Select a Random Number Generator
If your system lacks the device /dev/urandom, you will need to perform additional steps before you can use TLS. If your system supports /dev/urandom, you can skip this section.
For TLS (and thus STARTTLS) to work in a reliable and secure manner, you need to set up a way for sendmail to acquire high-quality pseudorandom numbers. There are a few alternatives to /dev/urandom that you can use, some more suitable than others. They are, in order of preference:
SUNWski, which is a package from Sun Microsystems that emulates /dev/urandom, and which works only with SunOS 5.5.
EGD, which stands for Entropy Gathering Daemon.
PRNGD, which stands for PseudoRandom Number Generator Daemon.
You can also roll your own random number source in a file.
SUNWski
Sun Microsystems provides an equivalent to /dev/urandom, called /dev/random, as part of its SUNWski package for Solaris. If it is not already installed on your system, you can install it from a variety of sources. Look for it on your Solaris Server Intranet Extension CD.
For Solaris 2.6, look for patch number 106754, 106755, or 106756, which contains the SUNWski package.
EGD
EGD is a persistent daemon that provides excellent pseudorandom numbers via a Unix domain socket. It is available as perl(1) source from http://egd.sourceforge.net/.
If you choose to download and install this
daemon, you can advise
sendmail of that fact by
defining the RandFile
option (RandFile on page 1076) in your
mc configuration file:
define(`confRAND_FILE', ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.