Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 27 May 2004 18:23:11 -0400
From:      "Lee Dilkie" <lee@dilkie.com>
To:        "'Noah'" <admin2@enabled.com>
Cc:        freebsd-questions@freebsd.org
Subject:   RE: SMTP AUTH
Message-ID:  <00ed01c44439$32844390$c10133ce@dilkie.com>
In-Reply-To: <20040527163905.M27311@enabled.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

>From: owner-freebsd-questions@freebsd.org
>[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Noah
>Sent: Thursday, May 27, 2004 12:40 PM
>Hi there,
>
>how do I configure sendmail to support smtps (SSL before SMTP) 
> I want to
>configure this.  any links out there show how to do this please?
>
>
>- Noah

I found all i needed on the net but it wasn't all in one place.

Here's some of what I did.

In /etc/make.conf

# add alternate port (smtps) for sendmail
SENDMAIL_CFLAGS+=	-D_FFR_SMTP_SSL

and rebuild the world (or if you're smarter than me you can rebuild only the sendmail part).

In your /etc/mail/${hostname}.sendmail.mc, define the service itself.

The first part is to define the certificates, they are used for both STARTTLS and smtps. There are plenty of sites that'll tell you how to generate those. Mine is a bit unusual as I don't use a self-signed certificate, I'm using a different CA as root. It's easiest, but costs money, to use a "real" root CA and avoid the hassle of configuring outlook/windows to trust a new root certificate.

dnl add STARTTLS support
define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/mitelroot_cert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/priv_key.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/priv_key.pem')dnl

then add support on the smtps port...

DAEMON_OPTIONS(`Port=smtps,Addr={put_your_addr_here}, Name=TLSMTA, M=s')dnl smtp over TLS on port 465

then do the standard make and make restart thingie to restart sendmail

try it out and see what fails (it helps to bump sendmail logging to 64).

-lee

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00ed01c44439$32844390$c10133ce>