By turning on TLS support in Artica SMTP, you not only get the ability to encrypt mail and to authenticate remote SMTP clients or servers.
¶ A) Manage your certificate inside the certificate center.
To make TLS work, you need a certificate.
This certificate can be an official certificate or a self-signed certificate.
To do this, use the Certificate Center to add or verify the certificate you need to use.
¶ B) Enable TLS on your SMTP service
- On the left menu, go to
SMTP router > Global Settings - Select TLS/SSL tab
- Click on the row Remote Servers → TLS → Your Server
- Turn on the “Enable SMTP SSL (smtps)” option.
- Choose the SSL certificate in the Use a Certificate for Certificate Center drop-down list
- SMTP Authentications use Only TLS: If enabled, when TLS encryption is optional, do not announce or accept SASL authentication over unencrypted connections.
- Session Cache timeout: The expiration time of the SMTP service TLS session cache information.
A cache cleanup is performed periodically every x seconds.
¶ SMTP TLS Security Level
Basically have 3 main options:
- None: At the "none" TLS security level, TLS encryption is disabled. This is the default security level
- Opportunistic TLS: TLS encryption is opportunistic.
The SMTP transaction is encrypted if the STARTTLS ESMTP feature is supported by the server. Otherwise, messages are sent in the clear.
basically it announces STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption - Mandatory TLS verification: Announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption.
According to RFC 2487 this MUST NOT be applied in case of a publicly-referenced SMTP server.
Instead, this option should be used only on dedicated servers.
¶ Supported TLS protocols:
TLS protocols accepted by the SMTP service with opportunistic TLS encryption.
If the list is empty, the server supports all available TLS protocol versions.
A non-empty value is a list of protocol names to include or exclude, separated by whitespace, commas or colons
The valid protocol names are "SSLv2", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3".
Older releases use the "!" exclusion syntax
For example: The value !SSLv2, !SSLv3 accept all protocols except SSLv2 and SSLv3