Question

How do I encrypt emails sent from my server?

The past days I have been working on setting up Email on my server, I have manged to send emails (without them going to the spam folder) but the emails are still not being encrypted.

The server is Ubuntu 16.04 with Apache2 (LAMP stack) - and right now I am sending emails without SMTP (i think) I’m using PHPMailer to send emails.

Here’s the tutorials I have followed: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04 https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability

For encryption I tried these tutorials, but they didn’t help. https://www.digitalocean.com/community/tutorials/how-to-use-gpg-to-encrypt-and-sign-messages https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged

Can anyone point me in the right direction? Thanks.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

I seemed to find a solution for this at https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04#step-3-—-testing-the-smtp-server in the comment section by the user kevinruffus

He’s comment that solved my problem:

In addition to the instructions above, create your own self-signed certs, use LetsEncrypt, or use purchased certificates/keys (make sure you use wildcard or certificates specific to your hostname/FQDN), and edit main.cf to include:

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/fullchain.pem (change to suit your system)
smtpd_tls_key_file=/etc/ssl/private/privkey.pem (change to suit your system)
smtp_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_tls_CAfile=(if your cert and CAfile aren’t rolled into a single file) It cleared the warnings from the emails for me, and shows TLS was used.

Edit: Corrected to show smtp_use_tls=yes, not smtpd_use_tls=yes

Same thing here, had to change from

smtpd_use_tls=yes

to

smtp_use_tls=yes

Don’t forget to

service postfix restart

Thx @andersdk ! I was having problems with smtpd_use_tls=yes ! and it was smtp_use_tls=yes as you correctly highlighted. Best regards.