No. 1# | By Developer Tags User at [2008-5-4] | size: 1493 bytes
Quoting Mike Lowrie <mlowrie (AT) vendetta (DOT) ca>:
The last point is where we are having difficulties. We need the smtp
server to accept mail for our domain on port 25, but we also need all
users to use SSL and authenticate themselves before sending.
Just set the variable 'SMTPAUTH="TLSREQUIRED"' (this example require
a TLS connection IN ADDITIN to authentication!).
I do this in the tcp.smtp file:
s n i p
root@aurora# grep SMTPAUTH /etc/tcp.smtp
:allow,QMAILQUEUE="/var/qmail/bin/simscan",LDAPSFTK="Yes",SMTP550DISCNNECT="Yes",SANITYCHECK="Yes",RBL="1",RETURNMXCHECK="Yes",SMTPAUTH="TLSREQUIRED",LGLEVEL="3"
s n i p
Then in the init script for qmail, I do this:
s n i p
export SMTPAUTH="TLSREQUIRED"
# How many concurrent connections to allow
concurrency_smtp="-c 500"
# multilog - keep 2000 files with 1MB each
keep_size=1000000
keep_count=2000
[]
logger_smtp="| multilog t s$keep_size n$keep_count /var/log/qmail/smtp"
[]
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
[]
/usr/bin/tcpserver -- $concurrency_smtp \
-v -u qmaild -g 65534 -x /etc/tcp.smtp.cdb 0 smtp \
/usr/bin/pbscheck /var/qmail/bin/qmail-smtpd \
2>&1 $logger_smtp &"
s n i p
The SMTPAUTH variable here is just to be VERY
safe that it's set correctly. I can honestly
can't remember which file to put it in now.
It was done a few years ago :)
No. 1# | By Developer Tags User at [2008-5-4] | size: 2631 bytes
Turbo Fredriksson wrote:
Quoting Mike Lowrie <mlowrie (AT) vendetta (DOT) ca>:
>The last point is where we are having difficulties. We need the smtp
>server to accept mail for our domain on port 25, but we also need all
>users to use SSL and authenticate themselves before sending.
>
>
Just set the variable 'SMTPAUTH="TLSREQUIRED"' (this example require
a TLS connection IN ADDITIN to authentication!).
I do this in the tcp.smtp file:
s n i p
root@aurora# grep SMTPAUTH /etc/tcp.smtp
:allow,QMAILQUEUE="/var/qmail/bin/simscan",LDAPSFTK="Yes",SMTP550DISCNNECT="Yes",SANITYCHECK="Yes",RBL="1",RETURNMXCHECK="Yes",SMTPAUTH="TLSREQUIRED",LGLEVEL="3"
s n i p
I have a qmail-smtpd.rules (which is called by the smtpd run file) in my
/control directory containing this:
s n i p
127.:allow,RELAYCLIENT=""
:allow,SMTPAUTH="TLSREQUIRED",NPBS=""
s n i p
Then in the init script for qmail, I do this:
s n i p
export SMTPAUTH="TLSREQUIRED"
# How many concurrent connections to allow
concurrency_smtp="-c 500"
# multilog - keep 2000 files with 1MB each
keep_size=1000000
keep_count=2000
[]
logger_smtp="| multilog t s$keep_size n$keep_count /var/log/qmail/smtp"
[]
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
[]
/usr/bin/tcpserver -- $concurrency_smtp \
-v -u qmaild -g 65534 -x /etc/tcp.smtp.cdb 0 smtp \
/usr/bin/pbscheck /var/qmail/bin/qmail-smtpd \
2>&1 $logger_smtp &"
s n i p
The SMTPAUTH variable here is just to be VERY
safe that it's set correctly. I can honestly
can't remember which file to put it in now.
It was done a few years ago :)
Mine is similar (I did a slightly different install):
s n i p
tcpserver -v -URl $ME -x$QMAIL/control/qmail-smtpd.cdb \
${CNCURRENCY:+"-c$CNCURRENCY"} ${BACKLG:+"-b$BACKLG"} 0 smtp \
$QMAIL/bin/qmail-smtpd $QMAIL/bin/auth_smtp /bin/true
s n i p
I have have the SMTPAUTH environment variable set in
/service/smtpd/env/SMTPAUTH which is read earlier on in the run script.
I have done some testing which suggests that the above setup works as
planned, but out of curiosity, if mail is being delivered from another
mail server to one of my local users, how is it able to accept without
requiring TLS and SMTPAUTH? Does this setup always allow mail to be
delivered for local domains and require authentication for sending to
non-local domains?
Thanks for your help,
Mike