2
presale question
Question asked by xabaras - 3/31/2021 at 9:25 AM
Unanswered
I am evaluating your product for a server that will have 1500 users and several domains
I have a server with 2000 users with another server but I want to evaluate alternatives

I have installed the free version and there are some things that I cannot understand even looking in the online documentation
1) how to set the server to accept only tls and ssl connections

your queried server responds correctly and also indicates starttls

220 mail.smartertools.com
EHLO SABATINO
250-mail.smartertools.com Hello [87.27.243.80]
250-SIZE
250-AUTH LOGIN CRAM-MD5
250-STARTTLS
250-8BITMIME
250-DSN
250 OK

my test server smtpmail.xxx.xx

220 smtpmailgenial
EHLO xabaras
250-smtpxxxx Hello [xx.xx.xx.xx]
250-SIZE
250-AUTH CRAM-MD5
250-8BITMIME
250-DSN
250 OK


I can't find the option to enable it

Another thing that I do not understand if it can be done

smtp pop services etc. in white label also when it concerns the ssl certificate

or
configure a mail.domain.xxx domain with customer SSL and make sure that this domain and its ssl are used for that customer via Server Name Indication (SNI).

5 Replies

Reply to Thread
0
xabaras Replied
Ok,
regarding TLS i solved
0
Kyle Kerst Replied
Employee Post
To set up your server with a single certificate which covers all of your customer domains you can use the following linked procedure or obtain a UCC wildcard certificate: 


As to configuring so that TLS is used during send operations, this option is found within Settings>Protocols>SMTP Out. I hope this helps!
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
xabaras Replied
Forgive me but I only partially agree

Ok for the sending operations, and I had already done it.
But also for client operations

In fact, as by the way you specify yourself here
https://portal.smartertools.com/kb/a2671/configure-ssl-tls-to-secure-smartermail.aspx


set of port mappings for 25 (TLS), 110 (TLS), 143 (TLS), 465 (SSL), 993 (SSL), 995 (SSL)


Then setting the standard ports 25 110 143 with the tls (which does not become mandatory but supported)

in fact also on your mailserver

openssl s_client -starttls smtp -crlf -connect mail.smartertools.com:25
openssl s_client -starttls pop3 -crlf -connect mail.smartertools.com:110
openssl s_client -starttls imap -crlf -connect mail.smartertools.com:143

notice how it accepts the tls protocol

From the documentation found on your site and on the community too often it seems that it is not recommended to configure ports 25 110 143 with tls (but maybe I have misunderstood me)
0
Sébastien Riccio Replied
The port configuration stuff is a bit misleading.

You should configure 25/110/143/587 as TLS ports (explicit SSL) (they also act as clear text ports), and ports 465/993/995 as SSL (implicit SSL).


Here is how we do it (please ignore port 26 that we use for some internal stuff and XMPP that we don't use)

Hope it will help.
Sébastien Riccio
System & Network Admin

0
xabaras Replied
yes, in fact, I had already done this type of configuration

However, I believe that this post will be useful to many

Reply to Thread