Tlshosts/FQDN.pem: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 7: | Line 7: | ||
'''WARNING:''' this option may cause mail to be delayed, bounced, doublebounced, or lost. | '''WARNING:''' this option may cause mail to be delayed, bounced, doublebounced, or lost. | ||
Force TLS encryption for a particular domain or Exceptions to 'control/tlshosts/exhaustivelist': | |||
1) # nslookup -type=mx 'domain.tld' | |||
domain.tld mail exchanger = 0 mx.domain.tld. | |||
2) # mkdir /var/qmail/control/tlshosts | |||
a) qmail-1.03-3.3.7>= | |||
1. # ln -s /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /var/qmail/control/tlshosts/mx.domain.tls.pem | |||
b) qmail-1.03-3.3.7< | |||
1. # touch /var/qmail/control/tlshosts/mx.domain.tld.pem | |||
[[http://wiki.qmailtoaster.org/index.php?title=Control_Files_by_Function#qmail-remote qmail-remote]] | [[http://wiki.qmailtoaster.org/index.php?title=Control_Files_by_Function#qmail-remote qmail-remote]] | ||
Revision as of 14:14, 26 March 2024
tlshosts/FQDN.pem
man qmail-remote excerpt:
qmail-remote requires TLS authentication from servers for which this certificate exists (FQDN is the fully-qualified domain name of the server). One of the dNSName or the CommonName attributes have to match.
WARNING: this option may cause mail to be delayed, bounced, doublebounced, or lost.
Force TLS encryption for a particular domain or Exceptions to 'control/tlshosts/exhaustivelist':
1) # nslookup -type=mx 'domain.tld'
domain.tld mail exchanger = 0 mx.domain.tld.
2) # mkdir /var/qmail/control/tlshosts
a) qmail-1.03-3.3.7>=
1. # ln -s /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /var/qmail/control/tlshosts/mx.domain.tls.pem
b) qmail-1.03-3.3.7<
1. # touch /var/qmail/control/tlshosts/mx.domain.tld.pem