SMTP over SSL (TLS) using sendmail
Well, it turns out enabling SMTP over SSL wasn’t as difficult as I anticipated. I had to create another certificate for it in /usr/share/ssl/certs, although I’m sure I could have just copied the imap certificate and used it. None the less I created one for sendmail using make sendmail.pem (in the /usr/share/ssl/certs directory).
Next I had to modify my /etc/mail/sendmail.mc file. Specifically I had to add the following:
define(`confCACERT_PATH’,`/usr/share/ssl/certs’)
define(`confCACERT’,`/usr/share/ssl/certs/ca-bundle.crt’)
define(`confSERVER_CERT’,`/usr/share/ssl/certs/sendmail.pem’)
define(`confSERVER_KEY’,`/usr/share/ssl/certs/sendmail.pem’)
I updated the sendmail.cf file by running m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf and restarted the sendmail daemon. To test it I used telnet localhost 25 and issued the EHLO localhost command. The server returned some information including “250-STARTTLS” indicating that SSL was enabled. I changed the configuration of my mail client to use SMTP over SSL and sent a few test emails to myself. Everything looks good. All of these changes were specifically for sendmail shipped with RedHat 8.0, but sendmail has a more generic setup description on their site.
The next thing I’d like to do is enable AUTH on sendmail so relaying will be enabled by the mail client authenticating. Right now I’ve specified the hosts to allow relaying from in a file but that causes problems if I’m using DHCP or dialing in. Unfortunately it looks like I’m going to have to recompile sendmail to do that. Hmm…something for a rainy day.