Symptoms
You have mail server with SSL enabled, but don’t want to use TLS.Resolution
- Log in to the target mail server and obtain root privileges;
- Change current directory to /etc/init.d (on Linux) or /usr/local/etc (on FreeBSD);
- Copy the file named “qmaild.tmpl” to “qmaild.tmpl.custom” (on Linux), “qmaild.sh.tmpl” to “qmaild.sh.tmpl.custom” (on FreeBSD) or use an existing file with “.custom” suffix, if any;
- Open a file created on step 4 with your favorite editor, and replace the following line:
- On Linux:
/bin/sh -c "$TCPSERVER $TLS_SWITCH -H -R -c $TCP_SERVERS -u $USER_VPOPMAIL -g $GROUP_VCHKPW 0 pop3 qmail-popup $MAIL_SERVER vchkpw qmail-pop3d Maildir $SYSFACILITY &" >/dev/null 2>&1 && STARTED_SERVICES=" pop3" && \
with
/bin/sh -c "tcpserver -H -R -c $TCP_SERVERS -u $USER_VPOPMAIL -g $GROUP_VCHKPW 0 pop3 qmail-popup $MAIL_SERVER vchkpw qmail-pop3d Maildir $SYSFACILITY &" >/dev/null 2>&1 && STARTED_SERVICES=" pop3" && \
- On FreeBSD:
sh -c "$TCPSERVER $TLS_SWITCH -H -R -c $TCP_SERVERS -u $USER_VPOPMAIL -g $GROUP_VCHKPW 0 pop3 qmail-popup $MAIL_SERVER vchkpw qmail-pop3d Maildir $SYSFACILITY &" >/dev/null 2>&1 && STARTED_SERVICES=" pop3" && \
withsh -c "tcpserver -H -R -c $TCP_SERVERS -u $USER_VPOPMAIL -g $GROUP_VCHKPW 0 pop3 qmail-popup $MAIL_SERVER vchkpw qmail-pop3d Maildir $SYSFACILITY &" >/dev/null 2>&1 && STARTED_SERVICES=" pop3" && \
- Replace the qmaild init script with the file modified in step 4 and set necessary permissions:
- On Linux:
# cp qmaild.tmpl.custom qmaild
# chown root:root qmaild
# chmod 750 qmaild
- On FreeBSD:
# cp qmaild.sh.tmpl.custom qmaild.sh
# chown root:wheel qmaild.sh
# chmod 750 qmaild.sh
- Restart qmail to apply changes:
- On Linux:
# ./ qmaild restart
- On FreeBSD:
# ./ qmaild.sh restart
- You can verify that STLS is not present anymore in the capability list (replace mail.example.com with your target mail server IP):
# telnet mail.example.com 110
Trying 172.16.0.10...
Connected to mail.example.com (172.16.0.10).
Escape character is '^]'.
+OK <20083.1344989468@mail.example.com>
CAPA
+OK capability list follows
USER
TOP
UIDL
.