# qmail guide plus SSL submission on port 465 [Solved]

## newtonian

Hi-

My Japanese clients have been sending secure email via our gentoo qmail email servers

based on the standard gentoo qmail guide.

http://www.gentoo.org/doc/en/qmail-howto.xml

About 2 months ago nearly all of the major providers in Japan started blocking

email submission on port 25 and ask users using external mail servers to use port 587 instead.

Since Outlook Express is buggy and can't handle TLS over any other port than 25, using

587 won't work for clients with Outlook or Outlook Express.  Outlook Express can handle

sending email via SSL on port 465.

Here is what I did to set up port 465 SSL submission on gentoo:

```
vim /var/qmail/bin/qmail-smtpsd
```

Add the following code:

```
#!/bin/bash

export SMTPS=1

exec ${0/smtps/smtp} "$@"

```

set permissions

```
chmod 755 /var/qmail/bin/qmail-smtpsd
```

copy qmail-smtpd to create a new directory for secure submission:

```
cp -R /var/qmail/supervise/qmail-smtpd/ /var/qmail/supervise/qmail-smtpsd
```

create a secure submission conf file:

```
cp /var/qmail/control/conf-smtpd /var/qmail/control/conf-smtpsd
```

Set the SERVICE variable to smtps for smtpsd run and log run

```
vim /var/qmail/supervise/qmail-smtpsd/run
```

set to following to avoid log defunct issues:

```
#!/bin/bash

SERVICE=smtps

source /var/qmail/bin/qmail-config-system && \

exec /usr/bin/softlimit ${SOFTLIMIT_OPTS} \

    ${QMAIL_TCPSERVER_PRE} \

    /usr/bin/tcpserver ${TCPSERVER_OPTS} -x ${TCPSERVER_RULESCDB} \

    -c ${MAXCONN} -u ${QMAILDUID} -g ${NOFILESGID} \

    ${TCPSERVER_HOST} ${TCPSERVER_PORT} \

    ${QMAIL_SMTP_PRE} /var/qmail/bin/qmail-${SERVICE}d ${QMAIL_SMTP_POST} \

    2>&1
```

```
vim /var/qmail/supervise/qmail-smtpsd/log/run
```

set to following to avoid log defunct issues:

```
#!/bin/bash

SERVICE=smtps

source /var/qmail/bin/qmail-config-system && \

eval exec /usr/bin/setuidgid qmaill /usr/bin/multilog ${LOG_OPTS} ${LOG_DEST}
```

change permissions on the smtpsd log folder:

```
chown qmaill:root /var/log/qmail/qmail-smtpsd/
```

Create a separate tcp rules file

```
cp /etc/tcprules.d/tcp.qmail-smtp /etc/tcprules.d/tcp.qmail-smtps
```

update the rules with

```
tcprules /etc/tcprules.d/tcp.qmail-smtps.cdb /etc/tcprules.d/.tcp.qmail-smtps.tmp < /etc/tcprules.d/tcp.qmail-smtps
```

Create a link to the service

```
ln -s /var/qmail/supervise/qmail-smtpsd /service/
```

restart svscan

```
/etc/init.d/svscan restart
```

You should now be listening on 465 for SSL authenticated submission.

major update of the whole process April 6th, 2007 to fix some logging/memory issues

added fix to get separate logging working April 6th, 2007 in /var/log/qmail/qmail-smtpsd/

added fix to get separate missing logging code October 4th, 2007 in /var/qmail/supervise/qmail-smtpsd/runLast edited by newtonian on Wed Oct 03, 2007 4:52 pm; edited 7 times in total

----------

## newtonian

figured this out thanks to help on the run script from gentoo support at inversepath.

http://inversepath.com/service-gentoo-support.html  :Very Happy: Last edited by newtonian on Fri Apr 06, 2007 2:26 pm; edited 1 time in total

----------

## DNAspark99

of course, rather than setting up a whole seperate/cloned service... you can use iptables to forward the traffic going to port 465 to port 25

----------

## newtonian

 *DNAspark99 wrote:*   

> of course, rather than setting up a whole seperate/cloned service... you can use iptables to forward the traffic going to port 465 to port 25

 

Yes that works for standards compliant email clients like Thunderbird.  

Unfortunately, as the standard gentoo setup from the qmail guide only supports TLS,

Outlook Express users wouldn't be able to send mail because Outlook Express won't do

TLS on any other port than 25.

I tried setting the SMTPS variable to 1 and restarting qmail in the standard

/var/qmail/supervise/qmail-smtpd/run but then Outlook wasn't able to

send email via port 25. Maybe outlook can only do TLS on port 25??? 

Thanks for the input.   :Wink: 

----------

