Macros for Use with STARTTLS
If you decide to use STARTTLS with sendmail, be aware that a number of related sendmail macros are useful in rule sets and database maps. These are shown in Table 5-6, and described in detail in Chapter 21.
Table 5-6. Macros for use with STARTTLS
Macro |
§ |
Description |
---|---|---|
|
${cert_issuer} on page 809 |
Distinguished name of CA that signed the presented cert |
|
${cert_md5} on page 809 |
MD5 of certificate |
|
${cert_subject} on page 809 |
Distinguished name of certificate |
|
${cipher} on page 809 |
Cipher suite used for connection |
|
${cipher_bits} on page 810 |
TLS encryption key length |
|
${tls_version} on page 847 |
TLS/SSL version |
|
${verify} on page 849 |
Result of cert verification |
To illustrate, consider a simple rule set that allows relaying by anyone who presents a cert that can be verified:
LOCAL_RULESETS SLocal_check_rcpt R$* $: $&{verify} ROK $# OK
Here, the Local_check_rcpt
rule set is used to
check the envelope recipient. If the result of
authentication stored in the ${verify}
macro is
OK
, the sender
is allowed to relay. Anything other than OK
denies
relaying.
More ambitious use of these sendmail macros involves the access database and is covered in the next section.
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.