info.mailtraq.com > Webmail > Webmail: Set up > Secure webmail Secure webmailMailtraq provides a full functioning webmail system on installation, normally without any further configuration. This is made available on Port 80.
Secure Webmail
Mailtraq can also provide a fully secure (HTTPS) webmail system with a small amount of configuration, by adding a HTTPS service from the Services Manager in the Console at Options | Services.
HTTPS Web Service This dialog, accessed from the Service Manager dialog, is used to configure the HTTPS Web Service in Mailtraq.
See 'Configuration' below for more details.
SSL Certificate Tab This tab, which appears on the HTTP Service dialog, configures the main properties of the HTTPS Service. Unlike the other tabs in this dialog, the SSL Certificate tab only appears for HTTPS (Secure HTTP) services.
On this tab you can select the certificate to use for HTTP clients that connect to this service. Certificates are generated and imported in the Certificate manager, which you can reach by clicking on the Certificate Manager button.
Security Profile The Default profile is suitable for most use cases.
The Strong Ciphers profile will disable weak or anonymous encryption methods.
The RC4 Ciphers profile is not normally used as it is considered insecure. It is provided primarily to maintain connectivity with legacy appliances and similar scenarios.
Certificate Manager The Certificate Manager is used to create, import and manage SSL/TLS X.509 certificates. You can reach this manager through the Certificate Manager button on the SSL Certificate tab of the HTTPS Service properties dialog.
The suggested Certificate Cryptography is :
Public Key Algorithm: RSA Signature Algorithm: SHA256/RSA Key Size: 2048
Self-signed Certificates Self signed certificates will provide encrypted communication and are secure for use however some modern browsers may reject self-signed certificates because they do not provide domain verification.
For more information on Certificates and using the Certificate Manager see: www.mailtraq.com/certificates
HTTPS Service Configuration
This service is used to provide secure web-server or webmail.
1.) In the Console at Options | Services add an HTTPS service from the Services Manager.
The HTTPS service operates on Port 443. Multiple Web Service instances may be configured but each must operate on a different TCP/IP port.
2.) In Options | Websites | General-tab (see right) check the box to enable webmail to listen on Port 443.
3.) In Options | Websites | Application-tab (below-right) select the option for WebMail as an Installable Web Application.
and then [OK] back to the Console
Configure the Certificate
In addition to starting the service, it will also be necessary to configure the Certificate.
You can reach this manager through the Certificate Manager button on the SSL Certificate tab of the HTTPS Service properties dialog. A wizard will step you through the process.
Note: Make sure you have opened your Windows firewall, and any other firewalls, on Port 443 and have set Port Forwarding (Network Address Translation) on your router to direct Port 443 traffic to Mailtraq. |