On Saturday, June 7, 2003, at 07:11 AM, Marcus Merighi wrote:
G'day folks,
I'll have to use SMTP AUTH. But I don't wan't user to send their Passwords unprotected. Is there a way to have qmail listen on 25 plain to receive mail for the users from other SMTP servers, but require SSL/TLS for relaying mail from users (after SMTP AUTH)?
Yes you can. You need to setup two qmail services. One for plain port 25 which can support the STARTTLS and one for SecureSMTP (port 465). The qmail configuration stays the same but the TLS stuff of the connection is handled by tcpserver. There is a patch for ucspi-tcpserver (www.nrg4u.com) that enables SSL/TLS in tcpserver.
In summary
SMTP_AUTH is handled by qmail-smtp with the auth_smtp patch TLS is handled by tcpserver with the TLS patch for ucspi-tcp
You setup the same qmail binary/configuration to support SMTP_AUTH on both port 25 & 465
You setup TLS on the port 465 config with tcpserver
I'm not sure if you can have two qmail-smtp processes writing to the same /var/qmail/queue directory. I assume you can but I don't know for sure.
Hope this helps
-Matt
Yes, I did look elsewhere first. Without much success.
http://www.google.com/search?q=qmail+smtp+auth+ssl+tls+require+relay http://marc.theaimsgroup.com/?l=qmail-ldap&w=2&r=1&s=smtp+auth+tls&q=b
(Apart from reading http://www.nrg4u.com/ http://www.nrg4u.com/qmail/QLDAPINSTALL http://www.lifewithqmail.org/ldap/ [#SMTP%20AUTH] )
Thanks for your time in advance,
Max
