1.Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.
2.From the Sendmail Server Administration menu, choose Configure Sendmail Server.
3.On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.
4.From the Configure Sendmail Server menu, choose Configure Trusted Layer Security (TLS). A form is displayed, showing the current performance values.
5.Click in the Enable TLS for Server Connections checkbox to enable TLS.
6.Modify the values in the fields as desired. See Table 11.
7.Click in the Disable Client Verification checkbox to disable client verification,
8.Click Submit.
In addition, all remote systems that the server will connect to using TLS, must enable TLS to complete the transmission loop in a secure manner.
After the fields are completed, TLS support can be enabled. To debug a
Enabling Support Using the Access Database
Secure connections to servers and clients can be defined by adding lines to the access database (access db text file) and then running makemap to create the updated access_db file.
Here are four examples that offer or do not offer TLS support for certain connections. Each line illustrates the line format used in the access database. The line format for the text file is:
First field <tab> | second field | <tab> | third field |
By default, STARTLS is requested on all outgoing connections and offered on incoming connections when certificates are configured. By placing a line in the access database, STARTLS can be turned off.
Try_TLS: general.mymachine.com | YES | |
Try_TLS: mymachine.com | NO | |
Try_TLS: | 42.0 | NO |
Try_TLS: | 127.0 | NO |
Here, STARTLS is offered to general.mymachine.com. It is not offered to mymachine.com, any address starting with 42.0 or 127.0
To turn on TLS support for connecting as a client, the access_db line format is as follows:
VERIFY
TLS_Srv:host-name or address ENCR:bits
VERIFY:BITS
The third fields shown here are optional.
To turn on TLS support for connecting as the server the access_db file format line is:
VERIFY
TLS_Clt:
VERIFY:bits
The third fields shown here are optional.
Here are some additional client examples:
Access database text line
TLS_Serv:abc.hp.com | StartTLS connection as client to system abc |
TLS_Serv:abc.hp.com VERIFY | StartTLS connection and certificate verification required |
TLS_Serv:abc.hp.com ENCR:64 | Must encrypt with at least 64 bits |
TLS_Serv:abc.hp.com VERIFY:64 | Certificate verification and encryption strength of at least 64 bits |
|
|
116 Mail Delivery Administration