Start a conversation
  1. AEM Lyris LM
  2. Lyris LM - Installation
  3. Articles

Configure Opportunistic TLS (starttls) on a LM Web Server and Nodes

Overview

After some of your members migrated to Gmail, which is encrypted, they are no longer receiving emails from your Lists. These members are asking if you can set outbound email for Opportunistic TLS, which is starttls, so they can receive your emails.

Prerequisites

  • You have LM version 12.2.0 or newer.
  • You have Administrator access to your LM webserver and nodes (if applicable).

Solution

To properly enable TLS on LM, enable encryption for both outgoing and incoming mailings. Enabling encryption may reduce the speed of mail delivery, depending on the volume of messages and specific server capabilities. If delivery speed becomes a factor, see the Enabling TLS Slows Down Message Delivery article for suggestions to improve it.

Complete each of the following sections below: Stop ListManager Services, Modify lmcfg.txt, and Start ListManager Services on your LM webserver and ListManager Nodes. 

Stop ListManager Services

Stop your ListManager services in Windows as Services, in Windows from the webserver, or in Linux.

Stop ListManager Services in Windows as Services

  1. As a Windows Administrator on your webserver, click Start and type "Services"
  2. Right-click on the ListManager Service
  3. Click Stop
  4. Right-click on the ListManagerWeb Service
  5. Click Stop

Stop ListManager Services in Windows From the Webserver

  1. As a Windows Administrator on your webserver, open the ListManager window
  2. Press CTRL+C and the window will close
  3. Open the ListManager webserver window
  4. Press CTRL+C and the window will close

Stop ListManager Services in Linux

  1. As root on your ListManager webserver, navigate to your ListManager directory. e.g. /usr/local/lm/bin
  2. Enter ./S96lm stop to stop ListManager
  3. Enter ./S96httpd-lm stop to stop ListManager webserver

Back to top

Modify lmcfg.txt

Locate the file and perform the following edits.

  • WindowsC:\Program Files\ListManager\lmcfg.txt
  • Linux~/ListManager/bin/lmcfg.txt
  1. Add the following entries:
    # Enable Outbound Encryption
$starttls_extension_enabled="true";
# Enable Inbound Encryption
$certificate_file=<PATH-FOR-CERTIFICATE>;
$privatekey_file=<PATH-FOR-PRIVATE-KEY>;
$incoming_smtp_starttls_extension_enabled="true";
    Please do not use any whitespaces around the equals sign, or alternative quote symbols in the configuration file.
    They may cause the settings to not be properly loaded.
  2. Save the file

If you are performing this update on a ListManager Node, place copies of the ListManager webserver's certificates in the Node's certificate folder.

Parameter Information

Parameter Details
$starttls_extension_enabled  By default it is "false". If set to "false", ListManager will send out mails with unencrypted transmission.
If set to "true", ListManager will send out emails with encrypted transmission depending on if the receiving smtp server supports STARTTLS extension.
$certificate_file This is the path to certificate file which is used by encrypted transmission of ListManager SMTP Server ($incoming_smtp_starttls_extension_enabled), NNTP Server ($nntp_enable_ssl), TCLPORT ($tclport_enable_ssl).
$privatekey_file This is the path to private key file which is used by encrypted transmission of ListManager SMTP Server ($incoming_smtp_starttls_extension_enabled), NNTP Server ($nntp_enable_ssl), TCLPORT ($tclport_enable_ssl).
$incoming_smtp_starttls_extension_enabled By default, it is "false". If set to "false", ListManager will receive mails unencrypted. If set to "true", ListManager will receive mails with encrypted transmission depending on if the sending smtp client requests the STARTTLS extension.
$certificate_file and $privatekey_file parameters should be set correctly to make this feature work.

Back to top

Start ListManager Services

Start your ListManager services in Windows as Services, in Windows from the webserver, or in Linux.

Start ListManager Services in Windows as Services

If ListManager is running as Services, use this method.

  1. As a Windows Administrator on your webserver, click Start and type "Services"
  2. Right-click on the ListManager Service
  3. Click Start
  4. Right-click on the ListManagerWeb Service
  5. Click Start

Start ListManager Services in Windows Manually

If ListManager is not installed as Windows Services, use this method.

  1. As a Windows Administrator on your webserver, click Start and type "cmd" to open the Command Prompt
  2. Navigate to the ListManager installation directory. e.g. C:\Program Files\ListManager\tclweb\bin
  3. Enter httpd-lm.exe

Start ListManager Services in Linux

  1. As root on your ListManager webserver, navigate to your ListManager directory. e.g. /usr/local/lm/bin
  2. Enter ./S96lm start to start ListManager
  3. Enter ./S96httpd-lm start to start ListManager webserver

After stopping ListManager services, modifying the lmcfg.txt file, and restarting ListManager services your messages are no longer being rejected by Gmail.

Back to top

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments