Understanding SNI in SmarterMail

This KB Article explains how SNI works in SmarterMail to ensure that you have it set up correctly. It is not about setting up SNI. For details on this, you can review one of our other KB articles. 

Support for SNI in SmarterMail was added with the transition to .NET CORE 8. You will have access to this feature if you are on Build 8747 (Dec 13, 2023) or newer
  • Build 8747 (Dec 13, 2023)
    Added: SNI SSL/TLS support with automatic handling of associated bindings.

To access this feature you will go to Settings -> SSL Certificates and set up a "Certificate Folder Path" and "Certificate Password (if any)". Help details can be found here (SSL Certificates). This folder is where we will pull the certificates from. Two (2) things to be aware of. 
  1. The SSL MUST be in PFX format. 
  2. The PFX password MUST match the Password in the "Certificate Password (if any)" ( even if blank/empty )

For SNI to work you need to have a Default/Fallback certificate that you can bind to the mail ports. The best bet is to use one based on the Mail Servers hostname (Settings -> General -> Server Info [card]) setting, but you can use any you wish as your fallback. Now for this to work we need to bind the fallback certificate to the mail ports you wish to have Encrypted. To do this go to (Settings -> Bindings -> Ports [tab]). Edit the port (double click) you wish to set up ( in this case port 25 ) and adjust the Encryption for your purpose. (Commonly used ports for SmarterMail)

Encryption - If the port requires SSL or TLS encryption, select the appropriate option. SSL always assumes the connection will be secure and sends the encryption immediately. TLS connects normally and then looks to see if the connection is secure before sending the encryption.


With this setup, you should now have SNI support. You can review the Certificates Log (In earlier builds (pre Build 8818 (Feb 22, 2024)) this would be in the Administrative log) to troubleshoot any issues. 

Example: 

[2024.10.31] 23:59:59.489 [89.190.156.43][41266046] SNI using fallback binding certificate mail.dev.domain.io.pfx for (no hostname passed to SNI).
[2024.10.31] 00:03:07.518 [93.160.174.27][49560015] SNI using fallback binding certificate mail.dev.domain.io.pfx for (no hostname passed to SNI).