Difference between revisions of "TLS certificate for sendmail"
From Tech
Jump to navigationJump to search| Line 13: | Line 13: | ||
define(`confCLIENT_KEY', `/etc/letsencrypt/live/pomo.komputilo.org/privkey.pem')dnl |
define(`confCLIENT_KEY', `/etc/letsencrypt/live/pomo.komputilo.org/privkey.pem')dnl |
||
define(`confAUTH_OPTIONS', `A p y')dnl |
define(`confAUTH_OPTIONS', `A p y')dnl |
||
| + | |||
| + | To test: |
||
| + | telnet localhost 25 |
||
| + | Trying 127.0.0.1... |
||
| + | Connected to localhost. |
||
| + | Escape character is '^]'. |
||
| + | 220 pomo.komputilo.org ESMTP Sendmail 8.15.2/8.15.2/Debian-8; Sat, 18 Apr 2020 10:31:08 +0200; (No UCE/UBE) logging access from: localhost(OK)-localhost [127.0.0.1] |
||
| + | Issue the ehlo localhost command, and check the response for '250-STARTTLS': |
||
| + | ehlo localhost |
||
| + | 250-pomo.komputilo.org Hello localhost [127.0.0.1], pleased to meet you |
||
| + | 250-ENHANCEDSTATUSCODES |
||
| + | 250-PIPELINING |
||
| + | 250-EXPN |
||
| + | 250-VERB |
||
| + | 250-8BITMIME |
||
| + | 250-SIZE |
||
| + | 250-DSN |
||
| + | 250-ETRN |
||
| + | 250-AUTH DIGEST-MD5 CRAM-MD5 |
||
| + | 250-STARTTLS |
||
| + | 250-DELIVERBY |
||
| + | 250 HELP |
||
Revision as of 09:32, 18 April 2020
Getting the certificate:
apt install certbot certbot certonly --webroot #domain name: pomo.komputilo.org #webroot for pomo: directoy apache serves for http://pomo.komputilo.org
To install the certificate in sendmail, insert into /etc/mail/sendmail.mc (partially copied from sendmail.org, and letsencrypt.org):
define(`confCACERT_PATH', `/etc/letsencrypt/live/pomo.komputilo.org')dnl define(`confCACERT', `/etc/letsencrypt/live/pomo.komputilo.org/chain.pem')dnl define(`confSERVER_CERT', `/etc/letsencrypt/live/pomo.komputilo.org/cert.pem')dnl define(`confSERVER_KEY', `/etc/letsencrypt/live/pomo.komputilo.org/privkey.pem')dnl define(`confCLIENT_CERT', `/etc/letsencrypt/live/pomo.komputilo.org/cert.pem')dnl define(`confCLIENT_KEY', `/etc/letsencrypt/live/pomo.komputilo.org/privkey.pem')dnl define(`confAUTH_OPTIONS', `A p y')dnl
To test:
telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 pomo.komputilo.org ESMTP Sendmail 8.15.2/8.15.2/Debian-8; Sat, 18 Apr 2020 10:31:08 +0200; (No UCE/UBE) logging access from: localhost(OK)-localhost [127.0.0.1]
Issue the ehlo localhost command, and check the response for '250-STARTTLS':
ehlo localhost 250-pomo.komputilo.org Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-STARTTLS 250-DELIVERBY 250 HELP
