MDaemon supports the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol for SMTP, POP, and IMAP, and for MDaemon Remote Administration and Webmail's web server. The SSL protocol, developed by Netscape Communications Corporation, is the standard method for securing server/client Internet communications. It provides server authentication, data encryption, and optional client authentication for TCP/IP connection. Further, because SSL is built into all current major browsers, simply installing a valid digital certificate on your server will activate the connecting browser's SSL capabilities when connecting to MDRA or Webmail.
If you are connecting to the standard mail ports via a mail client instead of using Webmail, MDaemon supports the STARTTLS extension over TLS for SMTP and IMAP, and the STLS extension for POP3. However, you must first have your client configured to use SSL, and it must support those extensions—not all mail clients support them. Use the No STARTTLS List and STARTTLS List pages to designate specific hosts and addresses that must not or must, respectively, use STARTTLS.
The SSL & TLS dialog also contains a page for enabling DNSSEC (DNS Security Extensions), the SMTP Extensions page for enabling RequireTLS, MTA-STA, and TLS Reporting, and the Let's Encrypt page for when using the Let's Encrypt Certificate Authority (CA).
The options for enabling and configuring SSL are located under the SSL & TLS section of the Security Settings dialog at: Security » Security Manager » SSL & TLS. The SSL port settings for SMTP, POP3, and IMAP are located on the Ports screen at: Setup » Server Settings » DNS & IPs. The HTTPS ports for Webmail and Remote Administration are located on there respective screens.
For information on creating and using SSL Certificates, see:
Creating & Using SSL Certificates
—
The TLS/SSL protocol is addressed in RFC-4346: The Transport Layer Security (TLS) Protocol Version 1.1
The STARTTLS extension for SMTP is addressed in RFC-3207: SMTP Service Extension for Secure SMTP over Transport Layer Security
Using TLS with the IMAP and POP3 protocols is addressed in RFC-2595: Using TLS with IMAP, POP3 and ACAP
DNSSEC (DNS Security Extensions) is defined in: RFC-4033: DNS Security Introduction and Requirements and RFC-4035: Protocol Modifications for the DNS Security Extensions as
For a complete description of RequireTLS, see: RFC 8689: SMTP Require TLS Option.
MTA-STS support is described in RFC 8461: SMTP MTA Strict Transport Security (MTA-STS).
TLS Reporting is discussed in RFC 8460: SMTP TLS Reporting.
See:
SSL & TLS » Remote Administration
