SSL & Certificates
MDaemon now supports the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol for SMTP, POP, and IMAP, and for WorldClient's web server. The SSL protocol, developed by Netscape Communications Corporation, is the standard method for securing server/client Internet communications. It provides server authentication, data encryption, and optional client authentication for TCP/IP connection. Further, because SSL is built into all current major browsers, simply installing a valid digital certificate on your server will activate the connecting browser's SSL capabilities when connecting to WorldClient.
If you are connecting to the standard mail ports via a mail client instead of using WorldClient, MDaemon supports the STARTTLS extension over TLS for SMTP and IMAP, and the STLS extension for POP3. However, you must first have your client configured to use SSL, and it must support those extensions- not all mail clients support them.
Finally, you can also dedicate specific ports for SSL connections. This isn't required but can provide a further level of accessibility for clients that do not support certain SSL extensions. For example, Microsoft Outlook Express doesn't support STARTTLS for IMAP over the default mail port, but it does support connections to dedicated SSL ports.
The options for enabling and configuring SSL are located on the SSL & Certificates dialog (click Ctrl+L or Security SSL/TLS/Certificates… on MDaemon's menu bar). The SSL port settings are located on the Ports tab of the Primary Domain Configuration dialog (click F2 or Setup Primary domain… Ports).
For more general information on the SSL protocol and Certificates, see:
http://wp.netscape.com/security/techbriefs/ssl.html
http://www.microsoft.com/technet/prodtechnol/iis/maintain/featusability/default.asp
(At this URL see: "Chapter 6 - Managing Microsoft Certificate Services and SSL")
---
The TLS/SSL protocol is addressed in RFC-2246, which can be viewed at:
http://www.rfc-editor.org/rfc/rfc2246.txt
The STARTTLS extension for SMTP is addressed in RFC-3207, which can be viewed at:
http://www.rfc-editor.org/rfc/rfc3207.txt
Using TLS with the IMAP and POP3 protocols is addressed in RFC-2595, which can be viewed at:
http://www.rfc-editor.org/rfc/rfc2595.txt
SSL Options
Enable SSL, STARTTLS, and STLS support for SMTP, IMAP, POP servers
Click this check box to activate support for the SSL/TLS protocol and the STARTTLS and STLS extensions. Then, choose the certificate that you want to use from the Select Certificate section below.
Enable the dedicated SSL ports for SMTP, IMAP, POP servers
Click this option if you want to make available the dedicated SSL ports specified on the Ports tab of the Primary Domain Configuration dialog. This will not affect clients using STARTTLS and STLS on the default mail ports-it merely provides an additional level of support for SSL.
Send messages using STARTTLS whenever possible
Click this option if you want MDaemon to attempt to use the STARTTLS extension for every SMTP message it sends. If a server to which MDaemon is connecting doesn't support STARTTLS then the message will be delivered normally without using SSL.
This box displays your SSL certificates. Single-click a certificate in this list to designate it as the certificate that you wish the mail servers to use. Double-click a certificate to open it in the Certificate dialog on which you can review its details.
Delete
Select a certificate in the list and then click this button to delete it. A confirmation box will open and ask you if you are sure that you want to delete the certificate.
Create Certificate
The following controls are used to create certificates. To edit any certificate, double-click its entry in the list above.
Host name
Enter the host name to which your users will connect (for example, "mail.example.com").
Organization/company name
Enter the organization or company that "owns" the certificate here.
Alternative host names (separate multiple entries with a comma)
Currently, MDaemon does not support separate certificates for multiple domains-all domains must share a single certificate. If there are alternative host names to which users may be connecting and you want this certificate to apply to those names as well, then enter those domain names here separated by commas. Wildcards are permitted, so "*.example.com" would apply to all sub domains of example.com (for example, "wc.example.com", " mail.example.com", and so on).
Encryption key length
Choose the desired bit-length of the encryption key for this certificate. The longer the encryption key the more secure the transferred data will be. Note, however, that not all applications support key lengths longer than 512.
Country/region
Choose the country or region in which your server resides.
Create Certificate
After entering the information into the above controls, click this button to create your certificate.
Restart Servers
Click to restart the SMTP/IMAP/POP servers. The servers must be restarted when a certificate changes.
The options for enabling and configuring WorldClient to use SSL are located on the SSL & Certificates dialog (click Ctrl+L or Security SSL/TLS/Certificates… WorldClient SSL). For your convenience these options are also located on the WorldClient/RelayFax Properties dialog (click Ctrl+W or Setup WorldClient… WorldClient SSL).
