Hexamail Vault Administration Guide - SMTP Server - Security

Security

Security settings for receiving mail

Security

   Authentication

Allow Authentication
This allows clients to authenticate using a configured user and thereafter perform authenticated operatiosn as per your configuration. This is useful in preventing unauthorized use of your mail server system to relay spam to other companies, an activity that can get your company blacklisted on Open Relay Databases. In order to use this setting you MUST also add users or mailboxes. Turning off this setting will prevent authentication attempts using a configured user or mailbox on this SMTP server
Example interface
On/Off
true
Allow Authentication
This allows clients to authenticate usign a configured login and thereafter perform authenticated operatiosn as per your configuration. This is useful in preventing unauthorized use of your mail server system to relay spam to other companies, an activity that can get your company blacklisted on Open Relay Databases. In order to use this setting you MUST also add authentication users. Turning off this setting will prevent authentication attempts using a configured login on this SMTP server
Example interface
On/Off
true
Username
You can insist that clients must be authenticated using LOGIN before allowing them to proceed with sending or relaying email (see settings above), or you can allow users who do authenticate to bypass any Allowed Relay IP address checks specified in the Relay page. If users authenticate their login is verified against username password pairs in this list. It is usually necessary to only add one or two logins and use them for all users: in this way you reduce maintenance of password lists. NOTE that this login has nothing to do with users receiving their email so security is not compromized. These logins are merely to authenticate that your user belongs to your organization and should be allowed to relay and send email through your Hexamail Vault server.
Example interface
MyUser1:MyPassword

Configuring Outlook Clients to use SMTP authentication to send

If you have setup logins in the Authentication Users list you need to configure your user's Email clients to send the authentication login when connecting to and sending email via Hexamail Vault.

In Outlook clients select the properties for the Email Account and go to the 'Servers' page/tab. Ensure your outgoing server is set to be the Hexamail Vault server and then check the 'My server requires authentication' checkbox. Next, click the Settings button to the right of the checkbox.
In the Outgoing Mail Server configuration box choose 'Log on using' and then specify the username and password you have added to the list of Authentication Users in Hexamail Vault. Choose 'Remember Password' to save users having to retype the password to send every email. DO NOT select 'Log on using Secure Password Authentication' as this is a proprietary Microsoft protocol.
Advanced...
Advanced authentication settings

   Encryption

SSLPortEnable
You can optionally enable this protocol over a secure channel using SSL. If you do not specify a certificate name using the SSLCertificate configuration parameter in the config file (.cfg) one will be created automatically for you. However, as this is an auto-created certificate it will not be signed by a certification authority and may cause warnings in the clients used to connect to this server. If the users of the clients accept the warnings, then SSL can be used immediately. If you do not wish users to see these warnings you need to obtain and install a valid, signed, SSL certificate for your server from a provider such as Thawte, or Verisign. You must then specify the certificate name in the SSLCertificate parameter of the configuration file.
Example interface
On/Off
false
STARTTLS
If SSL is enabled you can also enable STARTTLS which allows secured encrypted communication over the standard SMTP port. Connceting clients and servers will see this feature advertised in the EHLO response and be able to initiate a secure connection using the STARTTLS protocol
Example interface
On/Off
on