Installing an SSL Certificate: Sendmail

You can configure Sendmail to encrypt emails you want send and receive, via the secure socket layer (SSL).

To begin, open your sendmail configuration file in a text editor with write access:

# vi /etc/mail/sendmail.mc

Now append/modify following directives:

define(`confCACERT_PATH',`/etc/mail/ssl/certs')
    
-- location to find certificates

define(`confCACERT',`/etc/mail/ssl/ca-bundle.crt')
-- Root Bundle file (Make sure you select your server software as Apache & mod_ssl)

define(`confSERVER_CERT',`/etc/mail/ssl/sendmail.crt')
-- Domain Certificate

define(`confSERVER_KEY',`/etc/mail/ssl/sendmail.key')

And make sure port is set to smtps (secure smtp i.e. port 465):
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s")dnl

Now, restart Sendmail and secure POP3s/IMAPs

Please note the following:

  • all certificates are provided in PEM and PKCS #7 format.
  • .key file needs to have owner read/write permission for the owner, not group.
  • define(`confLOG_LEVEL', `14')dnl ## Will help with debugging. Can be commented out or put back to its default level of 9 when done.
Is article helpful?