Configure Sendmail SSL encryption for sending and receiving email
Sendmail is a mail transfer agent (MTA) and you need a valid SSL certificate on the server. Sendmail remains the most popular MTA on the Internet, although this is probably fading. Its popularity is due in part to its position as the standard MTA under most variants of the Unix operating system.
Sendmail can be configured to encrypt email via the secure socket layer (SSL) when you want to send and receives emails.
Open sendmail configuration file /etc/mail/sendmail.mc using text editor such as vi:
- vi /etc/mail/sendmail.mc
Now append/modify following directives: define(`confCACERT_PATH',`/etc/mail/ssl/certs') define(`confCACERT',`/etc/mail/ssl/ca-bundle.crt') define(`confSERVER_CERT',`/etc/mail/ssl/sendmail.pem') define(`confSERVER_KEY',`/etc/mail/ssl/sendmail.pem')
And make sure port is set to smtps (secure smtp i.e. port 465): DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
Restart sendmail and secure pop3s/imaps
Type the following commands to restart sendmail and related services:
- /etc/init.d/sendmail restart
- chkconfig pop3s on
- chkconfig imaps on
- /etc/init.d/xinetd restart
pop3s and imaps will start from xinetd
How do I generate certificates locally for testing purpose only?
If you don't have certificates you can generates certificates locally on Cent OS/RHEL/Fedora Core. Type the following commands:
- cd /usr/share/ssl/certs
- make sendmail.pem
Now open sendmail /etc/mail/sendmail.mc config file and append/modify directives as follows: define(`confCACERT_PATH',`/usr/share/ssl/certs') define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt') define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem') define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem') DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl