Re: [qmailtoaster] STARTTLS on CENT-6.9

Thu, 22 Jun 2017 09:14:29 -0700 

Just throwing a +1 for Eric asking about the servercert.pem file. You have
to copy the Let's Encrypt cert over to there (and also have it copy it over
each time the cert is renewed, approximately every 90 days). I have some
shell scripts I'm running weekly to handle making sure the Let'sEncrypt cert
is renewed and the servercert.pem file is updated....

From:  Eric Broch <ebr...@whitehorsetc.com>
Reply-To:  <qmailtoaster-list@qmailtoaster.com>
Date:  Thursday, June 22, 2017 at 10:17 AM
To:  <qmailtoaster-list@qmailtoaster.com>
Subject:  Re: [qmailtoaster] STARTTLS on CENT-6.9

    
 

Hi Andreas,
 

I'm not sure if you're a coder, but here's the section of code in
qmail-smtpd.c that sends STARTTLS upon meeting certain criteria.
 
 

<code>
 

#ifdef TLS
   if (!ssl && (stat("control/servercert.pem",&st) == 0))
     out("\r\n250-STARTTLS");
 #endif
 
 

</code>
 

Looks like you need 1) TLS defined, 2) ssl variable not 0, and 3) a
certificate.
 

TLS should be compiled into qmail
 
 

The first thing I'd check is the presence of a certificate
/var/qmail/control/servercert.pem. If it exists we can start checking the
ssl variable.
 

Eric
 
 


 
 
 
On 6/22/2017 5:13 AM, Andreas Galatis wrote:
 
 
>     
>  
> 
> Hello List,
>  
>  
>  
> since some time my qmailserver does not offer STARTTLS on ports 25 and 587
>  
>  
>  
> Dovecot offers STARTTLS, everything is fine.
>  
> Qmail does not.
>  
>  
>  
> I have another qmailserver with on CENT working fine and offering STARTTLS,
> tlsserverciphers are the same, same openssl- 1.0.1e-57
>  
> Both servers have certificates from LetsEncrypt, issued this month.
>  
>  
>  
> I cannot find the difference
>  
> Here the answer when connecting:
>  
> telnet localhost 25
>  
> Trying 127.0.0.1...
>  
> Connected to localhost.
>  
> Escape character is '^]'.
>  
> 220 unet.de - Welcome to Qmail Toaster Ver. 1.3 SMTP Server ESMTP
>  
> ehlo mail.unet.de
>  
> 250-unet.de - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
>  
> 250-STARTTLS
>  
> 250-PIPELINING
>  
> 250-8BITMIME
>  
> 250-SIZE 20000000
>  
> 250 AUTH LOGIN PLAIN CRAM-MD5
>  
>  
>  
> telnet localhost 25
>  
> Trying 127.0.0.1...
>  
> Connected to mail.unet.de.
>  
> Escape character is '^]'.
>  
> 220 unet.de - Welcome to Qmail Toaster Ver. 1.3 SMTP Server ESMTP
>  
> ehlo mail.unet.de
>  
> 250-unet.de - Welcome to Qmail Toaster Ver. 1.3 SMTP Server
>  
> 250-PIPELINING
>  
> 250-8BITMIME
>  
> 250-SIZE 20000000
>  
> 250 AUTH LOGIN PLAIN CRAM-MD5
>  
>  
>  
> Any help is very  appreceated
>  
>  
>  
> Andreas
>  
>  
>  
>  
>  
>  
>  
>  
>  
>  
>  
>  
 
 
-- 
Eric Broch
White Horse Technical Consulting (WHTC)

Reply via email to