Configure Sendmail Server in CentOS/Redhat/Fedora : SSL Certificate and Submission Port 587:...

Configure Sendmail Server in CentOS/Redhat/Fedora : SSL Certificate and Submission Port 587: Part-4

by -
0 1286

Create your own key pairs and certificates:

Step 1Create a certificate directory and go there:

# mkdir /etc/mail/cert
# cd /etc/mail/cert

Step 2 Create a key for the server, giving a new pass phrase when prompted:

# openssl genrsa -des3 -out server.key 1024

Generating RSA private key, 1024 bit long modulus ....................++++++ ..++++++ e is 65537 (0x10001) Enter pass phrase for server.key: <---- atleast four letter password Verifying - Enter pass phrase for server.key:


# openssl rsa -in server.key -out server.key.open 

Generating RSA private key, 1024 bit long modulus ....................++++++ ..++++++ e is 65537 (0x10001) Enter pass phrase for server.key: <---- atleast four letter password Verifying - Enter pass phrase for server.key: [root@mail1 cert]# openssl rsa -in server.key -out server.key.open Enter pass phrase for server.key: writing RSA key



Step 3:  Create a clear-text copy of the key (so it is not pass-phrase-protected), giving the pass phrase when asked:
# openssl req -new -x509 -days 3650 -key server.key.open -out server.crt

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:IN State or Province Name (full name) [Berkshire]:DELHI Locality Name (eg, city) [Newbury]:DELHI Organization Name (eg, company) [My Company Ltd]:linuxgateway Organizational Unit Name (eg, section) []:linuxgateway Common Name (eg, your name or your server's hostname) []:mail1.linuxgateway.in Email Address []:vikas@linuxgateway.in


 

Step 4.   Make the files root-read-only:

# chmod  600  server.*

[root@mail1 cert]# ls
server.crt  server.key  server.key.open


Step 5:   Make entry in /etc/mail/sendmail.mc file

define(`confAUTH_MECHANISMS’, `LOGIN PLAIN’)dnl
define(`confCACERT_PATH’, `/etc/mail/cert’)dnl
define(`confCACERT’, `/etc/mail/cert/server.crt’)dnl
define(`confSERVER_CERT’, `/etc/mail/cert/server.crt’)dnl
define(`confSERVER_KEY’, `/etc/mail/cert/server.key.open’)dnl
define(`confCLIENT_KEY’, `/etc/mail/cert/server.crt’)dnl
FEATURE(delay_checks)dnl


Step 6:  Start Services

# m4 /etc/mail/sendmail.mc >/etc/mail/sendmail.cf
# service sendmail restart
# service saslauthd restart
# chkconfig saslauthd on


Step 7:  Configure Outlook

mail3mail7 mail4

 

 

 

 

 

 

 

Now we can send mails through ssl encryption, to verify , view the logs

 

# tail -f /var/log/maillog
May 18 00:10:27 mail1 sendmail[17817]: STARTTLS=client, relay=gmail-smtp-in.l.google.com., 
version=TLSv1/SSLv3, verify=FAIL, cipher=RC4-SHA, bits=128/128
May 18 00:10:30 mail1 sendmail[17817]: t4HIeEXG017815: to=<kvitsales@gmail.com>,
 ctladdr=<vikas@linuxgateway.in> (500/500), delay=00:00:15, xdelay=00:00:15, mailer=esmtp, pri=122731, relay=gmail-smtp-in.l.google.com. [74.125.68.27], dsn=2.0.0, stat=Sent (OK 1431868261 ft4si11391940pbb.61 - gsmtp)

 

 Enable Submission Port 587 (Alternate Port  to sending Emails )

To check the port

[root@mail1 mail]# telnet 192.168.1.254 587
Trying 192.168.1.254…
telnet: connect to address 192.168.1.254: Connection refused
telnet: Unable to connect to remote host: Connection refused
[root@mail1 mail]#

not working initially , now need to tweak /etc/mail/sendmail.mc to enable this.

#cd /etc/mail

To enable submission access on port 587 in sendmail, I need to ensure the following are both set in
# vi sendmail.mc
DAEMON_OPTIONS(`Port=smtp, Name=MTA’)dnl
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea’)dnl
Then do:

# m4 sendmail.mc > sendmail.cf
# service sendmail restart

Now it will work on port 587

[root@mail1 mail]# telnet 192.168.1.254 587
Trying 192.168.1.254…
Connected to mail1.linuxgateway.in (192.168.1.254).
Escape character is ‘^]’.
220 mail1.linuxgateway.in ESMTP Sendmail 8.13.8/8.13.8; Mon, 18 May 2015 00:39:21 +0530

Note: We can send mails through port no 587,  Where  port 25 is blocked by security reasons

 

CEO, KV IT-Solutions Pvt. Ltd. | vikas@kvit.in | 9810028374|
Linux Professional and an Industrial Trainer | 20 + years Experience in IT Industry

” We are born free, No Gate and Windows can snatch our freedom “

Download PDF

SIMILAR ARTICLES

0 1124

0 790

NO COMMENTS

Leave a Reply

Required Captcha *