1

I have some application on ubuntu 18.4 vps. i can send mails using postfix but gmail says it is not encrypted. postfix config file is:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file = /home/avanel/CMS/Render/ipeccongress_com.crt
smtpd_tls_key_file = /home/avanel/CMS/Render/capk.txt
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, $mydomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_protocols = all
mynetworks_style = subnet
smtpd_sasl_auth_enable = yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd 
smtp_sasl_security_options=


smtpd_tls_security_level = may
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1

smtp_tls_CAfile=/home/avanel/CMS/Render/tl.ca-bundle

now what is wrong?

Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89
chimia
  • 28
  • 1
  • 4

1 Answers1

2

There is a difference between encrypting the connection between your mail server and the recipient mail server (which already should happen with the opportunistic TLS setting smtp_tls_security_level = may) and encrypting the contents of your email message.

SMTP with TLS encryption on connection shows up with a security remark looking like this:

enter image description here

Encrypting the contents of your email message requires that the email client, rather than your mail server, encrypts the message before sending. That is not a Postfix setting.

Encrypted email message should result in a Green padlock which mentions (S/MIME enhanced encryption) Encryption on See also https://support.google.com/mail/answer/7023606 on how to manage

HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • i am sending automated mail using nodejs ('sendmail'). how to do this programmitically there? – chimia Sep 18 '18 at 13:14
  • Your adjust your code so your message gets signed and/or encrypted with a key/certificate before sending it... https://www.npmjs.com/package/nodemailer-smime is one of many search results for `s/mime` `sendmail` and `nodejs` – HBruijn Sep 18 '18 at 13:28
  • I wish you'd included image for second scenario as well. – d9ngle May 21 '20 at 18:04