1.Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.

2.From the Sendmail Server Administration menu, choose Configure Sendmail Server.

3.On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.

4.From the Configure Sendmail Server menu, choose Configure Trusted Layer Security (TLS). A form is displayed, showing the current performance values.

5.Click in the Enable TLS for Server Connections checkbox to enable TLS.

6.Modify the values in the fields as desired. See Table 11.

7.Click in the Disable Client Verification checkbox to disable client verification,

8.Click Submit.

In addition, all remote systems that the server will connect to using TLS, must enable TLS to complete the transmission loop in a secure manner.

After the fields are completed, TLS support can be enabled. To debug a non-working connection, check the mail log for error messages.

Enabling Support Using the Access Database

Secure connections to servers and clients can be defined by adding lines to the access database (access db text file) and then running makemap to create the updated access_db file.

Here are four examples that offer or do not offer TLS support for certain connections. Each line illustrates the line format used in the access database. The line format for the text file is:

First field <tab>

second field

<tab>

third field

By default, STARTLS is requested on all outgoing connections and offered on incoming connections when certificates are configured. By placing a line in the access database, STARTLS can be turned off.

Try_TLS: general.mymachine.com

YES

Try_TLS: mymachine.com

NO

Try_TLS:

42.0

NO

Try_TLS:

127.0

NO

Here, STARTLS is offered to general.mymachine.com. It is not offered to mymachine.com, any address starting with 42.0 or 127.0

To turn on TLS support for connecting as a client, the access_db line format is as follows:

VERIFY

TLS_Srv:host-name or address ENCR:bits

VERIFY:BITS

The third fields shown here are optional.

To turn on TLS support for connecting as the server the access_db file format line is:

VERIFY

TLS_Clt: host-name or addressENCR:bits

VERIFY:bits

The third fields shown here are optional.

Here are some additional client examples:

Access database text line

 

TLS_Serv:abc.hp.com

StartTLS connection as client to system abc

TLS_Serv:abc.hp.com VERIFY

StartTLS connection and certificate verification required

TLS_Serv:abc.hp.com ENCR:64

Must encrypt with at least 64 bits

TLS_Serv:abc.hp.com VERIFY:64

Certificate verification and encryption strength of at least 64 bits

116 Mail Delivery Administration

Page 116
Image 116
HP UX Internet Express Software manual Enabling Support Using the Access Database