Technical Documents

How to Install Certificates on Sendmail (MTA)

Sendmail can be configured to encrypt email via the secure socket layer (SSL) when you want to send and receives emails.

1) Open sendmail configuration file /etc/mail/sendmail.mc (although your distribution might keep it elsewhere) using text editor such as vi, emacs, nano with write access:

# vi /etc/mail/sendmail.mc
Now append/modify following directives:
define(`confCACERT_PATH',`/etc/mail/ssl/certs')
-- location to find certificates
define(`confCACERT',`/etc/mail/ssl/ca-bundle.crt')
-- Root Bundle file (Make sure you select your server software as Apache & mod_ssl)
define(`confSERVER_CERT',`/etc/mail/ssl/sendmail.crt')
-- Domain Certificate
define(`confSERVER_KEY',`/etc/mail/ssl/sendmail.key')

And make sure port is set to smtps (secure smtp i.e. port 465):
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

2) Restart sendmail and secure pop3s/imaps (optional, use the following if using POP/IMAP)
Type the following commands to restart sendmail and related services:
# /etc/init.d/sendmail restart
# chkconfig pop3s on
# chkconfig imaps on
# /etc/init.d/xinetd restart

pop3s and imaps will start from xinetd

Please note the following:
* All certificates provided by us are in PEM format.
* .key file needs to have owner read/write permission for the owner, not group.
* define(`confLOG_LEVEL', `14')dnl ## Will help with debugging. Can be commented out or put back to its default level of 9 when done.