1

Since many provider switched to TLS only connections, I cannot deliver to gmail anymore with a default plaintext postfix setup.

My question is, can I use valid TLS / does google accept TLS with a self-signed cert?

If not, my only option would be to use a mailserver with a valid cert; e.g. I could use a gmail account to deliver mails, right?

Daniel W.
  • 1,609
  • 4
  • 26
  • 48
  • 1
    Using a gmail account to deliver mail is not a replacement as they just rewrite any mail with your gmail address into the `FROM` field. – Sven May 16 '14 at 13:33
  • @SvW I understand that. But sending mail `From: @gmail.com` is better than sending no mail at all. – Daniel W. May 16 '14 at 13:48
  • You get really cheap mail/web hosting packages that take care of this problem for you. IMHO having a `mybrand@gmail.com` or `mybrand@t-online.de` (etc.) address is worse than having none at all - it just looks beyond cheap and is only acceptable for the smallest of businesses. – Sven May 16 '14 at 13:55
  • 1
    Can you elaborate a bit on the question, because it does not make much sense to me. I am not aware of anybody who require TLS for mail delivery. Many now support it, but not everyone. Also, the certificate is only needed for the receiving server. And the domain name of the certificate does not even need to match the domain the mail is delivered to. You are free to create MX records pointing to a totally different domain and use that in your certificate. – kasperd May 18 '14 at 09:14

1 Answers1

1

It is the server that is receiving the email that needs a certificate. You don't need one unless you are receiving email on your server AND want to force people to use TLS. Most systems do not verify the cert, and use it only for encryption, so a self signed one will work.

Even then, usually TLS is only required on an alternative port, not port 25. The alternate port is used for clients to send mail through your server. Server to server connections are almost always done on port 25. Since not all mail servers support TLS, mail is almost always allowed unencrypted.

Grant
  • 17,859
  • 14
  • 72
  • 103