−Table of Contents
How To Configure Qmail SSL On FreeBSD
Now this requires a certificate in order to work, this guide will use a self signed cert.
Installing Ucspi-ssl
cd /usr/ports/sysutils/ucspi-ssl make install clean
Once you get a popup asking if you want to add symlink to /etc/ssl/cert.pem select yes.
If you did not get the popup due to the fact that you installed something else or selected no at some earlier point while installing other software you can symlink it yourself like this.
cd /etc/ssl ln -s /usr/local/share/certs/ca-root-nss.crt cert.pem
Creating the SSL Key
You can fill this out with what you want. Only important thing that needs to be correct is the common name this has to be the name of the qmail server i.e the name listed in /var/qmail/control/me.
cd /var/qmail/control openssl req -newkey rsa:1024 -x509 -nodes -days 3650 -out servercert.pem -keyout servercert.pem
Check Permissions
chown root:nofiles servercert.pem chmod 640 servercert.pem cp servercert.pem clientcert.pem chown root:qmail clientcert.pem chmod a+r /var/qmail/control/servercert.pem chmod 640 clientcert.pem
Adjust the smtpd-ssl run file
vi /var/qmail/supervise/qmail-smtpd-ssl/run
Change the following line xx.xx.xx.xx to the real IP of the machine.
Enable the service
ln -s /var/qmail/supervise/qmail-smtpd-ssl /service/
Restarting Qmail
svc -t /service/* /service/*/log
Check if things are running
svstat /service/* /service/*/log
Adding qmail SSL to Qmailctrl
vi /usr/bin/qmailctl
Find the following lines and remove the # in front of all of them.
# if svok /service/qmail-smtpd-ssl ; then # svc -u /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log # echo "Starting qmail-smtpd-ssl" # else # echo "qmail-smtpd-ssl supervise not running" # fi # echo " qmail-smtpd-ssl" # svc -d /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log # svstat /service/qmail-smtpd-ssl # svstat /service/qmail-smtpd-ssl/log # echo "Pausing qmail-smtpd-ssl" # svc -p /service/qmail-smtpd-ssl # echo "Continuing qmail-smtpd-ssl" # svc -c /service/qmail-smtpd-ssl # echo "* Restarting qmail-smtpd-ssl." # svc -t /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log
All of the above lines should look like this.
if svok /service/qmail-smtpd-ssl ; then svc -u /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log echo "Starting qmail-smtpd-ssl" else echo "qmail-smtpd-ssl supervise not running" fi echo " qmail-smtpd-ssl" svc -d /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log svstat /service/qmail-smtpd-ssl svstat /service/qmail-smtpd-ssl/log echo "Pausing qmail-smtpd-ssl" svc -p /service/qmail-smtpd-ssl echo "Continuing qmail-smtpd-ssl" svc -c /service/qmail-smtpd-ssl echo "* Restarting qmail-smtpd-ssl." svc -t /service/qmail-smtpd-ssl /service/qmail-smtpd-ssl/log