With the introduction of v3.5.3, Sonar now supports TLS encryption for Sonar's SMTP service. 


What is TLS Encryption? Like with web browsing and FTP services, SMTP has an encryption function as well. Originally, it ran over TCP port 465 but that was quickly deprecated in favour of using an extended SMTP command to initialise TLS encryption. This allows an unencrypted SMTP connection to become encrypted and prevent future communications from being observed. 


To set up TLS on Sonar, you will need an SSL Certificate. This certificate will need to be uploaded to Sonar for use with Sonar's SMTP Engine. The SSL Certificate will need to be a .pfx (pkcs12 format) and must contain the following information:

  • Passphrase-protected private key
  • Signed Certificate
  • Signing Certificate chain (e.g. the intermediary and root certificates

The SSL Certificate can be uploaded in the GUI, in Network -> Proxies -> SMTP -> Server.

 You also have to make sure that the Server configuration file has the Allow inbound STARTTLS connections for SMTP Mail setting set to true. By default, it is set to false. This can be found under Network -> Proxies -> SMTP -> Settings.

Once these two steps have been done, Sonar's SMTP Engine should be ready to accept inbound TLS-encrypted SMTP Sessions.