So lets get started shall we? :) :
yum install stunnel
yum install stunnel
mkdir -p
/var/qmail/supervise/qmail-smtpds/log
vim
/var/qmail/supervise/qmail-smtpds/run
#!/bin/sh
QMAILDUID=`id -u
vpopmail`
NOFILESGID=`id -g
vpopmail`
MAXSMTPD=`cat
/var/qmail/control/concurrencyincoming`
LOCAL=`head -1
/var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z
"$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID,
MAXSMTPD, or LOCAL is unset in
echo
/var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f
/var/qmail/control/rcpthosts ]; then
echo "No
/var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP
listener because it'll create an open relay"
exit 1
fi
exec
/usr/local/bin/softlimit -m 40000000 \
/usr/local/bin/tcpserver -v
-R -H -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g
"$NOFILESGID" 0 465 \
stunnel
/var/qmail/supervise/qmail-smtpds/stunnel.conf \
/home/vpopmail/bin/vchkpw
/bin/true 2>&1
vi
/var/qmail/supervise/qmail-smtpds/log/run
#!/bin/sh
exec
/usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t n100 s2000000
/var/log/qmail/qmail-smtpds
vim /etc/stunnel/stunnel.conf
cert =
/var/qmail/control/servercert.pem
# Those to are only necessary
for file logging, default is stdout
debug =
7
output =
/etc/stunnel/stunnel.log
#####
client =
no
foreground =
yes
exec =
/var/qmail/bin/qmail-smtpd
execargs =
/var/qmail/bin/qmail-smtpd aiamibd.com /home/vpopmail/bin/vchkpw
/bin/true
chmod +x
/etc/stunnel/stunnel.conf
chmod +x
/var/qmail/supervise/qmail-smtpds/run
chmod +x
/var/qmail/supervise/qmail-smtpds/log/run
cp -rfp
/var/log/qmail/qmail-smtpd
/var/log/qmail/qmail-smtpds
touch /etc/stunnel/stunnel.log
chmod 777 /etc/stunnel/stunnel.log
cd /var/qmail/control
openssl req -newkey rsa:2048 -x509 -nodes -days 3650
-out servercert.pem -keyout servercert.pem
Generating a 1024 bit RSA private
key
............................++++++
.............................++++++
writing new private key to 'servercert.pem'
-----
-----
Country Name (2 letter code) [AU]:BD
State or Province Name (full name) [Some-State]:Banani
Locality Name (eg, city) []:Dhaka
Organization Name (eg, company) [Internet Widgits Pty Ltd]:aiamibd.com
Organizational Unit Name (eg, section) []:TSD
Common Name (eg, YOUR name) []:mail.aiamibd.com This name MUST MATCH the name your clients will put into their mail program as their SMTP server name.
Email Address []:t.srajib@gmail.com
............................++++++
.............................++++++
writing new private key to 'servercert.pem'
-----
-----
Country Name (2 letter code) [AU]:BD
State or Province Name (full name) [Some-State]:Banani
Locality Name (eg, city) []:Dhaka
Organization Name (eg, company) [Internet Widgits Pty Ltd]:aiamibd.com
Organizational Unit Name (eg, section) []:TSD
Common Name (eg, YOUR name) []:mail.aiamibd.com This name MUST MATCH the name your clients will put into their mail program as their SMTP server name.
Email Address []:t.srajib@gmail.com
chmod 640 servercert.pem
chown vpopmail:vchkpw servercert.pem
cp servercert.pem clientcert.pem
chown qmaild:qmail clientcert.pem
chmod 640 clientcert.pem
ln -s
/var/qmail/supervise/qmail-smtpds /service/
To test our SSL connections, all you need to do is to use
openssl's s_client tool to handle encryption.
openssl s_client -connect
localhost:465
QMAILCTL:
#!/bin/sh
#
For Red Hat chkconfig
#
chkconfig: - 80 30
#
description: the qmail MTA
PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
export
PATH
QMAILDUID=`id
-u qmaild`
NOFILESGID=`id
-g qmaild`
case
"$1" in
start)
echo
"Starting qmail..."
