Difference between revisions of "Configuration Tool"
| [checked revision] | [unchecked revision] |
Rrommelrath (talk | contribs) |
|||
| Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
| − | [[File: | + | [[File:MailStore_Gateway_Configuration_LE_EN.png|right|300px]] |
With the MailStore Gateway Configuration tool administrators can configure basic settings of the MailStore Gateway service. | With the MailStore Gateway Configuration tool administrators can configure basic settings of the MailStore Gateway service. | ||
| Line 24: | Line 24: | ||
* '''Create Self-Signed Certificate'''<br/>A new self-signed certificate can be created and is automatically selected afterwards. Please note that self-signed certificates are neither trusted by other clients, which may lead to warnings on client computers, nor other servers. Therefore, self-signed certificates are suitable for testing purposes only and should be replaced once a system is used in a productions environment. | * '''Create Self-Signed Certificate'''<br/>A new self-signed certificate can be created and is automatically selected afterwards. Please note that self-signed certificates are neither trusted by other clients, which may lead to warnings on client computers, nor other servers. Therefore, self-signed certificates are suitable for testing purposes only and should be replaced once a system is used in a productions environment. | ||
* '''Import from File'''<br/>With this option certificates can be imported from ''Private Information Exchange (*.p12;*.pfx)'' files. The configuration tool will automatically import the certificates into the correct Windows certificate store. Since Private Information Exchange files are password protected, a password must be entered to start the import process. | * '''Import from File'''<br/>With this option certificates can be imported from ''Private Information Exchange (*.p12;*.pfx)'' files. The configuration tool will automatically import the certificates into the correct Windows certificate store. Since Private Information Exchange files are password protected, a password must be entered to start the import process. | ||
| + | * '''Obtain from Let's Encrypt'''<br/>Let's Encrypt is a free, automated, and open certificate authority, trusted by all major web browsers and operating systems. Many large, well known sponsors from the IT industry support Let's Encrypt's effort to help making the internet a safer place. A fully automated certificate approval process eliminates email or phone verification of traditional certificate authorities that often take days. Let's Encrypt certificates are only valid for 90 days and thus need to be renewed regularly. The MailStore Gateway service handles the automatic renewals once the initial configuration is done. | ||
== Management Console Port == | == Management Console Port == | ||
Defines the TCP ports on which MailStore Gateway's Management Console is available. If no other web server is running on the same server, it can safely be changed to the standard HTTPS port 443. | Defines the TCP ports on which MailStore Gateway's Management Console is available. If no other web server is running on the same server, it can safely be changed to the standard HTTPS port 443. | ||
| + | |||
| + | == Let's Encrypt Port == | ||
| + | This port is used temporarily when requesting or renewing certificates from Let's Encrypt. | ||
== Log Level == | == Log Level == | ||
Revision as of 14:36, 25 February 2022
With the MailStore Gateway Configuration tool administrators can configure basic settings of the MailStore Gateway service.
The tool is started automatically during the initial installation process; it can be started manually through the corresponding desktop icon or start menu link.
E-Mail Domain
This value specifies the domain part of each MailStore Gateway mailbox email address (i.e. <mailbox-id>@<e-mail domain> ).
If MailStore Gateway should receive emails from other email servers (e.g. Microsoft Office 365, Google G Suite, etc.), the configured e-mail domain must be resolvable through DNS.
Example: If the primary domain is example.com and MailStore Gateway should receive emails, a DNS record like msgw.example.com needs to be created in the DNS zone example.com. The record must point to a public IP address on which MailStore Gateway is reachable. In MailStore Gateway the value of E-Mail Domain would be set to msgw.example.com. If MailStore Gateway is located behind a NAT router or firewall, additional configuration may be needed. Refer to Firewall Configuration for further details.
Certificate
MailStore Gateway uses TLS certificates to establish encrypted communication channels with clients and other servers.
Administrators can choose from the following options which certificate MailStore Gateway should use:
- Select from Certificate Store
A certificate can be selected from the Windows certificate store. Please note that the Personal certificate store of the computer account is used, not the store of the current Windows user. - Create Self-Signed Certificate
A new self-signed certificate can be created and is automatically selected afterwards. Please note that self-signed certificates are neither trusted by other clients, which may lead to warnings on client computers, nor other servers. Therefore, self-signed certificates are suitable for testing purposes only and should be replaced once a system is used in a productions environment. - Import from File
With this option certificates can be imported from Private Information Exchange (*.p12;*.pfx) files. The configuration tool will automatically import the certificates into the correct Windows certificate store. Since Private Information Exchange files are password protected, a password must be entered to start the import process. - Obtain from Let's Encrypt
Let's Encrypt is a free, automated, and open certificate authority, trusted by all major web browsers and operating systems. Many large, well known sponsors from the IT industry support Let's Encrypt's effort to help making the internet a safer place. A fully automated certificate approval process eliminates email or phone verification of traditional certificate authorities that often take days. Let's Encrypt certificates are only valid for 90 days and thus need to be renewed regularly. The MailStore Gateway service handles the automatic renewals once the initial configuration is done.
Management Console Port
Defines the TCP ports on which MailStore Gateway's Management Console is available. If no other web server is running on the same server, it can safely be changed to the standard HTTPS port 443.
Let's Encrypt Port
This port is used temporarily when requesting or renewing certificates from Let's Encrypt.
Log Level
The Log Level defines how much information MailStore Gateway logs into its log files. The default settings is Information which should not be changed unless troubleshooting is required.
Apply Configuration Changes
After the configuration of MailStore Gateway has been changed, the changes must be written to the configuration file by clicking on Apply. Otherwise the changed settings will not be used when starting the MailStore Gateway service.
Starting the MailStore Gateway Service
By clicking the Start Service button, the MailStore Gateway service will be started. Changes to the configuration must be applied first, otherwise a warning is issued. This button is only available if the service is currently stopped.
Stopping the MailStore Gateway Service
By clicking the Stop Service button, the MailStore Gateway service will be stopped. Changes to the configuration can only be made while the service is stopped. This button is only available if the service is currently running.
