Encrypting emails that are sent from local email server on OJS3


Is there an option to encrypt email that are sent from OJS3? We do not use a SMTP server and emails are sent from PHP mail() function.


hello @alirezaaa

Emails have a bit layer encryption with SSL.

SMTP server SSL → SMTP server SSL.

Do you have installed a SMTP server in your server?

Hello @juanito,

I don’t think we have SMTP sever installed because the below line is commented in the config file.
; smtp = On

But we have no problem sending emails from the server.

Hi @alirezaaa .

OJS uses, by default, localhost smtp server.

You have on your infrastructure a localhost SMTP server, installed.


Hi @juanito

Yes and we have SSL certificate on our server too. But I think OJS3 currently does not support encoding emails from the local email server.

I hope some one from OJS core could confirm this and guide on how to implement it.


Hello @ctgraham,

Do you have any ideas about this topic:


This will depend on what is intended by “encrypting email”. Email can be encrypted in content, or in transit.

To encrypt the email content involves either signing the content (validating the sender), or actually encrypting the content (limiting decryption to select recipients). To do that requires the use of a tool such as PGP. This could be integrated into OJS if a plugin were to be written.

To encrypt the transit of the email involves enabling SSL on the SMTP transmission of the message. Note that you only have control of the first hop in the network; after that, it is dependent on every intermediary route in the network to voluntarily encrypt the transmission. This is why email is inherently insecure. OJS supports SSL with SMTP. Using the native PHP mailer function will rely on PHP’s settings (and probably your local server settings), where SSL can be enabled or disabled for the first hop in the transmission.

What kind of encryption is of interest here?

Hello @ctgraham,

You can see the problem in attached screenshot. It says that local mail server did not encrypt the email and this is a security risk.


I guess this regards the transit of the emails. PHPMailer() supports SSL. But I am not sure how to set the parameters in the send() function (file classes/mail/Mail.inc.php). Our server has openSSL and the required certificates.

Is this the correct way to handle this issue?


For SMTP connections, the security configuration is in config.inc.php:

You may be able to use SMTP to connect to your local host, if your server has port 25, 465, or 587 open locally.

If you are using the PHP mail() function (SMTP off), then this is configured either in your PHP settings, or on the local mailserver itself (postfix, sendmail, etc).

Ask your system administrator or hosting provider for assistance in selecting the best mailer option and settings for your server.