SSL Options
Enable SSL (WorldClient responds to HTTP and HTTPS connections)
Click this checkbox if you want to activate SSL support within WorldClient. However, this will not force your WorldClient users to use SSL. WorldClient will listen for HTTPS connections on the SSL port designated below, but it will still respond to normal http connections on the WorldClient port designated on the Web Server tab.
Require SSL (WorldClient only responds to HTTPS connections)
Click this checkbox if you want to require SSL support within WorldClient. WorldClient will respond only to HTTPS connections when this option is enabled-it will not respond to HTTP requests.
Listen for SSL connections on this TCP port
This is the TCP port that WorldClient will listen to for SSL connections. The default SSL port is 443. If the default SSL port is used then you will not have to include the port number in WorldClient's URL when connecting via HTTPS (i.e. "https://example.com" is equivalent to "https://example.com:443").
Select Certificate
This box displays your SSL certificates. Single-click a certificate in this list to designate it as the certificate that you wish WorldClient to use. Double-click a certificate to open it in the Certificate dialog on which you can review its details.
Delete
Select a certificate in the list and then click this button to delete it. A confirmation box will open and ask you if you are sure that you want to delete the certificate.
Create Certificate
The following controls are used to create certificates. To edit any certificate, double-click its entry in the list above.
Host name
Enter the host name to which your users will connect (for example, "wc.example.com").
Organization/company name
Enter the organization or company that "owns" the certificate here.
Alternative host names (separate multiple entries with a comma)
Currently, MDaemon does not support multiple certificates-all WorldClient domains must share a single certificate. If there are alternative host names to which users may be connecting and you want this certificate to apply to those names as well, then enter those domain names here separated by commas. Wildcards are permitted, so "*.example.com" would apply to all sub domains of example.com (for example, "wc.example.com", " mail.example.com", and so on).
Encryption key length
Choose the desired bit-length of the encryption key for this certificate. The longer the encryption key the more secure the transferred data will be. Note, however, that not all applications support key lengths longer than 512.
Country/region
Choose the country or region in which your server resides.
Create Certificate
After entering the information into the above controls, click this button to create your certificate.
Restart web server
Click this button to restart the web server. The web server must be started before new certificates will be used.
The options for enabling and configuring WebAdmin to use SSL are located on the SSL & Certificates dialog (click Ctrl+L or Security SSL/TLS/Certificates… WebAdmin SSL). For your convenience, you can also access this tab from the WebAdmin dialog (click Alt+I or Setup WebAdmin… WebAdmin SSL).
SSL Options
Enable SSL (web server responds to HTTP and HTTPS connections)
Click this checkbox if you want to activate SSL support within WebAdmin. However, this will not force your WebAdmin users to use SSL. WebAdmin will listen for HTTPS connections on the designated SSL port but still respond to normal http connections on the WebAdmin port designated on the WebAdmin tab.
Require SSL (web server only responds to HTTPS connections)
Click this checkbox if you want to require SSL support within WebAdmin. WebAdmin will respond only to HTTPS connections when this option is enabled-it will not respond to HTTP requests.
Listen for SSL connections on this TCP port
This is the TCP port that the web server will monitor for SSL connections. The default SSL port is 443. If the default SSL port is used then you will not have to include the port number in WebAdmin's URL when connecting via HTTPS (i.e. "https://example.com" is equivalent to "https://example.com:443").
Select Certificate
This box displays your SSL certificates. Single-click a certificate in this list to designate it as the certificate that you wish WebAdmin to use. Double-click a certificate to open it in the Certificate dialog on which you can review its details.
Delete
Select a certificate in the list and then click this button to delete it. A confirmation box will open and ask you if you are sure that you want to delete the certificate.
Create Certificate
The following controls are used to create certificates. To edit any certificate, double-click its entry in the list above.
Host name
Enter the host name to which your users will connect (for example, "wa.example.com").
Organization/company name
Enter the organization or company that "owns" the certificate here.
Alternative host names (separate multiple entries with a comma)
Currently, MDaemon does not support multiple certificates-all domains must share a single certificate. If there are alternative host names to which users may be connecting and you want this certificate to apply to those names as well, then enter those domain names here separated by commas. Wildcards are permitted, so "*.example.com" would apply to all sub domains of example.com (for example, "wa.example.com", " webadmin.example.com", and so on).
Encryption key length
Choose the desired bit-length of the encryption key for this certificate. The longer the encryption key the more secure the transferred data will be. Note, however, that not all applications support key lengths longer than 512.
Country/region
Choose the country or region in which your server resides.
Create Certificate
After entering the information into the above controls, click this button to create your certificate.
Restart web server
Click this button to restart the web server. The web server must be started before new certificates will be used.
