SSL is installed but can't send encrypted emails

Cemal

Member
Jul 3, 2017
6
0
1
Turkey
cPanel Access Level
Root Administrator
Hello guys, I have a Cpanel WHM. I installed SSL for exim and dovecot services. I have a wordpress site and I want to send secured emails to users. I am using 465 SMTP port but emails are not encrypted. You can see log here pastebin.com/mfnrS60F. And email is here


i.imgur.com/T7fxQKc.png
 
Last edited by a moderator:

Jcats

Well-Known Member
PartnerNOC
May 25, 2011
807
157
168
New Jersey
cPanel Access Level
DataCenter Provider
That doesn't prove the email is not encrypted that is simply showing your Wordpress plugins logging of the events to send the email.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello,

You've configured SSL for email authentication, but this does not encrypt the actual email contents. You can use technologies such as S/MIME and PGP to sign, and encrypt, individual email messages through the email client itself, but it's not something that you'd configure through cPanel.

Thank you.
 

Jcats

Well-Known Member
PartnerNOC
May 25, 2011
807
157
168
New Jersey
cPanel Access Level
DataCenter Provider
Doh, yeah I missed that.

What plugin are you using for SMTP authentication?

Also, switch to port 587 TLS
 

Cemal

Member
Jul 3, 2017
6
0
1
Turkey
cPanel Access Level
Root Administrator
Hello,

You've configured SSL for email authentication, but this does not encrypt the actual email contents. You can use technologies such as S/MIME and PGP to sign, and encrypt, individual email messages through the email client itself, but it's not something that you'd configure through cPanel.

Thank you.
So what is the point of installing ssl for email server?


Doh, yeah I missed that.

What plugin are you using for SMTP authentication?

Also, switch to port 587 TLS
I use this plugin tr.wordpress.org/plugins/wp-mail-smtp/. I switched 587 TLS from plugin's setting. It sends email but it is not encrypted.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
So what is the point of installing ssl for email server?
It's to ensure the email account username and password are not transmitted in plaintext. The encryption of the actual emails needs to take place through the email client you are using with a technology such as PGP or S/MIME.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello,

To clarify, have you installed that same WordPress plugin on another host and it encrypts the emails? As I understand, the plugin you are referring to includes an option to encrypt the SMTP authentication but not the actual contents of the email.

Thank you.
 

Cemal

Member
Jul 3, 2017
6
0
1
Turkey
cPanel Access Level
Root Administrator
Hello,

To clarify, have you installed that same WordPress plugin on another host and it encrypts the emails? As I understand, the plugin you are referring to includes an option to encrypt the SMTP authentication but not the actual contents of the email.

Thank you.
Hello,

It is same result while I am using webmail (roundcube). It is not about wordpress plugin. Should cpanel has a feature about encrypt email contents? My problem is same with this Email without encryption
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello,

Thank you for the additional information. It looks like what's in-question here isn't the encryption of the email contents, but rather the transaction itself. It's possible your data center is filtering outgoing SMTP traffic. Please run the following commands from the cPanel server and let us know the output:

Code:
telnet gmail-smtp-in.l.google.com 465
telnet gmail-smtp-in.l.google.com 25
Thanks.
 

Cemal

Member
Jul 3, 2017
6
0
1
Turkey
cPanel Access Level
Root Administrator
Hello,

Thank you for the additional information. It looks like what's in-question here isn't the encryption of the email contents, but rather the transaction itself. It's possible your data center is filtering outgoing SMTP traffic. Please run the following commands from the cPanel server and let us know the output:

Code:
telnet gmail-smtp-in.l.google.com 465
telnet gmail-smtp-in.l.google.com 25
Thanks.
Code:
telnet gmail-smtp-in.l.google.com 25
Trying 173.194.76.27...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP u9si167081wrc.388 - gsmtp
Code:
telnet gmail-smtp-in.l.google.com 465
Trying 173.194.76.27...
telnet: connect to address 173.194.76.27: Connection timed out
Trying 2a00:1450:400c:c00::1a...
telnet: connect to address 2a00:1450:400c:c00::1a: Network is unreachable
I tried this on server and on my pc it is same at 465 port.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello,

Could you open a support ticket using the link in my signature so we can take a closer look and rule out any issues on the cPanel server?

Thank you.
 

krmzgn

Registered
Jun 11, 2019
2
0
1
Turkey
cPanel Access Level
Website Owner
Hello

I have problem with this situation. The service provider is not very helpful. The same way when I send Google Mail, the red lock sign is coming and indicates that it is not encryption.

I also try to connect to the 465 ports using Telnet via the server. Connection with "gmail-smtp-in.l.google.com" fails.
The service provider said that there was no blocking. What is the problem?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,494
1,009
313
cPanel Access Level
Root Administrator
@krmzgn - it is usually best to open a new thread about an issue instead of replying to one that is several years old.

If you can not connect over port 465, you may want to check your local firewall. If the hosting provider has confirmed they are not blocking this port outside of your server, the local firewall is the most likely place for that issue to be.

There are more details from Google about what the padlock means here: Check the security of your emails - Android - Gmail Help
 

krmzgn

Registered
Jun 11, 2019
2
0
1
Turkey
cPanel Access Level
Website Owner
Can we understand that outgoing mails are encrypted in the exim_mainlog file?

P=esmtpsa X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 <== What is the TLS written in this line encrypt?

2021-07-13 01:01:51 1m33zr-0007uq-7V <= [email protected] H=(KRMZGNPC) [22.167.139.80]:53099 P=esmtpsa X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no A=dovecot_login:[email protected] S=3398 [email protected] T="test" for [email protected]