How do I encrypt emails sent from my server?

September 15, 2017 5.1k views
Email Apache Let's Encrypt Ubuntu 16.04 Ubuntu

The past days I have been working on setting up Email on my server, I have manged to send emails (without them going to the spam folder) but the emails are still not being encrypted.

The server is Ubuntu 16.04 with Apache2 (LAMP stack) - and right now I am sending emails without SMTP (i think) I'm using PHPMailer to send emails.

Here's the tutorials I have followed:
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy
https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability

For encryption I tried these tutorials, but they didn't help.
https://www.digitalocean.com/community/tutorials/how-to-use-gpg-to-encrypt-and-sign-messages
https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged

Can anyone point me in the right direction? Thanks.

2 Answers

I seemed to find a solution for this at https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04#step-3-—-testing-the-smtp-server in the comment section by the user kevinruffus

He's comment that solved my problem:

In addition to the instructions above, create your own self-signed certs, use LetsEncrypt, or use purchased certificates/keys (make sure you use wildcard or certificates specific to your hostname/FQDN), and edit main.cf to include:

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/fullchain.pem (change to suit your system)
smtpd_tls_key_file=/etc/ssl/private/privkey.pem (change to suit your system)
smtp_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpdtlsCAfile=(if your cert and CAfile aren't rolled into a single file)
It cleared the warnings from the emails for me, and shows TLS was used.

Edit: Corrected to show smtpusetls=yes, not smtpdusetls=yes

by finid
Postfix is a *mail transfer agent* (MTA), an application used to send and receive email. In this tutorial, we will install and configure Postfix so that it can be used to send emails by local applications only — that is, those installed on the same server that Postfix is installed on.
  • Struggled with this for a week. Thank you so much for this comment.

    Anyone having an issue with TLS, the issue is "smtpd use tls" should be "smtp use tls" take notice to the "smtpd" vs "smtp"

Thx @andersdk ! I was having problems with smtpdusetls=yes ! and it was smtpusetls=yes as you correctly highlighted. Best regards.

Have another answer? Share your knowledge.