SSL is installed but can't send encrypted emails

[Cemal]

Hello guys, I have a Cpanel WHM. I installed SSL for exim and dovecot services. I have a wordpress site and I want to send secured emails to users. I am using 465 SMTP port but emails are not encrypted. You can see log here pastebin.com/mfnrS60F. And email is here


i.imgur.com/T7fxQKc.png

 

[Jcats]

That doesn't prove the email is not encrypted that is simply showing your Wordpress plugins logging of the events to send the email.

 

[Cemal]

If you look at email's screenshot there is a red icon that shows email is not encrypted.

 

[cPanelMichael]

Hello,

You've configured SSL for email authentication, but this does not encrypt the actual email contents. You can use technologies such as S/MIME and PGP to sign, and encrypt, individual email messages through the email client itself, but it's not something that you'd configure through cPanel.

Thank you.

 

[Jcats]

Doh, yeah I missed that.

What plugin are you using for SMTP authentication?

Also, switch to port 587 TLS

 

[Cemal]

Hello,

You've configured SSL for email authentication, but this does not encrypt the actual email contents. You can use technologies such as S/MIME and PGP to sign, and encrypt, individual email messages through the email client itself, but it's not something that you'd configure through cPanel.

Thank you.

So what is the point of installing ssl for email server?

Doh, yeah I missed that.

What plugin are you using for SMTP authentication?

Also, switch to port 587 TLS

I use this plugin tr.wordpress.org/plugins/wp-mail-smtp/. I switched 587 TLS from plugin's setting. It sends email but it is not encrypted.

 

[cPanelMichael]

So what is the point of installing ssl for email server?

It's to ensure the email account username and password are not transmitted in plaintext. The encryption of the actual emails needs to take place through the email client you are using with a technology such as PGP or S/MIME.

Thank you.

 

[Cemal]

I am talking about this. Even VestaCP encrypt emails.

 

[cPanelMichael]

Hello,

To clarify, have you installed that same WordPress plugin on another host and it encrypts the emails? As I understand, the plugin you are referring to includes an option to encrypt the SMTP authentication but not the actual contents of the email.

Thank you.

 

[Cemal]

Hello,

To clarify, have you installed that same WordPress plugin on another host and it encrypts the emails? As I understand, the plugin you are referring to includes an option to encrypt the SMTP authentication but not the actual contents of the email.

Thank you.

Hello,

It is same result while I am using webmail (roundcube). It is not about wordpress plugin. Should cpanel has a feature about encrypt email contents? My problem is same with this Email without encryption

 

[cPanelMichael]

Hello,

Thank you for the additional information. It looks like what's in-question here isn't the encryption of the email contents, but rather the transaction itself. It's possible your data center is filtering outgoing SMTP traffic. Please run the following commands from the cPanel server and let us know the output:

telnet gmail-smtp-in.l.google.com 465
telnet gmail-smtp-in.l.google.com 25

Thanks.

 

[Cemal]

Hello,

Thank you for the additional information. It looks like what's in-question here isn't the encryption of the email contents, but rather the transaction itself. It's possible your data center is filtering outgoing SMTP traffic. Please run the following commands from the cPanel server and let us know the output:

telnet gmail-smtp-in.l.google.com 465
telnet gmail-smtp-in.l.google.com 25

Thanks.

telnet gmail-smtp-in.l.google.com 25
Trying 173.194.76.27...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP u9si167081wrc.388 - gsmtp

telnet gmail-smtp-in.l.google.com 465
Trying 173.194.76.27...
telnet: connect to address 173.194.76.27: Connection timed out
Trying 2a00:1450:400c:c00::1a...
telnet: connect to address 2a00:1450:400c:c00::1a: Network is unreachable

I tried this on server and on my pc it is same at 465 port.

 

[cPanelMichael]

Hello,

Could you open a support ticket using the link in my signature so we can take a closer look and rule out any issues on the cPanel server?

Thank you.

 

[krmzgn]

Hello

I have problem with this situation. The service provider is not very helpful. The same way when I send Google Mail, the red lock sign is coming and indicates that it is not encryption.

I also try to connect to the 465 ports using Telnet via the server. Connection with "gmail-smtp-in.l.google.com" fails.
The service provider said that there was no blocking. What is the problem?

 

[cPRex]

@krmzgn - it is usually best to open a new thread about an issue instead of replying to one that is several years old.

If you can not connect over port 465, you may want to check your local firewall. If the hosting provider has confirmed they are not blocking this port outside of your server, the local firewall is the most likely place for that issue to be.

There are more details from Google about what the padlock means here: Check the security of your emails - Android - Gmail Help

 

[krmzgn]

Can we understand that outgoing mails are encrypted in the exim_mainlog file?

P=esmtpsa X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 <== What is the TLS written in this line encrypt?

2021-07-13 01:01:51 1m33zr-0007uq-7V <= [email protected] H=(KRMZGNPC) [22.167.139.80]:53099 P=esmtpsa X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no A=dovecot_login:[email protected] S=3398 [email protected] T="test" for [email protected]

 

[cPRex]

That certainly looks like it to me. You can see the TLS details there showing the full cipher list.