I eventually figured this out, and accomplished the same result though I
went about it slightly differently.  It is now fully functional.  Below
is the script which I created and accomplishes this in very few lines.
It copies the supervise/smtp directory to supervise/smtps and it then
edits a few values in two files files (plus editing the cipher list in
tcp.smtp).


qmailctl stop
cp  -r /var/qmail/supervise/submission /var/qmail/supervise/smtps
chown -R qmaill:qmail /var/qmail/supervise/smtps
sed -i 's/REQUIRE_AUTH=1/REQUIRE_AUTH=1\nexport SMTPS=1/'
/var/qmail/supervise/smtps/run
sed -i 's/587/465/' /var/qmail/supervise/smtps/run
sed -i 's/submission/smtps/' /var/qmail/supervise/smtps/log/run
sed -i 's/DH:!LOW:!MEDIUM/ECDHE:DHE:ECDH:DH:AES:!SSLv2/'
/etc/tcprules.d/tcp.smtp
qmailctl cdb
qmailctl start


Thanks for confirming that I did it right,
Andy


On 8/13/2018 7:06 PM, Eric Broch wrote:
> Stock CentOS 7 does not have SMTPS standard. You must create the
> supervise scripts.
> 
> You could stop qmail
> 
> # qmailctl stop
> 
> and copy smtp supervise scripts to smtps (make sure qmail is stopped or
> else you'll have a mess):
> 
> # cp -Rp /var/qmail/supervise/smtp /var/qmail/supervise/smtps
> 
> Then change two files:
> 
> /var/qmail/supervise/smtps/run
> 
> <run>
> 
> #!/bin/sh
> QMAILDUID=`id -u vpopmail`
> NOFILESGID=`id -g vpopmail`
> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
> SMTPD="/var/qmail/bin/qmail-smtpd"
> TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
> HOSTNAME=`hostname`
> VCHKPW="/home/vpopmail/bin/vchkpw"
> export SMTPS=1
> 
> exec /usr/bin/softlimit -m 128000000 \
>     /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
>     -u "$QMAILDUID" -g "$NOFILESGID" 0 465 \
>     $SMTPD $VCHKPW /bin/true 2>&1
> 
> </run>
> 
> &
> 
> /var/qmail/supervise/smtps/log/run
> 
> <run>
> 
> #!/bin/sh
> LOGSIZE=`cat /var/qmail/control/logsize`
> LOGCOUNT=`cat /var/qmail/control/logcount`
> exec /usr/bin/setuidgid qmaill /usr/bin/multilog \
>     t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtps 2>&1
> 
> </run>
> 
> Start qmail (# qmailctl start)
> 
> 
> On 8/11/2018 6:36 PM, Andrew Swartz wrote:
>> I just installed qmailtoaster onto CentOS-7.  The qt_install script
>> opened port 465 on the firewall.  However, s_client cannot connect to
>> port 465 and netstat shows that nothing is listening on port 465.
>>
>> Can anyone point me at appropriate instructions for setting up listening
>> on port 465 which are specific (or applicable) to qmailtoaster?  I
>> searched wiki.qmailtoaster.com and found nothing. I did some general
>> googling and found several somewhat conflicting descriptions but I'm
>> unsure which apply to the configuration used in qmailtoaster.
>>
>> My interest is because 465 has been reinstated (in Jan 2018) as the
>> preferred submission port due to security problems with STARTTLS
>> (https://tools.ietf.org/html/rfc8314).
>>
>> Thanks,
>> -Andy
>>
>>
> 

-- 
Andrew W. Swartz, MD
Departments of Emergency Medicine, Family Medicine, and Surgery
Yukon-Kuskokwim Delta Regional Hospital
Bethel, Alaska

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to