail Interface as well as the Admin Area. It only becomes an issue when I go to view an email.

I do have the Force SSL enabled, just FYI.

Are there any updates on this?
0
Matt Petty Replied
9/7/2018 at 11:39 AM
Employee Post
The reason for this is likely because the browser is having to sometimes load non-secure content in emails from external sources such as images. The website is still running over a secure connection. This is a tough challenge to tackle as in order to maintain this green lock or secure messages, we'd need to block external content that is loaded unsecurely, like images in an email. There are ways of maybe proxying images through the SmarterMail connection but this could increase bandwidth and load since now your server (not the client) would have to fetch and cache, then re-serve the images from itself replacing the links in the email.

Not saying this couldn't be done, it's just very challenging and is not something that we have yet figured out.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
Kevin McNally Replied
9/7/2018 at 12:41 PM
Hi Matt,

Thank you for the explanation.

Kevin
0
Paul Blank Replied
9/7/2018 at 12:46 PM
We are only up to SM v15, but I block all non-SSL traffic (besides port 25*) at the firewall (Sonicwall), keeping ports 80, 110, 143, and 587 closed to the outside world, so SSL is effectively forced, using ports 443, 465, 993, and 995. I'm not using TLS. My installed certificates for SM's protocols are x509, as exported from the installed IIS certs.
 
Folks going to [webmail.mydomain.com] are redirected to https://[email.mydomain.com] by zone file settings.
 
It all seems to be working pretty well.
 
Am I missing something?
 
*We filter inbound 25 at the firewall to only accept mail from the IP ranges of our smarthosts, Microsoft EOP and Symantec Email Security.cloud. Outgoing email is relayed through those hosts only, depending upon domain. 
0
Vick Bhugun Replied
10/19/2019 at 2:59 AM
is there any update on solution for issue where it says not secure with certain webmail email images ?

as mentioned above by Matt it looks like gmail uses proxy to tackle this... code when this picture is on gmail is a google proxy one vs the original that shows when inspecting the image in smartermail webmail
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Configure eM Client for MAPI & EWSSmarterMail > Desktop and Mobile Synchronization
Set up eM Client for XMPP chatSmarterMail > Desktop and Mobile Synchronization
Configure CardDAV and CalDAV for eM ClientSmarterMail > Desktop and Mobile Synchronization