Force Webmail Traffic Over HTTPS

This article applies to recent versions of SmarterMail. View articles for SmarterMail 15.x and earlier.
Google and other providers have recently started branding web interfaces as unsafe if they don't don't meet certain security requirements, not simply because malicious content is detected coming from the site. These security requirements could cause your site to be flagged as insecure, even if it doesn't contain malicious content. As such, System Administrators may wish to force all webmail traffic over HTTPS, rather than the default HTTP. This is a three-step process that includes a.) installing a valid SSL certificate on the server, b.) setting up SmarterMail in IIS and c.) enabling the setting within SmarterMail for each domain where you want to enforce HTTPS access.
a.) Install SSL Certificate
A valid SSL certificate will need to be in place for each site that should force traffic over HTTPS. For more information on configuring SSL to secure SmarterMail, visit For instructions on installing the certificate on the SmarterMail server, please contact your certificate provider. 
b.) Set up SmarterMail in IIS
For more information on setting up SmarterMail as an IIS site, please follow the links below, which provide step-by-step instructions depending on the IIS version you're using:
c.) Enable the SmarterMail Setting
Follow these steps to enable the HTTPS setting within SmarterMail. Forcing HTTPS is done on a domain-by-domain basis, so these steps would need to be followed for any domain where you want the setting enabled:
  1. Log into SmarterMail as a System Administrator. 
  2. Click the Manage icon.
  3. Select the domain where you want the setting enabled.
  4. That domain's general settings will load in the content pane.
  5. On the Security card, enable Force all traffic over HTTPS.
  6. Click Save.​ When a visitor navigates to your SmarterMail site, their connection will automatically use HTTPS. 
NOTE: It's also possible to make this a Domain Default, and then propagate the setting to all domains on the server. This will eliminate the need to do this per domain. 
Disabling HTTPS Traffic
In the event that you no longer wish to force traffic over HTTPS, simply uncheck the Force all traffic over HTTPS setting on a per domain basis, or uncheck that setting in Domain Defaults are re-propagate to all domains. 
Learn more about the SmarterMail secure business email server.


Add Feedback
Currently running version 16.3.6471 and can't find the option mentioned in c.)
Yavuz Aydin (September 21, 2017 at 2:17 AM)
Hello, Yavuz. Yes, we modified this setting in a minor release. This article has been modified to reflect that change.
Derek Curtis (September 21, 2017 at 7:57 AM)

Add Feedback