path: root/qmail-remote.8
diff options
authorJohn Denker <>2016-01-01 18:15:35 (GMT)
committerJohn Denker <>2016-01-02 00:33:29 (GMT)
commita16bea1ca0aa3ef44919fbe045b9040874fd8628 (patch)
tree99ac443b96f8b89f8a480bb378b619d18e8cfc31 /qmail-remote.8
parent4dabcdf185f53439af8fdf71bd2da7317336bcf0 (diff)
the big starttls patch
Diffstat (limited to 'qmail-remote.8')
1 files changed, 43 insertions, 0 deletions
diff --git a/qmail-remote.8 b/qmail-remote.8
index 08bae85..5fac0f2 100644
--- a/qmail-remote.8
+++ b/qmail-remote.8
@@ -114,6 +114,10 @@ arguments.
always exits zero.
.TP 5
+.I clientcert.pem
+SSL certificate that is used to authenticate with the remote server
+during a TLS session.
+.TP 5
.I helohost
Current host name,
for use solely in saying hello to the remote SMTP server.
@@ -123,6 +127,16 @@ if that is supplied;
.B qmail-remote
refuses to run.
+.TP 5
+.I notlshosts/<FQDN>
+.B qmail-remote
+will not try TLS on servers for which this file exists
+.RB ( <FQDN>
+is the fully-qualified domain name of the server).
+.IR (tlshosts/<FQDN>.pem
+takes precedence over this file however).
.TP 5
.I smtproutes
Artificial SMTP routes.
@@ -156,6 +170,8 @@ may be empty;
this tells
.B qmail-remote
to look up MX records as usual.
+.I port
+value of 465 (deprecated smtps port) causes TLS session to be started.
.I smtproutes
may include wildcards:
@@ -195,6 +211,33 @@ Number of seconds
.B qmail-remote
will wait for each response from the remote SMTP server.
Default: 1200.
+.TP 5
+.I tlsclientciphers
+A set of OpenSSL client cipher strings. Multiple ciphers
+contained in a string should be separated by a colon.
+.TP 5
+.I tlshosts/<FQDN>.pem
+.B qmail-remote
+requires TLS authentication from servers for which this file exists
+.RB ( <FQDN>
+is the fully-qualified domain name of the server). One of the
+.I dNSName
+or the
+.I CommonName
+attributes have to match. The file contains the trusted CA certificates.
+this option may cause mail to be delayed, bounced, doublebounced, or lost.
+.TP 5
+.I tlshosts/exhaustivelist
+if this file exists
+no TLS will be tried on hosts other than those for which a file
+.B tlshosts/<FQDN>.pem