STARTTLS
Encryption can improve the security of sendmail. Ordinarily, mail is sent between two machines in the clear. That is, if you were to watch the transmission of bytes over the network[33] you would see what is actually being sent or received. This includes passwords, which are also sent in the clear.
To reduce the likelihood that someone watching the network will find something that can harm you, you can encrypt the stream of data. Three forms of encryption are available as of this writing:
- SSL
SSL is a method for encrypting a single connection over which network traffic can flow. One implementation of SSL is available from http://www.openssl.org/.
- TLS
Transport Layer Security, defined by RFC2246, is the successor to SSL that provides further means of connection encryption. It, too, is available from http://www.openssl.org.
- SMTP AUTH=
The DIGEST-MD5 and GSSAPI mechanisms, among others, for the AUTH= extension to SMTP, also provides stream encryption.
In this section we show you:
How to install the OpenSSL library
What digital certificates and their acronyms are
How to include support for STARTTLS in sendmail
How to set up the configuration file for use with STARTTLS
Which sendmail macros are relevant to STARTTLS
The SSL Library
An SSL library might already exist on your machine. If so, and if it is a secure version, you can skip this section.
The SSL library is available from the OpenSSL organization at the following sites:
| http://www.OpenSSL.org/source/ ← web download |
| ftp://ftp.openssl.org/source/ ... |
Get Sendmail, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
