Q: How to set up Sendmail to use port 587, local certs, etc?
Philip Prindeville
philipp_subx at redfish-solutions.com
Sat Nov 25 04:07:46 UTC 2006
Miles Brennan wrote:
>Philip Prindeville wrote:
>
>
>>Hi.
>>
>>I have a mail host that accepts mail externally from untrusted hosts
>>on port 25, and internally I'd like to use SMTP-over-SSL over
>>port 587 (as per RFC 2476).
>>Thanks,
>>-Philip
>>
>>
>
>I've written a detailed FC5 HOWTO here:
>http://www.brennan.id.au/12-Sendmail_Server.html . It's enough to get
>you started.
>
>I haven't had time to do explicit testing and upgrade the HOWTO from
>FC5, however most of the configs are still FC6 compatible.
>
>Cheers,
>Miles
>
>
Gave it a gander, thanks.
But I still have a couple of questions. This is to use TLS (port 465),
right?
Not SMTP-over-SSL on port 587.
My understanding was that TLS was deprecated, and that a lot of
UA's didn't do it correctly.
Also, when you have client sendmail's running, how do you configure
them to use the certificate to authenticate themselves with the mailhost?
I tried changing the stock submit.mc to:
...
define(`confCLIENT_CERT',`/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCLIENT_KEY',`/etc/pki/tls/certs/sendmail.pem')dnl
dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
FEATURE(`msp', `[192.168.1.3]', `MSA')dnl
but no joy. What am I missing?
Oh, and I copied the sendmail.pem file from the server to the
client as well.
-Philip
More information about the users
mailing list