Opportunistic, enable, disable

 To stop TLS encryption for a particular domain as QMT will encrypt via TLS all SMTP traffic unless
   1) a remote MTA does not support it,
   2) incompatible encryption between MTA(s),
   3) and/or prohibition by either MTA,
 do the following:
   1) # nslookup -type=mx 'domain.tld'
        domain.tld     mail exchanger = 0 mx.domain.tld.
   2) # mkdir /var/qmail/control/notlshosts/
   3) # touch /var/qmail/control/notlshosts/mx.domain.tld

 This will stop all traffic to domain.tld from being encrypted.

 No encryption for any domain except for those specified can also be configured.

 Complete information on the subject can be had by typing '# man qmail-remote' at the CLI, 
 or by looking here.

To force TLS encrption for a particular domain:
   1) # nslookup -type=mx 'domain.tld'
        domain.tld     mail exchanger = 0 mx.domain.tld.
   2) # mkdir /var/qmail/control/tlshosts/
   3) # PEMDIR=/var/qmail/control/tlshosts && BUNDLE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem && HOST=mx.domain.tld && PORT=25 && \
           cat ${BUNDLE} > $PEMDIR/${HOST}.pem && openssl s_client -connect ${HOST}:${PORT} -starttls smtp -showcerts 2>/dev/null </dev/null | \
           sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> ${PEMDIR}/${HOST}.pem

Author: Eric Broch
Questions and Comments: ebroch at whitehorsetc.com
Qmailtoaster mailing list: Subscribe
Qmailtoaster mailing list archives
Qmailtoaster Network
Official Qmail website
Un-Official Qmail website
Qmail - wikipedia Some helpful links...maybe.
Repos
Wiki
Qmailtoaster Plus