Other Protocols
The Protocols page lets system administrators configure settings for all mail server protocols: POP, IMAP, EWS, LDAP, and XMPP, as well as related security options such as allowed TLS/SSL versions. These settings determine how SmarterMail processes messages sent and received through each protocol.
POP
Use this card to specify the following POP settings. Note that the banner, timeout, bad command, and max connection settings below govern SmarterMail's own POP3 server — that is, how it behaves when a POP3 email client (such as Outlook or Thunderbird) connects directly to SmarterMail to retrieve mail. The retrieval thread and retrieval interval settings are different: they control how SmarterMail itself polls external POP3 mailboxes that a user has linked into their account (configured under User > Settings > Connectivity, using externally-linked POP accounts), pulling mail from those outside accounts into SmarterMail on a schedule.
- POP Banner - The text that is displayed when initially connecting to the port. By default, the banner is “POP3 server ready”.
- Command Timeout (Minutes) - If the server receives a command that sends large amounts of data but the data stops coming in for this number of minutes, the command will be aborted. By default, the command times out after 5 minutes.
- Max Bad Commands - After this many unrecognized or improper commands, a connection will be automatically terminated. By default, the maximum number of bad commands is 8.
- Max Connections (0 = Unlimited) - Some protocols in SmarterMail allow you to specify the maximum number of connections. Increasing this value allows SmarterMail to handle more connections of that type at once, but results in higher CPU and memory utilization. By default, the maximum number of connections is 500. For example, on a resource-constrained VPS or small VM, an administrator might lower this value (e.g., to 100) to prevent a burst of POP connections from exhausting available memory or CPU.
- Max POP Retrieval Threads - SmarterMail is multithreaded, meaning it can do more than one thing at a time. This setting is for the maximum number of threads you want SmarterMail to work on concurrently when retrieving mail from externally-linked POP accounts. By default, the maximum number of POP retrieval threads is 10. An administrator hosting a domain where hundreds of users have linked external POP mailboxes (such as a Gmail or Yahoo account) that all need to be checked frequently might raise this value so that more of those external mailboxes can be polled in parallel, reducing the delay before newly-arrived external mail shows up in SmarterMail.
- POP Retrieval Interval (Minutes) - The frequency by which SmarterMail checks externally-linked POP accounts for new messages. By default, the POP retrieval interval is 10 minutes.
- Disable insecure auth methods for non-SSL authentication - When enabled, and the client is not already connected over SSL/TLS, SmarterMail removes the SASL PLAIN mechanism and the plain-text USER/PASS command pair from the list of authentication options it advertises, leaving only SASL NTLM (a challenge-response mechanism that never sends the password in the clear). In practice, this means a POP client configured to authenticate with a plain-text username and password over an unencrypted connection will be unable to log in until it either connects over SSL/TLS or uses an NTLM-capable authentication method.
IMAP
Use this card to specify the following IMAP settings:
- IMAP Banner - The text that is displayed when initially connecting to the port. By default, the
banner is “IMAP4rev1 SmarterMail”. The banner supports the use of the following variables, which
will be replaced with their corresponding values:
- #HostName#: The hostname grabbed from the URL connected to by the client.
- #ConnectedIP#: The IP address of the client connecting to the mail account.
- #Time#: The current time in the server's timezone. (E.g., Thu, 06 Jan 2022 10:07:54 -07:00)
- #UnixTime#: The current server time translated to a Unix timestamp. (E.g., 1641488874)
- #TimeUTC#: The current server time translated to UTC. (E.g., Thu, 06 Jan 2022 17:07:54 +0000)
- Command Timeout (Minutes) - If the server receives a command that sends large amounts of data but the data stops coming in for this number of minutes, the command will be aborted. By default, the command times out after 30 minutes.
- Max Bad Commands - After this many unrecognized or improper commands, a connection will be automatically terminated. By default, the maximum number of bad commands is 8.
- Max Connections (0 = Unlimited) - Some protocols in SmarterMail allow you to specify the maximum number of connections. Increasing this value allows SmarterMail to handle more connections of that type at once, but results in higher CPU and memory utilization. By default, the maximum number of connections is 1000.
- Max IMAP Retrieval Threads - The maximum number of threads you want SmarterMail to work on concurrently. By default, the maximum number of IMAP retrieval threads is 10.
- IMAP Retrieval Interval (Minutes) - The frequency by which SmarterMail checks for new IMAP messages. By default, the IMAP retrieval interval is 10 minutes.
- Enable IDLE Command - IMAP IDLE is an extension of the IMAP protocol that lets SmarterMail push status
updates to a connected client in near real time, rather than the client having to repeatedly poll the server
with new commands to check for changes. Through IMAP IDLE, users can maintain an open connection with the
mail server via any mail client that supports IMAP IDLE, allowing them to be instantly aware of any changes
or updates, such as new mail arriving. When enabled, SmarterMail will advertise the IDLE command in its
capability response to any connecting IMAP client.
Note: IMAP clients that do not fully support IMAP IDLE, like Microsoft Outlook, may open and close the IDLE connection repeatedly (issuing frequent reconnect and re-IDLE cycles) rather than holding it open as intended. This behavior increases the number of active connections and commands the server has to process and can actually hinder performance rather than help it, so administrators supporting mostly Outlook clients may want to evaluate whether enabling IDLE provides a net benefit for their server load.
