SSL

SSL

After adding a Certificate, TLS should work, but SSL might need some additional configuration. As SSL over SMTP on port 465 is depreciated, there is nothing listening on port 465 with the basic Qmail-Toaster. In order to add legacy SSL over SMTP (smtps) capability on port 465, you need to add an smtp-ssl daemon. Here's how to do it.

1) Stop qmail:

# service qmail stop

2) Create the supervise directories for smtps

# mkdir -p /var/qmail/supervise/smtp-ssl/supervise /var/qmail/supervise/smtp-ssl/log/supervise"

3) Create a file named /var/qmail/supervise/smtp-ssl/run containing:

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export SMTPS=1

exec /usr/bin/softlimit -m 12000000 \
    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 465 \
    $SMTPD $VCHKPW /bin/true 2>&1

4) Create a file named /var/qmail/supervise/smtp-ssl/log/run containing:

#!/bin/sh
LOGSIZE=`cat /var/qmail/control/logsize`
LOGCOUNT=`cat /var/qmail/control/logcount`
exec /usr/bin/setuidgid qmaill /usr/bin/multilog \
    t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp-ssl 2>&1

5) Execute the following commands:

# chmod +x /var/qmail/supervise/smtp-ssl/run /var/qmail/supervise/smtp-ssl/log/run
# chown -R qmaill:qmail /var/qmail/supervise/smtp-ssl

6) Start qmail:

# service qmail start

7) Open port tcp/465 in firewall if necessary.

8) Configure the client to use smtp-ssl via port 465.