Email not being encrypted when sent through the server using SMTP

Wutime · June 14, 2024, 11:01pm

I’m having an issue whereby all email sent through any domain in siteworx arrives without encryption. GMAIL shows the issue with the “red lock slashed” with the following details;

How do I ensure all my SiteWorx account, when using SMTP, sign messages so they show up as encrypted?

Note:

SSL is setup on the domain for both domain.com and mail.domain.com
SMTP mail has no issues authenticating and logging in to send mail
There are multiple domains in SiteWorx and they all have this issue

IWorx-Jenna · June 17, 2024, 12:16pm

Hello–

I googled that error for you and found that it is often caused if the sending domain is not using TLS: Messages sent to Gmail indicate sender did not encrypt this message

https://support.google.com/mail/thread/172522511/i-am-having-trouble-with-email-encryption?hl=en

I don’t know how you’re sending the messages, but if it is via a mail client, make sure you are using port 587 with STARTLS.

You may also want to make sure that TLS is enabled on the MTA page: How to: Edit SMTP Settings — InterWorx documentation

Thanks,
-Jenna

Wutime · June 19, 2024, 6:09am

Everything is enabled. I think the issue is that my server.domain.com SSL certificates (all the system certificates) are actually SIGNED as a siteworx domain that has nothing to do with server.domain.com.

Example, the CSR/SSL’s for server.domain.com (NodeWorx System SSL’s) are actually showing as signed for a random domain in SiteWorx that is a-different-domain.com

I’ve tried recreating the SSL’s for server.domain.com multiple times but they’re also signed for this siteworx account.

It’s very frustrating.

NodeWorx: server.domain.com
SiteWorx: domain.com (I have it as a website also)
SiteWorx: a-different-domain.com (this is mistanenkly being used for server.domain.com server/system SSL’s)

iworx-brandon · June 19, 2024, 8:58am

It is unclear exactly what you mean by “showing as signed for by a random domain”, but all the possible interpretations I can come up with would point to something being wrong with the configuration of the server. Due to this, it sounds like it may be time to submit a ticket with all the steps to reproduce.

If you are a direct customer of InterWorx, please enable remote assistance and submit a ticket to our help desk at https://support.interworx.com. Please include steps to reproduce the issue as you see it occuring.

If you purchased your license through another vendor, please submit a ticket through their help desk.

Thank you,
Brandon

Wutime · June 21, 2024, 11:28pm

Brandon, thank you.

Actually, Jenna from support was able to assist, diagnose, and resolve the issue. She was absolutely fantastic and I’m very grateful to her expert assistance.

For anyone else that may have this issue moving forward I’ll outline what the problem was. Why it occurred, no idea, but hopefully this could help someone else in the future. It was a brand new server, but looks like something during configuration may have gone wrong with the LiquidWeb InterWorx install.

From the technician’s response:

I compared the contents of /var/qmail/control on your server, vs my test server, and I noticed that, on mine, I had a symlinked file for the clientcert:

lrwxrwxrwx 1 root qmail 14 Dec 21 2021 clientcert.pem → servercert.pem

However, your server, while it did have /var/qmail/control/servercert.pem, it did not have the clientcert.pem symlink:

I created that symlink:

[root@central01 control]# ln -s servercert.pem clientcert.pem

And, after doing so, messages to gmail from the test account I created on your server were marked correctly:

This symlink did in fact resolve all SMTP/TLS signing issues.

Huge thanks to the expert help of the InterWorx team!