Friday, April 21, 2006
magic-smtpd and TLS
To get magic-smptd working with TLS.
From my qmailrocks.org installation of qmail. I made a symlink from /var/qmail/bin/magic-smptd to /var/qmail/bin/qmail/qmail-smptd
I then configured a bunch of files in /etc/magic-mail/control the ones applicable to TLS can be seen here, out put provided by magic-smptd -s
The problem I found with the .pem file created in the qmailrocks.org instructions was that it doesn't contain the DH part. So I found if I followed the relevent instructions for magic-smtpd and cat'ed the DH to my .pem things worked.
The other tip is to make sure the CN (Common Name) is the fqdn of your mail server.
From my qmailrocks.org installation of qmail. I made a symlink from /var/qmail/bin/magic-smptd to /var/qmail/bin/qmail/qmail-smptd
I then configured a bunch of files in /etc/magic-mail/control the ones applicable to TLS can be seen here, out put provided by magic-smptd -s
loaded | tls_cadir | /usr/lib/courier/rootcerts/
default | tls_cafile | (null)
loaded | tls_certificate | /var/qmail/control/servercert.pem
loaded | tls_dhparams | /var/qmail/control/servercert.pem
loaded | tls_enable | 1
loaded | tls_keyfile | /var/qmail/control/servercert.pem
default | tls_password | (null)
The problem I found with the .pem file created in the qmailrocks.org instructions was that it doesn't contain the DH part. So I found if I followed the relevent instructions for magic-smtpd and cat'ed the DH to my .pem things worked.
The other tip is to make sure the CN (Common Name) is the fqdn of your mail server.