Sendmail 8.13.3 Securing Mailing Solution

(/etc/mail/submit.cf), use the following option in the Sendmail 8.13.3

configuration file:

DontBlameSendmail=GroupReadableKeyFile

11. Follow this procedure if MSP is disabled in Sendmail 8.13.3:

a. To change the directory to /etc/mail/certs, enter the following command:

/ cd /etc/mail/certs

NOTE: For more information about configuring Sendmail 8.13.3, see the

HP-UX Mailing Services Administrator's Guide at:

http://www.docs.hp.com/en/netcom.html#Internet%20Services

b. To change the mode for all the private keys, enter the following command:

chmod 600 *.pem

c. To change the group for all the private keys, enter the following command:

chgrp root *.pem

d. To restart the Sendmail 8.13.3 daemons, enter the following commands:

/sbin/init.d/sendmail stop

/sbin/init.d/sendmail start

Verifying the TLS/SSL Configuration

Follow this procedure to verify the TLS/SSL configuration:

1. Examine the output of the mtail command to ensure that Sendmail 8.13.3 does

not contain any error or warning after configuring TLS/SSL.

2. Send a test mail using Sendmail 8.13.3 and verify if the mail is delivered to the

destination address.

3. Ensure that you notice STARTTLS in certain Sendmail 8.13.3 log entries to ascertain

the proper configuration of STARTTLS.

4. Establish a Telnet session to port 25 or *587 of the server configured recently, to

ensure that it offers the STARTTLS support in response to the EHLO command.

The *587 port is used if MSP is enabled for Sendmail 8.13.3.

Following is a sample Telnet session, which ascertains the STARTTLS support:

$ telnet localhost 25

Trying...

Connected to localhost.<domain_name>

Escape character is '^]'.

220 <hostname>.<domain-name> ESMTP Sendmail @(#)Sendmail

version 8.13.3 - Revision

2.005 - 12 January 2007/8.13.3; Fri, 4 May 2007 18:00:30 +

0530 (IST)

where: