I'm trying to work out how to make my outgoing/incoming email's as secure as I can possibly make them.
First of all, my domain has Wildcard OV SSL Certificates, I have copies of the .csr, .crt and .key files but I don't have any PKCS12 files of .p12 or .pfx, is it possible to get these from my SSL certificate so I can digitally sign outgoing emails via email clients like outlook, thunderbird… etc
Secondly, what is currently the "safest" / "best" security settings that I can and should use for my email client(s), below is all of the available options.
Incoming Options
Connection Security:
- None
- STARTTLS
- SSL/TLS (Currently using via port 993)
Authentication Method:
- Normal Password (Currently using via port 993)
- Encrypted Password
- Kerberos / GSSAPI
- NTLM
- TLS Certificate
- OAuth2
Outgoing Options
Connection Security:
- None
- STARTTLS
- SSL/TLS (Currently using via port 465)
Authentication Method:
- No authentication (Not available)
- Normal Password (Currently using via port 465)
- Encrypted Password (Not available)
- Kerberos / GSSAPI (Not available)
- NTLM (Not available)
- OAuth2 (Not available)
Last but not least, the same goes for PHPMailer, should I be using TLS or SSL (what ones better?)
$phpmailer->SMTPSecure = "tls"; // Choose SSL or TLS, if necessary for your server
Best Answer
Try this on how to create p12.
The following are already "safe" and practical for a company to deploy.
Incoming Port: POP3 995 or IMAP 993 (SSL/TLS)
SMTP Authentication Required
Outgoing Mail server (SMTP) Port: 465 (SSL/TLS)
SMTP Authentication Required
Lastly, use TLS whenever you can. TLS performs better and there are security issues with some SSL protocols.