Add STARTTLS Support to Your mc File

After you have built sendmail with STARTTLS support (Enable TLS with Build on page 205), and after you have created certificates for use with sendmail, you must set up your configuration file to use STARTTLS. There are eight mc configuration file macros that you can use to do this. Based on what we have shown in the previous sections, one way to define them might look like this:

define(`CERT_DIR', `/etc/mail/CA')
define(`confCACERT_PATH',  CERT_DIR)
define(`confCACERT',  CERT_DIR`/cacert.pem')
define(`confSERVER_CERT',  CERT_DIR`/server.cert.pem')
define(`confSERVER_KEY',  CERT_DIR`/server.key.pem')
define(`confCLIENT_CERT',  CERT_DIR`/client.cert.pem')
define(`confCLIENT_KEY',  CERT_DIR`/client.key.pem')
define(`confCRL', CERT_DIR`/crl/crl.pem')                        ← V8.12 and later

Here, we set values for server and client, certificate, and key files. Rebuild your cf file and test the result as we show in the next section.

Get sendmail, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.