[unisog] sendmail TLS

Joseph Brennan brennan at columbia.edu
Fri Apr 5 18:36:08 GMT 2002



--On Friday, April 5, 2002 10:19 -0800 Steve VanDevender <stevev at darkwing.uoregon.edu> wrote:

> Joseph Brennan writes:
>  > I disagree with the comment regarding AUTH.  Sendmail does have a switch
>  > that permits plain text AUTH conditional on the channel being encrypted.
>  > This is what we are going to do, using the unix username and password
>  > (using PAM on Solaris 8).
> 
> I'd love to know how to do that.  I've had other people say that
> TLS can be made a prerequisite to authentication, but no one has
> actually described in detail how it is done and I haven't been able to
> puzzle it out from the Sendmail documentation.


This is the whole stanza in m4.  Your cert file paths will vary.

/* for authenticated smtp */
define(`confCACERT_PATH', `/etc/mail/certs/')__
define(`confCACERT', `/etc/mail/certs/CA.cert.pem')__
define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')__
define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')__
/* the next line restricts plaintext auth to tls connections */
define(`confAUTH_OPTIONS',`p')__
TRUST_AUTH_MECH(`PLAIN LOGIN')__
define(`confAUTH_MECHANISMS',`PLAIN LOGIN')__
/* never ask for a client cert */
define(`confTLS_SRV_OPTIONS', `V')__


Joseph Brennan                           postmaster at columbia.edu
Academic Technologies Group, Academic Information Systems (AcIS)




More information about the unisog mailing list