VPOP3 Enterprise 2.6 and later supports SSL/STARTTLS encrypted sessions to VPOP3 itself. So, the email client or web browser will encrypt the data passed to VPOP3 so it cannot be intercepted.
This requires an SSL Certificate to be created for VPOP3.
VPOP3 supports two methods of encryption:
STARTTLS encryption can be used for incoming SMTP connections, if the sending SMTP server supports STARTTLS as well as the receiving server. SSL encryption cannot be used for incoming SMTP connections. For any SMTP server which allows incoming connections, you must allow either encrypted or plain sessions, or some mail senders will not be able to send mail to you.
STARTTLS is the recommended method for encryption data for POP3, SMTP and IMAP4, however if you have to support Microsoft Outlook Express or old versions of Microsoft Outlook for some reason, then you will have to use the deprecated SSL method as well.
Before you can use STARTTLS or SSL on one of the VPOP3 services you must create and install the certificate.
There are several ways to create a certificate.
Once you have one:
Enabling STARTTLS is as simple as going to the Services → General page in the settings and choosing 'None/STARTTLS' (for either plain or STARTTLS) or 'STARTTLS' (for forced STARTTLS) from the options in the Encryption column.
As previously mentioned, if you want to allow incoming SMTP, then the SMTP service on port 25 should have 'None/STARTTLS' chosen.
If you wish to force encryption for your local users, you can create a second SMTP service, using port 587 (the SMTP Submission port) with 'STARTTLS' chosen. Require SMTP authentication on this service, and restriction the IP addresses accordingly.
In VPOP3 Enterprise, you can create multiple POP3 & SMTP servers. So, we suggest that you add a new POP3 server, and put it on port 995, with 'SSL' chosen as the encryption method, and a new SMTP server, on port 465, with 'SSL' chosen.
To add a new service press the Add POP3 Server or Add SMTP Server at the bottom of the Services → General page in the VPOP3 settings.
Once you have installed the certificate as above, go to Services → Webmail Server → General
Set Encryption
to SSL
or Auto-Detect
SSL
then VPOP3 will force the connection to use SSL ('https'). If a non-encrypted session is attempted to the webmail port, then VPOP3 will automatically redirect it to a 'https:' connection.Auto-Detect
then VPOP3 will allow either SSL or non-encrypted connections (on the same port)Note that you can change the port to 443 to allow simpler connections (as in the screenshot above) - but only as long as there are no other https servers on the same IP address as the VPOP3 webmail service.
Note that if you use the SSL
setting, the built-in redirection only works from the webmail port. So, if you have the port set to 443, then going to
http://<server>
will not automatically redirect to https://<server>
, because http uses port 80, and https uses port 443. If you want this redirection (which can be useful) you will need to configure a suitable redirection in another web server (eg IIS). If you have your VPOP3 server hosted with us, then we will have set that redirection up for you already.