Version 8.13 of sendmail provides many new features. For more information about version 8.13, see the following sections:
Additional and Revised Configuration File Options in Version 8.13 of sendmail
Additional and Revised FEATURE Declarations in Version 8.13 of sendmail
The –FallBackSmartHost option means you no longer need to use the main.cf and subsidiary.cf files. The main.cf file was used in environments that supported MX records. The subsidiary.cf file was used in environments without a fully operative DNS. In such environments, a smart host was used instead of MX records. The –FallBackSmartHost option provides unified configuration. It operates like an MX record of last possible preference for all environments. To ensure that mail gets delivered to clients, this option, if enabled, provides a well-connected (or smart) host that serves as a backup (or failover) for MX records that fail.
Communications between SMTP servers and clients are not usually controlled or trusted on either end. This lack of security might allow a third party to monitor and even alter a communication between a server and a client. SMTP can use Transport Layer Security (TLS) in version 8.13 of sendmail to resolve this problem. This extended service to SMTP servers and clients provides the following:
Private, authenticated communications over the Internet
Protection from eavesdroppers and attackers
STARTTLS is the SMTP keyword that initiates a secure SMTP connection by using TLS. This secure connection might be between two servers or between a server and a client. A secure connection is defined as follows:
The source email address and the destination address are encrypted.
The content of the email message is encrypted.
When the client issues the STARTTLS command, the server responds with one of the following messages:
220 Ready to start TLS - Requires the client to start the TLS negotiation.
501 Syntax error (no parameters allowed) - Indicates that the client incorrectly issued the STARTTLS command. STARTTLS is issued with no parameters.
454 TLS not available due to temporary reason - Requires the client to apply rule set values to determine whether to accept or maintain the connection.
Note that to maintain the Internet's SMTP infrastructure, servers available to the public must not require a TLS negotiation. However, a server that is used privately might require the client to perform a TLS negotiation. In such instances, the server returns this response:
530 Must issue a STARTTLS command first
The client must issue the STARTTLS command to establish a connection.
The server or client can refuse a connection if the level of authentication and privacy is not satisfactory. Because most SMTP connections are not secure, the server and client might maintain an unsecured connection. Whether to maintain or refuse a connection is determined by the configuration of the server and the client.
Support for running SMTP with TLS is not enabled by default. TLS is enabled when the SMTP client issues the STARTTLS command. Before the SMTP client can issue this command, you must set up the certificates that enable sendmail to use TLS. See How to Set SMTP to Use TLS. Note that this procedure includes defining new configuration file options and rebuilding your sendmail.cf file.
The following configuration file options are used to run SMTP with TLS:
m4 name: –confCACERT
Argument: filename
Default value: undefined
Identifies the file that contains one CA certificate.
m4 name: –confCACERT_PATH
Argument: path
Default value: undefined
Identifies the path to the directory that contains certificates of CAs.
m4 name: –confCLIENT_CERT
Argument: filename
Default value: undefined
Identifies the file that contains the certificate of the client. Note that this certificate is used when sendmail acts as a client.
m4 name: –confCLIENT_KEY
Argument: filename
Default value: undefined
Identifies the file that contains the private key that belongs to the client certificate.
m4 name: –confCRL
Argument: filename
Default value: undefined
Identifies the file that contains the certificate revocation status, which is used for X.509v3 authentication.
m4 name: –confDH_PARAMETERS
Argument: filename
Default value: undefined
Identifies the file that contains the Diffie-Hellman (DH) parameters.
m4 name: –confSERVER_CERT
Argument: filename
Default value: undefined
Identifies the file that contains the server's certificate. This certificate is used when sendmail acts as a server.
m4 name: –confTO_STARTTLS
Argument: amount of time
Default value: 1h
Sets the amount of time the SMTP client waits for a response to the STARTTLS command.
m4 name: –confTLS_SRV_OPTIONS
Argument: V
Default value: undefined
Determines whether the server asks for a certificate from the client. If this option is set to V, no client verification is performed.
If you declare any of the preceding options, use one of the following syntaxes:
O OptionName=argument # for the configuration file
-O OptionName=argument # for the command line
define(`m4Name',argument) # for m4 configuration
For sendmail to support SMTP's use of TLS, the following options must be defined:
–CACertPath
–CACertFile
–ServerCertFile
–ClientKeyFile
Other options are not required.
The following macros are used by the STARTTLS command:
Holds the distinguished name (DN) of the certification authority (CA), which is the certificate issuer.
Holds the DN of the certificate that is called the cert subject.
Holds the common name (CN) of the CA, which is the cert issuer.
Holds the CN of the certificate that is called the cert subject.
Holds the version of TLS that is used for the connection.
Holds a set of cryptographic algorithms (known as a cipher suite) that is used for the connection.
