Email servers are an often forgotten but very important infrastructure component. Even if the website is SSL protected, if the email server works without encryption, user passwords and letters are transmitted over the network in plain text. This is an open treasure trove for hackers. All SMTP, IMAP, and POP3 protocols support TLS encryption, and this function must be enabled on modern mail servers. There are two approaches: STARTTLS and implicit TLS, both providing the same level of security but technically slightly different.
SSL configuration for Postfix SMTP
Postfix is the most frequently used SMTP server on Linux. To install an SSL certificate, several parameters in the main.cf file must be changed. The smtpd_tls_cert_file parameter specifies the certificate file path, smtpd_tls_key_file specifies the private key path. The smtpd_use_tls and smtpd_tls_security_level parameters must also be configured correctly. Certificates are usually obtained using Let's Encrypt, and for use with Postfix, the fullchain.pem and privkey.pem files are specified.
SSL for Dovecot IMAP and POP3
Dovecot is a popular server for IMAP and POP3 protocols. Its configuration is done in the 10-ssl.conf file, usually located in the etc dovecot conf.d directory. The ssl parameter is set to yes or required, and ssl_cert and ssl_key parameters specify paths to the certificate and key. The required value is the most secure, completely prohibiting unencrypted connections.
Ports for SMTP, IMAP, and POP3
Several standard ports exist for email protocols. For SMTP: port 25 for server communication, port 587 for client sending with STARTTLS, port 465 with implicit TLS. For IMAP: port 143 with STARTTLS, port 993 with implicit TLS. For POP3: port 110 with STARTTLS, port 995 with implicit TLS.
Sayt.uz practice
Sayt.uz hosting packages include professional email service as standard, and all mail servers are equipped with Let's Encrypt SSL certificates. 99.3 percent of mailboxes come free with standard hosting, additional mailboxes from 9 thousand soum. Corporate email service from 49 thousand soum. Migration from other services is performed free of charge.