O'Reilly logo

Sendmail, 3rd Edition by Bryan Costales

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Name

CACertFile

Synopsis

STARTTLS and stream encryption are discussed in detail in Section 10.10. Among the items you must provide is a file that contains the certificate of the authority that signed your local server (ServerCertFile) and client (ClientCertFile) certificates. This certificate of authority (CA) contains information (the distinguished name, or DN) that is sent to a connecting or connected-to site. The location of the CA certificate file is specified with this CACertFile option, using a declarations that looks like this:

O CACertFile=path            configuration file (V8.11 and later) 
-OCACertFile=path            command line (V8.11 and later) 
define(`confCACERT',`path') mc configuration (V8.11 and later 

Here, path is a full path specification of the file containing the CA certificate. The path can contain sendmail macros, and if so, those macros will be expanded (their values used) when the configuration file, or command line, is read:

define(`confCACERT', `${MyCERTPath}/CAcert.pem')

The path must be a full pathname (must begin with a slash) and must also live in a directory that is safe (every component of which is writable only by root or the trusted user specified in the TrustedUser option) and must itself be safe (owned by and writable only by root or the trusted user specified in the TrustedUser option, TrustedUser). If it is not, it will be rejected and the following error logged:

STARTTLS=server: file path unsafe: reason 
STARTTLS=client: file path unsafe: reason

But, even if ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required