The following table describes the configuration file options that are used to run SMTP with TLS. If you declare any of these options, use one of the following syntaxes:
O OptionName=argument # for the configuration file
-O OptionName=argument # for the command line
define(`m4Name',argument) # for m4 configuration
Option |
Description |
---|---|
CACertFile |
m4 name: confCACERT Argument: filename Default value: undefined Identifies the file that contains one CA certificate. |
CACertPath |
m4 name: confCACERT_PATH Argument: path Default value: undefined Identifies the path to the directory that contains certificates of CAs. |
ClientCertFile |
m4 name: confCLIENT_CERT Argument: filename Default value: undefined Identifies the file that contains the certificate of the client. Note that this certificate is used when sendmail acts as a client. |
ClientKeyFile |
m4 name: confCLIENT_KEY Argument: filename Default value: undefined Identifies the file that contains the private key that belongs to the client certificate. |
CRLFile |
m4 name: confCRL Argument: filename Default value: undefined Identifies the file that contains the certificate revocation status, which is used for X.509v3 authentication. |
DHParameters |
m4 name: confDH_PARAMETERS Argument: filename Default value: undefined Identifies the file that contains the Diffie-Hellman (DH) parameters. |
RandFile |
m4 name: confRAND_FILE Argument: file:filename or egd:UNIX socket Default value: undefined Uses the file: prefix to identify the file that contains random data or uses the egd: prefix to identify the UNIX socket. Note that because the Solaris OS supports the random number generator device, this option does not need to be specified. See the random(7D) man page. |
ServerCertFile |
m4 name: confSERVER_CERT Argument: filename Default value: undefined Identifies the file that contains the server's certificate. This certificate is used when sendmail acts as a server. |
Timeout.starttls |
m4 name: confTO_STARTTLS Argument: amount of time Default value: 1h Sets the amount of time the SMTP client waits for a response to the STARTTLS command. |
TLSSrvOptions |
m4 name: confTLS_SRV_OPTIONS Argument: V Default value: undefined Determines whether the server asks for a certificate from the client. If this option is set to V, no client verification is performed. |
For sendmail to support SMTP's use of TLS, the following options must be defined:
CACertPath
CACertFile
ServerCertFile
ClientKeyFile
Other options are not required.