Questions?
- Call 866-392-3336
- Chat With Sales
- Email Sales
- Request a Callback
- Contact Support
Intl Calls: +1-540-552-3063
| Need Business Email Hosting? Call (866) 392-3336 |
Protect your Internal SMTP Traffic with TLS
Posted by Bill on 02/22/2006 |
Permalink |
Comments (2)
Recently a customer requested the ability to encrypt the SMTP traffic in both directions between their internal mail server and the Webmail.us SMTP servers. They wanted mail sent from their servers to our servers to be encrypted, and they also wanted mail sent from our servers to their servers to be encrypted.
You may already know that you can use SSL (secure sockets layer) or TLS (transport layer security) to connect to our servers securely via POP3, IMAP, SMTP and Webmail. This will encrypt the communication between your computer and our servers. However, due to the nature of SMTP this doesn't encrypt your messages as they travel to the recipient's server when you send mail to folks outside of the Webmail.us network, which is what the customer wanted. So we decided to implement it.
If you run an internal mail server at your office, and it supports TLS for incoming or outgoing mail, or both, you now can configure it to send and receive mail securely with the Webmail.us SMTP servers. The exact procedure will vary depending on what type of mail server you run, but here it is at a high-level:
For mail sent from your server to domains hosted by Webmail.us: (1) Configure your server to deliver mail to mx1-tls.emailsrvr.com instead of the default mx1.emailsrvr.com (mx1-tls.emailsrvr.com supports TLS on port 25 and SSL on port 465; mx1.emailsrvr.com only supports plain-text on port 25). (2) Configure your server to use TLS or SSL in its SMTP client when sending mail to remote servers.
For mail sent from Webmail.us to your mail server: (1) Configure your server to accept incoming TLS connections on port 25, via the STARTTLS command. (2) Tell Webmail.us tech support that you want all mail sent from our servers to your servers to be sent using TLS, and let us know your server's hostname and what domains it hosts. Also let us know if you would like our servers to bounce the message back to the sender if we cannot establish a TLS session to your servers, or if you would like our servers fall-back to non-encrypted mode if TLS cannot be established.
Comments
What about those of us that want the same thing but do not have our own email servers.
Posted by: at February 28, 2006 12:53 PM
You can secure the communication between any two servers by using the method described above. If you don't own the server that you are trying to establish secure communications with, then you can talk to the owner of that server and point them to this URL.
Also, you can secure the communication between your computer and our servers by using TLS/SSL as described in our setup guides.
I hope that helps.
Posted by: Bill Boebel at February 28, 2006 02:54 PM
Post a Comment