Configure SSL/TLS to Secure SmarterMail

SSL/TLS are security protocols that allows the transmission of data to be encrypted. This allows users to access email through a third-party email client without the fear that someone has intercepted their data. SSL will encrypt the connection immediately upon connection. TLS will encrypt once the STARTTLS command is sent. TLS will need to be set up over port 25, 110, 143 and SSL over ports 465, 993, and 995.

NOTE: This article assumes you have obtained a copy of the certificate from your SSL provider and have installed it on your server within your certificate stores personal folder. If you have not done this, please do so prior to following the directions below.

Applies to SmarterMail 8.x - 15.x

Prior to configuring SmarterMail to be secured over SSL or TLS, the SSL certificate installed on the server must first be exported to a Base-64 Encoded certificate that is readable by SmarterMail.

Follow these steps to export your SSL certificate to a Base-64 encoded certificate file:

  1. Sign into the Windows server in which SmarterMail is installed
  2. Click Start, select Run
  3. Type MMC, press enter.
  4. Navigate to File -> Add\Remove Snap ins
  5. In the available snap-ins column select Certificates and hit Add
  6. A new window will appear, choose Computer account and hit next.
  7. Ensure local computer is selected and hit finish.
  8. Now there will be a certificate tree view, expand Personal, and choose certificates.
  9. Right click the certificate in which you wish to export -> All Tasks -> Export.
  10. A new window will appear, hit next.
  11. Do not export private key’s -> Next
  12. Save as a base64 x509 .cer file -> Next
  13. Choose a save location such as C:\SmarterMail\Certificates\<SiteName> - Name the certificate, click Save.

Follow these steps to add a port to listen over SSL or TLS:

  1. Log in to SmarterMail as the system administrator.
  2. Click the Settings icon.
  3. Expand the Bindings folder and click Ports in the navigation pane.
  4. Click New in the content pane toolbar. A popup window will display.
  5. Complete the following required fields: Protocol, Encryption (SSL or TLS), Name, Port and Certificate Path. All other fields are optional.
  6. Click Verify Certificate in the lower right corner of the popup window to ensure the certificate exists in the specified path.
  7. Click Save.

NOTE: Using similar steps as above, modify your existing port 25 to be encrypted with SSL or TLS.  

Once you have added SSL to a port, you can follow the instructions below to add the port to listen on an IP:

  1. Log in to SmarterMail as the system administrator.
  2. Click the Settings icon.
  3. Expand the Bindings folder and click IP Addresses in the navigation pane.
  4. Select desired IP address and click Edit.
  5. Use the checkboxes to select the port(s) you would like the IP address to listen on.
  6. Click Save.

NOTE: For these changes to take effect, the SmarterMail service must be completely stopped then restarted.

For more information, please refer to the SmarterMail Online Help.

 

Learn more about SmarterMail's enterprise email features and benefits.

Feedback

Can you provide some instructions for: NOTE: This article assumes you have obtained a copy of your certificate's from your SSL provider and have installed them on your server within your certificate stores personal folder. If you have not done this, please do so prior to following the directions below.
John Chandler (3/22/2018 at 10:09 AM)
Hi, John. Once you purchase a SSL certificate from a provider, you'll either be sent the info or will have to download the files you need from that provider. As for installing it on a server, that depends on the Windows Server version you're using. Your SSL provider should be able to guide you on how to actually get the certificate set up on your server...or here's a decent article from Entrust for installing in IIS7: http://www.entrust.net/knowledge-base/technote.cfm?tn=8158. (For IIS 8, simply change the "tn=8158" in the previous URL to "tn=8713"
Derek Curtis (3/23/2018 at 7:36 AM)
How can you schedule this for an automatic export when the main certificate is renewed?
We use LetsEncrypt which has to be renewed each 3 month.

Lennart Eliasson (2/14/2019 at 11:26 PM)
Hi Lennart. In our blog post, Securing SmarterMail With Let's Encrypt, you'll find a section titled "Automating the certificate export from the Microsoft Certificate Store to secure SmarterMail’s ports": https://www.smartertools.com/blog/2017/08/14-secure-smartermail-with-lets-encrypt. This should help you out!
Andrea Free (2/19/2019 at 4:58 PM)
Thanks Andrea,
I'll try that.

Lennart Eliasson (2/28/2019 at 2:22 AM)