Version 8.13 of sendmail
Although this version of sendmail provides many new features, the
–FallBackSmartHost option is the most significant
addition. Because of this option you no longer need to use main.cf
and subsidiary.cf. The main.cf file was used
in environments that supported MX records. The subsidiary.cf file
was used in environments without a fully operative DNS. In such environments a smart
host was used instead of MX records. The –FallBackSmartHost option provides unified configuration. It operates like
an MX record of last possible preference for all environments. To ensure that mail gets
delivered to clients, this option, if enabled, provides a well-connected (or smart) host
that serves as a backup (or failover) for MX records that fail.
Additionally, SMTP can run with Transport Layer Security (TLS). See the following
description.
Support for Running SMTP With TLS in Version 8.13 of
sendmail
Communications between SMTP servers and clients are not usually controlled or
trusted on either end. This lack of security might allow a third party to
monitor and even alter a communication between a server and a client. SMTP can
use Transport Layer Security (TLS) in version 8.13 of
sendmail to resolve this problem. This extended service
to SMTP servers and clients provides the following:
-
Private, authenticated communications over the Internet
-
Protection from eavesdroppers and attackers
Note -
The implementation of TLS is based on the Secure Sockets Layer (SSL)
protocol.
STARTTLS is the SMTP keyword that initiates a secure SMTP
connection by using TLS. This secure connection might be between two servers or
between a server and a client. A secure connection is defined as follows:
-
The source email address and the destination address are encrypted.
-
The content of the email message is encrypted.
When the client issues the STARTTLS command, the server
responds with one of the following:
-
220 Ready to start TLS
-
501 Syntax error (no parameters allowed)
-
454 TLS not available due to temporary reason
The 220 response requires the client to start the TLS
negotiation. The 501 response notes that the client incorrectly
issued the STARTTLS command. STARTTLS is
issued with no parameters. The 454 response necessitates that the
client apply rule set values to determine whether to accept or maintain the
connection.
Note that to maintain the Internet's SMTP infrastructure, publicly used servers
must not require a TLS negotiation. However, a server that is used privately might
require the client to perform a TLS negotiation. In such instances, the server
returns this response:
530 Must issue a STARTTLS command first
The 530 response instructs the client to issue the
STARTTLS command to establish a connection.
The server or client can refuse a connection if the level of authentication and
privacy is not satisfactory. Alternately, because most SMTP connections are not
secure, the server and client might maintain an unsecure connection. Whether to
maintain or refuse a connection is determined by the configuration of the server and
the client.
Support for running SMTP with TLS is not enabled by default. TLS is enabled when
the SMTP client issues the STARTTLS command. Before the SMTP
client can issue this command, you must set up the certificates that enable
sendmail to use TLS. See How to Set SMTP to Use TLS. Note that this procedure includes defining new
configuration file options and rebuilding your sendmail.cf
file.
Configuration File Options for Running SMTP With TLS
The following table describes the configuration file options that are used
to run SMTP with TLS. If you declare any of these options, use one of the
following syntaxes:
-
O
OptionName=argument
# for the configuration file
-
-O
OptionName=argument
# for the command line
-
define(`m4Name',argument)
# for m4 configuration
Table 4 Configuration File Options for Running SMTP With TLS
|
|
–CACertFile
|
m4 name: –confCACERT
Argument: filename
Default value: undefined
Identifies the file that contains one CA
certificate.
|
–CACertPath
|
m4 name: –confCACERT_PATH
Argument: path
Default value: undefined
Identifies the path to the directory that contains
certificates of CAs.
|
–ClientCertFile
|
m4 name: –confCLIENT_CERT
Argument: filename
Default value: undefined
Identifies the file that contains the certificate of the
client. Note that this certificate is used when
sendmail acts as a client.
|
–ClientKeyFile
|
m4 name: –confCLIENT_KEY
Argument: filename
Default value: undefined
Identifies the file that contains the private key that
belongs to the client certificate.
|
–CRLFile
|
m4 name: –confCRL
Argument: filename
Default value: undefined
Identifies the file that contains the certificate
revocation status, which is used for X.509v3
authentication.
|
–DHParameters
|
m4 name: –confDH_PARAMETERS
Argument: filename
Default value: undefined
Identifies the file that contains the Diffie-Hellman (DH)
parameters.
|
–RandFile
|
m4 name: –confRAND_FILE
Argument:
file:filename
or egd:UNIX
socket
Default value: undefined
Uses the file: prefix to identify the
file that contains random data or uses the
egd: prefix to identify the UNIX
socket. Note that because the Oracle Solaris OS supports the
random number generator device, this
option does not need to be specified. See the random(7D) man page.
|
–ServerCertFile
|
m4 name: –confSERVER_CERT
Argument: filename
Default value: undefined
Identifies the file that contains the server's
certificate. This certificate is used when
sendmail acts as a server.
|
–Timeout.starttls
|
m4 name: –confTO_STARTTLS
Argument: amount of time
Default value: 1h
Sets the amount of time the SMTP client waits for a
response to the STARTTLS command.
|
–TLSSrvOptions
|
m4 name: –confTLS_SRV_OPTIONS
Argument: V
Default value: undefined
Determines whether the server asks for a certificate from
the client. If this option is set to V,
no client verification is performed.
|
|
For sendmail to support SMTP's use of TLS, the
following options must be defined:
-
–CACertPath
-
–CACertFile
-
–ServerCertFile
-
–ClientKeyFile
Other options are not required.
Macros for Running SMTP With TLS
The following table describes the macros that are used by the
STARTTLS command.
Table 5 Macros for Running SMTP With TLS
|
|
${cert_issuer}
|
Holds the distinguished name (DN) of the certification
authority (CA), which is the certificate issuer.
|
${cert_subject}
|
Holds the DN of the certificate that is called the
cert subject.
|
${cn_issuer}
|
Holds the common name (CN) of the CA, which is the
cert issuer.
|
${cn_subject}
|
Holds the CN of the certificate that is called the
cert subject.
|
${tls_version}
|
Holds the version of TLS that is used for the
connection.
|
${cipher}
|
Holds a set of cryptographic algorithms (known as a
cipher suite) that is
used for the connection.
|
${cipher_bits}
|
Holds in bits the key length of the symmetric encryption
algorithm that is used for the connection.
|
${verify}
|
Holds the result of the verification of the certificate
that was presented. Possible values are as follows:
-
OK – The verification
succeeded.
-
NO – No certificate was
presented.
-
NOT – No certificate was
requested.
-
FAIL – The certificate
that was presented could not be verified.
-
NONE –
STARTTLS has not been
performed.
-
TEMP – Temporary error
occurred.
-
PROTOCOL – SMTP error
occurred.
-
SOFTWARE –
STARTTLS handshake
failed.
|
${server_name}
|
Holds the name of the server with the current outgoing
SMTP connection.
|
${server_addr}
|
Holds the address of the server with the current outgoing
SMTP connection.
|
|
Rule Sets for Running SMTP With TLS
The following table describes rule sets that determine whether an SMTP
connection that uses TLS should be accepted, continued, or refused.
Table 6 Rule Sets for Running SMTP With TLS
|
|
tls_server
|
Acting as a client, sendmail uses this
rule set to determine whether the server is currently
supported by TLS.
|
tls_client
|
Acting as a server, sendmail uses this
rule set to determine whether the client is currently
supported by TLS.
|
tls_rcpt
|
This rule set requires verification of the recipient's
MTA. This recipient restriction makes attacks such as DNS
spoofing impossible.
|
TLS_connection
|
This rule set checks the requirement that is specified by
the RHS of the access map against the actual parameters of
the current TLS connection.
|
try_tls
|
sendmail uses this rule set to
determine the feasibility of using
STARTTLS when connecting to another
MTA. If the MTA cannot properly implement
STARTTLS, then
STARTTLS is not used.
|
|
For more information, see https://web.archive.org/web/20161025083736/http://www.sendmail.com:80/sm/open_source/tips/compiling_sendmail/#STARTTLS.
Security Considerations Related to Running SMTP With TLS
As a standard mail protocol that defines mailers that run over the Internet,
SMTP is not an end-to-end mechanism. Because of this protocol limitation, TLS
security through SMTP does not include mail user agents. Mail user agents act as
an interface between users and a mail transfer agent such as
sendmail.
Also, mail might be routed through multiple servers. For complete SMTP
security the entire chain of SMTP connections must have TLS support.
Finally, the level of negotiated authentication and privacy between each pair
of servers or a client and server pair must be considered. For more information,
see Chapter 1, Using Secure Shell in Managing Secure Shell Access in Oracle Solaris 11.3.
