Set Up TLS-Enabled SMTP
Protect your users’ in-transit email from eavesdroppers.
If you have set up encrypted POP and IMAP services [Hack #47] , your users’ incoming email is protected from others once it reaches your servers, but what about their outgoing email? You can protect outgoing email quickly and easily by setting up your MTA to use Transport Layer Security (TLS) encryption. Virtually all modern email clients support TLS—enable it by simply checking a box in the email account preferences.
If you’re using Sendmail, you can check to see if it has TLS support compiled-in by running this command:
sendmail -bt -d0.1
This will print out the options that your
binary was compiled with. If you see a line that says
STARTTLS, then all you need to do is supply some
additional configuration information to get TLS support working.
However, if you don’t see this line,
you’ll need to recompile
sendmail, you will need to go
into the directory containing
sendmail’s source code and add
the following lines to
APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS') APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
If this file doesn’t exist, simply create it. The
build process will automatically include the file once you create it.
The first line in the example will cause TLS support to be compiled
sendmail binary, and the second line will
link the binary with
After adding these lines, you can recompile ...