Zen Software Knowledge Base
Home
Search All
Go
Advanced Search
Search
Latest Additions
Most Popular
Knowledgebase
Home
»
Knowledgebase
»
MDaemon mail server
»
Configuring SSL for SMTP, IMAP and POP3 in MDaemon
Configuring SSL for SMTP, IMAP and POP3 in MDaemon
Configuring SSL for SMTP, IMAP and POP3 in MDaemon
This article details how you'd configure MDaemon so that it accepts SMTP, IMAP and POP3 connections over SSL.
1. Choose
Security -> Security Settings -> SSL & TLS
.
2. Click
Enable SSL, STARTTLS, and STLS
.
3. Click
Enable the dedicated SSL ports for SMTP, IMAP, POP3 servers
.
This will enable the dedicated SSL ports for these services specified under Setup -> Default Domain / Servers -> Ports.
4. Click
SMTP server uses STARTTLS whenever possible
.
This will enable MDaemon to use the STARTTLS extension for every SMTP message it sends if the remote server supports STARTTLS
5. If required click
DomainPOP/MultiPOP servers use STLS whenever possible
.
This will enable the STLS extension whenever possible for DomainPOP/MultiPOP connections
6. If you already have an SSL certificate you want to use in this location at this point you can select (highlight) it. If you want to create and use a self-signed SSL certificate then follow the steps below to generate one.
7. Enter a 'Host name' that you will be using to access MDaemon. For example, if you have an entry in your domain's DNS record that resolves to the static IP address of the Internet connection MDaemon sits behind of mail.domain.com this would be the entry you'd specify in this location. If client machines on the LAN usually access MDaemon via a local hostname or IP then add this to the 'Alternative Host Names' section too.
8. Enter your company name in
Organization / company name
.
9. The
Encryption key length
can remain at 1024 unless you have a specific requirement for a weaker or stronger encryption method.
10. Change
Country / region
to United Kingdom GB.
11. Choose
Create Certificate
.
12. You'll now see the details of the certificate you've created and should select (highlight) it and Apply the change:
13. Choose
Restart Servers
to bind MDaemon to the new SSL ports and choose
OK
.
You can now configure a local email client to connect to MDaemon using SSL to test this is working.
If you are using a self-signed SSL certificate it is signed by its own creator rather than a root trusted authority and because of this, the certificate is not trusted by email clients automatically and you'll receive a prompt about the self-signed status when your email client first connects to it. Some email clients will allow you to trust the self-signed SSL certificate when they prompt you. Others (eg. Outlook or Outlook Express) may want you to trust the self-signed SSL certificate in an associated browser (eg. Internet Explorer) on the same machine before they will trust it. If you also access WorldClient over SSL using the same self-signed SSL certificate you can visit WorldClient via the SSL connection in the browser and follow the steps below to do this:
1. Visit your HTTPS address in Internet Explorer.
2. Click on
Continue to this website (not recommended)
.
3. Click on the Certificate error in the red coloured address bar at the top of Internet Explorer.
4. Click on
View Certificates
and then choose the
Install Certificate...
button on the General tab.
5. In the
Certificate Import Wizard
, click
Next
.
6. Select
Place all certificates in the following store
and click
Browse
.
7. In the
Select Certificate Store
dialog, select
Trusted Root Certification Authorities
, click
OK
.
8. In the wizard, click
Next
and then
Finish
. If a security message pops up, choose
Yes
.
If you have remote email clients or mobile devices that will be connecting over the SSL ports you've configured, you'll need to open these ports to the Internet. This is typically achieved using a "port-forward" on your firewall or router and
http://www.portforward.com/
will help with this process. The SMTP, IMAP and POP3 SSL ports you need to open are defined in MDaemon at Setup -> Default Domain / Servers -> Ports.
Additional Information:
Should you wish to prevent MDaemon accepting passwords over standard SMTP, POP3 and IMAP ports you can do so by unticking Setup -> Default Domain / Servers -> Servers -> “Allow plain text passwords”, but the action of doing this will stop anyone not using SSL based connections in their email clients from being able to send/receive email so prior to taking this action you should ensure all email clients, mobile devices, etc are using SSL based connections.