Set Up TLS-Enabled SMTP
Protect your users’ in-transit email from eavesdroppers.
If you have set up encrypted POP and IMAP services [Hack #47] , your users’ incoming email is protected from others once it reaches your servers, but what about their outgoing email? You can protect outgoing email quickly and easily by setting up your MTA to use Transport Layer Security (TLS) encryption. Virtually all modern email clients support TLS—enable it by simply checking a box in the email account preferences.
If you’re using Sendmail, you can check to see if it has TLS support compiled-in by running this command:
$ sendmail -bt -d0.1
This will print out the options that your sendmail
binary was compiled with. If you see a line that says
STARTTLS
, then all you need to do is supply some
additional configuration information to get TLS support working.
However, if you don’t see this line,
you’ll need to recompile
sendmail
.
Before recompiling sendmail
, you will need to go
into the directory containing
sendmail
’s source code and add
the following lines to
devtools/Site/site.config.m4
:
APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS') APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
If this file doesn’t exist, simply create it. The
build process will automatically include the file once you create it.
The first line in the example will cause TLS support to be compiled
into the sendmail
binary, and the second line will
link the binary with libssl.so
and
libcrypto.so
.
After adding these lines, you can recompile ...
Get Network Security Hacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.