This article details how to enable SSL/TLS for the SMTP, POP3, and IMAP protocols in MDaemon.
Please Note:
- MDaemon features the ability to generate and install valid certificates from Let's Encrypt at no cost.
How do I get a free SSL certificate from Let's Encrypt? - MDaemon does not handle the generation or installation of third-party SSL certificates. See the link below for information on using the Windows Certreq command to generate certificate signing requests and installing them in the Windows server once generated.
How do I create a CSR and import a third-party SSL certificate for MDaemon using Certreq? - MDaemon can generate a self signed certificate to be used (See below). Self signed certificates are untrusted and will generate security warnings from clients connecting over SSL.
This article will assume there is not a SSL certificate installed on the Windows server, and will be using a self-signed certificate. In the MDaemon console:
- Click the Security menu
- Click Security Manager/Settings
- Click SSL & TLS
- Select MDaemon
- Click Enable SSL, STARTTLS, and STLS
- Click Enable the dedicated SSL ports for SMTP, IMAP, POP3 servers
This will enable the dedicated ports specified in the Server Setting menu. This will not affect clients using STARTTLS and STLS on the default mail ports. - Click SMTP server sends mail using STARTTLS when possible
This will enable MDaemon to use the STARTTLS extension for every SMTP message it sends if the server supports STARTTLS. - Click SMTP server requires STARTTLS on MSA port
Enable this option if you wish to require STARTTLS for connections to the server made on the MSA port. - Click DomainPOP/MultiPOP servers use STLS whenever possible
If the DomainPOP and/or MultiPOP protocols are being used. This will enable the STLS extension whenever possible for DomainPOP/MultiPOP connections.
To generate a self-signed certificate in MDaemon:
- Select Create Certificate
- Type your Fully Qualified Domain Name (FQDN) within the Host name field
- Type your Organization/Company Name
If you have alternate host names, type them within the Alternative host names field separated by a comma - Select the Encryption key length (default is 2048)
- Select the Country/Region your server resides in
- Click Create certificate
- Click OK.
This will restart the SMTP, POP, and IMAP services.
Note: If you are using a third party certificate, follow the instructions given by the provider to install it using the Microsoft Management Console (MMC) or other means. Once installed, you may omit the steps listed to generate a self signed certificate. Instead, single click the certificate you wish to use and click Ok.
Note: The request and installation of third party SSL certificates is NOT supported by MDaemon Technologies Technical Support staff, and those who choose to use a third party certificate should be aware of all security issues related to installing and using SSL certificates with their Operating System. If you have questions or issues regarding your third party SSL certificate, please contact the vendor from whom you purchased the certificate.