echo
""
if
svok /service/qmail-send ; then
svc
-u /service/qmail-send /service/qmail-send/log
echo
"Starting qmail-send"
else
echo
"qmail-send supervise not running"
fi
if
svok /service/qmail-smtpd ; then
svc
-u /service/qmail-smtpd /service/qmail-smtpd/log
echo
"Starting qmail-smtpd"
else
echo
"qmail-smtpd supervise not running"
fi
if
svok /service/qmail-smtpds ; then
svc
-u /service/qmail-smtpds
/service/qmail-smtpds/log
echo
"Starting qmail-smtpds"
else
echo
"qmail-smtpd supervise not running"
fi
if svok /service/qmail-pop3d ; then
svc -u /service/qmail-pop3d /service/qmail-pop3d/log
echo "Starting qmail-pop3d"
else
echo "qmail-pop3d supervise not running"
fi
if svok /service/qmail-pop3d ; then
svc -u /service/qmail-pop3d /service/qmail-pop3d/log
echo "Starting qmail-pop3d"
else
echo "qmail-pop3d supervise not running"
fi
if [
-d /var/lock/subsys ]; then
touch
/var/lock/subsys/qmail
fi
;;
stop)
echo
"Stopping qmail..."
echo
""
echo
" qmail-smtpd"
svc
-d /service/qmail-smtpd /service/qmail-smtpd/log
echo
" qmail-smtpds"
svc
-d /service/qmail-smtpds
/service/qmail-smtpds/log
echo
" qmail-send"
svc
-d /service/qmail-send /service/qmail-send/log
echo
" qmail-pop3d"
svc
-d /service/qmail-pop3d /service/qmail-pop3d/log
if [
-f /var/lock/subsys/qmail ]; then
rm
/var/lock/subsys/qmail
fi
;;
stat)
svstat
/service/qmail-send
svstat
/service/qmail-send/log
svstat
/service/qmail-smtpd
svstat
/service/qmail-smtpd/log
svstat
/service/qmail-smtpds
svstat
/service/qmail-smtpds/log
svstat
/service/qmail-pop3d
svstat
/service/qmail-pop3d/log
qmail-qstat
;;
doqueue|alrm|flush)
echo
"Flushing timeout table and sending ALRM signal to
qmail-send."
/var/qmail/bin/qmail-tcpok
svc
-a /service/qmail-send
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
echo
"Sending HUP signal to qmail-send."
svc
-h /service/qmail-send
;;
pause)
echo
"Pausing qmail-send"
svc
-p /service/qmail-send
echo
"Pausing qmail-smtpd"
svc
-p /service/qmail-smtpd
echo
"Pausing qmail-smtpd"
svc
-p /service/qmail-smtpds
echo
"Pausing qmail-pop3d"
svc
-p /service/qmail-pop3d
;;
cont)
echo
"Continuing qmail-send"
svc
-c /service/qmail-send
echo
"Continuing qmail-smtpd"
svc
-c /service/qmail-smtpd
echo
"Continuing qmail-smtpd"
svc
-c /service/qmail-smtpds
echo
"Continuing qmail-pop3d"
svc
-c /service/qmail-pop3d
;;
restart)
echo
"Restarting qmail:"
echo
"* Stopping qmail-smtpd."
svc
-d /service/qmail-smtpd /service/qmail-smtpd/log
echo
"* Stopping qmail-smtpds."
svc
-d /service/qmail-smtpds
/service/qmail-smtpds/log
echo
"* Sending qmail-send SIGTERM and restarting."
svc
-t /service/qmail-send /service/qmail-send/log
echo
"* Sending qmail-pop3d SIGTERM and restarting."
svc
-t /service/qmail-pop3d /service/qmail-pop3d/log
echo
"* Restarting qmail-smtpd."
svc
-u /service/qmail-smtpd /service/qmail-smtpd/log
echo
"* Restarting qmail-smtpds."
svc
-u /service/qmail-smtpds
/service/qmail-smtpds/log
;;
cdb)
tcprules
/etc/tcp.smtp.cdb /etc/tcp.smtp.tmp <
/etc/tcp.smtp
chmod
644 /etc/tcp.smtp.cdb
echo
"Reloaded /etc/tcp.smtp."
;;
help)
cat
<<HELP
stop
-- stops mail service (smtp connections refused, nothing goes
out)
start
-- starts mail service (smtp connection accepted, mail can go
out)
pause
-- temporarily stops mail service (connections accepted, nothing
leaves)
cont
-- continues paused mail service
stat
-- displays status of mail service
cdb
-- rebuild the tcpserver cdb file for smtp
restart
-- stops and restarts smtp, sends qmail-send a TERM & restarts
it
doqueue
-- schedules queued messages for immediate
delivery
reload
-- sends qmail-send HUP, rereading locals and
virtualdomains
queue
-- shows status of queue
alrm
-- same as doqueue
flush
-- same as doqueue
hup
-- same as reload
HELP
;;
*)
echo
"Usage: $0 {start|stop|restart|doqueue|flush|reload|stat|paus
e|cont|cdb|queue|help}"
exit
1
;;
esac
exit
0
thanks for sharing, been trying to figure this out with various patches but the stunnel way is nice!
ReplyDelete