burnedfaceless
asked on
How to send encrypted emails in Postfix
I have postfix configured on a server and I'm using php mail funciton to send emails.
Gmail says these emails are sent unencrypted. How do I encrypt them?
Gmail says these emails are sent unencrypted. How do I encrypt them?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For Encrypted mail message there are solutions:
1) S/MIME encrypted mail
2) PGP encrypted mail
3) Then again one can always encrypt the real message in an attachment and attach that.
There is another option Encrypted Transmission, that means that the mailservers involved always have seen a readable mail message.
1) S/MIME encrypted mail
2) PGP encrypted mail
3) Then again one can always encrypt the real message in an attachment and attach that.
There is another option Encrypted Transmission, that means that the mailservers involved always have seen a readable mail message.
Where are you seeing this notice, the SMTP server logs?
I think kenfcamp, noci dealing with whether your postfix has the option on connecting to the gmail.com mx record to initiate a tls (encrypted exchange of the message)/s.
I think kenfcamp, noci dealing with whether your postfix has the option on connecting to the gmail.com mx record to initiate a tls (encrypted exchange of the message)/s.
well it depends where the encryption level is expected. Even with SSL/TLS the MAIL-messages (no MTA can handle that, that the work for MUA's) are still unencrypted stored on the host, only the transfer is encrypted. Transfer encryption can be handled by many MTA's including postfix. It can be argued no webbased MUA should be allowed to support PGP or S/MIME as that would necessitate publishing private keys.
For SSL/TLS during transmission it should sufficient to configure X.509 certificates on the postfix MTA. (receiving interface, enabling use of SSL/TLS. SMTP SSL port is 465, TLS uses 25. A server should announce STARTTLS after connect.
ANY valid certificate (wrt.dates) will do, self signed, CA signed... the certificate should have the mailservers hostname in Subject or Subject Alternate Name.
Letsencrypt is a good source of free certificates that have an established PKI.
Here the Postfix documentation about this
http://www.postfix.org/TLS_README.html
and a short step / step...
https://www.cyberciti.biz/tips/postfix-smtp-ssl-certificate-csr-installation-guide.html
For SSL/TLS during transmission it should sufficient to configure X.509 certificates on the postfix MTA. (receiving interface, enabling use of SSL/TLS. SMTP SSL port is 465, TLS uses 25. A server should announce STARTTLS after connect.
ANY valid certificate (wrt.dates) will do, self signed, CA signed... the certificate should have the mailservers hostname in Subject or Subject Alternate Name.
Letsencrypt is a good source of free certificates that have an established PKI.
Here the Postfix documentation about this
http://www.postfix.org/TLS_README.html
and a short step / step...
https://www.cyberciti.biz/tips/postfix-smtp-ssl-certificate-csr-installation-guide.html
Gmail is likely indicating that the messages aren't being sent via a secure transport layer (TLS, SSL, etc)
There are a few libraries you can use to facilitate this with PhpMailer being one of them
Ken