Configuring SSL for SMTP, IMAP and POP3 in MDaemon

Expand / Collapse

Configuring SSL for SMTP, IMAP and POP3 in MDaemon

This article details how you'd configure MDaemon so that it accepts SMTP, IMAP and POP3 connections over SSL.

1. Choose Security -> Security Settings -> SSL & TLS.

2. Click Enable SSL, STARTTLS, and STLS.

3. Click Enable the dedicated SSL ports for SMTP, IMAP, POP3 servers.
This will enable the dedicated SSL ports for these services specified under Setup -> Default Domain / Servers -> Ports.

4. Click SMTP server uses STARTTLS whenever possible.
This will enable MDaemon to use the STARTTLS extension for every SMTP message it sends if the remote server supports STARTTLS

5. If required click DomainPOP/MultiPOP servers use STLS whenever possible.
This will enable the STLS extension whenever possible for DomainPOP/MultiPOP connections

6. If you already have an SSL certificate you want to use in this location at this point you can select (highlight) it. If you want to create and use a self-signed SSL certificate then follow the steps below to generate one.

7. Enter a 'Host name' that you will be using to access MDaemon. For example, if you have an entry in your domain's DNS record that resolves to the static IP address of the Internet connection MDaemon sits behind of this would be the entry you'd specify in this location. If client machines on the LAN usually access MDaemon via a local hostname or IP then add this to the 'Alternative Host Names' section too.
8. Enter your company name in Organization / company name.
9. The Encryption key length can remain at 1024 unless you have a specific requirement for a weaker or stronger encryption method.
10. Change Country / region to United Kingdom GB.
11. Choose Create Certificate.

12. You'll now see the details of the certificate you've created and should select (highlight) it and Apply the change:

13. Choose Restart Servers to bind MDaemon to the new SSL ports and choose OK.

You can now configure a local email client to connect to MDaemon using SSL to test this is working.

If you are using a self-signed SSL certificate it is signed by its own creator rather than a root trusted authority and because of this, the certificate is not trusted by email clients automatically and you'll receive a prompt about the self-signed status when your email client first connects to it. Some email clients will allow you to trust the self-signed SSL certificate when they prompt you. Others (eg. Outlook or Outlook Express) may want you to trust the self-signed SSL certificate in an associated browser (eg. Internet Explorer) on the same machine before they will trust it. If you also access WorldClient over SSL using the same self-signed SSL certificate you can visit WorldClient via the SSL connection in the browser and follow the steps below to do this:

1. Visit your HTTPS address in Internet Explorer.
2. Click on Continue to this website (not recommended).
3. Click on the Certificate error in the red coloured address bar at the top of Internet Explorer.
4. Click on View Certificates and then choose the Install Certificate... button on the General tab.
5. In the Certificate Import Wizard, click Next.
6. Select Place all certificates in the following store and click Browse.
7. In the Select Certificate Store dialog, select Trusted Root Certification Authorities, click OK.
8. In the wizard, click Next and then Finish. If a security message pops up, choose Yes.

If you have remote email clients or mobile devices that will be connecting over the SSL ports you've configured, you'll need to open these ports to the Internet. This is typically achieved using a "port-forward" on your firewall or router and will help with this process. The SMTP, IMAP and POP3 SSL ports you need to open are defined in MDaemon at Setup -> Default Domain / Servers -> Ports.

Additional Information:

Should you wish to prevent MDaemon accepting passwords over standard SMTP, POP3 and IMAP ports you can do so by unticking Setup -> Default Domain / Servers -> Servers -> “Allow plain text passwords”, but the action of doing this will stop anyone not using SSL based connections in their email clients from being able to send/receive email so prior to taking this action you should ensure all email clients, mobile devices, etc are using SSL based connections.