Configuring SSL for SMTP, IMAP and POP3 in MDaemon

This article details how you’d configure MDaemon so that it accepts SMTP, IMAP and POP3 connections over SSL.

1. Choose Security -> Security Manager-> SSL & TLS -> MDaemon.

2. Click Enable SSL, STARTTLS, and STLS.

3. Click Enable the dedicated SSL ports for SMTP, IMAP, POP3 servers.
This will enable the dedicated SSL ports for these services specified under Setup -> Server Settings -> DNS & IPs -> Ports.

4. Click SMTP server sends mail using STARTTLS when possible.
This will enable MDaemon to use the STARTTLS extension for every SMTP message it sends if the remote server supports STARTTLS

5. If required click DomainPOP/MultiPOP servers use STLS whenever possible.
This will enable the STLS extension whenever possible for DomainPOP/MultiPOP connections.

6. If you already have an existing SSL certificate such as a root trusted certificate that is installed into the Windows Certificate Store at this point you can select it.

If you do not and would like to use the free Let’s Encrypt root trusted certificate please follow this guide

It’s also possible to create a self-signed SSL certificate using the details below, but we would discourage this for anything other than testing as browsers / devices won’t by default trust them and will either require an exception in the browser / device or won’t trust them at all.

Self Signed Certificate

1. Click on Create Certificate and enter a Hostname that you will be using to access MDaemon. For example, if you have an entry in your domain’s DNS record that resolves to the static IP address of the Internet connection MDaemon sits behind of this would be the entry you’d specify in this location. If client machines on the LAN usually access MDaemon via a local hostname or IP then add this to the ‘Alternative Host Names’ section too.

2. Enter your company name in Organization / company name.

3. The Encryption key length can remain at 1024 unless you have a specific requirement for a weaker or stronger encryption method.

4. Change Country / region to United Kingdom GB.

5. Choose OK.

6. You’ll now see the details of the certificate you’ve created and should select (highlight) it and Apply the change:

13. Choose Restart Servers to bind MDaemon to the new SSL ports and choose OK.

Additional Information

Should you wish to prevent MDaemon accepting passwords over standard SMTP, POP3 and IMAP ports you can do so by unticking Setup -> Server Settings -> Servers & Delivery -> Servers -> “Allow plain text passwords”, but the action of doing this will stop anyone not using SSL based connections in their email clients from being able to send/receive email so prior to taking this action you should ensure all email clients, mobile devices, etc are using SSL based connections.