GMAIL message is not crypted but it's not true.

Hi all,

using the latest centos on linode running Postfix and Dovecot.

If I send an email from my server to gmail, gmail advertise the receiver that the email is not crypted.

What does it means?

I'm using TLS for sending emails from my server, why gmail says that?

PS: Using self signed certificate generated with this command:

openssl genrsa -out mail.myserver.org.key 2048
openssl req -new -x509 -days 365 -sha256 -key mail.myserver.org.key -out mail.myserver.org.cert  -subj "/C=IT/ST=Italy/L=Milan/O=myserver/CN=myserver.org/emailAddress=support@myserver.org"
openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -sha256 -in ca.csr -signkey ca.key -out ca.crt

11 Replies

Can you provide the headers of one of your sent emails? It would help us determine why GMail might be saying that.

Really thanks for the answer, here it is:

Delivered-To: email@gmail.com
Received: by 10.28.50.199 with SMTP id y190csp836198wmy;
        Sat, 27 Aug 2016 06:39:57 -0700 (PDT)
X-Received: by 10.200.57.34 with SMTP id s31mr8805930qtb.49.1472305197757;
        Sat, 27 Aug 2016 06:39:57 -0700 (PDT)
Return-Path: <mionome.davide@acme.org>
Received: from mail.acme.org (acme.org. [2600:3c03::f03c:91ff:fe73:cc18])
        by mx.google.com with ESMTP id t24si6320910qki.133.2016.08.27.06.39.57
        for <email@gmail.com>;
        Sat, 27 Aug 2016 06:39:57 -0700 (PDT)
Received-SPF: pass (google.com: domain of mionome.davide@acme.org designates 2600:3c03::f03c:91ff:fe73:cc18 as permitted sender) client-ip=2600:3c03::f03c:91ff:fe73:cc18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of mionome.davide@acme.org designates 2600:3c03::f03c:91ff:fe73:cc18 as permitted sender) smtp.mailfrom=mionome.davide@acme.org
Received: from [192.168.0.2] (unknown [151.48.114.3])
    by mail.acme.org (Postfix) with ESMTPSA id BBA6F8001B
    for <email@gmail.com>; Sat, 27 Aug 2016 15:39:55 +0200 (CEST)
To: Davide mionome <email@gmail.com>
From: Davide mionome <mionome.davide@acme.org>
Subject: mannaggia
Message-ID: <9ac87b17-abdb-731c-af0e-8ae2a1340fa4@acme.org>
Date: Sat, 27 Aug 2016 15:39:59 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.2.0
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15; format=flowed
Content-Transfer-Encoding: 7bit

prova p</mionome.davide@acme.org></email@gmail.com></email@gmail.com></email@gmail.com></mionome.davide@acme.org>

Is this can be related to the fact that I'm using a self signed certificate?

@sblantipodi:

Is this can be related to the fact that I'm using a self signed certificate?

Not 100% sure but I think it means the message contents were not encrypted; not related to whether the connection was encrypted perhaps?

@jebblue:

@sblantipodi:

Is this can be related to the fact that I'm using a self signed certificate?

Not 100% sure but I think it means the message contents were not encrypted; not related to whether the connection was encrypted perhaps?

I don't know, is there something that I can check ?

I use TLS and thunderbird is correctly using TLS, what else should I check?

solved by adding this to main.cf in postfix

smtpdtlssecurity_level = may

smtptlssecurity_level = may

If you think you solved something, share your solution. Even if it's a small problems it could help someone else in the future.

@csnxs:

If you think you solved something, share your solution. Even if it's a small problems it could help someone else in the future.

edited the previous post with the solution.

thanks

Thanks for this. I actually didn't know it was a problem until I tested it myself and so I've also added those flags. ;)

@shinji:

Thanks for this. I actually didn't know it was a problem until I tested it myself and so I've also added those flags. ;)

no problem, glad to have helped :)

@shinji:

Thanks for this. I actually didn't know it was a problem until I tested it myself and so I've also added those flags. ;)

Same here, thanks for the information sblantipodi. I've been operating my own server since the 1990's and wasn't aware of these settings. Ironically, when I tested, the email I sent to my Gmail account was encrypted while the one I sent from there (from Gmail) to my personal account, wasn't. Also the one I sent from my Hotmail account to my personal account, was encrypted.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct