Using the latest qmail-ldap and ldap/control patches, I am able to send messages through the qmail-smtp with TLS. However, it seems that qmail-remote is having some trouble with destinations that support > tls:This issue ended up being a result of Solaris lacking /dev/urandom, causing openssl to not be able to generate a client RSA key. I updated my version of the qmail-ldap/control patches to include the latest version of the starttls patch from http://www.esat.kuleuven.ac.be/~vermeule/qmail/qmail-1.03-tls.patch, and then modified that patch to include support for EGD. Everything seems to be working fine with those changes.
@400000003dec9c452dccf7cc delivery 432: deferral: TLS_not_available:_connect_failed/
It looks like the latest version of the starttls patch includes quite a bit of additional error handling. It was very helpful in debugging this issue. Andre, I encourage you to update qmail-ldap to include this latest version. Please let me know if I can provide any assistance.
My hacks are at http://www.saffron.net/qmail-ldap/qmail- latest+ldap+control+auth.patch.gz This is a combined patch including qmail-ldap, qmail-ldap/control, smtp_auth, and the updated starttls. It works for me, but I would appreciate others reviewing that code.
Thanks.
- Jason Parsons
