Wednesday, 20 March 2019

Enable a TLS with SMTP

backup ordinal config file: 
cp sendmail.mc sendmail.mc_orignal2019 


mkdir -p /etc/mail/certs 

cd /etc/mail/certs 
openssl req -new -x509 -keyout cakey.pem -out cacert.pem -days 365 
openssl req -nodes -new -x509 -keyout sendmail.pem -out sendmail.pem -days 365 

chmod 600 sendmail.pem 

We need to enable below list of parameters. 
vi /etc/mail/sendmail.mc 
define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl 
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl 

DAEMON_OPTIONS(`Port=smtp,Addr=10.70.9.12, Name=MTA')dnl 
dnl ### do STARTTLS 
define(`confCACERT_PATH', `/etc/mail/certs')dnl 
define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl 
define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl 
define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl 
define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl 
define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl 

Compile the config file. 
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf 

start saslauthd service 
service saslauthd start 

restart sendmail service 
service sendmail restart 

No comments:

Post a Comment