Setting up smtp with SSL

Copied with permission from John Simpson:

This is an SSL-only service. It only accepts mail from authorized clients- it requires the AUTH command before accepting any messages. This makes an ideal "SMTP relay service" for your authorized users.

# cd /var/qmail/supervise
# mkdir -m 1755 qmail-smtpd-ssl
# cd qmail-smtpd-ssl
# cp /downloads/qmailrocks/service-qmail-smtpd-ssl-run run
# vi run

This will start up a text editor on the script. I prefer nano, but you are free to use pico, vi, emacs, or any other text editor you like. Set the options as needed for your service. The file itself contains documentation on the options you can set.

You should set the following values:

IP=   Substitute your own IP address. Do not leave this set to 0 without a good reason.
PORT=465  Set the port number we will be listening on.
SSL=1   Run an SSL-only service.
FORCE_TLS=0  Ignored for SSL services.
DENY_TLS=0  Ignored for SLS services.
AUTH=1  Allow the AUTH command.
REQUIRE_AUTH=1  Refuse to accept mail from clients who have not done AUTH.

Once you are finished editing and have saved the file, continue on:

# chmod 700 run
# mkdir -m 755 log
# cd log
# cp /downloads/qmailrocks/service-any-log-run run
# chmod 700 run

Creating the smtpssl file

At this point it should be ready to go. First we will create the smtpssl file in /etc/tcp:

# cd /etc/tcp
# vi smtpssl

All you need to do is create the "smtpssl" file, containing the normal access control list. It may look something like this: 


Edit the makefile and add smtpssl.cdb after smtp.cdb, save and exit. Now run: 

# gmake

The final step is to start the service running: 

# ln -s /var/qmail/supervise/qmail-smtpd-ssl /service/

Now you can check the service by running the following: 

# svstat /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log

And then after a few seconds you should see something like this: 

/service/qmail-smtpd-ssl: up (pid 25832) 7 seconds
/service/qmail-smtpd-ssl/log: up (pid 25832) 7 seconds

The number of seconds should be two or greater, and if you re-run the same command again, you should see the count going up rather than cycling back to zero. If the count never passes three, or if the service is not listed as "up" to start with, check the logs to see what's going on.

# tail -f /service/qmail-smtpd-ssl/log/main/current

Now you can go and view the screenshot pages below to setup your email programs to send via SSL or you can skip it and go right to installing SpamAssassin.

Screenshots: Setting up Thunderbird for SSL

Screenshots: Setting up Microsoft Outlook for SSL

Screenshots: Setting up Outlook Express for SSL

Setting up SpamAssassin