freebsdrocks.net was started originally as nospam.mine.nu.
use dyndns for resolution but alas, that doesn't help with dynamic address range BLs.
I set this up as a temporary fix while I wait for my static address block to
be implemented. For anyone else out there who would like to do this for
whatever reason, whether it's like me or you just need to relay all your mail
to an ISP's smtp server which only supports SSL connections, here's how you
do it.
This assumes you have followed the freebsdrocks qmail install or another guide
but installed either jms' combined patches or at least qmail-remote and auth.
Step 1 - Install stunnel
----------------------------------------
# cd /usr/ports/security/stunnel
# make install clean
Accept the default threading mech.
Step 2 - Configure stunnel
----------------------------------------
# cd /usr/local/etc/stunnel
# vi stunnel.conf
There is a sample included in this directory with the options and you can
check the man page for additional info. For the purposes of this, we'll just
stick with creating a blank conf and adding only the lines we need.
Add the following lines:
client=yes
[smtps]
accept = 2525
connect = my.smarthost.name.xxx:465
Obviously, change the name and any port numbers. The accept port is where you
want to listen on your box for connections to tunnel to the host in the
connect value. Most SSL smtp servers should use the default of 465 as the
port number. If they use something else, change it.
Step 3 - rc.conf & starting stunnel
----------------------------------------
# echo 'stunnel_enable="YES"' >> /etc/rc.conf
# /usr/local/etc/rc.d/stunnel.sh start
To verify that it's working, you should be able to see your accept port in a
netstat.
# netstat -anf inet
You should now be able to telnet to your accept port and use their SSL enabled
sever as if you were connecting without SSL.
# telnet localhost 2525
This should return a standard telnet session to smtp.
Step 4 - Configuring qmail
----------------------------------------
# echo ':localhost:2525 -user pass' > /var/qmail/control/smtproutes
The above line tells qmail to send all outbound mail to localhost:2525 and use
user and pass to auth. The - before the user is required. By default,
qmail-remote performs a security check on the connection to ensure that it is
TLS secured prior to sending any auth. We're using SSL here. The - instructs
qmail-remote to bypass this check and send the auth anyway.
You can also do selective smtp relaying by prepending a domain name before the
first colon. Like:
# echo 'domain.com:localhost:2525 -user pass' > /var/qmail/control/smtproutes
This will tell qmail to only route email to domain.com to the tunnel.
Now restart qmail
# qmailctl stop
# qmailctl start
Step 5 - Verifying that it works
----------------------------------------
Using your smtp server, send an email to a remote address. To send a quick
email from the local system, use the mail command.
# echo "Testing 1 2 3" | mail -s "Testing stunnel" me@myaddress.com
Now tail the log to see what the remote server said.
# tail /var/log/qmail/qmail-send/current
If it worked, you should see some messages like
new msg 24007
info msg 24007: bytes 2341 from < me@local.com > qp 66734 uid 1003
starting delivery 37: msg 24007 to remote me@myaddress.com
status: local 0/10 remote 1/120
delivery 37: success:
127.0.0.1_accepted_message./Remote_host_said:_250_ok_1172761202_qp_2377/
status: local 0/10 remote 0/120
end msg 24007
Special thanks to Nick Holder