Gmail Encryption Warning
Recently, Gmail began to warn that the sender's server literally Domain example.com did not encrypt this message and display the open lock when viewing the letter (For more information, see google help ). The wording in the help center itself has been misleading for a long time: If a red icon of a hacked icon appears in the received message or draft, it means that the letter is not encrypted. . This only means that the letter was not transmitted via an encrypted protocol, this lock has nothing to do with the encryption of the letter. For a long time, this formulation confused me and “googled” me in the wrong direction until a more experienced comrade suggested.
Because after I figured out the essence of the warning, I still didn’t find anything on the topic, so the post is more for an explanation like me, who did not understand anything at first. Therefore, please do not judge strictly.
Now, in the case, in order to fulfill google's recommendations and send messages safely, those who use postfix as an outgoing mail server can add to
')
Thanks J_o_k_e_R for a hint on algorithms in the comments
As a result, when viewing the source of the letter, the title is:
becomes like this:
Once again I ask you not to judge strictly, if I alone “such a fool” turned out to be
Because after I figured out the essence of the warning, I still didn’t find anything on the topic, so the post is more for an explanation like me, who did not understand anything at first. Therefore, please do not judge strictly.
Now, in the case, in order to fulfill google's recommendations and send messages safely, those who use postfix as an outgoing mail server can add to
/etc/postfix/main.cf (the path is specified for debian):')
smtp_use_tls = yes tls_high_cipherlist = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # Thanks J_o_k_e_R for a hint on algorithms in the comments
As a result, when viewing the source of the letter, the title is:
Received: from smtp.279.ru (smtp.279.ru. [77.220.185.16])
by mx.google.com with ESMTP id o79si14839747lfi.52.2016.02.15.04.15.43
for <deryabinsergey@gmail.com>;
Mon, 15 Feb 2016 04:15:43 -0800 (PST)
becomes like this:
Received: from smtp.279.ru (smtp.279.ru. [77.220.185.16])
by mx.google.com with ESMTPS id d124si14810044lfg.170.2016.02.15.04.20.45
for <deryabinsergey@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Mon, 15 Feb 2016 04:20:45 -0800 (PST)
Once again I ask you not to judge strictly, if I alone “such a fool” turned out to be
Source: https://habr.com/ru/post/357010/
All Articles