Copied with permission from John Simpson:
This is an SMTP-SSL-only service. It only accepts mail from authorized clients- it requires the AUTH command before accepting any messages. This makes an ideal "SMTP relay service" for your authorized users.
# cd /var/qmail/supervise
# mkdir -m 1755 qmail-smtpd-ssl
# cd qmail-smtpd-ssl
# fetch http://freebsdrocks.net/files/run.smtp.sslserver
# mv run.smtp.sslserver run
# vi run
This will start up a text editor on the script. I prefer nano, but you are free to use pico, vi, emacs, or any other text editor you like. Set the options as needed for your service. The file itself contains documentation on the options you can set.
You should set the following values:
IP=220.127.116.11 Substitute your own IP address. Do not leave this set to 0 without a good reason.
PORT=465 Set the port number we will be listening on.
SSL=1 Run an SSL-only service.
FORCE_TLS=0 Ignored for SSL services.
DENY_TLS=0 Ignored for SLS services.
AUTH=1 Allow the AUTH command.
REQUIRE_AUTH=1 Refuse to accept mail from clients who have not done AUTH.
Once you are finished editing and have saved the file, continue on:
# chmod 700 run
# mkdir -m 755 log
# cd log
# fetch http://freebsdrocks.net/files/service-any-log-run
# mv service-any-log-run run
# mkdir /var/log/qmail/qmail-smtpd-ssl
# chmod 700 run
# vi run
Change the last line in the run file to match the following:
multilog t n1024 s1048576 /var/log/qmail/qmail-smtpd-ssl
Creating the smtpssl file
At this point it should be ready to go. First we will create the smtpssl file in /etc/tcp:
# cd /etc/tcp
# vi smtpssl
All you need to do is create the "smtpssl" file, containing the normal access control list. It may look something like this:
Edit the makefile and add smtpssl.cdb after smtp.cdb, save and exit. Now run:
The final step is to start the service running:
# ln -s /var/qmail/supervise/qmail-smtpd-ssl /service/
Now you can check the service by running the following:
# svstat /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log
And then after a few seconds you should see something like this:
/service/qmail-smtpd-ssl: up (pid 25832) 7 seconds
/service/qmail-smtpd-ssl/log: up (pid 25832) 7 seconds
The number of seconds should be two or greater, and if you re-run the same command again, you should see the count going up rather than cycling back to zero. If the count never passes three, or if the service is not listed as "up" to start with, check the logs to see what's going on.
# tail -f /var/log/qmail/qmail-smtpd-ssl/current | tai64nlocal