Is an SSL certificate really necessary for secure SMTP?

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
gcis2012
New user
New user
Posts: 9
Joined: 2012-11-25 14:35

Is an SSL certificate really necessary for secure SMTP?

Post by gcis2012 » 2012-11-25 15:06

Is an SSL certificate really necessary for secure SMTP? Isn't there a way I can just create one of the 'self sign' version without going through all the trouble of buying one and then installing it an all that?

I know that spammers are a bad bunch of people but will they really go through the trouble of sniffing internet traffic to try to get your smtp password?

I also have a second question: is hMailServer a true standalone SMTP in and by itself or do I still need an external SMTP server if I'm to relay mail through hMailServer?

Thank you

^DooM^
Site Admin
Posts: 13862
Joined: 2005-07-29 16:18
Location: UK

Re: Is an SSL certificate really necessary for secure SMTP?

Post by ^DooM^ » 2012-11-25 15:48

Don't need to buy one, read this: http://www.hmailserver.com/forum/viewto ... 12&t=22371

hMail is a fully capable mail server that supports SMTP/POP3/IMAP protocols.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

User avatar
dzekas
Senior user
Senior user
Posts: 2486
Joined: 2005-10-13 21:28
Location: Lithuania

Re: Is an SSL certificate really necessary for secure SMTP?

Post by dzekas » 2012-11-26 19:59

gcis2012 wrote:Is an SSL certificate really necessary for secure SMTP? Isn't there a way I can just create one of the 'self sign' version without going through all the trouble of buying one and then installing it an all that?
Email servers don't verify certificate paths, but they also don't use SMTP-over-SSL in default mail routing configuration. Only your users use SMTP-over-SSL and their email programs will complain about self signed certificates. If you want to offer some protection for your user's authentication (internet caffes, other free hotspots, BOHF on ISPs router), you should offer service protected with signed certificate. Certificates are about encryption AND trustworthness. Self signed ones are only about encryption.
gcis2012 wrote: I know that spammers are a bad bunch of people but will they really go through the trouble of sniffing internet traffic to try to get your smtp password?
No. They just guess your password or put trojan on your machine let it do the guessing and spamming. It is a lot easier.

Post Reply