I have made some minor changes to my toaster patch, and updated the version to 0.6-1. The changes have to do with the ownership of the tls certificates. Instead of duplicating the servercert.pem as clientcert.pem, I went back to using a symbolic link, and chowned the files vpopmail:qmail, so both qmail-smtpd and qmail-remote can access them. Permissions are set to 640.
On shupp.org, I also put a note about the need to run "make tmprsadh" after installing this patch. If you don't, the new DH parameters in the new TLS patch will cause qmail-smtpd to create the dh keys on the fly, saturating your CPU. You also want to setup a cron job, per the TLS instructions, to update these temporary keys:
01 01 * * * /var/qmail/bin/update_tmprsadh > /dev/null 2>&1
This patch has been in production for me for over a week now, and is working well. I'll be updating the toaster in the next few days to use this patch, with updated run scripts and software versions.
Regards,
Bill Shupp MerchBox