- Disable insecure auth methods for non-SSL authentication - When enabled, and the client is not already connected over SSL/TLS, SmarterMail advertises LOGINDISABLED in its capability response (per RFC 2595) and removes the AUTH=PLAIN and AUTH=CRAM-MD5 mechanisms, leaving only AUTH=NTLM. This blocks the plain-text LOGIN command as well as PLAIN- and CRAM-MD5-based SASL authentication over unencrypted connections, so an IMAP client configured for plain-text login on a non-SSL port will fail to authenticate until it switches to SSL/TLS or an NTLM-capable authentication method.
EWS
Exchange Web Services (EWS) is the protocol Microsoft Outlook and other EWS-aware clients use for autodiscovery, folder synchronization, and free/busy lookups when they aren't using MAPI or ActiveSync. SmarterMail implements an EWS-compatible endpoint so that these clients can connect and sync mail, calendar, and contact data without needing a native SmarterMail client plugin. Use this card to specify the following EWS settings:
- Max EWS Retrieval Threads - The total number of threads used to process EWS requests. By default, the maximum number of EWS retrieval threads is 10.
- EWS Retrieval Interval (Minutes) - How often EWS requests are processed by SmarterMail. By default, the EWS retrieval interval is 10 minutes.
LDAP (Enterprise Only)
| This feature is only available to administrators using SmarterMail Enterprise. |
SmarterMail Enterprise exposes an LDAP interface so that LDAP-aware clients and address books can query a domain's Global Address List and shared contacts using standard directory lookups, rather than requiring a SmarterMail-specific API integration. Use this card to specify the following LDAP settings:
- Session Timeout (Seconds) - After a connection fails to respond or issue new commands for this number of seconds, the connection will be closed. By default, the session times out after 300 seconds. This governs how long an idle, otherwise-open LDAP connection is allowed to sit before SmarterMail tears it down — for example, an address book client that binds once and then leaves the connection open between occasional lookups will be disconnected after 5 minutes of inactivity.
- Command Timeout (Seconds) - If the server receives a command that sends large amounts of data and the data stops coming in for this number of seconds, the command will be aborted. By default, the command times out after 120 seconds. This applies while a specific LDAP operation, such as a large directory search, is actively in progress but stalls partway through — a slower or higher-latency client link performing a large search might need this value raised so the operation isn't aborted prematurely.
XMPP (Enterprise Only)
| This feature is only available to administrators using SmarterMail Enterprise. |
XMPP (Extensible Messaging and Presence Protocol) is the protocol behind SmarterMail Enterprise's built-in chat feature, handling real-time messaging and presence (online/away/offline status) between users, and allowing connections from third-party XMPP-compatible chat clients. Use this card to specify the following XMPP settings:
- Max Connections (0 = Unlimited) - Some protocols in SmarterMail allow you to specify the maximum number of connections. Increasing this value allows SmarterMail to handle more connections of that type at once, but results in higher CPU and memory utilization. By default, the maximum number of connections is 1000. Because chat clients typically hold a persistent XMPP connection open for as long as a user is signed in (rather than connecting briefly like POP or IMAP), a domain with a large number of simultaneously active chat users may need this value raised to avoid new sessions being refused.
Security Protocols
SSL and TLS are security protocols that encrypt the transmission of data, allowing users to access their email without the fear that someone has intercepted their data during transit. Use this card to modify the security protocols that are allowed to connect to your mail server.
- System Defaults - Use System Defaults to let the underlying operating system and .NET/TLS stack choose which protocol version to negotiate, rather than SmarterMail enforcing a specific list. In practice, this means the effective set of allowed protocols follows whatever is enabled at the OS level (for example, via Windows Schannel/registry TLS configuration), and any protocol versions the OS itself considers insecure are blocked. This is enabled by default.
- SSL 3.0 - Enable this setting to allow inbound and outbound connections to your mail server over SSL
3.0.
Note: Allowing connections over SSL 3.0 is not recommended. This protocol has been deprecated by the IETF and is vulnerable to the POODLE attack, which allows an attacker positioned on the network path to decrypt portions of supposedly-encrypted traffic by exploiting SSL 3.0's padding scheme in block-cipher (CBC) modes.
- TLS 1.0 - Enable this setting to allow inbound and outbound connections to your mail server over TLS
1.0.
Note: Allowing connections over TLS 1.0 is not recommended. This protocol has been deprecated by the IETF and is vulnerable to attacks such as BEAST, which can exploit weaknesses in how TLS 1.0 chains CBC-mode block cipher operations to recover portions of encrypted data.
- TLS 1.1 - Enable this setting to allow inbound and outbound connections to your mail server over TLS 1.1.
- TLS 1.2 - Enable this setting to allow inbound and outbound connections to your mail server over TLS 1.2. It is recommended that TLS 1.2, at the very least, is enabled.
- TLS 1.3 - Enable this setting to allow inbound and outbound connections to your mail server over TLS 1.3. Allowing connections via TLS 1.3 ONLY is strongly encouraged.