← Knowledge base

Email — SMTP / IMAP / Submission

Is PQC enabled? — quick check

macOS / Linux

# 1) No-dependency check — identify this machine first.
uname -a 2>/dev/null || true

# 2) Dependency check — prompt before installing anything.
if ! command -v openssl >/dev/null 2>&1; then
  echo 'OpenSSL was not found. A local PQC proof needs OpenSSL 3.5+.'
  printf 'Install OpenSSL now? [y/N] '
  read answer
  case "$answer" in
    [Yy]*)
      if command -v brew >/dev/null 2>&1; then brew install openssl@3
      elif command -v apt-get >/dev/null 2>&1; then sudo apt-get update && sudo apt-get install -y openssl
      elif command -v dnf >/dev/null 2>&1; then sudo dnf install -y openssl
      elif command -v yum >/dev/null 2>&1; then sudo yum install -y openssl
      else echo 'No supported package manager found. Install OpenSSL 3.5+ and retry.'; exit 1
      fi ;;
    *) echo 'Install OpenSSL 3.5+ and retry for a local PQC proof.'; exit 1 ;;
  esac
fi

OPENSSL=openssl
if command -v brew >/dev/null 2>&1; then
  BREW_OPENSSL="$(brew --prefix openssl@3 2>/dev/null)/bin/openssl"
  [ -x "$BREW_OPENSSL" ] && OPENSSL="$BREW_OPENSSL"
fi

$OPENSSL version
if ! $OPENSSL list -tls-groups 2>/dev/null | grep -qiE 'X25519MLKEM768|MLKEM|Kyber'; then
  echo 'This OpenSSL does not advertise ML-KEM groups. Upgrade to OpenSSL 3.5+ or load oqsprovider, then retry.'
  exit 1
fi

# SMTP submission (port 587, STARTTLS)
$OPENSSL s_client -connect mail.example.com:587 -starttls smtp -tls1_3   -groups X25519MLKEM768 </dev/null 2>&1 |
  grep -E 'Negotiated TLS1\.3 group|Server Temp Key|Cipher is|alert'
# IMAPS (port 993)
$OPENSSL s_client -connect mail.example.com:993 -tls1_3   -groups X25519MLKEM768 </dev/null 2>&1 |
  grep -E 'Negotiated TLS1\.3 group|Server Temp Key|Cipher is|alert'

Expected when PQC is ON

Negotiated TLS1.3 group: X25519MLKEM768
Cipher is TLS_AES_256_GCM_SHA384

What you'll see when PQC is OFF

Cipher is TLS_AES_256_GCM_SHA384
# (no group line — server has no overlap with offered PQ group)
# or: ssl handshake failure / no shared cipher

Requires OpenSSL 3.5+ (or 3.x + oqsprovider) on the client to even send the PQ group.

Mail servers ride on OpenSSL like any other TLS service. The trick is that submission/IMAP/SMTP each have their own group config knobs, and STARTTLS adds a layer to the negotiation.

Postfix (SMTP & submission)

smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_eecdh_grade = auto
smtpd_tls_eecdh_grade = auto
tls_eecdh_auto_curves = X25519MLKEM768 X25519 secp384r1 prime256v1
tls_preempt_cipherlist = no

tls_eecdh_auto_curves requires Postfix 3.10+ linked against OpenSSL 3.5+ (or 3.x + oqsprovider). Restart with postfix reload.

Dovecot (IMAP / POP3 / submission relay)

ssl = required
ssl_min_protocol = TLSv1.2
ssl_curve_list = X25519MLKEM768:X25519:secp384r1:prime256v1

OpenSMTPD

pki "mail" cert "/etc/ssl/mail.pem"
pki "mail" key  "/etc/ssl/mail.key"
# uses system OpenSSL groups; no per-process knob — install OpenSSL 3.5+

STARTTLS gotcha

Some legacy MTAs reject TLS 1.3 entirely. Set smtp_tls_protocols to !SSLv2 !SSLv3 rather than forcing 1.3 only — you'd otherwise drop deliveries to laggards. Hybrid PQC will negotiate with peers that advertise it and quietly fall back otherwise.

Run the check on your mail host →