All rights reserved.
5.3 STARTTLS | 203
over the network,* you would see what is actually being sent or received. This
includes passwords, which are also sent in the clear.
To reduce the likelihood that someone watching the network will find something
that can harm you, you can encrypt the stream of data. Three forms of encryption
are available as of this writing:
SSL
SSL is a method for encrypting a single connection over which network traffic
can flow. One implementation of SSL is available from http://www.openssl.org/.
TLS
Transport Layer Security, defined by RFC2246, is the successor to SSL that provides
further means of connection encryption. It, too, is available from http://
www.openssl.org.
SMTP AUTH=
The DIGEST-MD5 and GSSAPI mechanisms, among others, for the AUTH= extension
to SMTP, also provide stream encryption.
In this section, we show you:
??? How to select a random number generator
??? How to create a CA signed certificate for use with sendmail
??? How to include support for STARTTLS in sendmail
??? How to set up the configuration file for use with STARTTLS
??? Which sendmail macros are relevant to STARTTLS
??? How to use the access database for finer control
5.3.1 Select a Random Number Generator
If your system lacks the device /dev/urandom, you will need to perform additional
steps before you can use TLS.
Pages:
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389