Re: [qmailtoaster] ssl/tls for iphones and mac

Mon, 17 Apr 2017 21:15:52 -0700

I tested this and you cannot send w/o authenticating. Works perfectly. No need to put REQUIRE_AUTH 

Eric


On 4/11/2017 11:41 AM, Rajesh M wrote:

hi

we recently purchased wildcard ssl for our mailserver and updated our 
servercert.pem file with rsa key and the certificates (domain certs and the 
chain)

*.myhostname.com

problem installing the ssl, iphones and macbooks are giving message that : 
certificate cannot be verified.

found out that iphones and mac use ssl/tls only and not starttls.

i configured slsl/tls using the following steps

http://wiki.qmailtoaster.com/index.php/SSL

1) Stop qmail:
# service qmail stop
2) Create the supervise directories for smtps
# mkdir -p /var/qmail/supervise/smtp-ssl/supervise 
/var/qmail/supervise/smtp-ssl/log/supervise"
3) Create a file named /var/qmail/supervise/smtp-ssl/run containing:
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export SMTPS=1
exec /usr/bin/softlimit -m 12000000 \
     /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
     -u "$QMAILDUID" -g "$NOFILESGID" 0 465 \
     $SMTPD $VCHKPW /bin/true 2>&1

4) Create a file named /var/qmail/supervise/smtp-ssl/log/run containing:
#!/bin/sh
LOGSIZE=`cat /var/qmail/control/logsize`
LOGCOUNT=`cat /var/qmail/control/logcount`
exec /usr/bin/setuidgid qmaill /usr/bin/multilog \
  t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp-ssl 2>&1

5) Execute the following commands:
# chmod +x /var/qmail/supervise/smtp-ssl/run 
/var/qmail/supervise/smtp-ssl/log/run
# chown -R qmaill:qmail /var/qmail/supervise/smtp-ssl
6) Start qmail:
# service qmail start
7) Open port tcp/465 in firewall if necessary.
8) Configure the client to use smtp-ssl via port 465.


now my worry is that i need to provide for smtp authentication also for 
outgoing messages

i tried adding export REQUIRE_AUTH=1 after export SMTPS=1, in the run file but 
it does not work.

help required please

thanks
rajesh





---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Reply via email to