Holds in bits the key length of the symmetric encryption algorithm that is used for the connection.
Holds the result of the verification of the certificate that was presented. Possible values are as follows:
OK – The verification succeeded.
NO – No certificate was presented.
NOT – No certificate was requested.
FAIL – The certificate that was presented could not be verified.
NONE – STARTTLS has not been performed.
TEMP – Temporary error occurred.
PROTOCOL – SMTP error occurred.
SOFTWARE – STARTTLS handshake failed.
Holds the address of the server with the current outgoing SMTP connection.
Holds the name of the server with the current outgoing SMTP connection.
The following rule sets determine whether an SMTP connection that uses TLS should be accepted, continued, or refused:
Acting as a client, sendmail uses this rule set to determine whether the server is currently supported by TLS.
Acting as a server, sendmail uses this rule set to determine whether the client is currently supported by TLS.
This rule set requires verification of the recipient's MTA. This recipient restriction makes attacks such as DNS spoofing impossible.
This rule set checks the requirement that is specified by the RHS of the access map against the actual parameters of the current TLS connection.
sendmail uses this rule set to determine the feasibility of using STARTTLS when connecting to another MTA. If the MTA cannot properly implement STARTTLS, then STARTTLS is not used.
Note the following security considerations related to running SMTP with TLS:
As a standard mail protocol that defines mailers that run over the Internet, SMTP is not an end-to-end mechanism. Because of this protocol limitation, TLS security through SMTP does not include mail user agents. Mail user agents act as an interface between users and a mail transfer agent such as sendmail.
Because mail might be routed through multiple servers, for complete SMTP security, the entire chain of SMTP connections must have TLS support.
Consider the level of negotiated authentication and privacy between each pair of servers or a client and server pair. For more information, see Chapter 1, Using Secure Shell in Managing Secure Shell Access in Oracle Solaris 11.4.
The following additional command-line options are available in version 8.13 of sendmail. For other command-line options, see the sendmail(8) man page.
Sends debugging output to the indicated logfile instead of including this information with the standard output.
Specifies the processing of quarantined jobs that have this substr, which is a substring of the quarantine reason. See the description of the –Qreason option. If ! is added, this option processes quarantined jobs that do not have this substr.
Quarantines a normal queue item with this reason value. If no reason is given, the quarantined queue item is unquarantined. This option works with the –q–[!]Qsubstr option. The substr is a portion (or substring) of the reason value.
The added and revised configuration file options in version 8.13 are as follows:
m4 name: –confCONNECTION_RATE_WINDOW_SIZE
Argument: number
Default value: 60
Sets the number of seconds for incoming connections to be maintained.
m4 name: –confFALLBACK_SMARTHOST
Argument: hostname
To ensure that mail gets delivered to the clients, this option provides a well-connected host that serves as a backup (or failover) for MX records that fail.
m4 name: –confINPUT_MAIL_FILTERS
Argument: filename
Lists the input mail filters for the sendmail daemon.
m4 name: –confPID_FILE
Argument: filename
Default value: /system/volatile/sendmail.pid
As in previous releases, the file name is macro-expanded before it is opened. Additionally, in version 8.13, the file is unlinked when sendmail exits.
m4 name: –confQUEUE_SORT_ORDER
Added argument: none
In version 8.13 none is used to specify no sorting order.
m4 name: –confREJECT_LOG_INTERVAL
Argument: period-of-time
Default value: 3h, which represents three hours.
When a daemon connection is refused for the period-of-time specified, the information is logged.
m4 name: –confSAFE_QUEUE
Short name: –s
Added argument: postmilter
Default value: true
If postmilter is set, sendmail defers synchronizing the queue file until all milters have signaled acceptance of the message. For this argument to be useful, sendmail must be running as an SMTP server. Otherwise, postmilter operates as if you are using the true argument.
If you declare any of the preceding options, use one of the following syntaxes:
O OptionName=argument # for the configuration file
–O OptionName=argument # for the command line
define(`m4Name',argument) # for m4 configuration
The m4 macro uses the following syntax:
FEATURE(`name', `argument')
The following FEATURE() declarations in version 8.13 have been added and revised:
Works with the access_db rule set to check the number of incoming SMTP connections.
Adds the greet_pause rule set, which enables open proxy and SMTP slamming protection.
The default argument continues to be mail.local, which is the LMTP-capable mailer in this Oracle Solaris release. However, in version 8.13, if a different LMTP-capable mailer is used, its path name can be specified as a second parameter and the arguments that are passed to the second parameter can be specified in the third parameter. For example:
FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
Provides the experimental support for MTAMark feature.
Works with the access_db rule set to control connection rates for hosts.
If this FEATURE() is enabled, the rule set check_relay overrides its first argument with this argument, $&{client_ptr}.
For more information, see /etc/mail/cf/README.