Qmail smtps

From Qmailwiki
Jump to: navigation, search

Contents

Before you proceed

This document doesnot cover the basic installation and configuration of a Qmail SMTP server. To know the indepth details of Deploying a Qmail Mail Server please refer to Life With Qmail.It is strongly recommended for the reader to have a through understanding of a Qmail SMTP server before proceeding with this article.

Introduction

SMTPS stands for SMTP over SSL. As the name signifies, all smtp commulication will be encrypted and will be secure.

Qmail by default doesnot have inherent support for SMTPS. So we need a thirdparty package called stunnel which manages the smtp communication over ssl.

Packages required for configuring SMTPS

1) OpenSSL - The open source SSL package(installation of it is beyond the scope of this article)

2) Stunnel - The package to that provides SSL feature to the protocols which are traditionally insecure

Installing Stunnel

1) Download the stunnel source from http://www.stunnel.org/download/stunnel/src/stunnel-4.15.tar.gz

#wget http://www.stunnel.org/download/stunnel/src/stunnel-4.15.tar.gz

2) Untar and compile the stunnel

#tar xzf stunnel-4.15.tar.gz -C /usr/local/src
#cd /usr/local/src/stunnel-4.15
#./configure
#make
(After "make" is done compiling sources, an RSA key will be generated for you. All you have to do, is enter correct information. Here is an example for example.com)

Country Name (2 letter code) [PL]:IN
State or Province Name (full name) [Some-State]:Kerela
Locality Name (eg, city) []:Kochi
Organization Name (eg, company) [Stunnel Developers Ltd]:Example.com
Organizational Unit Name (eg, section) []:Example.com
Common Name (FQDN of your server) [localhost]:example.com
#make install
#cp stunnel.pem /var/qmail/control/servercert.pem

Note: You can also use the ssl cert which you have already generated for TLS in Deploying a Qmail Mail Server

Configuring Qmail for SMTPS

Adding the run scripts

Create the directories /var/qmail/supervise/qmail-smtpsd/log and /var/log/qmail/qmail-smtpsd

#mkdir -p /var/qmail/supervise/qmail-smtpsd/log /var/log/qmail/qmail-smtpsd
#chown qmail:root /var/log/qmail/qmail-smtpsd
#chmod o-rwx /var/log/qmail/qmail-smtpsd

Now create the /var/qmail/supervise/qmail-smtpsd/run and /var/qmail/supervise/qmail-smtpsd/log/run scripts and provide appropriate permissions :

/var/qmail/supervise/qmail-smtpsd/run :

#!/bin/sh
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" ; export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 160000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtps \
/usr/sbin/stunnel /var/qmail/control/stunnel_smtpd.conf 2>&1

/var/qmail/supervise/qmail-smtpsd/log/run:

#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-smtpsd 2>&1
#chmod +x /var/qmail/supervise/qmail-smtpsd/run /var/qmail/supervise/qmail-smtpsd/log/run
#ln -s /var/qmail/supervise/qmail-smtpsd /service

Configuring the stunnel for smtps

Now edit the stunnel configuration file /var/qmail/control/stunnel_smtpd.conf

cert = /var/qmail/control/servercert.pem
exec = /var/qmail/bin/qmail-smtpd
execargs = qmail-smtpd mail.example.com /bin/checkpassword /bin/true

Modifying the qmailctl scripts for controlling SMTPS

1. Add the following to qmailctl's "start" section:

    if svok /service/qmail-smtpsd ; then
      svc -u /service/qmail-smtpsd /service/qmail-smtpsd/log
    else
      echo qmail-smtpsd supervise not running
    fi

2. Add the following to qmailctl's "stop" section:

    echo "  qmail-smtpsd"
    svc -d /service/qmail-smtpsd /service/qmail-smtpsd/log

3. Add the following to qmailctl's "stat" section:

    svstat /service/qmail-smtpsd
    svstat /service/qmail-smtpsd/log

4. Add the following to qmailctl's "pause" section:

    echo "Pausing qmail-smtpsd"
    svc -p /service/qmail-smtpsd

5. Add the following to qmailctl's "cont" section:

    echo "Continuing qmail-smtpsd"
    svc -c /service/qmail-smtpsd

6. Add the following to qmailctl's "restart" section:

    echo "* Restarting qmail-smtpsd."
    svc -t /service/qmail-smtpsd /service/qmail-smtpsd/log



by: Hareesh

Personal tools