Encryption can improve the security of sendmail. Ordinarily, mail is sent between two machines in the clear. That is, if you were to watch the transmission of bytes over the network[33] you would see what is actually being sent or received. This includes passwords, which are also sent in the clear.

To reduce the likelihood that someone watching the network will find something that can harm you, you can encrypt the stream of data. Three forms of encryption are available as of this writing:


SSL is a method for encrypting a single connection over which network traffic can flow. One implementation of SSL is available from


Transport Layer Security, defined by RFC2246, is the successor to SSL that provides further means of connection encryption. It, too, is available from


The DIGEST-MD5 and GSSAPI mechanisms, among others, for the AUTH= extension to SMTP, also provides stream encryption.

In this section we show you:

  • How to install the OpenSSL library

  • What digital certificates and their acronyms are

  • How to include support for STARTTLS in sendmail

  • How to set up the configuration file for use with STARTTLS

  • Which sendmail macros are relevant to STARTTLS

The SSL Library

An SSL library might already exist on your machine. If so, and if it is a secure version, you can skip this section.

The SSL library is available from the OpenSSL organization at the following sites: web download ...

Get Sendmail, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.