Forums & Blog

 We have done the following to get SSL/TLS to work with Smartermail Enterprise version 4.3.2831 to no avail:

1. Obtained a SSL Certificate for the hostname from a Certificate Authority/Repository.
   
2. Installed Chain Root Certificates to the Trusted Root Certificate Authorities in MMC on the Smartermail Server.
3. Installed the SSL Certificate in IIS 6 for the Smartermail website.
4. Made sure SSL Certificate is properly installed in the Certificates MMC and that the private key that corresponds to this certificate is available. (http://support.smartertools.com/Customer/KBArticle.aspx?articleid=175&KBSearchID=135393)
5. Set the following SSL Rules in Smartermail:
   IP Address     SMTP Port     POP Port     IMAP Port     Type     Certificate Path
   XXX.XXX.XXX.7    465                 995             993            SSL     c:\certs\smartermail.domain.com.cer
   XXX.XXX.XXX.7    25                   110             143            TLS     c:\certs\smartermail.domain.com.cer
   XXX.XXX.XXX.8    465                 995             993            SSL     c:\certs\smartermail.domain.com.cer
   XXX.XXX.XXX.8    25                   110             143            TLS     c:\certs\smartermail.domain.com.cer
   
6. As per another forum thread, exported the IIS PKCS7 format SSL Certificate to DER/Base64 and re-imported in the Certificates MMC so that it would work with .NET. (http://www.smartertools.com/forums/t/14338.aspx?PageIndex=1)
   
7. Made sure that Ports 465/993/995 were all set to allowed for TCP/IP/UDP traffic on Firewall.
8. As per yet another forum thread, disabled Outgoing IP Checksum, Outgoing TCP Checksum, Incoming IP Checksum, Incoming TCP Checksum on all Broadcom/Intel Network Adaptors and reset the bindings. (http://support.smartertools.com/Customer/KBArticle.aspx?articleid=213)
   
9. Restarted the Smartermail service in Windows 2003R2 SP2 Server.

Smartermail Web-based mail shows the SSL Certificate as being installed and works as it should (really this is just IIS doing as it should).

However, when attempting to Telnet into the SSL Ports there is no response, even when Telnet is run from the localhost. Attempting to connect to with Outlook from either localhost or from another computer results in error "0x80042108 Outlook is unable to connect to your incoming POP3 e-mail server" when attempting to connect using SSL (on either ports 465/995) or TLS (eitehr ports 25/110). A netstat -a -n shows no services listening, established or waiting on these ports for the addresses 0.0.0.0, 127.0.0.1, XXX.XXX.XXX.7, XXX.XXX.XXX.8.

What am I missing???

Is SmarterMail configured to listen on private IP Addresses? Make sure that if it is, that you have the private IP's listed in the SSL/TLS settings, not the public IP.

 Also, after you configure it, you will need to restart the SmarterMail service.

 Our SmarterMail is actually configured to listen on the external IP Addresses, but I tried switching the SSL/TLS settings to the corresponding private IP's just for grins and giggles and it actually worked even without a restart of SmarterMail service!

 Thank you!