Thanks alot. Is any certificates needed, or?

Do you know what is needed here? Today we are using POP3/IMAP and SMTP as normal.

Your config looks good already. You just need to make sure that under "Server Protocols", TLS 1.2 is enabled. 

Then in SmarterMail, go to Admin > Settings > Protocols and make sure the options marked in yellow are enabled:

Then it should work, assuming that you already had certificates installed for your SMTP ports (25/587/465).

I havent created/installed any certificates for SMTP. Currently, we are running 25,465,587 as normal without encryption.

Hi Knud,

SSL/TLS does not work without a SSL certificate (and you need a publicly trusted certificate, not a self-signed one). So before you can do anything in this respect, you will need to purchase the SSL certificate for your server. Or you can try with Let`s Encrypt - but I do not know if they are trusted by all major players on the Internet.

Thanks..

But, what if our customers is using SMTP server in Outlook example: mail.domain.com and mail.domain1.com ? How to solve that? Need to buy certificates for all domains, or?

If you look at the logs for Lets Encrypt there is a powerShell way of doing it for all. We haven't gone that route. Instead we have one TLS/SSL certificate on our primary domain. That is what we give out to everyone to use. They are welcome to use their mail.whatever.com but we don't do SSL on that one. We only do it on the one. 

Arh okay. Thanks.

The only thing i want TLS 1.2 on, is when example the bank is sending an email to one of our customers, it cant be deleveried because we dont support TLS 1.2 incoming..

"But, what if our customers is using SMTP server in Outlook example: mail.domain.com and mail.domain1.com ? How to solve that? Need to buy certificates for all domains, or? "

If purchasing a certificate you would purchase a UCC cert, multi domain cert or a certificate that provides sans.

This could get quite costly.

Lets encrypt does allow limited SANS, so this could work provided that your domain count doesnt exceed the limit.

Alternatively, setup SSL / TLS on your primary host name and tell your clients to move over to that fqdn for their incoming and outgoing mail application settings.

My last suggestion is the best suggestion for environments that host more than 100 mail domains.

Thanks. Then i have another question, for the banking, which is sending mails to our customers. 

They say, the mails cant be dileveried, because our server doesnt support TLS 1.2 (incomming from outside).

Incoming emails will be delivered on port 25, so you'll just need to make sure that you have an SSL-certificate installed on that port in order for TLS 1.2 to work.

You mentioned that your customers use different SMTP servers in their clients (e.g. mail.domain.com, mail.domain1.com, etc.). For MX-records on your customers' domains, if you're not doing so yet, I highly recommend using a single MX-domain for all your customers, like someone else suggested in your topic from 2017. That makes security and maintanance a lot easier, as you just have to manage 1 certificate for all customers. It would also enable all your customers at once to receive emails with TLS 1.2, making your email traffic a lot more secure.

Would look like this: