Getting Secure SMTP Working with HostMonster
I've been trying to get secure SMTP (SMTP with SSL) working with HostMonster for quite a while, and finally this morning I have it all figured out - I think. There are a few parts to this, and the docs on the HostMonster Help Center are pretty close to what you need, but there are a few things that I believe are important to getting this to work successfully.
First, set up the standard POP in Mail.app in Mac OS X. It's pretty simple with the following parameters:
- Port: 995
- Authentication: Password
For the outgoing SMTP you need to have:
- Server Port: 465
- Authentication: Password
Which is all just as the docs say on the HostMonster Help Center. But the trick, I believe to getting Mail.app to work is in the trusting of the certificate that each HostMonster machine uses. Understandably, to save costs, the HostMonster guys created certificates for themselves and set them to expire in 2034. But Mail.app sees that these are not signed by a Trusted Authority, like Verisign, for instance. I don't care about that, but each time Mail.app starts, it connects to the HostMonster machine and sees that the certificate is not from a Trusted Authority, and asks me to agree to connecting anyway.
Here's the trick... when that comes up, ask Mail.app to Show Certificate to get a look at it. Under the name there will be a little check box saying "Always trust machine when connecting to machine". Check that. Then say OK.
At this point, you're not going to get that question on startup of Mail.app, and you're going to be able to use the SMTP/SSL on the host. Now it's possible that HostMonster changed something on their end, but I think from an email I received from the help desk, this is the key.
you would not use password authentication. When enabling SSH you need to be aware that the SSL is self-signed on the server, and many mail programs are going to give you greif about this. They will require that you click accept every time you sent/receive emails.
So what I'm reading here is that the nature of the certificates that they use are that they are not trusted by most systems, and by overriding that in Mail.app, I'm actually able to connect and get the messages sent. I've verified that they are working, which is a great big load off my mind.
I don't trust insecure Telnet/FTP/POP/SMTP - there's just too many people out there that are too smart and too persistent not to write something that can grab anything in plaintext. I just can't see why people would use plaintext protocols when they have secure alternatives. I'm glad that I have this working with HostMonster. Big load off my mind.