S/MIME

Pro

S/MIME is a technology that can verify the validity of the sender of the email (from address) and the mail body. The sender purchases a digital certificate (S/MIME certificate) for the email address issued by a third party and signs the sending email using this certificate. The signature given to the email is verified by email software such as OutLook, and if the email is sent by a legitimate sender,a mark such as ribbon will be displayed.

Customers Mail Cloud provides a function that can add S/MIME signatures to emails sent via mail relay or API. You can send S/MIME signed emails by registering the S/MIME certification in the management console.

To use S/MIME, It is required to subscribe to the S/MIME option.
S/MIME allows senders and recipients to encrypt emails by exchanging public keys with each other but Customers Mail Cloud does not provide encryption function.
It is required to receive S/MIME signed emails by email software such as Outlook that can compatible with S/MIME. If the sender send S/MIME signed emails with a software or smartphone that is not compatible with S/MIMES, the mail content may not be displayed correctly.
Customers Mail Cloud provides a function that controls S/MIME signatures for each domain. Therefore to send emails to a domain that is not compatible with S/MIME,you can send it without giving it an S/MIME signature.
Emails forwarded by BCC will not be signed by S/MIME If intelligent BCC is set in "server settings" -> "advance settings" of the server composite.

Purchasing the certificate

The S/MIME certificate must be purchased from a third party that issues the certificate. Customers Mail Cloud is compatible with the following S/MIME certificates.

symantec secure mail ID

GMO global sign S/MIME certificate

secom trust systems secom passport

If you are using a different S/MIME certificate other than the above, we will verify the operation.Please contact our support center.

Registering the certification

Register the S/MIME certificate in the management console.


preparing pkcs12 format file

To register the purchased S/MIME certificate in the management console, you need to create a pkcs12 format file containing the private key from the certificate. Follow the steps below to create a pkcs12 format file.

Symantec

about the procedure for exporting the installed secure email ID

GMO global sign

for getting a client certificate

Secom trust systems

Please contact the issuer of the certificate.

Please contact the issuer of the certificate for more information about how to create a pkcs12 format file.


Uploading the pkcs12 format file

Login to management console and click the S/MIME settings tab.

Click the add button.

S/MIME settings dialog

Input the below items.

Item       Required Description
mail address Yes Input the From address.It must be the same email addres as included in the S/MIME certificate you are registering.
secret key(password) Yes Input the secret key for the S/MIME certificate you are registering.This value will be stored in the management console after AES encrypted.
Certificate File Yes Upload the pkcs12 formatted S/MIME certificate.

When you click the save button S/MIME certificate will be saved in the management console.


Operate S/MIME certificates

Click the server composition tab on the management console.

Click the server composition link that operates the S/MIME certificate.

Click the S/MIME settings at the left menu of server settings dialog.

server settings->S/MIME settings

A list of operable S/MIME certificates will be displayed.

Mark as checked the S/MIME certificate that operates in this server configuration

Click the save button.


Reflecting settings to the mail server

Once you reflect settings to the mail server, S/MIME operation will start.


Updating the certificate

S/MIME certificates have an expiration date and you specify one or two years when you purchase the certificate. Since expired S/MIME certificates cannot be used,you must renew the S/MIME certificate before it expires.


Issuing a new certificate from the issuer

The issuer will inform you to renew the certificate before it expires. New certificate according to the instructions will be issued. Create a pkcs12 format file from the newly issued certificate by following the same procedure as when registering.


Updating the certificate

Login to management console and click the S/MIME settings tab. Click the link for the email address to renew your S/MIME certificate From the S/MIME list screen.

updating S/MIME certificate

Input the secret key (password) and pcks12 format file created from the updated certificate.

Click the save button.


Reflecting the settings to the mail server

Once this is reflected settings in the mail server, the updated S/MIME certificate will start to operate.

If you send an email after your S/MIME certificate has expired Customers Mail Cloud rejects mail relay in response to the SMTP error "451 S/MIME certificate is expired".

Deleting the certificate

You can stop the operetaion of S/MIME and delete the S/MIME certificate from management console.


Stopping the opeartion of S/MIME

Click the server composition tab at the management console.

Click the server composition link that stops the operation of S/MIME.

Click the S/MIME settings in the left menu of the server settings dialog.

A list of operable S/MIME certificates will be displayed.

Uncheck the S/MIME certificate to stop operation.

Click the save button.


Reflecting the settings to the mail server

Once you reflect this settings to the mail server S/MIME operation will stop. After the settings reflection, you can no longer add the S/MIME signature to the emails you send.


Deleting the S/MIME certificate

Click the S/MIME settings tab at the management console.

Confirmation dialog will be displayed when you click the delete button at the S/MIME list screen.

Input the login password and click delete button to delete the S/MIME certificate.


Setting the exceptional conditions

Set an exceptional condition If you do not want to add an S/MIME signature when sending emails to devices that do not support S/MIME, such as feature phones.


Exceptional settings by destination

Click the server composition tab at the management console.

Click the link of the server configuration that operates S/MIME.

Click the S/MIME settings in the left menu of the server settings dialog.

exceptional settings by destination

Add the S/MIME unsigned destination email address in regex.

Registration will be done by default for the mobile carrier.

Exceptional settings by header

Click the exceptional settings by header tab.

exceptional settings by header

Add a condition that does not give S/MIME with a combination of header name and header value.

Exceptional settings by content-type header are registered by default so that emails that have already S/MIME signatures will not be signed again.