Diff for /wikisrc/tutorials/services/sendmail_auth_tls.mdwn between versions 1.1 and 1.2

version 1.1, 2011/11/12 15:53:28 version 1.2, 2011/11/12 16:07:31
Line 1 Line 1
 ## Setting up a secure SMTP server with AUTH and TLS enabled in Sendmail  ## Setting up a secure SMTP server with AUTH and TLS enabled in Sendmail
   
 While *postfix* is the basesystem's (SMTP)[http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol] server, it is still possible to use the venerable (Sendmail)[http://www.sendmail.com/sm/open_source/] as your mail server of choice.  While *postfix* is the basesystem's [SMTP](http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol) server, it is still possible to use the venerable [Sendmail](http://www.sendmail.com/sm/open_source/) as your mail server of choice.
 Securing a *sendmail* SMTP gateway in order to use it from anywhere using your system's credentials is an easy task, here is how to achieve it.  Securing a *sendmail* SMTP gateway in order to use it from anywhere using your system's credentials is an easy task, here is how to achieve it.
   
 ### Enabling Sendmail as the system's SMTP server  ### Enabling Sendmail as the system's SMTP server
Line 9  First thing is to disable *postfix* as t Line 9  First thing is to disable *postfix* as t
   
         postfix=NO          postfix=NO
   
 We will then Install *sendmail* from *pkgsrc* with (SASL)[http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer] for the authentication mechanism and (TLS)[http://en.wikipedia.org/wiki/Transport_Layer_Security] as the secure transport layer:  We will then Install *sendmail* from *pkgsrc* with [SASL](http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer) for the authentication mechanism and [TLS](http://en.wikipedia.org/wiki/Transport_Layer_Security) as the secure transport layer:
   
         $ grep sendmail /etc/mk.conf          $ grep sendmail /etc/mk.conf
         PKG_OPTIONS.sendmail=   tls sasl          PKG_OPTIONS.sendmail=   tls sasl
Line 51  Now we have to inform the *SASL* library Line 51  Now we have to inform the *SASL* library
 ### Setting up the secure transport layer  ### Setting up the secure transport layer
   
 As everything is in place for authentication, we will now prepare the *TLS* prerequisites.  As everything is in place for authentication, we will now prepare the *TLS* prerequisites.
 Instead of generating a self-signed certificate, I use to rely on (CACert)[http://www.cacert.org/], "a community driven, Certificate Authority that issues certificates to the public at large for free." (from CACert.org).  Instead of generating a self-signed certificate, I use to rely on [CACert](http://www.cacert.org/), "a community driven, Certificate Authority that issues certificates to the public at large for free." (from CACert.org).
   
 In order to generate the certificate signing request (CSR), you can use the (CSRGenerator)[http://wiki.cacert.org/CSRGenerator] script from CACert, which is really handy.  In order to generate the certificate signing request (CSR), you can use the [CSRGenerator](http://wiki.cacert.org/CSRGenerator) script from CACert, which is really handy.
   
 Once you have generated your server's private key with *CSRGenerator* and received your server certificate from CACert, simply copy them to */etc/mail/certs*, along with (CACert root certificate)[http://www.cacert.org/certs/root.crt]. Make sure your private key has strict permissions, *sendmail* will refuse to start if it is readable by everyone.  Once you have generated your server's private key with *CSRGenerator* and received your server certificate from CACert, simply copy them to */etc/mail/certs*, along with [CACert root certificate](http://www.cacert.org/certs/root.crt). Make sure your private key has strict permissions, *sendmail* will refuse to start if it is readable by everyone.
   
 ### Configuring sendmail  ### Configuring sendmail
   
Line 135  And test that the features we've added a Line 135  And test that the features we've added a
         250-DELIVERBY          250-DELIVERBY
         250 HELP          250 HELP
   
 There you go! now configure your (MUA)[http://en.wikipedia.org/wiki/Mail_user_agent] so it always tries *TLS* for sending mail, using the *LOGIN* authentication method.  There you go! now configure your [MUA](http://en.wikipedia.org/wiki/Mail_user_agent) so it always tries *TLS* for sending mail, using the *LOGIN* authentication method.

Removed from v.1.1  
changed lines
  Added in v.1.2


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb