Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CourtListener emailer not sending encrypted email. #438

Closed
mlissner opened this issue Feb 22, 2016 · 9 comments
Closed

CourtListener emailer not sending encrypted email. #438

mlissner opened this issue Feb 22, 2016 · 9 comments

Comments

@mlissner
Copy link
Member

A good friend sent us this screenshot in response to today's newsletter:

no-ssl

He's right. It's shameful and I shall have to fix it. I don't know how at the moment, and I fear this will mean more HTTPS certificates to manage, but I'm not sure there's a way around that at the moment.

PS: Holy hi-dpi screenshot!
@anseljh
Copy link
Member

anseljh commented Feb 22, 2016

I suspect @JoshData might have some ideas! He made Mail-in-a-Box.

@mlissner
Copy link
Member Author

Good call. He's gone deeper into email than any mortal ever should.

@JoshData
Copy link

We have to go deeper!

How does CL send its outbound mail?

@mlissner
Copy link
Member Author

@JoshData: postfix?

@JoshData
Copy link

Ah, you run your own server.

So, truly, the best way to fix this is to set up a Mail-in-a-Box. Playing with postfix configs is no fun. If you want to be hard core, you can copy the configs from Mail-in-a-Box and hope it helps:

https://github.com/mail-in-a-box/mailinabox/blob/master/setup/mail-postfix.sh

You shouldn't need a signed cert to make the lock go away - a self-signed one should do the trick.

@mlissner
Copy link
Member Author

That's good news about self-signed being enough, and thanks for the settings reference.

We've dabbled in self-hosting our mail, like MIB can do, but it's been an abject failure. Just one more thing that can fail in the infrastructure, I'm afraid. We'll see...perhaps I'll eat these words when I try to get the cert working....

@mlissner mlissner mentioned this issue Feb 24, 2016
Closed
@mlissner
Copy link
Member Author

Well, this was annoying, but I think it's all set. From what I gather, you need to configure encryption for smtp_ in /etc/postfix/main.cf file, and then make sure it's turned on by sending the right flags to the postfix process when it starts. Those flags are in /etc/postfix/master.cf.

I'm not going to document all the flags and settings I just tweaked, but they're all on the server.

Testing

I tested this using:

https://www.checktls.com/perl/TestSender.pl

And using gmail (which gives a little broken lock icon when things are no good).

I haven't devised a test to ensure that unencrypted email still works. I assume it does -- I didn't monkey with it.

@mlissner
Copy link
Member Author

I used this for the self-signed cert, btw: https://devcenter.heroku.com/articles/ssl-certificate-self

@mlissner
Copy link
Member Author

I just re-did this today and used certbot to make it happen. Many notes over in #1574 .

@mlissner mlissner mentioned this issue Oct 11, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mlissner @JoshData @anseljh