How to upgrade to TLS protocol

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
gtsolid
Normal user
Normal user
Posts: 115
Joined: 2016-06-14 12:02

How to upgrade to TLS protocol

Post by gtsolid » 2019-06-19 17:49

Hi guys,
i'm trying to update my hmailserver to something stronger and i wish to use TLS encription.
What do i need to obtain? i think a certificate, but i don't know very well how it's made and to who i should ask to.
In the SSL/TSL page in the console, i noticed a "SSL/TSL ciphers". It seems a code, something related with AES128.
How should i proceed?

palinka
Senior user
Senior user
Posts: 1262
Joined: 2017-09-12 17:57

Re: How to upgrade to TLS protocol

Post by palinka » 2019-06-19 18:25


User avatar
mattg
Moderator
Moderator
Posts: 20272
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: How to upgrade to TLS protocol

Post by mattg » 2019-06-20 01:58

Let me also ask SPECIFICALLY what your goal in all of this is.

Many people have expectations that will not be met by doing this
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

gtsolid
Normal user
Normal user
Posts: 115
Joined: 2016-06-14 12:02

Re: How to upgrade to TLS protocol

Post by gtsolid » 2019-06-20 08:35

Simply have something safer during exchanges

palinka
Senior user
Senior user
Posts: 1262
Joined: 2017-09-12 17:57

Re: How to upgrade to TLS protocol

Post by palinka » 2019-06-20 12:51

gtsolid wrote:
2019-06-20 08:35
Simply have something safer during exchanges
Mail exchange between MTAs may or may not be encrypted and could start out encrypted and pass through a server in a non encrypted manner. In any case, the message necessarily must be decrypted each time it changes hands. Encryption between MTAs only protects from snooping during transport.

The very best reason to use encryption is so your mail clients - who pass credentials every time they log in to check their mail - are protected from snooping when they log in. Enforcing encryption that way will not only keep your users safe, but you as administrator as well. You don't want compromised passwords being used to send spam from your server.

gtsolid
Normal user
Normal user
Posts: 115
Joined: 2016-06-14 12:02

Re: How to upgrade to TLS protocol

Post by gtsolid » 2019-06-20 16:31

thank you, very useful. I just got my account "punched" by someone who started to send SPAM (i never understood why spam is so profitable): going out of blacklisting servers was a very hard job

User avatar
mattg
Moderator
Moderator
Posts: 20272
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: How to upgrade to TLS protocol

Post by mattg » 2019-06-20 16:53

I can absolutely guarantee to you that high level security with a certificate doesn't stop spammers from abusing your hmailserver if you have a weak password.

They just connect securely first then send their garbage.

Other than sniffing logon transmissions (which would be secured with a certificate), spammers also get passwords by using dictionary attacks, key loggers, or passwords used on compromised web sites.

I block AUTH on port 25 (standard SMTP) , but spammers still try to guess passwords via IMAP and POP3 protocols.

You need to do more than simply install a certificate to protect yourself (although that is a good start if you have mail clients that connect from the internet)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply