TLS support (Incoming/Outgoing emails)

Metadefender Email can both receive and send emails using TLS encryption for increased security. Refer to the sections below to enable TLS for incoming and/or outgoing emails.

Prerequisite

  • OpenSSL 32-bit

Incoming TLS support

Follow the instrutions below if you want to enable TLS encryption for incoming emails.

I have a pcks#12 certificate:

For these steps you will need a pcks#12 certificate file (.pfx).

If you don't have a certificate .pfx file, refer to Export a certificate for instructions how to export a certificate to a .pfx file.

  1. Ensure that OpenSSL is installed. If you do not have OpenSSL installed, it can be downloaded from here: https://slproweb.com/products/Win32OpenSSL.html (unofficial distribution)
    Note: Metadefender Email requires that the OPENSSL_CONF system environment variable is set (normally this is done automatically when installing OpenSSL)

  2. Open an administrator command prompt and navigate to the Mail Agent folder (default: C:\Program Files (x86)\OPSWAT\Metadefender Mail Agent)

  3. Type the following command:

    enableTls.exe -i -b "<path to .pfx>" -j "<certificate password>"

    (Replace <path to .pfx> with the path to your .pfx certificate file. -j parameter can be omitted if the certificate is not password protected)

  4. The certificate is imported and TLS settings automatically updated:

    C:\Program Files (x86)\OPSWAT\Metadefender Mail Agent>enableTls.exe -i -b "<path to .pfx>" -j "<certificate password>"
    Reading Mail Agent settings...
    Updating settings...
    Mail Agent settings updated successfully

    Metadefender Email will now accept TLS encryption when receiving emails.

I have a pcks#8 certificate:

For these steps you will need a certificate file and a private key file (pcks#8).

  1. Ensure that OpenSSL is installed. If you do not have OpenSSL installed, it can be downloaded from here: https://slproweb.com/products/Win32OpenSSL.html (unofficial distribution)
     Note: Metadefender Email requires that the OPENSSL_CONF system environment variable is set (normally this is done automatically when installing OpenSSL)

  2. Open an administrator command prompt and navigate to the Mail Agent folder (default: C:\Program Files (x86)\OPSWAT\Metadefender Mail Agent)

  3. Type the following command:

    enableTls.exe -i -y "<path to certificate file>" -z "<path to private key file>"

    (Replace <path to certificate file> with the path to your certificate file and <path to private key file> with with the path to your private key file)

  4. The certificate and private key and imported and TLS settings automatically updated:

    C:\Program Files (x86)\OPSWAT\Metadefender Mail Agent>enableTls.exe -i -y "<path to certificate file>" -z "<path to private key file>"
    Reading Mail Agent settings...
    Updating settings...
    Mail Agent settings updated successfully

    Metadefender Email will now accept TLS encryption when receiving emails.

I want to use a self-signed certificate:

Follow these steps if you wish to use a self-signed certificate.

  1. Ensure that OpenSSL is installed. If you do not have OpenSSL installed, it can be downloaded from here: https://slproweb.com/products/Win32OpenSSL.html (unofficial distribution)
     Note: Metadefender Email requires that the OPENSSL_CONF system environment variable is set (normally this is done automatically when installing OpenSSL)

  2. Open an administrator command prompt and navigate to the Mail Agent folder (default: C:\Program Files (x86)\OPSWAT\Metadefender Mail Agent)

  3. Type the following command:

    enableTls.exe -i -e -d 365 -c US -s "California" -l "San Francisco" -o "Company"

    Replace any of the following parameters with desired values:
    -d = Number of days the certificate is valid
    -c = Country code (2 letter ISO)
    -s = State/District
    -l = City
    -o = Company name

  4. A new certificate is generated and TLS settings automatically updated:

    C:\Program Files (x86)\OPSWAT\Metadefender Mail Agent>enableTls.exe -i -e -d 365
    -c US -s "California" -l "San Francisco" -o "Company"
    Reading Mail Agent settings...
    Generating a 4096 bit RSA private key
    ............++
    ..............................................................................++
     
    writing new private key to 'tls_key.pem'
    -----
    Updating settings...
    Mail Agent settings updated successfully

    Metadefender Email will now accept TLS encryption when receiving emails.

Outgoing TLS support

To enable outgoing TLS encryption, do the following:

  1. Ensure that OpenSSL is installed. If you do not have OpenSSL installed, it can be downloaded from here: https://slproweb.com/products/Win32OpenSSL.html (unofficial distribution)
     Note: Metadefender Email requires that the OPENSSL_CONF system environment variable is set (normally this is done automatically when installing OpenSSL)

  2. Open an administrator command prompt and navigate to the Mail Agent folder (default: C:\Program Files (x86)\OPSWAT\Metadefender Mail Agent)

  3. Type the following command:

    enableTls.exe -g -r "<mail_server>" -m 587 -q "<username>" -w "<password>"

    Replace any of the following parameters with desired values:
    -r = Email relay out SMTP server name
    -m = Email relay out SMTP server port
    -q = Email relay out SMTP authentication user name. (Omit if no authentication is used)
    -w = Email relay out SMTP authentication password. (Omit if no authentication is used)

  4. TLS settings are automatically updated:

    C:\Program Files (x86)\OPSWAT\Metadefender Mail Agent>enableTls.exe -g
    Reading Mail Agent settings...
    Updating settings...
    Mail Agent settings updated successfully

    Metadefender Email will now use TLS when forwarding emails to your mailserver/gateway.

To enable both incoming and outgoing TLS, the parameters should be combined, for example: 

enableTls.exe -i -b "<path to .pfx>" -j "<certificate password>" -g -r "<mail_server> -m 587 -q "<username>" -w "<password>"

For a complete list of available command line parameters, type: enableTls.exe -h