SSL with Sendmail

Thank to the following web site:

http://www.cromwell-intl.com/unix/sendmail-ssl.html

-Andy



How to make sendmail use SSL/TLS whenever possible

1. Create a certificate directory and go there:
# mkdir /etc/mail/cert
# cd /etc/mail/cert
2. Create a key for the server, giving a new pass phrase when prompted:
# openssl genrsa -des3 -out server.key 1024
# openssl rsa -in server.key -out server.key.open
3. Create a clear-text copy of the key (so it is not pass-phrase-protected), giving the pass phrase when asked:
# openssl req -new -x509 -days 3650 -key server.key.open -out server.crt
4. Answer the X.509v3 questions appropriately.
5. Make the files root-read-only:
# chmod 600 server.*
6. Edit /etc/mail/sendmail.cf and add these lines. You should find commented-out versions of these settings in the file, maybe about a third of the way through it.
O CACertPath=/etc/mail/cert
O CACertFile=/etc/mail/cert/server.crt
O ServerCertFile=/etc/mail/cert/server.crt
O ServerKeyFile=/etc/mail/cert/server.key.open
O ClientKeyFile=/etc/mail/cert/server.crt
7. Restart sendmail:
# /etc/init.d/sendmail restart