Gmail flagging Dovecot email as insecure

ubuntu encryption postfix gmail dovecot

I solved this by adding both these lines to Postfix's main.cf:

smtp_tls_security_level = may
smtpd_tls_security_level = may

(I had only set smtpd_tls_security_level because of a misleading article that said all smtp_ values were depreciated in favour of smtpd_.)


Your email is sent unencrypted. If you just want to try your best add the following to your main.cf

smtp_tls_security_level = may

To enforce TLS encryption for email sent to google add this to your main.cf

# Force TLS for outgoing server connection
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_tls_CApath = /etc/postfix/rootcas/

replace /etc/postfix/rootcas/ with the location of your trusted Root CAs and in the file /etc/postfix/tls_policy add

#/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
gmail.com       secure ciphers=high
google.com      secure ciphers=high
googlemail.com  secure ciphers=high

this will enforce that email sent to gmail.com., google.com and googlemail.com are sent encrypted and authenticating the SMTP server

If you don´t want to authenticate and just encrypt (this is is necessary for sites with bogus certificates) use

gmail.com       encrypt ciphers=high
google.com      encrypt ciphers=high
googlemail.com  encrypt ciphers=high

before restarting postfix execute

postmap /etc/postfix/tls_policy

Consider the client/server relationship with regards to SMTP and the settings make sense:

2.1. Basic Structure

The SMTP design can be pictured as:

              +----------+                +----------+
  +------+    |          |                |          |
  | User |<-->|          |      SMTP      |          |
  +------+    |  Client- |Commands/Replies| Server-  |
  +------+    |   SMTP   |<-------------->|    SMTP  |    +------+
  | File |<-->|          |    and Mail    |          |<-->| File |
  |System|    |          |                |          |    |System|
  +------+    +----------+                +----------+    +------+
               SMTP client                SMTP server

(Src: rfc5321.txt)

Thus:

"smtp_tls_security_level" is for the Postfix SMTP client. See: http://www.postfix.org/postconf.5.html#smtp_tls_security_level

"smtpd_tls_security_level" is for the Postfix SMTP server See: http://www.postfix.org/postconf.5.html#smtpd_tls_security_level

When postfix is transferring mail to gmail, the smtp_tls_security_level setting is the associated setting.

When postfix is receiving mail over smtp, the smtpd_tls_security_level setting is relevant.

Related

How to enable systemd on Amazon Linux AMI
iSCSI, multiple initiators for the same LUN
Update Office without opening an Office application
Does SMTP greylisting a) stop much spam and b) stop much legitimate mail?
Free Windows server anti-virus and firewall programs?
Why is my .bashrc not read under cygwin?
Can a Linux server serve as a Domain Controller for Windows Machines?
Fastest way to allow sendmail relay through smarthost?
How secure are passwords with under 20 characters length?
Get cron to send html-formatted emails
Servers harrassed by individual on constantly changing IPs
Can start-stop-daemon use environmental variables?