Secure Protocols and Bindings
Problem reported by Harland Adelaars - 5/2/2024 at 2:40 AM
When I inspect the bindings in the configuration, I notice that nothing is automatically enabled for secure connections. POP, IMAP, and SMTP are only available on the default ports without TLS or SSL.

Why isn't secure email configured by default upon installation? It's a necessity in today's digital landscape.

Additionally, when adding ports, we're required to manually select a certificate. Why isn't this process automated based on the connections made? SmarterMail already has access to information about created certificates, so it should utilize that data.

For example, if I connect to mail.domain1.com, it should automatically use the corresponding certificate, and the same principle should apply to other domain names.

2 Replies

Reply to Thread
Patrick Jeski Replied
You can edit each port and select SSL or TLS, the port number will change automatically if applicable.

If the client uses SNI, the correct cert should be chosen automatically. If the client doesn't use SNI, the cert you manually configured is the backup.
Kyle Kerst Replied
Employee Post
Hi Harland, I'd be happy to help clarify here. First, SSL/TLS isn't set up by default because it requires administrator involvement currently, and isn't necessary in all deployments. We have quite a few customers who use SmarterMail in an offline environment which won't even support SSL, so this is available as an option above and beyond the defaults. 

As Patrick pointed out - the certificate selection you're doing in Settings>Bindings>Ports is a "fall-back" certificate in that this PFX will only be selected for STARTTLS/SSL IF a better certificate isn't found in the certificates directory as part of our SNI implementation. Usually I instruct customers to set this fallback cert as the system level hostname's SSL certificate so that if a client tries to connect on a domain that does not yet have SSL, they'll at least be able to continue the secure connectivity using your main hostname. 

I hope that helps!
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com

Reply to Thread