Question

How do I encrypt emails sent from my server?

The past days I have been working on setting up Email on my server, I have manged to send emails (without them going to the spam folder) but the emails are still not being encrypted.

The server is Ubuntu 16.04 with Apache2 (LAMP stack) - and right now I am sending emails without SMTP (i think) I’m using PHPMailer to send emails.

Here’s the tutorials I have followed: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04 https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability

For encryption I tried these tutorials, but they didn’t help. https://www.digitalocean.com/community/tutorials/how-to-use-gpg-to-encrypt-and-sign-messages https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged

Can anyone point me in the right direction? Thanks.

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I seemed to find a solution for this at https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04#step-3-—-testing-the-smtp-server in the comment section by the user kevinruffus

He’s comment that solved my problem:

In addition to the instructions above, create your own self-signed certs, use LetsEncrypt, or use purchased certificates/keys (make sure you use wildcard or certificates specific to your hostname/FQDN), and edit main.cf to include:

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/fullchain.pem (change to suit your system)
smtpd_tls_key_file=/etc/ssl/private/privkey.pem (change to suit your system)
smtp_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_tls_CAfile=(if your cert and CAfile aren’t rolled into a single file) It cleared the warnings from the emails for me, and shows TLS was used.

Edit: Corrected to show smtp_use_tls=yes, not smtpd_use_tls=yes

Same thing here, had to change from

smtpd_use_tls=yes

to

smtp_use_tls=yes

Don’t forget to

service postfix restart

Thx @andersdk ! I was having problems with smtpd_use_tls=yes ! and it was smtp_use_tls=yes as you correctly highlighted. Best regards.