Back to Community Threads
2
presale question
Question asked by Sabatino - 3/31/2021 at 9:25 AM
Unanswered
I am evaluating your product for a server that will have 1500 users and several domains
I have a server with 2000 users with another server but I want to evaluate alternatives

I have installed the free version and there are some things that I cannot understand even looking in the online documentation
1) how to set the server to accept only tls and ssl connections

your queried server responds correctly and also indicates starttls

220 mail.smartertools.com
EHLO SABATINO
250-mail.smartertools.com Hello [87.27.243.80]
250-SIZE
250-AUTH LOGIN CRAM-MD5
250-STARTTLS
250-8BITMIME
250-DSN
250 OK

my test server smtpmail.xxx.xx

220 smtpmailgenial
EHLO xabaras
250-smtpxxxx Hello [xx.xx.xx.xx]
250-SIZE
250-AUTH CRAM-MD5
250-8BITMIME
250-DSN
250 OK


I can't find the option to enable it

Another thing that I do not understand if it can be done

smtp pop services etc. in white label also when it concerns the ssl certificate

or
configure a mail.domain.xxx domain with customer SSL and make sure that this domain and its ssl are used for that customer via Server Name Indication (SNI).
Sabatino Traini
      Chief Information Officer
Genial s.r.l. 
Martinsicuro - Italy

5 Replies

Reply to Thread
0
Sabatino Replied
3/31/2021 at 9:38 AM
Ok,
regarding TLS i solved
Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy
0
Kyle Kerst Replied
3/31/2021 at 10:58 AM
Employee Post
To set up your server with a single certificate which covers all of your customer domains you can use the following linked procedure or obtain a UCC wildcard certificate: 


As to configuring so that TLS is used during send operations, this option is found within Settings>Protocols>SMTP Out. I hope this helps!
Kyle Kerst Acting IT Manager SmarterTools Inc. www.smartertools.com
0
Sabatino Replied
4/1/2021 at 3:25 AM
Forgive me but I only partially agree

Ok for the sending operations, and I had already done it.
But also for client operations

In fact, as by the way you specify yourself here
https://portal.smartertools.com/kb/a2671/configure-ssl-tls-to-secure-smartermail.aspx


set of port mappings for 25 (TLS), 110 (TLS), 143 (TLS), 465 (SSL), 993 (SSL), 995 (SSL)


Then setting the standard ports 25 110 143 with the tls (which does not become mandatory but supported)

in fact also on your mailserver

openssl s_client -starttls smtp -crlf -connect mail.smartertools.com:25
openssl s_client -starttls pop3 -crlf -connect mail.smartertools.com:110
openssl s_client -starttls imap -crlf -connect mail.smartertools.com:143

notice how it accepts the tls protocol

From the documentation found on your site and on the community too often it seems that it is not recommended to configure ports 25 110 143 with tls (but maybe I have misunderstood me)
Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy
0
Sébastien Riccio Replied
4/1/2021 at 12:28 PM
The port configuration stuff is a bit misleading.

You should configure 25/110/143/587 as TLS ports (explicit SSL) (they also act as clear text ports), and ports 465/993/995 as SSL (implicit SSL).


Here is how we do it (please ignore port 26 that we use for some internal stuff and XMPP that we don't use)

Hope it will help.
Sébastien Riccio System & Network Admin https://swisscenter.com
0
Sabatino Replied
4/2/2021 at 2:22 AM
yes, in fact, I had already done this type of configuration

However, I believe that this post will be useful to many
Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy
Back to Community Threads

Reply to Thread

Enter the verification text

Related Knowledge Base Articles

Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Maintenance and Support - Renewal / ReinstatementGeneral Topics
Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
SmarterMail and ColdFusion IssuesSmarterMail > Troubleshooting
SmarterMail HIPAA/FINRA/SOX ComplianceGeneral Topics