Toogle Left

Copied with permission from John Simpson:

http://qmail.jms1.net/

This is an SMTP-SSL-only service. It only accepts mail from authorized clients- it requires the AUTH command before accepting any messages. This makes an ideal "SMTP relay service" for your authorized users.


# cd /var/qmail/supervise
# mkdir -m 1755 qmail-smtpd-ssl
# cd qmail-smtpd-ssl
# fetch http://freebsdrocks.net/files/run.smtp.sslserver
# mv run.smtp.sslserver run
# vi run

This will start up a text editor on the script. I prefer nano, but you are free to use pico, vi, emacs, or any other text editor you like. Set the options as needed for your service. The file itself contains documentation on the options you can set.

You should set the following values:

IP=1.2.3.4 Substitute your own IP address. Do not leave this set to 0 without a good reason.
PORT=465 Set the port number we will be listening on.
SSL=1 Run an SSL-only service.
SMTP_CDB="/etc/tcp/smtpssl.cdb"
FORCE_TLS=0 Ignored for SSL services.
DENY_TLS=0 Ignored for SLS services.
AUTH=1 Allow the AUTH command.
REQUIRE_AUTH=1 Refuse to accept mail from clients who have not done AUTH.

Once you are finished editing and have saved the file, continue on:


# chmod 700 run
# mkdir -m 755 log
# cd log
# fetch http://freebsdrocks.net/files/service-any-log-run
# mv service-any-log-run run
# mkdir /var/log/qmail/qmail-smtpd-ssl
# chmod 700 run
# vi run

Change the last line in the run file to match the following:

multilog t n1024 s1048576 /var/log/qmail/qmail-smtpd-ssl

Creating the smtpssl file

At this point it should be ready to go. First we will create the smtpssl file in /etc/tcp:


# cd /etc/tcp
# vi smtpssl

All you need to do is create the "smtpssl" file, containing the normal access control list. It may look something like this:


:allow

Edit the makefile and add smtpssl.cdb after smtp.cdb, save and exit. Now run:


# gmake

The final step is to start the service running:


# ln -s /var/qmail/supervise/qmail-smtpd-ssl /service/

Now you can check the service by running the following:


# svstat /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log

And then after a few seconds you should see something like this:


/service/qmail-smtpd-ssl: up (pid 25832) 7 seconds
/service/qmail-smtpd-ssl/log: up (pid 25832) 7 seconds

The number of seconds should be two or greater, and if you re-run the same command again, you should see the count going up rather than cycling back to zero. If the count never passes three, or if the service is not listed as "up" to start with, check the logs to see what's going on.


# tail -f /var/log/qmail/qmail-smtpd-ssl/current | tai64nlocal