Manualshelf

Sendmail 8.13.3 Securing Mailing Solution

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
11121314151617181920
NOTE: The link name fea4e1bb.0 is only an example. The link name must be
of the format <characters>.0.
The Sendmail 8.13.3 server is now ready with the signed public certificate and the
private key pair. If you have multiple Sendmail 8.13.3 servers (for example, relay and
forwarders), you can either create an individual key pairs and a signed certificate for
each Sendmail 8.13.3 server and get it signed by the CA, or use the cryptographic keys
to be distributed across the Sendmail 8.13.3 servers in your environment.
The previously mentioned Sendmail 8.13.3 configuration option considers that you are
using the same certificate and key, irrespective of whether Sendmail 8.13.3 acts in a
client mode or a server mode. If you need different pairs of certificate and keys for
these two operational modes, you must create them using the procedure described in
the “Generating Certificates and Keys” (page 14) and rename them appropriately (such
as clientname-cert.pem andclientname-key.pem). You must also configure
the file names against ClientKeyFile and ClientCertFile options in the Sendmail
8.13.3 configuration file, as described in “Configuring Sendmail 8.13.3 with TLS and
SSL” (page 13).
Do not store the private key of the CA
(/opt/openssl/misc/demoCA/private/cakey.pem) in the Sendmail 8.13.3
servers.
Configuring the Sendmail 8.13.3 Server with TLS/SSL
To configure the Sendmail 8.13.3 server with TLS/SSL, you must create a new Sendmail
8.13.3 configuration file with STARTTLS feature enabled using the HP-UX gen_cf
utility.
NOTE: If you do not have a /etc/mail/submit.cf file, you cannot enable the
Mail Submission Program (MSP). Hence, you can skip the submit.cf additions or
changes discussed in this white paper.
If you have any site-specific customized configuration in your
/etc/mail/sendmail.cf file or /etc/mail/submit.cf file, ensure that you back
up the customized changes. Obtain a backup of the existing Sendmail 8.13.3
configuration files (/etc/mail/sendmail.cf and /etc/mail/submit.cf) enables
you to revert to the original state in case you encounter any configuration issues.
Follow this procedure to configure the Sendmail 8.13.3 server with TLS/SSL:
1. To back up the existing Sendmail 8.13.3 configuration file, enter the following
command:
cp p /etc/mail/sendmail.cf /etc/mail/sendmail.cf.BACKUP
2. To change the directory to the /usr/newconfig/etc/mail/cf/cf directory,
enter the following command:
18