smtp-auth + qmail-tls + forcetls patch for qmail
-qmail-tls patch updated to v. 20160918
* bug: qmail-remote accepting any dNSName, without checking that is matches (E. Surovegin)
* bug: documentation regarding RSA and DH keys (K. Peter, G. A. Bofill)
- 2016-05-15 force-tls patch improved (a big thanks to Marcel Telka). Now qmail-smtpd avoid to write the auth verb if the STARTTLS command was not sent by the client
2015-12-26 qmail-tls: updated to v. 20151215
* typo in #if OPENSSL_VERSION_NUMBER for 2015-12-08 patch release (V. Smith)
* add ECDH to qmail-smtpd
* increase size of RSA and DH pregenerated keys to 2048 bits
* qmail-smtpd sets RELAYCLIENT if relaying allowed by cert
- 2015-10-05 qmail-authentication: updated to v. 0.8.3
2015.08-24 fixed a bug on
qmail-smtpd.ccausing a double 250-STARTTLS, thanks to Andreas
2015.08.08 fixed a bug on
qmail-remote.cthat was causing the sending of an additional ehlo greeting, thanks to Cristoph Grover
I have put into a package the latest version of the following patches for netqmail-1.06. You may be interested to the combined patch I have put together here.
- Author: Erwin Hoffmann (updates the previous work of Krysztof Dabrowski and Bjoern Kalkbrenner)
- Version 0.8.3
- Info: http://www.fehcom.de/qmail/smtpauth.html
Provides cram-md5, login, plain authentication support.
Fixed an issue on wrong capabilities in the ehlo message (thanks to Florian and genconc): removed the "-" sign before the AUTH verb
- if (smtpauth == 1 || smtpauth == 11) out("250-AUTH LOGIN PLAIN\r\n"); - if (smtpauth == 3 || smtpauth == 13) out("250-AUTH LOGIN PLAIN CRAM-MD5\r\n"); - if (smtpauth == 2 || smtpauth == 12) out("250-AUTH CRAM-MD5\r\n"); + if (smtpauth == 1 || smtpauth == 11) out("250 AUTH LOGIN PLAIN\r\n"); + if (smtpauth == 3 || smtpauth == 13) out("250 AUTH LOGIN PLAIN CRAM-MD5\r\n"); + if (smtpauth == 2 || smtpauth == 12) out("250 AUTH CRAM-MD5\r\n");
remember to restore the "-" sign if you are going to append a new line to the ehlo message.
- Author: Frederik Vermeulen
- Info: http://inoa.net/qmail-tls/
- Version 20160918
Implements TLS encrypted and authenticated SMTP between the MTAs and from MUA to MTA.
- Author: Marcel Telka
- Download original
- Version: 2016.05.15
Optionally gets qmail to require TLS before authentication to improve security.
wget http://notes.sagredo.eu/sites/notes.sagredo.eu/files/qmail/roberto-netqmail-1.06_auth_tls_force-tls.patch-latest wget http://qmail.org/netqmail-1.06.tar.gz tar xzf netqmail-1.06.tar.gz cd netqmail-1.06 chown -R root.root . patch < ../roberto-netqmail-1.06_auth_tls_force-tls.patch-latest make make setup check
By default the authentication will be denied if the client does not provide the STARTTLS command. If you want to allow connections without TLS, just do
in your run file. Values different from 0 or no declaration at all will force the TLS before the auth.
Managing auth options
You may want to take a look to the README.auth file expecially if you are planning to enable CRAM-MD5 auth.
Be aware that you have to export SMTPAUTH in you run file.