All rights reserved.
212 | Chapter 5: Authentication and Encryption
Here, the STARTTLS SMTP keyword appears, revealing that this site supports TLS
encryptions of connections.
If STARTTLS doesn??™t appear, rerun the command with extra debugging, like this:
# obj.*/sendmail/sendmail -O LogLevel=14 -bs -Am
Look in your syslog logfiles for sendmail messages. Look for messages suchas warnings
about unsafe files, or warnings about the validity of X.509 certificates. If this
fails, and you need additional help, you can connect to http://www.sendmail.org/tips/.
If STARTTLS does appear, run sendmail as usual. Then examine Received: header
lines for mail you received from other sites that support STARTTLS, and look for
indications that TLS encryption worked:
Received: from other.host.domain (other.host.domain [123.45.67.89])
by your.host.domain (8.12.5/8.12.3) with ESMTP id g75FlHR4038187
(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) ?†? note
for
; Fri, 13 Dec 2002 08:47:36 -0700 (PDT)
Note that even though the Received: header shows verify=NO, the message was still
encrypted because the cipher= and bits= are present with values.
5.3.7 Macros for Use with STARTTLS
If you decide to use STARTTLS with sendmail, be aware that a number of related
sendmail macros are useful in rule sets and database maps.
Pages:
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404