Configure Sendmail SSL encryption for sending and receiving email

From OnnoWiki
Jump to navigation Jump to search

Sendmail is a mail transfer agent (MTA) and you need a valid SSL certificate on the server. Sendmail remains the most popular MTA on the Internet, although this is probably fading. Its popularity is due in part to its position as the standard MTA under most variants of the Unix operating system.

Sendmail can be configured to encrypt email via the secure socket layer (SSL) when you want to send and receives emails.

Open sendmail configuration file /etc/mail/sendmail.mc using text editor such as vi:

  1. vi /etc/mail/sendmail.mc

Now append/modify following directives: define(`confCACERT_PATH',`/etc/mail/ssl/certs') define(`confCACERT',`/etc/mail/ssl/ca-bundle.crt') define(`confSERVER_CERT',`/etc/mail/ssl/sendmail.pem') define(`confSERVER_KEY',`/etc/mail/ssl/sendmail.pem')

And make sure port is set to smtps (secure smtp i.e. port 465): DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl


Restart sendmail and secure pop3s/imaps

Type the following commands to restart sendmail and related services:

  1. /etc/init.d/sendmail restart
  2. chkconfig pop3s on
  3. chkconfig imaps on
  4. /etc/init.d/xinetd restart

pop3s and imaps will start from xinetd

How do I generate certificates locally for testing purpose only?

If you don't have certificates you can generates certificates locally on Cent OS/RHEL/Fedora Core. Type the following commands:

  1. cd /usr/share/ssl/certs
  2. make sendmail.pem

Now open sendmail /etc/mail/sendmail.mc config file and append/modify directives as follows: define(`confCACERT_PATH',`/usr/share/ssl/certs') define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt') define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem') define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem') DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl