Securing Mail Service with SSL

Secure Sockets Layer (SSL) connections ensure that the data sent between your mail server and your users’ mail clients is encrypted. This allows secure and confidential transport of mail messages across a local network.

SSL transport doesn’t provide secure authentication. It only provides secure transfer from your mail server to your clients. For secure authentication information, see “Choosing Authentication for Mail Service” on page 64.

For incoming mail, Mail service supports secure mail connections with mail client software that requests them. If a mail client requests an SSL connection, Mail service can comply if that option is enabled.

Mail service still provides non-SSL (unencrypted) connections to clients that don’t request SSL. The configuration of each mail client determines whether it connects with SSL or not.

For outgoing mail, Mail service supports secure mail connections between SMTP servers. If an SMTP server requests an SSL connection, Mail service can comply if that option is enabled. Mail service can still allow non-SSL (unencrypted) connections to mail servers that don’t request SSL.

Configuring SSL for mail transport

Mail service requires some configuration to provide SSL connections automatically. The basic steps are as follows:

1Obtain a security certificate.

This can be done in the following ways:

ÂÂ Get a certificate from an external Certificate Authority. See “Using an SSL Certificate from an External Certificate Authority” on page 69.

ÂÂ Create a self-signed certificate in Server Admin’s Certificate Manager.

ÂÂ Locate an existing certificate from a previous installation of Mac OS X Server v10.3 or later.

2Import the certificate into Server Admin’s Certificate Manager.

You can use Certificate Manager to drag and drop certificate information or you can provide Certificate Manager with the path to an existing installed certificate. You can also import certificates from the command line as outlined in “Accessing Server Certificates from the Command Line” on page 71.

3Configure the service to use the certificate.

For instructions for allowing or requiring SSL transport, see the following sections: ÂÂ “Configuring SSL Transport for SMTP Connections” on page 68

ÂÂ “Configuring SSL Transport for IMAP and POP Connections” on page 68

Chapter 3    Mail Service Advanced Configuration

67

Page 66 Page 68
Page 67
Image 67
Apple 10.6 manual Securing Mail Service with SSL, Configuring SSL for mail transport
Page 66 Page 68
Top Page Image Contents