I am running latest version of VM (16 June 2016) in CentOS 7. I got DKIM, SPF & DMARC to work, however, outgoing emails are not getting encrypted.
I tried all the suggestions recommended on other posts for this issue… but couldn’t crack it.
I have enabled self signed SSL certificates for Postfix, Dovecot & ProFTP (Also tried Lets Crypt certs with same results).
I have uncommented these from /etc/postfix/master.cf
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps is uncommented by default
smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_clien…
I have added smtpd_tls_security_level = encrypt to /etc/postfix/main.cf
/etc/postfix/main.cf config looks like this:
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
mailbox_size_limit = 0
allow_percent_hack = no
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
#smtpd_use_tls = yes
smtpd_tls_security_level = encrypt
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = high
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
Also added this according to instructions here: https://www.virtualmin.com/documentation/email/dependent
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent
I am testing encryption by sending emails to gmail account. My emails look like this
mailed-by: domain.tld
signed-by: domain.tld
encryption: domain.tld did not encrypt this message Learn more
Am I missing something?