TLS support (Incoming/Outgoing emails)
Metadefender Email can both receive and send emails using TLS encryption for increased security. Refer to the sections below to enable TLS for incoming and/or outgoing emails.
Prerequisite
-
OpenSSL 32-bit
Incoming TLS support
Follow the instrutions below if you want to enable TLS encryption for incoming emails.
I have a pcks#12 certificate:
For these steps you will need a pcks#12 certificate file (.pfx).
If you don't have a certificate .pfx file, refer to Export a certificate for instructions how to export a certificate to a .pfx file.
-
Ensure that OpenSSL is installed. If you do not have OpenSSL installed, it can be downloaded from here: https://slproweb.com/products/Win32OpenSSL.html (unofficial distribution)
Note: Metadefender Email requires that the OPENSSL_CONF system environment variable is set (normally this is done automatically when installing OpenSSL) -
Open an administrator command prompt and navigate to the Mail Agent folder (default: C:\Program Files (x86)\OPSWAT\Metadefender Mail Agent)
-
Type the following command:
enableTls.exe -i -b "<path to .pfx>" -j "<certificate password>"
(Replace <path to .pfx> with the path to your .pfx certificate file. -j parameter can be omitted if the certificate is not password protected)
-
The certificate is imported and TLS settings automatically updated:
C:\Program Files (x86)\OPSWAT\Metadefender Mail Agent>enableTls.exe -i -b "<path to .pfx>" -j "<certificate password>"
Reading Mail Agent settings...
Updating settings...
Mail Agent settings updated successfully
Metadefender Email will now accept TLS encryption when receiving emails.
I have a pcks#8 certificate:
For these steps you will need a certificate file and a private key file (pcks#8).
-
Ensure that OpenSSL is installed. If you do not have OpenSSL installed, it can be downloaded from here: https://slproweb.com/products/Win32OpenSSL.html (unofficial distribution)
Note: Metadefender Email requires that the OPENSSL_CONF system environment variable is set (normally this is done automatically when installing OpenSSL) -
Open an administrator command prompt and navigate to the Mail Agent folder (default: C:\Program Files (x86)\OPSWAT\Metadefender Mail Agent)
-
Type the following command:
enableTls.exe -i -y "<path to certificate file>" -z "<path to private key file>"
(Replace <path to certificate file> with the path to your certificate file and <path to private key file> with with the path to your private key file)
-
The certificate and private key and imported and TLS settings automatically updated:
C:\Program Files (x86)\OPSWAT\Metadefender Mail Agent>enableTls.exe -i -y "<path to certificate file>" -z "<path to private key file>"
Reading Mail Agent settings...
Updating settings...
Mail Agent settings updated successfully
Metadefender Email will now accept TLS encryption when receiving emails.
I want to use a self-signed certificate:
Follow these steps if you wish to use a self-signed certificate.
-
Ensure that OpenSSL is installed. If you do not have OpenSSL installed, it can be downloaded from here: https://slproweb.com/products/Win32OpenSSL.html (unofficial distribution)
Note: Metadefender Email requires that the OPENSSL_CONF system environment variable is set (normally this is done automatically when installing OpenSSL) -
Open an administrator command prompt and navigate to the Mail Agent folder (default: C:\Program Files (x86)\OPSWAT\Metadefender Mail Agent)
-
Type the following command:
enableTls.exe -i -e -d 365 -c US -s "California" -l "San Francisco" -o "Company"
Replace any of the following parameters with desired values:
-d = Number of days the certificate is valid
-c = Country code (2 letter ISO)
-s = State/District
-l = City
-o = Company name -
A new certificate is generated and TLS settings automatically updated:
C:\Program Files (x86)\OPSWAT\Metadefender Mail Agent>enableTls.exe -i -e -d 365
-c US -s "California" -l "San Francisco" -o "Company"
Reading Mail Agent settings...
Generating a 4096 bit RSA private key
............++
..............................................................................++
writing new private key to 'tls_key.pem'
-----
Updating settings...
Mail Agent settings updated successfully
Metadefender Email will now accept TLS encryption when receiving emails.
Outgoing TLS support
To enable outgoing TLS encryption, do the following:
-
Ensure that OpenSSL is installed. If you do not have OpenSSL installed, it can be downloaded from here: https://slproweb.com/products/Win32OpenSSL.html (unofficial distribution)
Note: Metadefender Email requires that the OPENSSL_CONF system environment variable is set (normally this is done automatically when installing OpenSSL) -
Open an administrator command prompt and navigate to the Mail Agent folder (default: C:\Program Files (x86)\OPSWAT\Metadefender Mail Agent)
-
Type the following command:
enableTls.exe -g -r "<mail_server>" -m 587 -q "<username>" -w "<password>"
Replace any of the following parameters with desired values:
-r = Email relay out SMTP server name
-m = Email relay out SMTP server port
-q = Email relay out SMTP authentication user name. (Omit if no authentication is used)
-w = Email relay out SMTP authentication password. (Omit if no authentication is used)
-
TLS settings are automatically updated:
C:\Program Files (x86)\OPSWAT\Metadefender Mail Agent>enableTls.exe -g
Reading Mail Agent settings...
Updating settings...
Mail Agent settings updated successfully
Metadefender Email will now use TLS when forwarding emails to your mailserver/gateway.
To enable both incoming and outgoing TLS, the parameters should be combined, for example:
enableTls.exe -i -b "<path to .pfx>" -j "<certificate password>" -g -r "<mail_server> -m 587 -q "<username>" -w "<password>"
For a complete list of available command line parameters, type: enableTls.exe -h