These are shown in
Table 5-6, and described in detail in Chapter 21.
To illustrate, consider a simple rule set that allows relaying by anyone who presents a
cert that can be verified:
LOCAL_RULESETS
SLocal_check_rcpt
R$* $: $&{verify}
ROK $# OK
Table 5-6. Macros for use with STARTTLS
Macro ?§ Description
${cert_issuer} ?§21.9.13 on page 809 Distinguished name of CA that signed the presented cert
${cert_md5} ?§21.9.14 on page 809 MD5 of certificate
${cert_subject} ?§21.9.15 on page 809 Distinguished name of certificate
${cipher} ?§21.9.16 on page 809 Cipher suite used for connection
${cipher_bits} ?§21.9.17 on page 810 TLS encryption key length
${tls_version} ?§21.9.94 on page 847 TLS/SSL version
${verify} ?§21.9.99 on page 849 Result of cert verification
This is the Title of the Book, eMatter Edition
Copyright ?© 2007 O??™Reilly & Associates, Inc. All rights reserved.
5.3 STARTTLS | 213
Here, the Local_check_rcpt rule set is used to check the envelope recipient. If the
result of authentication stored in the ${verify} macro is OK, the sender is allowed to
relay. Anything other than OK denies relaying.
More ambitious use of these sendmail macros involves the access database and is covered
in the next section.
5.3.8 STARTTLS and the access Database
Beginning withV8.11, four new prefixes in the access database are available for use
withSTARTTLS connection encryption (?§5.
Pages:
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405