How to send encrypted emails in Postfix

I have postfix configured on a server and I'm using php mail funciton to send emails.

Gmail says these emails are sent unencrypted. How do I encrypt them?
burnedfacelessAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dr. KlahnPrincipal Software EngineerCommented:
Try either PGP (which is rather old now) or GPG.  Neither are plug-and-play convenient to configure and use, but they provide very good security.  GPG is probably the easier of the two to implement as there are plugins and libraries for most operating systems and mail software.

Note that the encryption does not occur in Postfix.  Each sender must encrypt their own messages.  The encrypted message is then sent as a normal text email.  The recipient then decrypts the message using GPG and his own public key.

https://www.gnupg.org/

"GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. GnuPG also provides support for S/MIME and Secure Shell (ssh). "
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kenfcampCommented:
As an addition to what Dr. Klan posted

Gmail is likely indicating that the messages aren't being sent via a secure transport layer (TLS, SSL, etc)

There are a few libraries you can use to facilitate this with PhpMailer being one of them

Ken
1
nociSoftware EngineerCommented:
For Encrypted mail message there are solutions:
1) S/MIME encrypted mail
2) PGP encrypted mail
3) Then again one can always encrypt the real message in an attachment  and  attach that.

There is another option Encrypted Transmission, that means that the mailservers involved always have seen a readable mail message.
0
arnoldCommented:
Where are you seeing this notice, the SMTP server logs?

I think kenfcamp, noci dealing with whether your postfix has the option on connecting to the gmail.com mx record to initiate a tls (encrypted exchange of the message)/s.
0
nociSoftware EngineerCommented:
well it depends where the encryption level is expected. Even with SSL/TLS the MAIL-messages (no MTA can handle that, that the work for MUA's) are still unencrypted stored on the host, only the transfer is encrypted.  Transfer encryption can be handled by many MTA's including postfix. It can be argued no webbased MUA should be allowed to support PGP or S/MIME as that would necessitate publishing private keys.

For SSL/TLS during transmission it should sufficient to configure X.509 certificates on the postfix MTA. (receiving interface, enabling  use of SSL/TLS. SMTP SSL port is 465, TLS uses 25. A server should announce STARTTLS after connect.
ANY valid certificate (wrt.dates) will do, self signed, CA signed... the certificate should have the mailservers hostname in Subject or Subject Alternate Name.
Letsencrypt is a good source of free certificates that have an established PKI.

Here the Postfix documentation about this
http://www.postfix.org/TLS_README.html

and a short step /  step...
https://www.cyberciti.biz/tips/postfix-smtp-ssl-certificate-csr-installation-guide.html
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.