Additional Command-Line Options in Version 8.13 of
sendmail
The following table describes additional command-line options that are available
in version 8.13 of sendmail. Other command-line options are
described in the sendmail(1M) man page.
Table 7 Command-Line Options Available in Version 8.13 of
sendmail
|
|
–D
logfile
|
Sends debugging output to the indicated
logfile, instead of including
this information with the standard output.
|
–q–[!]Qsubstr
|
Specifies the processing of quarantined jobs that have this
substr, which is a substring of
the quarantine reason. See the
description of the
–Qreason option.
If ! is added, this option processes quarantined jobs that do
not have this substr.
|
–Qreason
|
Quarantines a normal queue item with this
reason. If no
reason is given, the quarantined
queue item is unquarantined. This option works with the
–q–[!]Qsubstr option. The
substr is a portion (or
substring) of the reason.
|
|
Additional and Revised Configuration File Options in Version 8.13 of
sendmail
The following table describes the added and revised configuration file options. If
you declare any of these options, use one of the following syntaxes.
O OptionName=argument # for the configuration file
-O OptionName=argument # for the command line
define(`m4Name',argument) # for m4 configuration
Table 8 Configuration File Options Available in Version 8.13 of
sendmail
|
|
–ConnectionRateWindowSize
|
m4 name: –confCONNECTION_RATE_WINDOW_SIZE
Argument: number
Default value: 60
Sets the number of seconds for incoming connections to be
maintained.
|
–FallBackSmartHost
|
m4 name: –confFALLBACK_SMARTHOST
Argument: hostname
To ensure that mail gets delivered to the clients, this option
provides a well-connected host that serves as a backup (or
failover) for MX records that fail.
|
–InputMailFilters
|
m4 name: –confINPUT_MAIL_FILTERS
Argument: filename
Lists the input mail filters for the
sendmail daemon.
|
–PidFile
|
m4 name: –confPID_FILE
Argument: filename
Default value:
/system/volatile/sendmail.pid
As in previous releases, the file name is macro-expanded
before it is opened. Additionally, in version 8.13, the file is
unlinked when sendmail exits.
|
–QueueSortOrder
|
m4 name: –confQUEUE_SORT_ORDER
Added argument: none
In version 8.13 none is used to specify no
sorting order.
|
–RejectLogInterval
|
m4 name: –confREJECT_LOG_INTERVAL
Argument: period-of-time
Default value: 3h, which represents three
hours.
When a daemon connection is refused for the
period-of-time specified, the
information is logged.
|
–SuperSafe
|
m4 name: –confSAFE_QUEUE
Short name: –s
Added argument: postmilter
Default value: true
If postmilter is set,
sendmail defers synchronizing the queue
file until all milters have signaled
acceptance of the message. For this argument to be useful,
sendmail must be running as an SMTP
server. Otherwise, postmilter operates as if
you are using the true argument.
|
|
Additional and Revised FEATURE() Declarations in Version 8.13
of sendmail
The following table describes the added and revised FEATURE()
declarations. This m4 macro uses the following syntax.
FEATURE(`name', `argument')
Table 9 FEATURE() Declarations Available in Version 8.13 of
sendmail
|
|
conncontrol
|
Works with the access_db rule set to check
the number of incoming SMTP connections. For details, see
/etc/mail/cf/README.
|
greet_pause
|
Adds the greet_pause rule set, which
enables open proxy and SMTP slamming protection. For details,
see /etc/mail/cf/README.
|
local_lmtp
|
The default argument continues to be
mail.local, which is the LMTP-capable
mailer in this Oracle Solaris release. However, in version 8.13, if a
different LMTP-capable mailer is used, its path name can be
specified as a second parameter and the arguments that are
passed to the second parameter can be specified in the third
parameter. For example:
FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
|
mtamark
|
Provides experimental support for "Marking Mail Transfer
Agents in Reverse DNS with TXT RRs" (MTAMark). For
details, see /etc/mail/cf/README.
|
ratecontrol
|
Works with the access_db rule set to
control connection rates for hosts. For details, see
/etc/mail/cf/README.
|
use_client_ptr
|
If this FEATURE() is enabled, the rule set
check_relay overrides its first argument
with this argument,
$&{client_ptr}.
|
|