Hi Andreas,
I'm not sure if you're a coder, but here's the section of code in
qmail-smtpd.c that sends STARTTLS upon meeting certain criteria.
<code>
#ifdef TLS
if (!ssl && (stat("control/servercert.pem",&st) == 0))
out("\r\n250-STARTTLS");
#endif
</code>
Looks like you need 1) TLS defined, 2) ssl variable not 0, and 3) a
certificate.
TLS should be compiled into qmail
The first thing I'd check is the presence of a certificate
/var/qmail/control/servercert.pem. If it exists we can start checking
the ssl variable.
Eric
On 6/22/2017 5:13 AM, Andreas Galatis wrote:
Hello List,
since some time my qmailserver does not offer STARTTLS on ports 25 and 587
Dovecot offers STARTTLS, everything is fine.
Qmail does not.
I have another qmailserver with on CENT working fine and offering
STARTTLS, tlsserverciphers are the same, same openssl- 1.0.1e-57
Both servers have certificates from LetsEncrypt, issued this month.
I cannot find the difference
Here the answer when connecting:
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 unet.de - Welcome to Qmail Toaster Ver. 1.3 SMTP Server ESMTP
ehlo mail.unet.de
250-unet.de - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
250-STARTTLS
250-PIPELINING
250-8BITMIME
250-SIZE 20000000
250 AUTH LOGIN PLAIN CRAM-MD5
telnet localhost 25
Trying 127.0.0.1...
Connected to mail.unet.de.
Escape character is '^]'.
220 unet.de - Welcome to Qmail Toaster Ver. 1.3 SMTP Server ESMTP
ehlo mail.unet.de
250-unet.de - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
250-PIPELINING
250-8BITMIME
250-SIZE 20000000
250 AUTH LOGIN PLAIN CRAM-MD5
Any help is very appreceated
Andreas
--
Eric Broch
White Horse Technical Consulting (WHTC)
