I've got a public mail server used by 100 customers running Centos 5 in a virtual environment with new hardware (migrated from an old hardware in 2014).
I would like to increase security configuring SSL for sendmail and pop with less downtime.
What do you think about possibility to secure this old mail server? Is it a good idea?
Or in your opinion the better choice is to install a new server?
What about certificate? Do I need to buy it or can i use a self-signed certificate (mail client like Outlook, Thunderbird, Mail (Mac and iPhone) or android client will display that certificate is not secure) ?
Is it possible to leave available both (secure and non-secure) authentication for clients? I need to inform customer about this but only someone knows how to change account settings.
Thanks a lot for you help.