H-Sphere Documentation Admin Guide

 

Mail SSL
(version 2.4.2 and higher)

 

Related Docs:   Qmail Configuration (Sysadmin Guide)

Mail SSL is enabled globally in the system for all end users, including those under resellers. It is available only to master admin. Once it is enabled, it secures all mail sent and received by mail clients (such as Outlook Express). If customers are using webmail, they can secure their mail by switching to https.

You can install a certificate on one service DNS zone, which defines logical mail servers names. For instance, if your mail server is mail.example.com, you will install the certificate on the example.com zone.

Private key is stored on mail servers and in the system database without encryption. It is in our plans to implement certificate encryption in the forthcoming versions.

Mail SSL supports all mail protocols and listens on the following ports:
SMTPs - 465/tcp
POP3s - 995/tcp
IMAPs - 993/tcp

 

Enabling Mail SSL

To enable Mail SSL:

  1. Log into the admin control panel.
  2. Select Mail Servers in the E.Manager menu.
  3. Turn on Mail SSL Support:

  4. On the page that appears, select the service DNS zone:

  5. On The next page, post private key and certificate:

    If you don't have a certificate, click Generate a temporary SSL certificate and certificate request. H-Sphere will generate you a fully-functional, but untrusted certificate.
  6. The key and cert are validated and published to all logical mail servers to the file /hsphere/local/var/vpopmail/etc/mail.pem. Then all mail servers are restarted. H-Sphere will display report messages at the top of the Mail Servers page.

 

Editing Mail SSL

You may need to edit Mail SSL in order to:

  • Install new certificate for an existent private key.
  • Install new key and certificate.
  • Install a chain file.
  • Install a revocation file.
  • Install a certificate authority file.

Newly installed files are validated on the CP server and published to all mail servers to the file /hsphere/local/var/vpopmail/etc/mail.pem, and the mail servers are restarted. New keys and certificates are also written to the system database.

 

Reposting Certificates

Use this action to re-publish keys and certificates from the DB to all mail servers in the system. After the repost, mail servers are automatically restarted:

 

Disabling Mail SSL

If you disable Mail SSL, mail.pem files are permanently deleted from all mail servers, and related data (key, cert, zone, etc.) is removed from the system database. Then mail servers are restarted.


Related Docs:   Qmail Configuration (Sysadmin Guide)



Home   Products   Services   Partners   Support   News   Contact   Forum
© 2020 psoft.net
All rights reserved.