A problem with email encryption (postfix,dovecot,mysql,roundcube)

April 17, 2016 1.1k views
Email Security Ubuntu

Hello There,

I was wondering if someone can help me. I have been trying to set up an email server on my droplet. I follow the tutorials here and elsewhere. I'm using postfix, dovecot, mysql, and roundcube. Things seem to be working but my emails are being sent through unencrypted according to tests in my gmail inbox. I would like my emails to be encrypted so recipients don't get scared by that little red padlock. :)

My mail log doesn't show any errors that I can see, but there has to be an error somewhere? Do you know about other logs I can look at?

2 comments
  • not my area of expertise, but i would think that you really want email privacy, you'll probably want to take a look at PGP or something similar for email encryption. A regular email will eventually be sent "in the clear" at some point - from say, the SMTP server of your server (postfix) to the destination SMTP server of the email address. So, without encrypting the email itself, it may be secure for part of the journey (from roundcube to your postfix server), but it may not be the case from postfix to the destination email server however.

    Again, not my area of expertise, but hopefully it helps.

  • Thanks for the reply. It would of course be nice if all emails were 100% encrypted at all times, but I am mostly trying to just make my emails seem nice to past and future customers. That redpadlock thing in google mail is annoying.

    I suppose my main question is I seem to be able to connect theough roundcube using its smtp settings but my emails are going through as plaintext? I enabled the smtp log in roundcube and this is what I got,

    [18-Apr-2016 16:13:56 -0700]: Recv: 220 thepizzapeddler.biz ESMTP Postfix (Ubuntu)
    [18-Apr-2016 16:13:56 -0700]: Send: EHLO thepizzapeddler.biz
    [18-Apr-2016 16:13:56 -0700]: Recv: 250-thepizzapeddler.biz
    [18-Apr-2016 16:13:56 -0700]: Recv: 250-PIPELINING
    [18-Apr-2016 16:13:56 -0700]: Recv: 250-SIZE 10240000
    [18-Apr-2016 16:13:56 -0700]: Recv: 250-VRFY
    [18-Apr-2016 16:13:56 -0700]: Recv: 250-ETRN
    [18-Apr-2016 16:13:56 -0700]: Recv: 250-STARTTLS
    [18-Apr-2016 16:13:56 -0700]: Recv: 250-ENHANCEDSTATUSCODES
    [18-Apr-2016 16:13:56 -0700]: Recv: 250-8BITMIME
    [18-Apr-2016 16:13:56 -0700]: Recv: 250 DSN
    [18-Apr-2016 16:13:56 -0700]: Send: STARTTLS
    [18-Apr-2016 16:13:56 -0700]: Recv: 220 2.0.0 Ready to start TLS
    [18-Apr-2016 16:13:56 -0700]: Send: EHLO thepizzapeddler.biz
    [18-Apr-2016 16:13:56 -0700]: Recv: 250-thepizzapeddler.biz
    [18-Apr-2016 16:13:56 -0700]: Recv: 250-PIPELINING
    [18-Apr-2016 16:13:56 -0700]: Recv: 250-SIZE 10240000
    [18-Apr-2016 16:13:56 -0700]: Recv: 250-VRFY
    [18-Apr-2016 16:13:56 -0700]: Recv: 250-ETRN
    [18-Apr-2016 16:13:56 -0700]: Recv: 250-AUTH PLAIN LOGIN
    [18-Apr-2016 16:13:56 -0700]: Recv: 250-ENHANCEDSTATUSCODES
    [18-Apr-2016 16:13:56 -0700]: Recv: 250-8BITMIME
    [18-Apr-2016 16:13:56 -0700]: Recv: 250 DSN
    [18-Apr-2016 16:13:56 -0700]: Send: AUTH LOGIN
    [18-Apr-2016 16:13:56 -0700]: Recv: 334 VXNlcm5hbWU6
    [18-Apr-2016 16:13:56 -0700]: Send: YmVuQHRoZXBpenphcGVkZGxlci5iaXo=
    [18-Apr-2016 16:13:56 -0700]: Recv: 334 UGFzc3dvcmQ6
    [18-Apr-2016 16:13:56 -0700]: Send: QzBzbWljMW5lc3M=
    [18-Apr-2016 16:13:56 -0700]: Recv: 235 2.7.0 Authentication successful
    [18-Apr-2016 16:13:56 -0700]: Send: MAIL FROM:ben@thepizzapeddler.biz
    [18-Apr-2016 16:13:56 -0700]: Recv: 250 2.1.0 Ok
    [18-Apr-2016 16:13:56 -0700]: Send: RCPT TO:ben@thepizzapeddler.biz
    [18-Apr-2016 16:13:56 -0700]: Recv: 250 2.1.5 Ok
    [18-Apr-2016 16:13:56 -0700]: Send: DATA
    [18-Apr-2016 16:13:56 -0700]: Recv: 354 End data with <CR><LF>.<CR><LF>
    [18-Apr-2016 16:13:56 -0700]: Send: MIME-Version: 1.0
    Content-Type: text/plain; charset=UTF-8;
    format=flowed
    Content-Transfer-Encoding: 7bit
    Date: Mon, 18 Apr 2016 16:13:56 -0700
    From: ben@thepizzapeddler.biz
    To: ben@thepizzapeddler.biz
    Subject: Re: test
    In-Reply-To: 4883c1ca0c41317746f279057efc6afa@thepizzapeddler.biz
    References: 4883c1ca0c41317746f279057efc6afa@thepizzapeddler.biz
    Message-ID: 00ee0a32400d7c8630982e274804a304@thepizzapeddler.biz
    X-Sender: ben@thepizzapeddler.biz
    User-Agent: Roundcube Webmail/0.9.5

    On 2016-04-18 16:13, ben@thepizzapeddler.biz wrote:

    test

    .
    [18-Apr-2016 16:13:56 -0700]: Recv: 250 2.0.0 Ok: queued as B8297160C35
    [18-Apr-2016 16:13:56 -0700]: Send: QUIT
    [18-Apr-2016 16:13:56 -0700]: Recv: 221 2.0.0 Bye

1 Answer

Hi, just wondering whether you managed to solve this?

I have the same problem - postfix is sending all my messages in the clear even though I have gone to the trouble of installing a real SSL certificate for my mail exchanger and added the lines:

smtpdusetls=yes
smtpdtlssecurity_level = may

to my postfix main.cf .. very annoying I'm still seeing the open red padlock symbol in gmail :(

Have another answer? Share your knowledge.