Google and other providers have recently started branding web interfaces as unsafe if they don't don't meet certain security requirements, not simply because malicious content is detected coming from the site. These security requirements could cause your site to be flagged as insecure, even if it doesn't contain malicious content. As such, System Administrators may wish to force all webmail traffic over HTTPS, rather than the default HTTP. This is a three-step process that includes a.) installing a valid SSL certificate on the server, b.) setting up SmarterMail in IIS and c.) enabling the setting within SmarterMail for each domain where you want to enforce HTTPS access.
a.) Install SSL Certificate
A valid SSL certificate will need to be in place for each site that should force traffic over HTTPS. For more information on configuring SSL to secure SmarterMail, visit configure-ssl-tls-to-secure-smartermail.aspx
. For instructions on installing the certificate on the SmarterMail server, please contact your certificate provider.
b.) Set up SmarterMail in IISFor more information on setting up SmarterMail as an IIS site, please follow the links below, which provide step-by-step instructions depending on the IIS version you're using:
c.) Enable the SmarterMail SettingFollow these steps to enable the HTTPS setting within SmarterMail. Forcing HTTPS is done on a domain-by-domain basis, so these steps would need to be followed for any domain where you want the setting enabled:
- Log into SmarterMail as a System Administrator.
- Click the Manage icon.
- Select the domain where you want the setting enabled.
- That domain's general settings will load in the content pane.
- On the Security card, enable Force all traffic over HTTPS.
- Click Save. When a visitor navigates to your SmarterMail site, their connection will automatically use HTTPS.
NOTE: It's also possible to make this a Domain Default, and then propagate the setting to all domains on the server. This will eliminate the need to do this per domain.
Disabling HTTPS TrafficIn the event that you no longer wish to force traffic over HTTPS, simply uncheck the Force all traffic over HTTPS setting on a per domain basis, or uncheck that setting in Domain Defaults are re-propagate to all domains.