4 Replies Latest reply on Jun 12, 2015 3:37 AM by Laszlo G

    USE MEG 7.5 as a relay and StartTLS

    Laszlo G

      Hi all,

       

      I have been using MEG for a while in our organization. It's a cluster working in proxy mode and our computers use it as a relay for outgoing mails.

       

      Until now we have been sending mails through MEG without encryption (port 25) and now want to use the SSL or StartTLS option on thunderbird but there's no way MEG will accept any connetion on port 465 or 587 because we always get a connection refused message.

       

      I have had a look at MEG's config but can't see where to force the appliance to accept outgoing mails on these ports.

       

      Any thoughts?

       

      Greetings.

        • 1. Re: USE MEG 7.5 as a relay and StartTLS
          jmickley

          HI Laszlo,

           

          It sounds like what you are trying to do in thunderbird is authenticate the user account to MEG.  This will not work.  Thunderbird should authenticate to your mail server(Exchange, Domino, etcetera).  Your mail server would then send to the MEG proxy.  Hope this helps.

           

          --Jake

          • 2. Re: USE MEG 7.5 as a relay and StartTLS
            Laszlo G

            Hi jmickley thanks for your answer.

             

            What I'm really looking for now is to use the MEG as a relay from the outside (from Wan). As we have technical limitations using a VPN lan-to-lan we are considering sending outgoing mails through the appliance, as we cannot send them through VPN we are trying to send them through SSL or TLS over WAN.

             

            Is this possible or won't MEG accept SSL/TLS connections from a mail client?

             

            Greetings.

            • 3. Re: USE MEG 7.5 as a relay and StartTLS
              jmickley

              Okay.  I think I understand what you are getting at.  Keep in mind that this is against best practices, but I believe you can do what you are looking for.  In Thunderbird, go to tools > account settings > outgoing server (SMTP).  Highlight and edit the profile for the MEG outbound server.  In the popup, Change the connection security dropdown to STARTTLS.  For the port, change that to 25.  Save the changes and give it a test.  Keep in mind that if you are using a self signed certificate or any other certificate that is not trusted for one reason or another, the first time you attempt to send an email after making this change, you will receive a warning in thunderbird about the certificate not being trusted.  If you want to trust it, then trust it.  You will then have to send the email again after the warning if you decide to trust the cert.  The email will then be delivered using TLS over port 25 to the MEG.  Hope this is what you are looking for.

               

              --jake

              • 4. Re: USE MEG 7.5 as a relay and StartTLS
                Laszlo G

                Hi jmickley thanks, that worked!


                I know it may not be a best practice but we needed to secure communications through WAN until we van put in place a new VPN system.


                Thanks!