Question

How to setup send only encrypted email on LEMP server with WP installed

Hi,

I am having trouble sending encrypted email from my server. My site is live and perfectly working and secure as can be (I followed all security guides on DigitalOcean) BUT there is one frustrating issue that I am having trouble fixing. First, my domain’s nameservers are pointing to Microsoft Office 365’s server for emails and then I have an A record pointing to my Droplet’s IP address.

My site is on Wordpress and I configured my droplet from scratch following this guide to install a LEMP server:

https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-16-04

Then I followed this guide to setup send only SMTP server:

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04

Which is when I started to notice that A. Emails were going to spam on my gmail and B. I was not receiving the emails at all to my office 365 email – which is the main email that I need it to go to.

The email server has been setup years ago and has SPF record and I followed this guide to configure DKIM with Postfix and installed the record on Microsoft Office 365’s DNS and I validated it by using this tool:

Guide: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy

Tool: https://dkimcore.org/tools/keycheck.html

And I am still getting unencrypted email sent out and not even showing up to my MS Office emails. What am I doing wrong?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hi. Is your web server listed in your SPF record? If the server is not authorized in the SPF to send email for your domain then it is likely to be flagged as spam or dropped by receiving servers.

You have a couple options. You can either adjust your SPF record to support both your Office365 mail and your web server’s need to send mail or you could create a second MX record for a subdomain on your domain and configure your web service to send email as user@web.domain.com or another subdomain.