Topic: Secure Mail

[Shad]

I would like to see SSMTP, POP3S, IMAPS.  Most of the setup is already done.  All that is needed is the following.  Verify that pop3s, imaps and ssmtp are defined correctly (they are in SME 5.x).  Next create a certificate for stunnel by doing the following: (I'm sure there is an automated way to do this like the cert for https)

cd /usr/share/ssl/certs/
make stunnel.pem (must have make installed)

make sure you set "Common Name" to your hostname (the name people will connect to), otherwise clients get errors.  (Some clients will get errors anyway because the certificate isn't signed by a trusted authority. Finally in /etc/e-smith/templates(-custom)/etc/xinetd.conf create the following files

# cat 40imaps
{
    use esmith::config;
    use esmith::db;

    local %services;
    $services{'imap'} = $imap;

    my $status = db_get_prop(\%services, "imap", "status");

    if (defined $status)
    {
        if ($status eq "enabled")
        {
            $OUT .= "service imaps\n";
            $OUT .= "{\n";
            $OUT .= "    socket_type                    = stream\n";
            $OUT .= "    wait     = no\n";
            $OUT .= "    user     = root\n";
            $OUT .= "    server   = /usr/sbin/stunnel\n";
            $OUT .= "    server_args                    = -l /usr/sbin/imapd\n";
#            $OUT .= "    log_on_success                += DURATION USERID\n";
#            $OUT .= "    log_on_failure                += USERID\n";
            $OUT .= "}\n";
        }
        else
        {
            $OUT .= "\n";
            $OUT .= "# imap has been flagged as 'disabled'\n";
            $OUT .= "# in the e-smith services database.\n";
        }
    }
    else
    {
        $OUT .= "\n";
        $OUT .= "# imap does not exist in the e-smith services";
        $OUT .= " database.\n";
    }
}

# cat 50pop3s
{
    $OUT = '';

    use esmith::config;
    use esmith::db;

    local %services;
    $services{'popd'} = $popd;

    my $status = db_get_prop(\%services, "popd", "status");

    if (defined $status)
    {
        if ($status eq "enabled")
        {
            $OUT .= "service pop3s\n";
            $OUT .= "{\n";
            $OUT .= "    socket_type                    = stream\n";
            $OUT .= "    user     = root\n";
            $OUT .= "    wait     = no\n";
            $OUT .= "    server   = /usr/sbin/stunnel\n";
            $OUT .= "    server_args                    = -l /usr/sbin/ipop3d qmail-popup\n";
            $OUT .= "}\n";
        }
        else
        {
            $OUT .= "\n";
            $OUT .= "# imap has been flagged as 'disabled'\n";
            $OUT .= "# in the e-smith services database.\n";
        }
    }
    else
    {
        $OUT .= "\n";
        $OUT .= "# imap does not exist in the e-smith services";
        $OUT .= " database.\n";
    }
}

# cat 60ssmtp
{
    use esmith::config;
    use esmith::db;

    local %services;
    $services{'smtpd'} = $smtpd;

    my $status = db_get_prop(\%services, "smtpd", "status");

    $OUT .= "";
    if (defined $status)
    {
        if ($status eq "enabled")
        {
            $OUT .= "service ssmtp\n";
            $OUT .= "{\n";
            $OUT .= "    socket_type                    = stream\n";
            $OUT .= "    wait     = no\n";
            $OUT .= "    user     = root\n";
            $OUT .= "    server   = /usr/sbin/stunnel\n";
            $OUT .= "    server_args                    = -l /usr/sbin/smtpd\n";
            $OUT .= "}";
        }
        else
        {
            $OUT .= "\n";
            $OUT .= "# smtpd has been flagged as 'disabled'\n";
            $OUT .= "# in the e-smith services database.\n";
        }
    }
    else
    {
        $OUT .= "\n";
        $OUT .= "# smtpd does not exist in the e-smith services";
        $OUT .= " database.\n";
    }

}

Now expand the template and reload xinetd.

/sbin/e-smith/expand-template /etc/xinetd.conf
service xinetd reload