1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="Content-Language" content="en" />
<title>smtpd-starttls-proxy: the qmail-smtpc program</title>
<meta name="Description" content="smtpd-starttls-proxy: the qmail-smtpc program" />
<meta name="Keywords" content="smtp client qmail qmail-remote" />
<!-- <link rel="stylesheet" type="text/css" href="//skarnet.org/default.css" /> -->
</head>
<body>
<p>
<a href="index.html">smtpd-starttls-proxy</a><br />
<a href="//skarnet.org/software/">Software</a><br />
<a href="//skarnet.org/">skarnet.org</a>
</p>
<h1> The <tt>qmail-smtpc</tt> program </h1>
<p>
<tt>qmail-smtpc</tt> is an SMTP client, meant to be used as a drop-in
replacement to
<a href="http://qmail.org/man/man8/qmail-remote.html">qmail-remote</a>.
</p>
<p>
It is not meant to be invoked directly by the user; it only makes sense
in the context of a qmail, netqmail or notqmail installation.
</p>
<h2> Interface </h2>
<p>
<tt>qmail-smtpc</tt> follows the exact same interface as
<a href="http://qmail.org/man/man8/qmail-remote.html">qmail-remote</a>.
The binary can literally be renamed <tt>qmail-remote</tt> then dropped
in <tt>/var/qmail/bin</tt> in place of the stock <tt>qmail-remote</tt>
program. With some patches, it can also be used by setting the
QMAILREMOTE environment variable to the path where <tt>qmail-smtpc</tt>
is installed.
</p>
<h2> Differences with qmail-remote </h2>
<ul>
<li> If the underlying OS and <a href="//skarnet.org/software/skalibs/">skalibs</a>
support IPv6, then <tt>qmail-smtpc</tt> does as well, and use IPv4 and IPv6
addresses indiscriminately when connecting to an MX. </li>
<li> It speaks ESMTP and will use STARTTLS if the server supports it. </li>
</ul>
<h2> Control files </h2>
<p>
qmail-smtpc uses a few extra control files in <tt>/var/qmail/control</tt>:
<p>
<dl>
<dt> <tt>trustanchors</tt> </dt>
<dd> Contains the path to the certificates for known trust anchors for X.509
certificate validation. If the path ends with a slash, like <tt>/etc/ssl/certs/</tt>,
then it is interpreted as a directory containing hashes to the certificates. If
it does not, like <tt>/etc/ssl/cert.pem</tt>, then it is interpreted as a big
PEM file containing all the trust anchors. If the file is nonexistent or empty,
or only contains a newline, then STARTTLS is not attempted. </dd>
<dt> <tt>clientcert</tt> </dt>
<dd> If this file exists and is nonempty, it must contain the path to a client
certificate. This certificate will be sent to the server during a TLS negotiation.
This is useful in certain setups requiring client authentication. </dd>
<dt> <tt>clientkey</tt> </dt>
<dd> This file must be used in conjunction with <tt>clientcert</tt>. It contains
the path to the private key used to sign the client certificate. Note that access
to the private key file should be as restricted as possible, but the <tt>qmailr</tt>
user (or whatever user <tt>qmail-smtpc</tt> runs as) must be able to read it. </dd>
</dl>
</body>
</html>
|
