Top

ドメイン名入門
入門ガイド
管理ガイド基礎
[Email]
  alias
  procmail
  M4 Macro
  SPAM防止
    SpamAssassin
    vinstallログ
    accessファイル
  メールリスト
    Mailman
      VHostで利用
      リスト作成
    Majordomo
      インストール
      リスト作成
      MajorCool
  暗号化ツール
    SSL上での利用
    PGP
      暗号化PGP
      暗号化GnuPG
  自動返信メール
  virtusertable
  squirrelmail
      インストール
[FTP]
[Web]
[Ports]
[Shell]
[User]
[CPX]
[Webmin]
管理上級編
v3
Top
v3
Start
v3
Email
v3
Ftp
v3
Web
v3
Ports
v3
Shell
v3
User
v3
Perl
v3
Java
v3
System
v3
CPX


Sendmailcert TLS / SSL 上でのイーメール

インストールに関しては Sendmailcert を参照ください。

イーメールクライアントの設定に関しては イーメールを SSL で使う を参照ください。

以下は、sendmailcert のマニュアルページの一部です。最新のものは、サーバー上で # man sendmailcert を実行し読むことができます。

SENDMAILCERT(1)                                                SENDMAILCERT(1)



NAME
       sendmailcert - sendmail certificate utility

SYNOPSIS
       sendmailcert [options] --help |  query | setup | uninstall

DESCRIPTION
       sendmailcert creates a self-signed SSL/TLS certificate and configures
       sendmail to use it for STARTTLS.  Alternately, it can query existing
       certificates or uninstall certificates by removing them from the send-
       mail configuration.

       By using the --mycert/--mykey/--mycacert options, you can also use
       sendmailcert to help configure sendmail to use purchased SSL/TLS cer-
       tificates.

       With STARTTLS configured, sendmail will offer e-mail clients the option
       of encrypting user names, passwords and outgoing e-mail sent to the
       sendmail server.

KEYWORD ARGUMENTS
       sendmailcert requires one of the following keyword arguments:

       query
            Display information about the currently configured SSL/TLS cer-
            tificates.

       setup
            Create a self-signed certificate and configure sendmail to use the
            certificate for STARTTLS. If sendmail is already configured to use
            SSL/TLS, sendmailcert will create a new cert and update the send-
            mail configuration to use it.

            Note: By using the --mycert/--mykey/--mycacert options, setup will
            let you specify your own certificate, key and certificate author-
            ity (CA) certificate.

       uninstall
            Remove the certificates from the sendmail configuration. (This
            operation modifies only the sendmail configuration; it does not
            remove existing certificates from the certs subdirectory.)

OPTIONS
       --server=
            Override the server's default hostname that appears in the cer-
            tificates. If omitted, this option defaults to the value returned
            by the hostname command.

            Note: The hostname in the certificates should exactly match the
            outgoing mail server name specified in e-mail clients. (Otherwise
            many clients will display a certificate warning each time an out-
            going e-mail is sent.)

            sendmailcert verifies that the hostname resolves to some IP
            address and exits if name resolution fails.

       --country=
            Override the 2-character ISO 3166-compliant country code that will
            appear in the certificates that are generated. If omitted, this
            option defaults to US.

       --mycert=
            Use a purchased certificate (rather than having sendmailcert gen-
            erate one that is self-signed) by specifying its file name
            (including complete path). If the file is not in the certs subdi-
            rectory of the directory that contains sendmail.cf, sendmailcert
            will copy it there. If you specify the --mycert option, you must
            also specify --mykey and --mycacert.

       --mykey=
            If using a purchased certificate (specified with the --mycert
            option, you must also specify the name (with complete path) of the
            file that contains the private key for your certificate.

       --mycacert=
            If using a purchased certificate (specified with the --mycert
            option, you must also specify the name (with complete path) of the
            file that contains the certificate of the Certificate Authority
            (CA) that issued the certificate.

            Note: Certificate Authorities don't commonly send their own SSL
            certificate when they issue certificates to buyers. They will gen-
            erally post their certificate on their web site. (You will need to
            download a copy to the server being configured.)

       --cfdir=
            Override the full path to the directory that contains the send-
            mail.cf file and macro configuration (mc) files. If this option is
            omitted, sendmailcert will query the sendmail executable for the
            directory. If that fails, the option will default to /etc/mail.

       --help
            Display this help page.

EXAMPLES
       # sendmailcert setup

       Will generate a self-signed SSL/TLS certificate and configure sendmail
       to use STARTTLS.

       # sendmailcert query

       Will display information about the current SSL/TLS configuration.

       # sendmailcert uninstall

       Will remove SSL/TLS configuration lines from the  sendmail.cf file.
       (It will not remove existing certificates from the file system.)

NOTES
       To verify that the sendmail executable is compiled to support STARTTLS,
       issue this command (as root):

       # sendmail -d0.1 < /dev/null | grep STARTTLS

       Output should include the substring "STARTTLS".

       To verify that the configuration works, telnet to port 25 or 587, and
       see if sendmail offers STARTTLS in its greeting (in response to your
       "ehlo" command). Here is a sample session:

        % telnet mail.example.com 587
        Trying 192.168.234.35...
        Connected to mail.example.com.
        Escape character is '^]'.
        220 mail.example.com ESMTP Sendmail 8.13.1/8.13.1; Thu, 21 Jul
        2005 13:30:08 -0700 (MDT)

        ehlo client.example.com
        250-mail.example.com Hello client.example.com
        [192.168.234.5], pleased to meet you
        250-ENHANCEDSTATUSCODES
        250-PIPELINING
        250-8BITMIME
        250-SIZE
        250-DSN
        250-STARTTLS   <-- server supports STARTTLS
        250-DELIVERBY
        250 HELP

        quit
        221 2.0.0 mail.example.com closing connection
        Connection closed by foreign host.
        %

       To verify sendmail encryption, check /var/log/maillog for entries that
       include the string "cipher= bits=".

LIMITATIONS
       The sendmail executable must have been compiled to support STARTTLS,
       and the openssl executable must be available on the server.

       This version of sendmailcert is designed to work with "standard"
       FreeBSD sendmail configurations.  Support for other platforms and con-
       figurations is planned for a future version.

SEE ALSO
       sendmail(1), openssl(1)

       Documentation for sendmail is available at .
       Sendmail's STARTTLS support is also documented in the book sendmail,
       3rd ed., by Bryan Costales and Eric Allman (O'Reilly, c2003, ISBN
       1-56592-839-3), pp. 415-428. (Documentation for OpenSSL is available at
       .

       This script implements (more or less) the configuration described in my
       document at .

AUTHOR
       Weldon Whipple. E-mail suggestions to sendmailcert-suggest@whipple.org.

       Copyright (c) 2005 Weldon Whipple and his employers.



perl v5.8.4                       2005-07-28                   SENDMAILCERT(1)
SPEEDEX サポートポリシー

Copyright @ Cyber Vision Hosting Co., Ltd. All rights reserved.


株式会社サイバービジョンホスティング提供サービス一覧
再販売用レンタルサーバーのSPEEDEX | VPS(仮想専用サーバー) | 共用サーバー | 独自ドメイン取得・運用 | SSLサーバー証明書 | ワイルドカードサーバー証明書 | SEO | Google Apps(TM) | クリエイティブワークの検索エンジン