|
v3 Top |
v3 Start |
v3 |
v3 Ftp |
v3 Web |
v3 Ports |
v3 Shell |
v3 User |
v3 Perl |
v3 Java |
v3 System |
v3 CPX |
Sendmailcert TLS / SSL 上でのイーメール
インストールに関しては Sendmailcert を参照ください。
イーメールクライアントの設定に関しては イーメールを SSL で使う を参照ください。
以下は、sendmailcert のマニュアルページの一部です。最新のものは、サーバー上で # man sendmailcert を実行し読むことができます。
SENDMAILCERT(1) SENDMAILCERT(1)
NAME
sendmailcert - sendmail certificate utility
SYNOPSIS
sendmailcert [options] --help | query | setup | uninstall
DESCRIPTION
sendmailcert creates a self-signed SSL/TLS certificate and configures
sendmail to use it for STARTTLS. Alternately, it can query existing
certificates or uninstall certificates by removing them from the send-
mail configuration.
By using the --mycert/--mykey/--mycacert options, you can also use
sendmailcert to help configure sendmail to use purchased SSL/TLS cer-
tificates.
With STARTTLS configured, sendmail will offer e-mail clients the option
of encrypting user names, passwords and outgoing e-mail sent to the
sendmail server.
KEYWORD ARGUMENTS
sendmailcert requires one of the following keyword arguments:
query
Display information about the currently configured SSL/TLS cer-
tificates.
setup
Create a self-signed certificate and configure sendmail to use the
certificate for STARTTLS. If sendmail is already configured to use
SSL/TLS, sendmailcert will create a new cert and update the send-
mail configuration to use it.
Note: By using the --mycert/--mykey/--mycacert options, setup will
let you specify your own certificate, key and certificate author-
ity (CA) certificate.
uninstall
Remove the certificates from the sendmail configuration. (This
operation modifies only the sendmail configuration; it does not
remove existing certificates from the certs subdirectory.)
OPTIONS
--server=
Override the server's default hostname that appears in the cer-
tificates. If omitted, this option defaults to the value returned
by the hostname command.
Note: The hostname in the certificates should exactly match the
outgoing mail server name specified in e-mail clients. (Otherwise
many clients will display a certificate warning each time an out-
going e-mail is sent.)
sendmailcert verifies that the hostname resolves to some IP
address and exits if name resolution fails.
--country=
Override the 2-character ISO 3166-compliant country code that will
appear in the certificates that are generated. If omitted, this
option defaults to US.
--mycert=
Use a purchased certificate (rather than having sendmailcert gen-
erate one that is self-signed) by specifying its file name
(including complete path). If the file is not in the certs subdi-
rectory of the directory that contains sendmail.cf, sendmailcert
will copy it there. If you specify the --mycert option, you must
also specify --mykey and --mycacert.
--mykey=
If using a purchased certificate (specified with the --mycert
option, you must also specify the name (with complete path) of the
file that contains the private key for your certificate.
--mycacert=
If using a purchased certificate (specified with the --mycert
option, you must also specify the name (with complete path) of the
file that contains the certificate of the Certificate Authority
(CA) that issued the certificate.
Note: Certificate Authorities don't commonly send their own SSL
certificate when they issue certificates to buyers. They will gen-
erally post their certificate on their web site. (You will need to
download a copy to the server being configured.)
--cfdir=
Override the full path to the directory that contains the send-
mail.cf file and macro configuration (mc) files. If this option is
omitted, sendmailcert will query the sendmail executable for the
directory. If that fails, the option will default to /etc/mail.
--help
Display this help page.
EXAMPLES
# sendmailcert setup
Will generate a self-signed SSL/TLS certificate and configure sendmail
to use STARTTLS.
# sendmailcert query
Will display information about the current SSL/TLS configuration.
# sendmailcert uninstall
Will remove SSL/TLS configuration lines from the sendmail.cf file.
(It will not remove existing certificates from the file system.)
NOTES
To verify that the sendmail executable is compiled to support STARTTLS,
issue this command (as root):
# sendmail -d0.1 < /dev/null | grep STARTTLS
Output should include the substring "STARTTLS".
To verify that the configuration works, telnet to port 25 or 587, and
see if sendmail offers STARTTLS in its greeting (in response to your
"ehlo" command). Here is a sample session:
% telnet mail.example.com 587
Trying 192.168.234.35...
Connected to mail.example.com.
Escape character is '^]'.
220 mail.example.com ESMTP Sendmail 8.13.1/8.13.1; Thu, 21 Jul
2005 13:30:08 -0700 (MDT)
ehlo client.example.com
250-mail.example.com Hello client.example.com
[192.168.234.5], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-STARTTLS <-- server supports STARTTLS
250-DELIVERBY
250 HELP
quit
221 2.0.0 mail.example.com closing connection
Connection closed by foreign host.
%
To verify sendmail encryption, check /var/log/maillog for entries that
include the string "cipher= bits=".
LIMITATIONS
The sendmail executable must have been compiled to support STARTTLS,
and the openssl executable must be available on the server.
This version of sendmailcert is designed to work with "standard"
FreeBSD sendmail configurations. Support for other platforms and con-
figurations is planned for a future version.
SEE ALSO
sendmail(1), openssl(1)
Documentation for sendmail is available at .
AUTHOR
Weldon Whipple. E-mail suggestions to sendmailcert-suggest@whipple.org.
Copyright (c) 2005 Weldon Whipple and his employers.
perl v5.8.4 2005-07-28 SENDMAILCERT(1)
株式会社サイバービジョンホスティング提供サービス一覧
再販売用レンタルサーバーのSPEEDEX | VPS(仮想専用サーバー) | 共用サーバー | 独自ドメイン取得・運用 | SSLサーバー証明書 | ワイルドカードサーバー証明書 | SEO | Google Apps(TM) | クリエイティブワークの検索エンジン