Support User Manuals

Apple 10.6 Server User Manual

Open as PDF

of 134

Chapter 3 Mail Service Advanced Conguration 67

Securing Mail Service with SSL

Secure Sockets Layer (SSL) connections ensure that the data sent between your mail

server and your users’ mail clients is encrypted. This allows secure and condential

transport of mail messages across a local network.

SSL transport doesn’t provide secure authentication. It only provides secure transfer

from your mail server to your clients. For secure authentication information, see

“Choosing Authentication for Mail Service” on page 64.

For incoming mail, Mail service supports secure mail connections with mail client

software that requests them. If a mail client requests an SSL connection, Mail service

can comply if that option is enabled.

Mail service still provides non-SSL (unencrypted) connections to clients that don’t

request SSL. The conguration of each mail client determines whether it connects with

SSL or not.

For outgoing mail, Mail service supports secure mail connections between SMTP

servers. If an SMTP server requests an SSL connection, Mail service can comply if that

option is enabled. Mail service can still allow non-SSL (unencrypted) connections to

mail servers that don’t request SSL.

Conguring SSL for mail transport

Mail service requires some conguration to provide SSL connections automatically.

The basic steps are as follows:

1 Obtain a security certicate.

This can be done in the following ways:

Get a certicate from an external Certicate Authority. See “ Â Using an SSL Certicate

from an External Certicate Authority” on page 69.

Create a self-signed certicate in Server Admin’s Certicate Manager. Â

Locate an existing certicate from a previous installation of Mac OS X Server v10.3 Â

or later.

2 Import the certicate into Server Admin’s Certicate Manager.

You can use Certicate Manager to drag and drop certicate information or you can

provide Certicate Manager with the path to an existing installed certicate. You

can also import certicates from the command line as outlined in “Accessing Server

Certicates from the Command Line” on page 71.

3 Congure the service to use the certicate.

For instructions for allowing or requiring SSL transport, see the following sections:

“ Â Conguring SSL Transport for SMTP Connections” on page 68

“ Â Conguring SSL Transport for IMAP and POP Connections” on page 68

previous next