Email Encryption

azw

New Member
Hello,
I'm considering implementing encryption of emails sent via my VPS server. Is there a fairly easy way to do this? Perhaps more importantly, would it be truly worthwhile?
 
It's absolutely worth while and it's relatively easy to set up.
Without it, all emails you send/receive are in plain text and if I knew where you were and could get onto the same network as you I could easily packet sniff all the emails you send and receive. So if you were to send someone a password for example, I would be a happy hacker.

First you need an SSL Cert. You can issue your server it's own for free, but you'll get warnings when you try accessing webmail and in your email client saying it's not trusted, so it's recommended you purchase an SSL cert from a trusted authority such as my PickleHost GoDaddy Reseller system (shout out) or GoDaddy or any other should be fine. I also recommend just purchasing a Wild Card SSL Cert for your server's primary domain that way you can encrypt everything you access on your server, WHM, cPanel, WebMail, etc.

Next, (optional) I recommend you force webmail users to use HTTPS over HTTP, which is a setting in WHM. This also will apply to WHM and cPanel access making everything you access encrypted.

Then in any of your email clients (Outlook, on your cell phone, thunderbird, or whatever you're using) switch to TLS encryption. If you choose that Wild Card SSL Cert mentioned earlier you'll set the servers to your server's primary domain so you won't get any certificate warnings.

KH support can easily assist with those requests if you need any help and I'm happy to walk you through the process of getting an SSL Cert from PickleHost if you decide to purchase there.
 
cPanel doesn't have an official LE plugin yet. Once it does though, things will be awesome.
 
I've not used GeoTrust myself, but I believe they are just as good as any other and cheaper than most, even my PickleHost unfortunately :(.

WildCard (All Sub Domains i.e. www.mydomain.com, mydomain.com, pop.mydomain.com, smtp.mydomain.com etc.)
GoDaddy - $299/yr
PickleHost - $199/yr
Comodo and GeoTrust - $149/yr

Single Sub Domain (i.e. www.mydomain.com and mydomain.com)
GoDaddy - $69/yr
PickleHost - $49/yr
GeoTrust - ~$17/yr
 
I could imagine that LetsEncrypt will really disrupt the SSL cert businesses, like yours.

Does one wildcard SSL cert also protect parked domains attached to that domain? Or do you have to count those as separate domains (another 1 of the 5-10-15 that you pay for)?

Boy, when I add up all the domains I control, a number which have email attached, I'd need a wildcard for 10-15 domains.
 
It's per domain, so you would need one for each parked domain. That's why I just have one for my server's primary domain and set up my client's email client to use my pop and smtp domain so I don't have to purchase an additional SSL Cert for them. I have hundreds of domains hosted on my server but only need the one wildcard cert used for secure access to webmail, cpanel, whm, email, etc. and then I have a few single sub domain certs for clients that have hosted websites that need to be secured for one reason or another. So all in all I have fully encrypted access to everything needed but only pay for 1 wildcard and a few single sub domain certs, well worth it.
 
I'm not sure I understand this:
"I just have one for my server's primary domain and set up my client's email client to use my pop and smtp domain so I don't have to purchase an additional SSL Cert for them. I have hundreds of domains hosted on my server but only need the one wildcard cert used for secure access to webmail, cpanel, whm, email, etc."

I have a VPS with a few customers' site on it, as well as mine. But they have different domain names and use their domain names for email, too.

Could I set up a wildcard SSL cert so that the other people's sites and email use that one cert?
 
You can use your WHM hostname for email, ftp, cpanel/whm and webdisk access. I prefer it this way, so I don't have to manage multiple domain SSLs.
 
No, they can just use 'YourWHMHostname.com' to login to check their email. They still maintain their email addresses they have.
 
Wow, I didn't now that was the way it works. Thanks so much for helping me understand this!
 
Top