This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
how_to:encrypt_sessions [2010/02/03 10:20] – paul | how_to:encrypt_sessions [2018/11/14 10:45] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
======How To Encrypt Sessions====== | ======How To Encrypt Sessions====== | ||
- | VPOP3 Enterprise 2.6 and later supports SSL/TLS encrypted sessions to VPOP3 itself. So, the email client or web browser will encrypt the data passed to VPOP3 so it cannot be intercepted. | + | VPOP3 Enterprise 2.6 and later supports SSL/STARTTLS |
This requires an [[create an ssl certificate|SSL Certificate]] to be created for VPOP3. | This requires an [[create an ssl certificate|SSL Certificate]] to be created for VPOP3. | ||
Line 6: | Line 6: | ||
VPOP3 supports two methods of encryption: | VPOP3 supports two methods of encryption: | ||
- SSL - this is an old method of encrypting sessions which is not supported by the standards. However, some popular email clients such as Microsoft Outlook & Outlook Express only support this method. Other email clients such as Mozilla Thunderbird also support this for backward compatibility. SSL connections are usually done on a different TCP port from normal (eg POP3 is on port 110, POP3S is on port 995). SSL connections are encrypted from the start, so any connections on that port MUST be encrypted. | - SSL - this is an old method of encrypting sessions which is not supported by the standards. However, some popular email clients such as Microsoft Outlook & Outlook Express only support this method. Other email clients such as Mozilla Thunderbird also support this for backward compatibility. SSL connections are usually done on a different TCP port from normal (eg POP3 is on port 110, POP3S is on port 995). SSL connections are encrypted from the start, so any connections on that port MUST be encrypted. | ||
- | - TLS - this is the encryption method supported by the standards. This is supported by the more modern email clients such as Mozilla Thunderbird, | + | - STARTTLS |
- | TLS encryption can be used for incoming SMTP connections, | + | STARTTLS |
- | TLS is the recommended method for encryption data for POP3, SMTP and IMAP4, however if you have to support Microsoft Outlook or Outlook | + | STARTTLS |
=====Installing a certificate===== | =====Installing a certificate===== | ||
- | Before you can use TLS or SSL on one of the VPOP3 services you must create and install the certificate. | + | Before you can use STARTTLS |
There are several ways to [[create an SSL certificate|create a certificate]]. | There are several ways to [[create an SSL certificate|create a certificate]]. | ||
- | Once you have one, put the private key PEM file into the VPOP3 directory as **vpop3sslk.pem** and the certificate PEM file into the VPOP3 directory as **vpop3sslc.pem**. Then, restart VPOP3 for it to detect the files. | + | Once you have one: |
- | =====Using TLS===== | + | |
- | Enabling TLS is as simple as going to the **Services -> General** page in the settings and choosing 'None/TLS' | + | * if you are using VPOP3 Enterprise v2.6 to v6.7, put the private key PEM file into the VPOP3 directory as **vpop3sslk.pem** and the certificate PEM file into the VPOP3 directory as **vpop3sslc.pem**. Then, restart VPOP3 for it to detect |
- | As previously mentioned, if you want to allow incoming SMTP, then the SMTP service on port 25 should have 'None/TLS' | + | =====Using STARTTLS===== |
+ | Enabling STARTTLS is as simple as going to the **Services -> General** page in the settings and choosing | ||
- | If you wish to force encryption for your local users, you can create a second SMTP service, using port 587 (the SMTP Submission port) with 'TLS' chosen. Require SMTP authentication on this service, and restriction the IP addresses accordingly. | + | As previously mentioned, if you want to allow incoming SMTP, then the SMTP service on port 25 should have ' |
+ | |||
+ | If you wish to force encryption for your local users, you can create a second SMTP service, using port 587 (the SMTP Submission port) with 'STARTTLS' chosen. Require SMTP authentication on this service, and restriction the IP addresses accordingly. | ||
=====Using SSL===== | =====Using SSL===== | ||
Line 31: | Line 34: | ||
To add a new service press the **Add POP3 Server** or **Add SMTP Server** at the bottom of the **Services -> General** page in the VPOP3 settings. | To add a new service press the **Add POP3 Server** or **Add SMTP Server** at the bottom of the **Services -> General** page in the VPOP3 settings. | ||
+ | =====Encrypting Webmail/ | ||
+ | |||
+ | Once you have installed the certificate as above, go to **Services -> Webmail Server -> General** | ||
+ | {{: | ||
+ | |||
+ | Set '' | ||
+ | * If you set it to '' | ||
+ | * If you set it to '' | ||
+ | Note that you can change the port to 443 to allow simpler connections (as in the screenshot above) - but only as long as there are no other https servers on the same IP address as the VPOP3 webmail service. | ||
+ | Note that if you use the '' | ||
+ | '' |