The bug is here I beleive:
https://bugs.contribs.org/show_bug.cgi?id=9349
B. Rgds
John
The bug sums it up nicely.
One could add a patch on qmail, or replace the qmail code with postfix as the fix suggests. Since what is qmail still doing if you use different packages for both incoming and outgoing email.
However with the least trouble you could:
- keep running qmail
- let it sent its email to postfix on localhost on another port
- let postfix send email, using all its sophisticated TLS features
I did just this, only used another host to serve postfix as a smarthost (only used to sent email to internet).
Links on TLS and how dane work can be found here:
http://www.postfix.org/TLS_README.html#client_tls_levelsI use a simple transport table to sent all email for internal domains back to SME server as the internal server:
vi /etc/postfix/transport
#relay all email for domain to internal mailserver []
hanscees.com smtp:[192.168.0.1]
.hanscees.com smtp:[192.168.0.1]
* smtp
logging on outgoing smtp is something like this:
### logging example
#Jul 20 20:29:09 core postfix/qmgr[26579]: BF14F201D3: from=<root@example.net>, size=297, nrcpt=1 (queue active)
Jul 20 20:29:10 core postfix/smtp[26610]: Untrusted TLS connection established to bak.ab-groep.nl[212.135.11.120]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
then the main postfix config
############################## main.cf
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 4h
readme_directory = no
# TLS parameters for receiving email
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# use TLS when sending email
smtp_tls_security_level = may
smtp_tls_loglevel = 1
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination =
local_recipient_maps =
Local_transport = eror:local mail delivery is disabled
relayhost =
mynetworks = 127.0.0.0/8 192.168.0.0/24
mailbox_size_limit = 0
recipient_delimiter =
inet_interfaces = all
myorigin = /etc/mailname
inet_protocols = ipv4
transport_maps = hash:/etc/postfix/transport