|
Sendmailcert TLS / SSL 上でのイーメール
本ページは 2006-08-25 更新されました
注意: Outlook と Norton Anti-Virus のようなアンチウイルスソフトウエアを使っている場合 TLS 上でのメール送受信でエラーが発生することがあります。
|
インストールに関しては Sendmailcert を参照ください。
イーメールクライアントの設定に関しては イーメールを SSL で使う を参照ください。
以下は、sendmailcert のマニュアルページの一部です。最新のものは、サーバー上で # man sendmailcert を実行し読むことができます。
SENDMAILCERT(1) SENDMAILCERT(1)
NAME
sendmailcert - sendmail certificate utility
SYNOPSIS
sendmailcert [options] --help | query | setup | uninstall
DESCRIPTION
sendmailcert creates a self-signed SSL/TLS certificate and
configures sendmail to use it for STARTTLS. Alternately,
it can query existing certificates or uninstall certifi-
cates by removing them from the sendmail configuration.
By using the --mycert/--mykey/--mycacert options, you can
also use sendmailcert to help configure sendmail to use
purchased SSL/TLS certificates.
With STARTTLS configured, sendmail will offer e-mail
clients the option of encrypting user names, passwords and
outgoing e-mail sent to the sendmail server.
KEYWORD ARGUMENTS
sendmailcert requires one of the following keyword argu-
ments:
query
Display information about the currently configured
SSL/TLS certificates.
setup
Create a self-signed certificate and configure send-
mail to use the certificate for STARTTLS. If sendmail
is already configured to use SSL/TLS, sendmailcert
will create a new cert and update the sendmail con-
figuration to use it.
Note: By using the --mycert/--mykey/--mycacert
options, setup will let you specify your own certifi-
cate, key and certificate authority (CA) certificate.
uninstall
Remove the certificates from the sendmail configura-
tion. (This operation modifies only the sendmail con-
figuration; it does not remove existing certificates
from the certs subdirectory.)
OPTIONS
--server=<hostname>
Override the server's default hostname that appears
in the certificates. If omitted, this option defaults
to the value returned by the hostname command.
Note: The hostname in the certificates should exactly
match the outgoing mail server name specified in
e-mail clients. (Otherwise many clients will display
a certificate warning each time an outgoing e-mail is
sent.)
sendmailcert verifies that the hostname resolves to
some IP address and exits if name resolution fails.
--country=<XX>
Override the 2-character ISO 3166-compliant country
code that will appear in the certificates that are
generated. If omitted, this option defaults to US.
--mycert=<filename>
Use a purchased certificate (rather than having send-
mailcert generate one that is self-signed) by speci-
fying its file name (including complete path). If the
file is not in the certs subdirectory of the direc-
tory that contains sendmail.cf, sendmailcert will
copy it there. If you specify the --mycert option,
you must also specify --mykey and --mycacert.
--mykey=<filename>
If using a purchased certificate (specified with the
--mycert option, you must also specify the name (with
complete path) of the file that contains the private
key for your certificate.
--mycacert=<filename>
If using a purchased certificate (specified with the
--mycert option, you must also specify the name (with
complete path) of the file that contains the certifi-
cate of the Certificate Authority (CA) that issued
the certificate.
Note: Certificate Authorities don't commonly send
their own SSL certificate when they issue certifi-
cates to buyers. They will generally post their cer-
tificate on their web site. (You will need to down-
load a copy to the server being configured.)
--cfdir=<path>
Override the full path to the directory that contains
the sendmail.cf file and macro configuration (mc)
files. If this option is omitted, sendmailcert will
query the sendmail executable for the directory. If
that fails, the option will default to /etc/mail.
--help
Display this help page.
EXAMPLES
# sendmailcert setup
Will generate a self-signed SSL/TLS certificate and con-
figure sendmail to use STARTTLS.
# sendmailcert query
Will display information about the current SSL/TLS config-
uration.
# sendmailcert uninstall
Will remove SSL/TLS configuration lines from the send-
mail.cf file. (It will not remove existing certificates
from the file system.)
NOTES
To verify that the sendmail executable is compiled to sup-
port STARTTLS, issue this command (as root):
# sendmail -d0.1 < /dev/null | grep STARTTLS
Output should include the substring "STARTTLS".
To verify that the configuration works, telnet to port 25
or 587, and see if sendmail offers STARTTLS in its greet-
ing (in response to your "ehlo" command). Here is a sample
session:
% telnet mail.example.com 587
Trying 192.168.234.35...
Connected to mail.example.com.
Escape character is '^]'.
220 mail.example.com ESMTP Sendmail 8.13.1/8.13.1; Thu, 21 Jul
2005 13:30:08 -0700 (MDT)
ehlo client.example.com
250-mail.example.com Hello client.example.com
[192.168.234.5], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-STARTTLS <-- server supports STARTTLS
250-DELIVERBY
250 HELP
quit
221 2.0.0 mail.example.com closing connection
Connection closed by foreign host.
%
To verify sendmail encryption, check /var/log/maillog for
entries that include the string "cipher=<value> bits=<num-
ber>".
LIMITATIONS
The sendmail executable must have been compiled to support
STARTTLS, and the openssl executable must be available on
the server.
This version of sendmailcert is designed to work with
"standard" FreeBSD sendmail configurations. Support for
other platforms and configurations is planned for a future
version.
SEE ALSO
sendmail(1), openssl(1)
Documentation for sendmail is available at
<http://www.sendmail.org/>. Sendmail's STARTTLS support is
also documented in the book sendmail, 3rd ed., by Bryan
Costales and Eric Allman (O'Reilly, c2003, ISBN
1-56592-839-3), pp. 415-428. (Documentation for OpenSSL is
available at <http://www.openssl.org/>.
This script implements (more or less) the configuration
described in my document at <http://technoids.org/starttl-
stut.html>.
AUTHOR
Weldon Whipple. E-mail suggestions to sendmailcert-sug-
gest@whipple.org.
Copyright (c) 2005 Weldon Whipple and his employers.
perl v5.8.4 2005-07-28 SENDMAILCERT(1)
SPEEDEX サポートポリシー
Copyright @ Cyber Vision Hosting Co., Ltd. All rights reserved.
Email: support@speedex.ne.jp
株式会社サイバービジョンホスティング提供サービス一覧
再販売用レンタルサーバーのSPEEDEX | VPS(仮想専用サーバー) | 共用サーバー | 独自ドメイン取得・運用 | SSLサーバー証明書 | ワイルドカードサーバー証明書 | SEO | Google Apps(TM) | クリエイティブワークの検索エンジン
|