Gmail - Encryption Warning
Recently, Gmail began to warn that the sender’s server verbatim the domain example.com did not encrypt this message and when viewing the message display an open lock (see google help for details ). The wording in the help center itself was misleading for a long time: If a red hacked icon  appears in a received message or draft, this means that the letter is not encrypted. . This means only that the letter was not transmitted using an encrypted protocol; this lock has nothing to do with encrypting the letter. For a long time this wording confused me and “googled” I in the wrong direction until a more experienced comrade suggested.
Since, after I figured out the essence of the warning, I didn’t find anything on the topic anyway, so the post is more likely to be clarified by people like me, who at first didn’t understand anything. Therefore, please do not judge strictly.
Now, on the case, to implement google recommendations and send emails safely, for those who use postfix as an outgoing mail server, just add to
Thanks J_o_k_e_R for the tip on the algorithms in the comments.
As a result, when viewing the source of the letter, the headline is this: it becomes like this: Once again, please do not judge strictly if I turned out to be such a fool
Since, after I figured out the essence of the warning, I didn’t find anything on the topic anyway, so the post is more likely to be clarified by people like me, who at first didn’t understand anything. Therefore, please do not judge strictly.
Now, on the case, to implement google recommendations and send emails safely, for those who use postfix as an outgoing mail server, just add to
/etc/postfix/main.cf(the path is specified for debian):smtp_use_tls = yes
tls_high_cipherlist = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # эта строчка скорее всего будет в конфиге
Thanks J_o_k_e_R for the tip on the algorithms in the comments.
As a result, when viewing the source of the letter, the headline is this: it becomes like this: Once again, please do not judge strictly if I turned out to be such a fool
Received: from smtp.279.ru (smtp.279.ru. [77.220.185.16])
by mx.google.com with ESMTP id o79si14839747lfi.52.2016.02.15.04.15.43
for ;
Mon, 15 Feb 2016 04:15:43 -0800 (PST)
Received: from smtp.279.ru (smtp.279.ru. [77.220.185.16])
by mx.google.com with ESMTPS id d124si14810044lfg.170.2016.02.15.04.20.45
for
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Mon, 15 Feb 2016 04:20:45 -0800 (PST)