how do I get STARTTLS working with sendmail on FreeBSD 10.3 ?
Matthew Seaman
matthew at FreeBSD.org
Sun Mar 19 14:34:47 UTC 2017
On 18/03/2017 22:44, William Dudley wrote:
> A google search does not reveal a useful answer.
>
> I just want to use a self-signed certificate so I can get my email from my
> FreeBSD mail server to my cell phone. My FreeBSD server runs sendmail.
> I don't really want to switch to postfix, qmail, etc. etc.
Hmm... STARTTLS capability is enabled by default in freebsd.mc in 11.0
-- I think it might be on 10.3 as well.
Anyhow, you need the following sort of thing in your ${hostname}.mc --
define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confSERVER_CERT', `CERT_DIR/host.cert')dnl
define(`confSERVER_KEY', `CERT_DIR/host.key')dnl
define(`confCLIENT_CERT', `CERT_DIR/host.cert')dnl
define(`confCLIENT_KEY', `CERT_DIR/host.key')dnl
define(`confCACERT', `CERT_DIR/cacert.pem')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confDH_PARAMETERS', `CERT_DIR/dh.param')dnl
and you need to create all of the host.key and host.cert and cacert.pem
and dh.param files. That's mostly covered here:
http://www.sendmail.org/~ca/email/other/cagreg.html
Note that for e-mail purposes you don't generally need a certificate
signed by a well known CA -- just self signed is fine. With e-mail,
it's more important to ensure privacy in transit rather than to identify
the party you're corresponding with.
The dh.param file you can generate by:
openssl dHParam -outform PEM -out dh.param 2048
IIRC adding all this will allow your sendmail install to support
STARTTLS, but not make it require STARTTLS. I believe there's a
DAEMON_OPTIONS setting to achieve that, but I'd need to look that up.
Get hold of the O'Reilly sendmail book if you're interested -- it has
details of all this stuff.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20170319/f91c9943/attachment.sig>
More information about the freebsd-questions
mailing list