The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Secure mail routing over TLS

Discussion in 'E-mail Discussions' started by sheikhatif, Jan 22, 2014.

  1. sheikhatif

    sheikhatif Registered

    Feb 2, 2011
    Likes Received:
    Trophy Points:
    We have relationships with some banks that are trying to implement some secure email. Is there any method that would force the server to send emails via TLS when sending email to a specific domain?

    We basically need to require that an email be secure from
    user -> mail server
    and from
    mail server -> bank's server.

    I'm not entirely familiar with what happens after the email leaves my email program. If I send a message over TLS or SSL outgoing connection, does the email leave the mail server also over a secure connection? I have no problem implementing TLS from the client to the mail server. It's after it gets to the mail server that I am unclear on.

    Any help on this would be appreciated.
  2. ThinIce

    ThinIce Well-Known Member

    Apr 27, 2006
    Likes Received:
    Trophy Points:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    There are a bunch of things that impact here, if you're using IMAP for the mailbox in question you'll want to disable plaintext auth and the non secure protocol in Configuring Dovecot so that the message is copied to the sent folder securely

    In exim itself, you can disable weak ciphers and mandate secure connections Security from a sending client perspective.

    Things can get a bit more complicated when talking about the message's transmission between servers. Some recipients may mandate a certificate signed by a specific CA is in place rather than the self signed service certificate put in place by cPanel by default before accepting connections. Have a read of 41. Encrypted SMTP connections using TLS/SSL

    Personally, if you really want secure email you need to wrap the postcard in an envelope as it were with end to end encryption, but requirements will vary quite drastically depending on the endpoint you're dealing with. I'm sure Michael will be along in a bit to correct anything above that needs it :)
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello :)

    The options presented to you in the previous post are accurate. However, note that those changes are global and not on a per-domain basis. There are no native features to implement such changes on a per-domain basis.

    In addition, if you would like encryption for the actual emails and not just the authentication, you can use technologies such as PGP to sign and encrypt individual messages. This would involve the sender and receiver setting up their own email clients to utilize individual message encryption.

    Thank you.

Share This Page