This post will assume that you have your site running, with https.
Wondering why you get a red lock on emails sent from your CMS site when checking them on GMail?
To overcome this, Postfix should use a valid certificate, just like your web server does, or should do.
Assuming that you already have your server configured with Let’s Encrypt, we will use that certificate and key. To tell Postfix to use it, run the following, replacing <yourdomain> by your domain:
sudo postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/<yourdomain>/fullchain.pem'
sudo postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/<yourdomain>/privkey.pem'
Next we need to tell Postfix to use TLS encryption to send (and receive) emails:
sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
This will get what we need to have Postfix sending encrypted emails. Now we just need to restart postfix:
sudo systemctl restart postfix