Opportunistic TLS: disable/force

A) qmail-remote

 By default Qmail Toaster (QT) will encrypt opportunistically.
 If encryption is offered by the remote host QT will encrypt
 messages. If encryption is not offered by the remote host
 the message(s) will remain un-encrypted. Most SMTP servers
 offer encryption, it is rare that one will not.

 Stop TLS encryption for a particular domain:
   1) # nslookup -type=mx 'domain.tld'
        domain.tld     mail exchanger = 0 mx.domain.tld.
   2) # mkdir /var/qmail/control/notlshosts/
   3) # touch /var/qmail/control/notlshosts/mx.domain.tld

 Stop TLS encrypiion for all domains:
   1) # mkdir /var/qmail/control/tlshosts
   2) # touch tlshosts/exhaustivelist

 Force TLS encryption for a particular domain or 
 Exceptions to 'control/tlshosts/exhaustivelist':
   1) # nslookup -type=mx 'domain.tld'
        domain.tld     mail exchanger = 0 mx.domain.tld.
   2) # mkdir /var/qmail/control/tlshosts
   For <=qmail-1.03-3.3.7
   3) # cp /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /var/qmail/control/tlshosts/mx.domain.tld.pem
        or
      # ln -s /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /var/qmail/control/tlshosts/mx.domain.tls.pem 
   For >qmail-1.03-3.3.7 (to come)
   3) # touch /var/qmail/control/tlshosts/mx.domain.tld.pem

B) qmail-smtpd

 To come...

Author: Eric Broch
Questions and Comments: ebroch at whitehorsetc.com
Qmailtoaster mailing list: Subscribe
Qmailtoaster mailing list archives
Qmailtoaster Network
Official Qmail website
Un-Official Qmail website
Qmail - wikipedia Some helpful links...maybe.
Repos
Wiki
Qmailtoaster Plus