How to send encrypted emails in Postfix

I have postfix configured on a server and I'm using php mail funciton to send emails.

Gmail says these emails are sent unencrypted. How do I encrypt them?
burnedfacelessAsked:
Who is Participating?
 
Dr. KlahnPrincipal Software EngineerCommented:
Try either PGP (which is rather old now) or GPG.  Neither are plug-and-play convenient to configure and use, but they provide very good security.  GPG is probably the easier of the two to implement as there are plugins and libraries for most operating systems and mail software.

Note that the encryption does not occur in Postfix.  Each sender must encrypt their own messages.  The encrypted message is then sent as a normal text email.  The recipient then decrypts the message using GPG and his own public key.

https://www.gnupg.org/

"GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. GnuPG also provides support for S/MIME and Secure Shell (ssh). "
0
 
kenfcampCommented:
As an addition to what Dr. Klan posted

Gmail is likely indicating that the messages aren't being sent via a secure transport layer (TLS, SSL, etc)

There are a few libraries you can use to facilitate this with PhpMailer being one of them

Ken
1
 
nociSoftware EngineerCommented:
For Encrypted mail message there are solutions:
1) S/MIME encrypted mail
2) PGP encrypted mail
3) Then again one can always encrypt the real message in an attachment  and  attach that.

There is another option Encrypted Transmission, that means that the mailservers involved always have seen a readable mail message.
0
 
arnoldCommented:
Where are you seeing this notice, the SMTP server logs?

I think kenfcamp, noci dealing with whether your postfix has the option on connecting to the gmail.com mx record to initiate a tls (encrypted exchange of the message)/s.
0
 
nociSoftware EngineerCommented:
well it depends where the encryption level is expected. Even with SSL/TLS the MAIL-messages (no MTA can handle that, that the work for MUA's) are still unencrypted stored on the host, only the transfer is encrypted.  Transfer encryption can be handled by many MTA's including postfix. It can be argued no webbased MUA should be allowed to support PGP or S/MIME as that would necessitate publishing private keys.

For SSL/TLS during transmission it should sufficient to configure X.509 certificates on the postfix MTA. (receiving interface, enabling  use of SSL/TLS. SMTP SSL port is 465, TLS uses 25. A server should announce STARTTLS after connect.
ANY valid certificate (wrt.dates) will do, self signed, CA signed... the certificate should have the mailservers hostname in Subject or Subject Alternate Name.
Letsencrypt is a good source of free certificates that have an established PKI.

Here the Postfix documentation about this
http://www.postfix.org/TLS_README.html

and a short step /  step...
https://www.cyberciti.biz/tips/postfix-smtp-ssl-certificate-csr-installation-guide.html
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.