A SERVICE OF

logo

Open as PDF
next previous
Chapter 3 Mail Service Advanced Conguration 67
Securing Mail Service with SSL
Secure Sockets Layer (SSL) connections ensure that the data sent between your mail
server and your users’ mail clients is encrypted. This allows secure and condential
transport of mail messages across a local network.
SSL transport doesn’t provide secure authentication. It only provides secure transfer
from your mail server to your clients. For secure authentication information, see
“Choosing Authentication for Mail Service” on page 64.
For incoming mail, Mail service supports secure mail connections with mail client
software that requests them. If a mail client requests an SSL connection, Mail service
can comply if that option is enabled.
Mail service still provides non-SSL (unencrypted) connections to clients that don’t
request SSL. The conguration of each mail client determines whether it connects with
SSL or not.
For outgoing mail, Mail service supports secure mail connections between SMTP
servers. If an SMTP server requests an SSL connection, Mail service can comply if that
option is enabled. Mail service can still allow non-SSL (unencrypted) connections to
mail servers that don’t request SSL.
Conguring SSL for mail transport
Mail service requires some conguration to provide SSL connections automatically.
The basic steps are as follows:
1 Obtain a security certicate.
This can be done in the following ways:
Get a certicate from an external Certicate Authority. See “ Â Using an SSL Certicate
from an External Certicate Authority” on page 69.
Create a self-signed certicate in Server Admin’s Certicate Manager. Â
Locate an existing certicate from a previous installation of Mac OS X Server v10.3 Â
or later.
2 Import the certicate into Server Admin’s Certicate Manager.
You can use Certicate Manager to drag and drop certicate information or you can
provide Certicate Manager with the path to an existing installed certicate. You
can also import certicates from the command line as outlined in “Accessing Server
Certicates from the Command Line” on page 71.
3 Congure the service to use the certicate.
For instructions for allowing or requiring SSL transport, see the following sections:
 Conguring SSL Transport for SMTP Connections” on page 68
 Conguring SSL Transport for IMAP and POP Connections” on page 68