I'm trying to configure postfix with SSL. I've followed this tutorial: https://www.cloudjojo.com/how-to-install-mail-server-on-ubuntu-14-04-part2/
My main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = street-sport-base
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# myorigin = /etc/mailname
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
queue_directory = /var/spool/postfix
mail_owner = postfix
mydomain = street-sport.pl
myorigin = street-sport.pl
mydestination = $myhostname, street-sport-base, localhost.$mydomain, localhost
home_mailbox = Maildir/
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/sbin/newaliases
mailq_path = /usr/sbin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
biff = no
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-virtual-email2email.cf
smtpd_tls_key_file=/usr/local/nginx/ssl/1710371.key
smtpd_tls_cert_file=/usr/local/nginx/ssl/1710371.cert
smtpd_tls_CAfile=/etc/ssl/certs/certificate_and_key.crt
smtpd_use_tls=yes
smtpd_tls_auth_only = no
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
virtual_transport = lmtp:unix:private/dovecot-lmtp
smtpd_tls_security_level = may
smtp_tls_security_level = may
smtp_tls_key_file=/usr/local/nginx/ssl/1710371.key
smtp_tls_cert_file=/usr/local/nginx/ssl/1710371.cert
smtp_tls_CAfile=/etc/ssl/certs/certificate_and_key.crt
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
master.cf
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
When I'm sending message from console to my gmail mailbox the message is delivered but it goes to spam. Gmail says that this message has a standard tsl encryption (gray lock). What am I doing wrong? I need full encrytion that emails doesn't go to spam.
file 1710371.key contains only key file 1710371.cert contains cert for my domain and file certificate_and_key.crt contains cert for my domain, key and two intermediate certs: 1. http://repository.certum.pl/hsha2.pem 2. http://repository.certum.pl/gscasha2.pem
If you want to use anything better then "standard TLS encryption" you need to use end-to-end encryption in the form of S/MIME. End-to-end means from mail sender to receiver, which means that this only something you can do with your mail client and not with your mail server which is only a hop but not and endpoint of the mail transfer.
See Google Help for what the various symbols mean and what you need to do to have S/MIME.
I need full encrytion that emails doesn't go to spam.
Only a tiny part of the mails is using S/MIME. It should be possible to use standard TLS encryption or no encryption at all and not be classified as spam. It is more likely that your server is on some blacklist for sending spam earlier, that you are trying to send mail from a normal private system (i.e. DSL, cable or similar instead of a real server on the internet), that something else is messed up with your setup or simply that the mail you are trying to sent is considered spam based on the content.