Mail Signing & Encryption Module

This module allows to apply PGP or S/MIME signature / encryption to emails sent to customers and/or user agents.

Signing and encryption is configured on a per mailbox basis.

Debugging

Signing / encryption errors can be found in:

  • “Manage » Logs » Apps Logs”
  • “Manage » Logs » Send Errors”

S/MIME

Signing Emails

Free S/MIME certificates in .pfx format can be received here.

To sign outgoing emails you will need a certificate and a private key in .pem format. To extract certificate and private key from .pfx file use the following console commands:

openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
Enter Import Password: [enter your certificate password]

openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
Enter Import Password: [enter your certificate password]

To make sure that signing is working, you can send a test email to Gmail:

Encrypting Emails

PGP

Here is the discussion of the PGP signing & encryption.

PGP signing and encrypting requires PHP GnuPG extension:

apt-get install php7.x-gnupg

To sign/encrypt emails you need to have a GPG key (without a passphrase):

gpg --gen-key

If you system does not allow to create a key without a passphrase, just create the keys with Kleopatra.

The email address you enter when generating the GPG key, should be entered as “Key Email Address” in module’s settings.

Signing Emails

Signature will be attached to emails as signature.asc and contain PGP signature.

Encrypting Emails

To encrypt emails you need to have GPG keys for each recipient’s email address (without a passphrase).

Encrypted email will contain “noname” attachment with “Version: 1” text inside and encrypted.asc file containing PGP-encrypted message.

Lifetime license for one domain
Purchase
  • Version: 1.0.3
  • Required App Version: 1.6.18
  • Open Source: AGPL-3.0