How to activate TLS for Octeth Email Gateway Inbound SMTP Server

How to activate TLS for Octeth Email Gateway Inbound SMTP Server

How to activate TLS for Octeth Email Gateway Inbound SMTP Server

Octeth has a powerful, high-performance inbound SMTP server for the Email Gateway feature. This SMTP server accepts TLS connections as well. In order to activate TLS with a properly setup SSL certificate, follow these steps.

First, initiate your SSL certificate using Let’s Encrypt or other SSL certificate providers.

  1. SSH into the oempro-app container:
  2. cd /opt/oempro/
    docker exec -ti oempro_app bash
  3. Edit /var/www/html/_dockerfiles/inbound-smtp-server/server.key and set the file content to the private key of the new SSL certificate.
  4. Edit /var/www/html/_dockerfiles/inbound-smtp-server/server.crt and paste the new (1) SSL certificate first, then (2) paste the CA bundle of the SSL certificate.
  5. Edit /var/www/html/_dockerfiles/inbound-smtp-server/config.json and paste these two file paths to Certificate and PrivateKey parameters. Paths must be relative. Here’s an example:
  6. {
      "Debug": false,
      "Listen": [
        ":25"
      ],
      "AppName": "Oempro SMTP Server",
      "Hostname": "test.local",
      "AdminAPIKey": "3b3c98-****-****-****-d3bb6b",
      "EmailMaxSizeKB": 100,
      "SMTPTimeout": 15,
      "Certificate": "./server.crt",
      "PrivateKey": "./server.key",
      "MaxConnectionLimit": 1500,
      "LogFiles": {
        "Connections": "./log_connections.log",
        "Authentications": "./log_authentications.log"
      },
      "OemproAPIUrl": "http://192.168.99.101/api.php"
    }
  7. Rebuild and re-delpoy the inbound SMTP server:
  8. cd /opt/oempro/
    docker-compose build oempro_emailgateway_inbound_smtp
    docker-compose kill oempro_emailgateway_inbound_smtp
    docker-compose up -d oempro_emailgateway_inbound_smtp
  9. Test the TLS connection:
  10. openssl s_client -quiet -starttls smtp -connect your.smtp-server.com:25 # (or 587)
    
    depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
    verify return:1
    depth=1 C = BE, O = GlobalSign nv-sa, CN = AlphaSSL CA - SHA256 - G2
    verify return:1
    depth=0 CN = *.sendlayer.net
    verify return:1
    250 ENHANCEDSTATUSCODES
    ehlo local
    250-smtp.sendlayer.net greets local
    250-SIZE 307200
    250-AUTH LOGIN PLAIN
    250 ENHANCEDSTATUSCODES
    quit
    221 2.0.0 your.smtp-server.com Octeth SMTP Server v1.2 ESMTP Service closing transmission channel
    read:errno=0
⚠️
IMPORTANT: server.crt file must contain the certificate first and then the CA bundle. server.key file must contain the private key only.

The server.crt file structure:

-----BEGIN CERTIFICATE-----
...
****************************************************************
****************************************************************
...
-----END CERTIFICATE----- 

-----BEGIN CERTIFICATE-----
...
****************************************************************
****************************************************************
...
-----END CERTIFICATE-----

The server.key file structure:

-----BEGIN PRIVATE KEY-----
...
****************************************************************
****************************************************************
...
-----END PRIVATE KEY-----
💠
image

Homepage Customer Area Community Portal Contact Us

Footer Social Icons

©Copyright Octeth, Inc. All rights reserved.