SSL
Jump to navigation
Jump to search
SSL
After adding a Certificate, TLS should work, but SSL might need some additional configuration. As SSL over SMTP on port 465 is depreciated, there is nothing listening on port 465 with the basic Qmail-Toaster. In order to add legacy SSL over SMTP (smtps) capability on port 465, you need to add an smtp-ssl daemon. Here's how to do it.
1) Stop qmail:
# service qmail stop
2) Create the supervise directories for smtps
# mkdir -p /var/qmail/supervise/smtp-ssl/supervise /var/qmail/supervise/smtp-ssl/log/supervise"
3) Create a file named /var/qmail/supervise/smtp-ssl/run containing:
#!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SMTPD="/var/qmail/bin/qmail-smtpd" TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" HOSTNAME=`hostname` VCHKPW="/home/vpopmail/bin/vchkpw" export SMTPS=1
exec /usr/bin/softlimit -m 12000000 \
/usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 465 \
$SMTPD $VCHKPW /bin/true 2>&1
4) Create a file named /var/qmail/supervise/smtp-ssl/log/run containing:
#!/bin/sh
LOGSIZE=`cat /var/qmail/control/logsize`
LOGCOUNT=`cat /var/qmail/control/logcount`
exec /usr/bin/setuidgid qmaill /usr/bin/multilog \
t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp-ssl 2>&1
5) Execute the following commands:
# chmod +x /var/qmail/supervise/smtp-ssl/run /var/qmail/supervise/smtp-ssl/log/run # chown -R qmaill:qmail /var/qmail/supervise/smtp-ssl
6) Start qmail:
# service qmail start
7) Open port tcp/465 in firewall if necessary.
8) Configure the client to use smtp-ssl via port 465.