I'm installing a Plesk machine and it seems Plesk doesn't really have a way of forcing users to use TLS/SSL for authentication. Therefore, I'm hacking it in:
- Included mod_tls settings in proftpd.conf and set TLSRequired to on.
- Closed normal POP3 and IMAP ports with iptables, except for localhost for the webmail.
- Closed port 8880 for unencrypted panel access (although I have to find a way to make the default hosting page work that way…)
But, there doesn't seem to be a way to force Qmail to use TLS/SSL for authentication. Obviously, I can't close port 25 and force use of port 465, because then mail delivery will break.
I've tried all sorts of environment variables I could find in /etc/xinitd.d/smtp_psa, but nothing works.
Postfix has a smtpd_tls_auth_only option, but I can't seem to find it for Qmail, nor where to set it in the plesk-installed version.
System:Ubuntu 10.04.2 LTS
Plesk: 10.2
Best Answer
I didn't know I could just run Plesk's autoinstaller (/opt/psa/admin/bin/autoinstaller) and replace Qmail with Postfix. With postfix, I simply enabled smtpd_tls_auth_only and it's done.