doc: refine smime guide structure and styling

pages/guide/integrations/smime.mdx

@@ -1,28 +1,78 @@
+import { Steps, Callout, Tabs } from 'nextra/components'
+import { Mail, BadgeAlert, ShieldCheck } from 'lucide-react'
+
 # S/MIME Email Security
 
-Secure/Multipurpose Internet Mail Extensions (S/MIME) allows you to **sign** and **encrypt** internal emails.
+Secure/Multipurpose Internet Mail Extensions (S/MIME) allows you to **sign** (prove identity) and **encrypt** (protect content) email messages.
 
-- **Signing**: Proves the email actually came from you (prevents spoofing).
-- **Encryption**: Ensures only the intended recipient can read the message.
+<Callout type="warning" emoji={<BadgeAlert className="w-5 h-5" />}>
+  **Internal Use Only:**
+  TrustLab certificates are private. If you send signed emails to **External Recipients** (e.g., Gmail, Yahoo), they will see an "Untrusted/Invalid Signature" warning because they do not trust the TrustLab Root CA.
+  
+  **Use this for internal corporate communication only.**
+</Callout>
 
-## Prerequisites
-- A TrustLab certificate with the **S/MIME** profile.
-- Downloaded in **PFX (.p12)** format.
+## Setup Guide
 
-## Outlook (Windows) Setup
-1. Open Outlook. Go to **File > Options > Trust Center**.
-2. Click **Trust Center Settings > Email Security**.
-3. Under "Encrypted Email", click **Settings**.
-4. Click **Choose** for Signing Certificate and select your TrustLab ID.
-5. Click **OK**.
+## Configure Microsoft Outlook
 
-## Thunderbird Setup
-1. Go to **Settings > Privacy & Security**.
-2. Scroll to **Certificates** and click **Manage Certificates**.
-3. Under **"Your Certificates"**, click **Import**.
-4. Select your `.p12` file.
-5. Go back to Account Settings > Security.
-6. Select the certificate for **Digital Signing** and **Encryption**.
+<Tabs items={['Classic Outlook (Desktop)', 'New Outlook (Web Style)']}>
+  <Tabs.Tab>
+    **Supported Versions:** Outlook 365, 2019, 2016.
+    
+    <Steps>
+    ### 1. Open Trust Center
+    Go to **File > Options > Trust Center > Trust Center Settings**.
+    
+    ### 2. Email Security
+    Select **Email Security** from the left sidebar.
+    
+    ### 3. Import Certificate
+    Under *Encrypted Email*, click **Settings...**
+    *   **Signing Certificate**: Click 'Choose' and select your TrustLab cert.
+    *   **Encryption Certificate**: Same as above.
+    
+    ### 4. Save
+    Click **OK** to apply.
+    </Steps>
+  </Tabs.Tab>
+  <Tabs.Tab>
+    **Supported Versions:** New Outlook for Windows, OWA.
+    *Note: Requires S/MIME Control extension.*
+    
+    <Steps>
+    ### 1. Open Settings
+    Click the **Gear Icon** (Settings) in the top right.
+    
+    ### 2. S/MIME Menu
+    Navigate to **Mail > S/MIME**.
+    
+    ### 3. Enable
+    Enable **"Encrypt with S/MIME"** and select your certificate.
+    </Steps>
+  </Tabs.Tab>
+</Tabs>
+
+## Configure Thunderbird
+
+**Version Requirement:** v115+ (Supernova) or newer.
+
+<Steps>
+### 1. Account Settings
+Click the **Menu (≡)** button and select **Account Settings**.
+
+### 2. End-to-End Encryption
+Select your email account from the sidebar and click **End-to-End Encryption**.
+
+### 3. Import Certificate
+In the **S/MIME** section, click **Add** (or Manager) to import your `.p12` file.
+
+### 4. Apply Certificate
+Under *Select Certificate*, choose the imported file for both:
+*   **Digital Signing**
+*   **Encryption**
+</Steps>
+
+## How to Test
+Send an email to a colleague who also has the Root CA installed. They should see a verified **Ribbon/Badge** icon indicating the email is trusted and unmodified.
 
-> [!TIP]
-> To send encrypted email to a colleague, you must first possess their Public Key (usually by receiving a signed email from them first).