andersdk
By:
andersdk

How do I encrypt emails sent from my server?

September 15, 2017 403 views
Email Apache Let's Encrypt Ubuntu 16.04 Ubuntu

The past days I have been working on setting up Email on my server, I have manged to send emails (without them going to the spam folder) but the emails are still not being encrypted.

The server is Ubuntu 16.04 with Apache2 (LAMP stack) - and right now I am sending emails without SMTP (i think) I'm using PHPMailer to send emails.

Here's the tutorials I have followed:
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy
https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability

For encryption I tried these tutorials, but they didn't help.
https://www.digitalocean.com/community/tutorials/how-to-use-gpg-to-encrypt-and-sign-messages
https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged

Can anyone point me in the right direction? Thanks.

1 Answer

I seemed to find a solution for this at https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04#step-3-—-testing-the-smtp-server in the comment section by the user kevinruffus

He's comment that solved my problem:

In addition to the instructions above, create your own self-signed certs, use LetsEncrypt, or use purchased certificates/keys (make sure you use wildcard or certificates specific to your hostname/FQDN), and edit main.cf to include:

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/fullchain.pem (change to suit your system)
smtpd_tls_key_file=/etc/ssl/private/privkey.pem (change to suit your system)
smtp_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpdtlsCAfile=(if your cert and CAfile aren't rolled into a single file)
It cleared the warnings from the emails for me, and shows TLS was used.

Edit: Corrected to show smtpusetls=yes, not smtpdusetls=yes

Postfix is a *mail transfer agent* (MTA), an application used to send and receive email. In this tutorial, we will install and configure Postfix so that it can be used to send emails by local applications only — that is, those installed on the same server that Postfix is installed on.
Have another answer? Share your knowledge.