Encryption can improve the security of sendmail. Ordinarily, mail is sent between two machines in the clear. That is, if you were to watch the transmission of bytes over the network you would see what is actually being sent or received. This includes passwords, which are also sent in the clear.
To reduce the likelihood that someone watching the network will find something that can harm you, you can encrypt the stream of data. Three forms of encryption are available as of this writing:
SSL is a method for encrypting a single connection over which network traffic can flow. One implementation of SSL is available from http://www.openssl.org/.
Transport Layer Security, defined by RFC2246, is the successor to SSL that provides further means of connection encryption. It, too, is available from http://www.openssl.org.
- SMTP AUTH=
The DIGEST-MD5 and GSSAPI mechanisms, among others, for the AUTH= extension to SMTP, also provides stream encryption.
In this section we show you:
How to install the OpenSSL library
What digital certificates and their acronyms are
How to include support for STARTTLS in sendmail
How to set up the configuration file for use with STARTTLS
Which sendmail macros are relevant to STARTTLS