STARTTLS

Encryption can improve the security of sendmail. Ordinarily, mail is sent between two machines in the clear. That is, if you were to watch the transmission of bytes over the network,^[97] you would see what is actually being sent or received. This includes passwords, which are also sent in the clear.

To reduce the likelihood that someone watching the network will find something that can harm you, you can encrypt the stream of data. Three forms of encryption are available as of this writing:

SSL: SSL is a method for encrypting a single connection over which network traffic can flow. One implementation of SSL is available from http://www.openssl.org/.
TLS: Transport Layer Security, defined by RFC2246, is the successor to SSL that provides further means of connection encryption. It, too, is available from http://www.openssl.org.
SMTP AUTH=: The DIGEST-MD5 and GSSAPI mechanisms, among others, for the AUTH= extension to SMTP, also provide stream encryption.

In this section, we show you:

How to select a random number generator
How to create a CA signed certificate for use with sendmail
How to include support for STARTTLS in sendmail
How to set up the configuration file for use with STARTTLS
Which sendmail macros are relevant to STARTTLS
How to use the access database for finer control

^[97]^* Examples of Unix utilities that watch the network are snoop(8) and tcpdump. For others, see your online documentation.

Get sendmail, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

sendmail, 4th Edition by Bryan Costales, Claus Assmann, George Jansen, Gregory Neil Shapiro

STARTTLS

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly