Rather than purchasing SSL I would create a SSL certificate. Of course my SSL certificate will not be useful that browsers show "Un-trusted SSL". Can I use Self Signed SSL to my mail server to send and receive emails? By using self signed SSL do it interrupt users work saying "you are using un-trusted SSL certificate"?
Will it be useful?
And I believe that adding SSL to mail server for email exchange will change my port numbers from 25, 110, 143 to 465, 995, 993 Am I right?
I hate to differ, mailq, but SSL between MTAs (that is, between your mail server and other mail servers) is perfectly well-supported and well-understood. It runs happily on port 25. When you connect to a mail server offering this, it's advertised in the EHLO phase:
A fellow mail server who's willing to talk TLS can then request escalation to encrypted communication, and the rest of the SMTP conversation can then happen under cover of crypto. The signed or unsigned state of a peer's certificate shows up in my sendmail logs thus:
In this case, I'm connecting to the foreign server (or it would say
STARTTLS=client) and I can't, using my certificate bundle, verify the peer's certificate (or it would sayverify=YES). But it's perfectly sound crypto, and worth doing.Other than that I agree with your (otherwise excellent) answer.
SSL is only useful for connections between clients (Outlook, Thunderbird, ...) and the server. And yes it will change the ports for IMAP, POP3 and SMTP to their equivalent ports.
Using SSL between your SMTP server and other SMTP servers is not supported and specified (except to another relay host). They will still use port 25 for mail exchange (unencrypted).
Self-signed certificates will always "disturb" clients as they are not trusted. You can make them trusted by inserting the public CA key into the client software.
So if it is useful depends on what you are trying to accomplish.