X-Files Wiki

User Tools

Site Tools

Trace: freebsd_configure_qmail_ssl
archive:freebsd_configure_qmail_ssl

Table of Contents

How To Configure Qmail SSL On FreeBSD

Now this requires a certificate in order to work, this guide will use a self signed cert.

Installing Ucspi-ssl

cd /usr/ports/sysutils/ucspi-ssl
make install clean

Once you get a popup asking if you want to add symlink to /etc/ssl/cert.pem select yes.

If you did not get the popup due to the fact that you installed something else or selected no at some earlier point while installing other software you can symlink it yourself like this. 

cd /etc/ssl
ln -s /usr/local/share/certs/ca-root-nss.crt cert.pem

Creating the SSL Key

You can fill this out with what you want. Only important thing that needs to be correct is the common name this has to be the name of the qmail server i.e the name listed in /var/qmail/control/me. 

cd /var/qmail/control
openssl req -newkey rsa:1024 -x509 -nodes -days 3650 -out servercert.pem -keyout servercert.pem

Check Permissions

chown root:nofiles servercert.pem
chmod 640 servercert.pem
cp servercert.pem clientcert.pem
chown root:qmail clientcert.pem
chmod a+r /var/qmail/control/servercert.pem
chmod 640 clientcert.pem

Adjust the smtpd-ssl run file

vi /var/qmail/supervise/qmail-smtpd-ssl/run

Change the following line xx.xx.xx.xx to the real IP of the machine.

Enable the service

ln -s /var/qmail/supervise/qmail-smtpd-ssl /service/

Restarting Qmail

svc -t /service/* /service/*/log

Check if things are running

svstat /service/* /service/*/log

Adding qmail SSL to Qmailctrl

vi /usr/bin/qmailctl

Find the following lines and remove the # in front of all of them. 

# if svok /service/qmail-smtpd-ssl ; then
# svc -u /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log
# echo "Starting qmail-smtpd-ssl"
# else
# echo "qmail-smtpd-ssl supervise not running"
# fi

# echo " qmail-smtpd-ssl"
# svc -d /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log

# svstat /service/qmail-smtpd-ssl
# svstat /service/qmail-smtpd-ssl/log

# echo "Pausing qmail-smtpd-ssl"
# svc -p /service/qmail-smtpd-ssl

# echo "Continuing qmail-smtpd-ssl"
# svc -c /service/qmail-smtpd-ssl

# echo "* Restarting qmail-smtpd-ssl."
# svc -t /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log

All of the above lines should look like this. 

if svok /service/qmail-smtpd-ssl ; then
svc -u /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log
echo "Starting qmail-smtpd-ssl"
else
echo "qmail-smtpd-ssl supervise not running"
fi

echo " qmail-smtpd-ssl"
svc -d /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log

svstat /service/qmail-smtpd-ssl
svstat /service/qmail-smtpd-ssl/log

echo "Pausing qmail-smtpd-ssl"
svc -p /service/qmail-smtpd-ssl

echo "Continuing qmail-smtpd-ssl"
svc -c /service/qmail-smtpd-ssl

echo "* Restarting qmail-smtpd-ssl."
svc -t /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log
archive/freebsd_configure_qmail_ssl.txt · Last modified: 24/11/2023 12:35 by Allan