Encrypting mail sent between a client and a server using SSL is such a good idea, it should be the default on every mail server. And it probably would be, except for the detail that each server needs its own customized SSL certificate — preferably signed by a well-known certificate authority — and these can cost money and require a few extra steps to install and configure. Although you can use a self-signed certificate that you create yourself for free, this requires all your users to jump through extra hoops to convince their email clients to trust the certificate. But this minor inconvenience is well worth it for the security it provides for your users. With SSL in place, users can safely send and receive email without worrying that someone else could intercept their communication, even if they're using an open Wi-Fi hotspot.
As a reminder, using SSL encrypts messages only while they're in transit. They're still stored in cleartext on the server's hard drive as well as on the client device, unless users encrypt them separately using software such as PGP.
For more on the client side of using SSL as well as encrypting email end-to-end with PGP and other software, see Chapter 9. For more on how to obtain and install SSL certificates — a prerequisite to the steps that follow — see Chapter 27.
To configure the mail server to use SSL, follow these steps:
Open Server Admin, which is located in /Applications/Server.
In the sidebar on the left, select your ...