Macros for Use with STARTTLS

If you decide to use STARTTLS with sendmail, be aware that a number of related sendmail macros are useful in rule sets and database maps. These are shown in Table 5-6, and described in detail in Chapter 21.

Table 5-6. Macros for use with STARTTLS

Macro

§

Description

${cert_issuer}

${cert_issuer} on page 809

Distinguished name of CA that signed the presented cert

${cert_md5}

${cert_md5} on page 809

MD5 of certificate

${cert_subject}

${cert_subject} on page 809

Distinguished name of certificate

${cipher}

${cipher} on page 809

Cipher suite used for connection

${cipher_bits}

${cipher_bits} on page 810

TLS encryption key length

${tls_version}

${tls_version} on page 847

TLS/SSL version

${verify}

${verify} on page 849

Result of cert verification

To illustrate, consider a simple rule set that allows relaying by anyone who presents a cert that can be verified:

LOCAL_RULESETS
SLocal_check_rcpt
R$*        $: $&{verify}
ROK        $# OK

Here, the Local_check_rcpt rule set is used to check the envelope recipient. If the result of authentication stored in the ${verify} macro is OK, the sender is allowed to relay. Anything other than OK denies relaying.

More ambitious use of these sendmail macros involves the access database and is covered in the next section.

Get sendmail, 4th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.