diff options
| author | schmonz <schmonz@pkgsrc.org> | 2020-11-02 10:43:55 +0000 |
|---|---|---|
| committer | schmonz <schmonz@pkgsrc.org> | 2020-11-02 10:43:55 +0000 |
| commit | cc0203370f0cfb09025afd08249e1f835d35b917 (patch) | |
| tree | f246b1b6a2813eb0497e9186a1caeef44d71fa47 /mail | |
| parent | e53f005d094dcd06bec3ff7f9e652f7d43632182 (diff) | |
| download | pkgsrc-cc0203370f0cfb09025afd08249e1f835d35b917.tar.gz | |
Reorder and clarify TLS setup instructions.
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/qmail/files/README.tls | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/mail/qmail/files/README.tls b/mail/qmail/files/README.tls index e6dec702cbc..a6351d9e43e 100644 --- a/mail/qmail/files/README.tls +++ b/mail/qmail/files/README.tls @@ -7,20 +7,26 @@ It is documented more fully by its author here: <URL:https://schmonz.com/qmail/tlsonlyremote/> -For qmail to opportunistically encrypt outgoing mail, obtain a -certificate (e.g., from Let's Encrypt) and make it available as -@SERVERCERT@. +For qmail to opportunistically encrypt incoming mail, and to require +encryption before authentication for submitted messages, first obtain a +certificate (e.g., from Let's Encrypt), make it available as +@SERVERCERT@, and apply these permissions: # chmod 640 @SERVERCERT@ # chown @QMAIL_DAEMON_USER@:@QMAIL_QMAIL_GROUP@ @SERVERCERT@ -# ln -s @SERVERCERT@ @CLIENTCERT@ + +Generate DH params: + # update_tmprsadh -Once you have a certificate, regularly regenerate DH params from cron(8): +Have cron(8) regularly regenerate them: 01 01 * * * @PREFIX@/bin/update_tmprsadh > /dev/null 2>&1 +Then install the qmail-run package and use its qmailsmtpd and +qmailofmipd rc.d scripts. -For qmail to opportunistically encrypt incoming mail, and to require -encryption before authentication for submitted messages, install the -qmail-run package and use its qmailsmtpd and qmailofmipd rc.d scripts. +For qmail to opportunistically encrypt outgoing mail, use the same +certificate: + +# ln -s @SERVERCERT@ @CLIENTCERT@ |