O'Reilly logo

Mac® Security Bible by Joe Kissell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

28.3. Using SSL for Email

Encrypting mail sent between a client and a server using SSL is such a good idea, it should be the default on every mail server. And it probably would be, except for the detail that each server needs its own customized SSL certificate — preferably signed by a well-known certificate authority — and these can cost money and require a few extra steps to install and configure. Although you can use a self-signed certificate that you create yourself for free, this requires all your users to jump through extra hoops to convince their email clients to trust the certificate. But this minor inconvenience is well worth it for the security it provides for your users. With SSL in place, users can safely send and receive email without worrying that someone else could intercept their communication, even if they're using an open Wi-Fi hotspot.

As a reminder, using SSL encrypts messages only while they're in transit. They're still stored in cleartext on the server's hard drive as well as on the client device, unless users encrypt them separately using software such as PGP.

NOTE

For more on the client side of using SSL as well as encrypting email end-to-end with PGP and other software, see Chapter 9. For more on how to obtain and install SSL certificates — a prerequisite to the steps that follow — see Chapter 27.

To configure the mail server to use SSL, follow these steps:

  1. Open Server Admin, which is located in /Applications/Server.

  2. In the sidebar on the left, select your ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required