Just throwing a +1 for Eric asking about the servercert.pem file. You have to copy the Let's Encrypt cert over to there (and also have it copy it over each time the cert is renewed, approximately every 90 days). I have some shell scripts I'm running weekly to handle making sure the Let'sEncrypt cert is renewed and the servercert.pem file is updated....
From: Eric Broch <ebr...@whitehorsetc.com> Reply-To: <qmailtoaster-list@qmailtoaster.com> Date: Thursday, June 22, 2017 at 10:17 AM To: <qmailtoaster-list@qmailtoaster.com> Subject: Re: [qmailtoaster] STARTTLS on CENT-6.9 Hi Andreas, I'm not sure if you're a coder, but here's the section of code in qmail-smtpd.c that sends STARTTLS upon meeting certain criteria. <code> #ifdef TLS if (!ssl && (stat("control/servercert.pem",&st) == 0)) out("\r\n250-STARTTLS"); #endif </code> Looks like you need 1) TLS defined, 2) ssl variable not 0, and 3) a certificate. TLS should be compiled into qmail The first thing I'd check is the presence of a certificate /var/qmail/control/servercert.pem. If it exists we can start checking the ssl variable. Eric On 6/22/2017 5:13 AM, Andreas Galatis wrote: > > > > Hello List, > > > > since some time my qmailserver does not offer STARTTLS on ports 25 and 587 > > > > Dovecot offers STARTTLS, everything is fine. > > Qmail does not. > > > > I have another qmailserver with on CENT working fine and offering STARTTLS, > tlsserverciphers are the same, same openssl- 1.0.1e-57 > > Both servers have certificates from LetsEncrypt, issued this month. > > > > I cannot find the difference > > Here the answer when connecting: > > telnet localhost 25 > > Trying 127.0.0.1... > > Connected to localhost. > > Escape character is '^]'. > > 220 unet.de - Welcome to Qmail Toaster Ver. 1.3 SMTP Server ESMTP > > ehlo mail.unet.de > > 250-unet.de - Welcome to Qmail Toaster Ver. 1.3 SMTP Server > > 250-STARTTLS > > 250-PIPELINING > > 250-8BITMIME > > 250-SIZE 20000000 > > 250 AUTH LOGIN PLAIN CRAM-MD5 > > > > telnet localhost 25 > > Trying 127.0.0.1... > > Connected to mail.unet.de. > > Escape character is '^]'. > > 220 unet.de - Welcome to Qmail Toaster Ver. 1.3 SMTP Server ESMTP > > ehlo mail.unet.de > > 250-unet.de - Welcome to Qmail Toaster Ver. 1.3 SMTP Server > > 250-PIPELINING > > 250-8BITMIME > > 250-SIZE 20000000 > > 250 AUTH LOGIN PLAIN CRAM-MD5 > > > > Any help is very appreceated > > > > Andreas > > > > > > > > > > > > -- Eric Broch White Horse Technical Consulting (WHTC)