I did not include the FORCE_TLS patch when doing the submission patches.
Can not remember anymore why, it is to long ago..
Quick google returns a simple solution, that always requires tls for
authentication
Maybe it is nicer to have this optional with the FORCE_TLS, but that should not
be too difficult either.
void smtp_auth(arg)
char *arg;
{
+ if (!ssl)
+ {
+ out("538 auth not available without TLS (#5.3.3)\r\n");
+ return;
+ }
int i;
char *cmd = arg;
http://notes.sagredo.eu/node/84
JP
On Feb 3, 2011, at 20:54 , Eric Shubert wrote:
> I'd be very careful with this one, CJ.
> You need to keep 25 open for incoming (inter-domain) mail. ;)
>
> If QMT doesn't have the patch for the FORCE_TLS option, it'd be nice if it
> did. This is something I'd also like to see on the submission instance of
> qmail-smtp.
>
> Can you round up that patch? If you can give it a try, that'd be great. If
> not, please post here where to get it so someone (hopefully other than Jake)
> can give it a shot to see if it clashes with any other patches we're using.
>
> --
> -Eric 'shubes'
>
> On 02/03/2011 12:42 PM, Cecil Yother, Jr. wrote:
>> You could block port 25 in your iptables
>>
>> On 02/03/2011 11:20 AM, Jeremy Utley wrote:
>>> Hello everyone!
>>>
>>> We're using a toaster installation for our primary mail server at my
>>> company, and over the last few weeks we've been working on configuring
>>> everyone's mail clients to use SSL for sending& receiving e-mail.
>>> Now that we have everyone converted over to use of SSL, we'd like to
>>> stop all non-SSL access. For imap and pop3, it was quite simple, I
>>> simply disabled the imap4 and pop3 run scripts in
>>> /var/qmail/supervise. However, for SMTP, I haven't had much luck yet.
>>> We'd like to force the submission port 587 to require TLS and
>>> SMTP-Auth before a message is sent out., while leaving SMTP port 25
>>> un-modified. I had read on another qmail site that you could do this
>>> by use of a FORCE_TLS=1 variable in the run script, but that did not
>>> work, so I suspect that this patch is not in the toaster packages (and
>>> running strings against /var/qmail/bin/qmail-smtpd seems to bear that
>>> out). Is there any way with the toaster to enforce TLS usage, and
>>> reject any mail that's not TLS. We'd like to stick with TLS so we
>>> don't have to reconfigure everyone's mail clients for SMTPS, which is
>>> deprecated at any rate.
>>>
>>> Thanks for any help you all can give!
>>>
>>> Jeremy
>>>
>>> ---------------------------------------------------------------------------------
>>> Qmailtoaster is sponsored by Vickers Consulting Group
>>> (www.vickersconsulting.com)
>>> Vickers Consulting Group offers Qmailtoaster support and installations.
>>> If you need professional help with your setup, contact them today!
>>> ---------------------------------------------------------------------------------
>>> Please visit qmailtoaster.com for the latest news, updates, and
>>> packages.
>>>
>>> To unsubscribe, e-mail: [email protected]
>>> For additional commands, e-mail:
>>> [email protected]
>>>
>>>
>>>
>>
>
>
>
> ---------------------------------------------------------------------------------
> Qmailtoaster is sponsored by Vickers Consulting Group
> (www.vickersconsulting.com)
> Vickers Consulting Group offers Qmailtoaster support and installations.
> If you need professional help with your setup, contact them today!
> ---------------------------------------------------------------------------------
> Please visit qmailtoaster.com for the latest news, updates, and packages.
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
