Force Webmail Traffic Over HTTPS

This article applies to recent versions of SmarterMail Enterprise. View articles for SmarterMail 16.x and earlier.
Google and other providers have recently started branding web interfaces as unsafe if they don't don't meet certain security requirements, not simply because malicious content is detected coming from the site. These security requirements could cause your site to be flagged as insecure, even if it doesn't contain malicious content. As such, System Administrators may wish to force all webmail traffic over HTTPS, rather than the default HTTP. This is a three-step process that includes a.) installing a valid SSL certificate on the server, b.) setting up SmarterMail in IIS and c.) enabling the setting within SmarterMail for each domain where you want to enforce HTTPS access.
 
a.) Install SSL Certificate
A valid SSL certificate will need to be in place for each site that should force traffic over HTTPS. For more information on configuring SSL to secure SmarterMail, visit http://portal.smartertools.com/kb/a2671/configure-ssl-tls-to-secure-smartermail.aspx. For instructions on installing the certificate on the SmarterMail server, please contact your certificate provider. 
 
b.) Set up SmarterMail in IIS
For more information on setting up SmarterMail as an IIS site, please follow the links below, which provide step-by-step instructions depending on the IIS version you're using:
 
 
c.) Enable the SmarterMail Setting
Follow these steps to enable the HTTPS setting within SmarterMail. Forcing HTTPS is done on a domain-by-domain basis, so these steps would need to be followed for any domain where you want the setting enabled:
 
  1. Log into SmarterMail as a System Administrator. 
  2. Click the Manage tab.
  3. Select the domain where you want the setting enabled.
  4. That domain's Options tab will load in the content pane.
  5. On the Security card, enable Force all traffic over HTTPS.
  6. Click Save. When a visitor navigates to your SmarterMail site, their connection will automatically use HTTPS. 
NOTE: It's also possible to make this a Domain Default, and then propagate the setting to all domains on the server. This will eliminate the need to do this per domain. 
 
Disabling HTTPS Traffic
In the event that you no longer wish to force traffic over HTTPS, simply uncheck the Force all traffic over HTTPS setting on a per domain basis, or uncheck that setting in Domain Defaults are re-propagate to all domains. 
 
 
Learn more about the SmarterMail secure business email server.

Feedback

Currently running version 16.3.6471 and can't find the option mentioned in c.)
Yavuz Aydin (9/21/2017 at 2:17 AM)
Hello, Yavuz. Yes, we modified this setting in a minor release. This article has been modified to reflect that change.
Derek Curtis (9/21/2017 at 7:57 AM)
The option to view the SmarterMail v15 and previous version of this article seems to be broken. Can you please check and fix?
Kyle Kerst (10/17/2018 at 6:24 PM)
Hi, Kyle. The setting for forcing webmail over HTTPS was actually added in SmarterMail 16.x. You can use IIS redirects for forcing it in older versions of the product, however. I did edit the "previous versions" message to reflect this. Thanks!
Derek Curtis (10/25/2018 at 9:48 AM)
I have SmarterMail 16. It is an upgrade from v15. Followed the instructions here. However, I couldn't see "Force all traffic over HTTPS" on a domain security card. I only managed to see it after setting "Domains can override webmail HTTPS requirement" on Settings -> General Settings -> Server Info. If I try to set "Force webmail to use HTTPS" ON, and click save I lose connection with the site. After which I can't get into webmail site at all. Is there a known bug in this area?
ayman1 (11/2/2018 at 10:13 AM)
It sounds like you are on an earlier version of SmarterMail 16.x. In September 2017, version 16.3.6467 moved the "Force HTTPS" setting from the system level; it is now only a domain level setting that can be propagated. Please upgrade your installation to the latest release, then follow these steps again.
Andrea Free (11/8/2018 at 8:46 AM)