Mail Server TLS/SSL Guides

Secure SMTP, IMAP, and POP3 with modern TLS settings. These guides cover STARTTLS, implicit TLS, certificate configuration, DANE, and cipher suite hardening.

Dovecot

Secure IMAP and POP3 mail server.

Exim

Highly configurable SMTP mail transfer agent.

Postfix

High-performance SMTP mail server.

Sendmail

Classic Unix mail transfer agent.

About These Guides

Mail servers present unique TLS challenges: they must interoperate with external servers that may not support modern TLS, while also protecting internal clients. STARTTLS is vulnerable to downgrade attacks unless smtp_tls_security_level = encrypt or equivalent is enforced.

These guides include settings for both inbound and outbound SMTP, IMAP/POP3 for mail clients, and where applicable, DANE (DNS-Based Authentication of Named Entities) for authenticated SMTP using TLSA records.

Configured TLS? Now Monitor It.

Generator Labs alerts you before certificates expire, get revoked, or fail chain validation — across HTTPS, SMTPS, IMAPS, LDAPS, and more.

Start Monitoring →