Secure Sockets Layer (SSL) connections ensure that the data sent between your mail server and your users’ mail clients is encrypted. This allows secure and confidential transport of mail messages across a local network.
SSL transport doesn’t provide secure authentication. It only provides secure transfer from your mail server to your clients. For incoming mail, mail service supports secure mail connections with mail client software that requests them. If a mail client requests an SSL connection, mail service can comply if that option is enabled.
Mail service still provides non-SSL (unencrypted) connections to clients that don’t request SSL. The configuration of each mail client determines whether it connects with SSL or not.
For outgoing mail, mail service supports secure mail connections between SMTP servers. If an SMTP server requests an SSL connection, mail service can comply if that option is enabled. Mail service can still allow non-SSL (unencrypted) connections to mail servers that don’t request SSL.
When mail service is started from the Server app, the default self-signed certificate is used for SSL transport. You can change this to another certificate if needed.
Select Certificates in the Server app sidebar.
Choose Custom from the “Secure services using” pop-up menu.
Choose an available certificate for Mail (SMTP) or Mail (IMAP and POP).
You can designate different certificates or no certificate for incoming (POP and IMAP) and outgoing mail (SMTP).