This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Support for Email Server TLS encryption on Sentora?
#1
Support for Email Server TLS encryption on Sentora?
So I noticed Google is now displaying broken lock icons on emails that are sent by email servers not using TLS encryption. As this was just rolled out, most users won't notice it, but soon they will. Currently, all email sent out by my Sentora managed server are coming into my gmail client with this broken icon, so I assume the server is not configured with TLS encryption. Is there any easy way to just turn this on?

You can read more about this on Google's website here:
https://www.google.com/transparencyrepor...tls/?hl=en
http://gmailblog.blogspot.jp/2016/02/mak...ed-by.html
Reply
Thanks given by:
#2
RE: Support for Email Server TLS encryption on Sentora?
Nope this have nothing to do with TLS! This is over SSL. As depend on your navigator preference. If you are paranoid and enforce SSL you will break non-SSL calls. So that will apply for your browser on gmail and have nothing with TLS wich is another issue, that we may offer soon.

We are working on SSL implementation already.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask

10$ free to start your VPS
Reply
Thanks given by:
#3
RE: Support for Email Server TLS encryption on Sentora?
Really? It seems this is referring to TLS. It doesn't say anything about SSL.

When you see the red unlocked padlock in your gmail message, you can click the learn more link. Which will take you here: https://support.google.com/mail/answer/6...hl=en&rd=1

Based on the Google support page, it's just stating that your email server is sending out the email without using TLS. So I guess I just gotta enable it on my server?

Actually, while doing some more searching, I actually came across this Sentora forum post. http://forums.sentora.org/showthread.php?tid=46
So perhaps if I just follow this, then my emails will be sent out with TLS and then the unsecure icon in gmail will no longer display when I send my email to people?
Reply
Thanks given by:
#4
RE: Support for Email Server TLS encryption on Sentora?
Not a major issue... Any way SSL and then TLS in the pipes.

I understood broken icon...  Never got that on my Google Apps account.

Any way once we nail SSL on apache we may look over TLS as it will be easier.

See here we are moving over that.
http://forums.sentora.org/showthread.php?tid=2586
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask

10$ free to start your VPS
Reply
Thanks given by:
#5
RE: Support for Email Server TLS encryption on Sentora?
Thank you Me.B. Yeah, actually I just noticed it on gmail yesterday. It seems Google just launched this feature sometime this week. So maybe you haven't received an email from a server not using TLS.

Anyway, I gave it a bit more searching and I came across this site:

http://xmodulo.com/secure-mail-server-us...ption.html

I just followed the instructions under the "Enable TLS Encryption for Postfix". It was actually quite simple. Just created a self cert, modified the main.cf file and then restarting postfix. Just tested my server to send an outbound email to my gmail account and no more padlock. Looks like emails are now being encrypted.

Well, anyway, in case anyone finds this thread while searching Google, they will know how to fix it. I will copy and paste the instructions below. If there is anything incorrect in there, let me know so I can fix what I did to my server.

Thanks!


Enable TLS Encryption for Postfix
A self-signed certificate can be created with the following command.

# openssl req -new -x509 -days 365 -nodes -out /etc/ssl/certs/postfixcert.pem -keyout /etc/ssl/private/postfixkey.pem
The above command requests a new certificate which is of type X.509, and remains valid for 365 days. The optional -nodes parameter specifies that the private key should not be encrypted. An output certificate file is saved as postfixcert.pem, and an output key file as postfixkey.pem .

All necessary values for the certificate can be given:

Code:
Country Name (2 letter code) [AU]:BD
State or Province Name (full name) [Some-State]:Dhaka
Locality Name (eg, city) []:Dhaka
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:Example.tst
Common Name (e.g. server FQDN or YOUR name) []:mail.example.tst
Email Address []:sarmed@example.tst
Now that the certificate is ready, necessary parameters are adjusted in postfix configuration file.

root@mail:~# vim /etc/postfix/main.cf
### STARTTLS is enabled ###
smtpd_tls_security_level = may

smtpd_tls_received_header = yes
smtpd_tls_auth_only = yes

### loglevel 3 should be used while troubleshooting ###
smtpd_tls_loglevel = 1

### path to certificate and key file
smtpd_tls_cert_file = /etc/ssl/certs/postfixcert.pem
smtpd_tls_key_file = /etc/ssl/private/postfixkey.pem
smtpd_use_tls=yes
Restart postfix to enable TLS.

root@mail:~# service postfix restart
At this point, postfix is ready to encrypt data to and from the server. More details about Postfix TLS support can be found in their official README.
Reply
Thanks given by: warmax356 , surety
#6
RE: Support for Email Server TLS encryption on Sentora?
You can use let's encrypt for postfix too.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask

10$ free to start your VPS
Reply
Thanks given by:
#7
RE: Support for Email Server TLS encryption on Sentora?
you need configure webmail too, by default roudcube is not allowing tls
Code:
nano /etc/sentora/panel/etc/apps/webmail/config/config.inc.php
and change this code
Code:
// ----------------------------------
// SMTP
// ----------------------------------
$config['smtp_server'] = 'tls://127.0.0.1'; //Default was ''
thanks.
Reply
Thanks given by:
#8
RE: Support for Email Server TLS encryption on Sentora?
(05-19-2016, 02:22 PM)bluephantom Wrote: you need configure webmail too, by default roudcube is not allowing tls
Code:
nano /etc/sentora/panel/etc/apps/webmail/config/config.inc.php
and change this code
Code:
// ----------------------------------
// SMTP
// ----------------------------------
$config['smtp_server'] = 'tls://127.0.0.1'; //Default was ''
thanks.

Thanks for contributing Bluephantom! I have added this change to my web server. I don't use roundcube, so I probably wouldn't have noticed it. But this is definitely helpful for others!

Thanks again!
Reply
Thanks given by:
#9
RE: Support for Email Server TLS encryption on Sentora?
Do you have to create a certificate for each domain on sentora? If so how will Certbot work? Any tried using Let's Encrypt.

It would be so cool if this built into Sentora. Smile
Reply
Thanks given by:
#10
RE: Support for Email Server TLS encryption on Sentora?
(02-16-2016, 12:19 AM)Me.B Wrote: You can use let's encrypt for postfix too.

M B

Could you please give more details ?  Angel
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Email has suddenly stopped coming through rsthomas 4 5 ,805 10-12-2022, 09:29 PM
Last Post: rsthomas
External mail client cannot connect to server iraqiboy90 2 6 ,902 02-28-2021, 11:34 AM
Last Post: iraqiboy90
can not send email - SMTP error on roundcube wolvepy 9 31 ,359 01-03-2020, 08:37 AM
Last Post: Telepuzik

Forum Jump:


Users browsing this thread: 1 Guest(s)