Top

ドメイン名入門
入門ガイド
管理ガイド基礎
[Email]
  alias
  procmail
  M4 Macro
  SPAM防止
    SpamAssassin
    vinstallログ
    accessファイル
  Anti-Virus
  メールリスト
    Mailman
      VHostで利用
      リスト作成
    Majordomo
      インストール
      リスト作成
      MajorCool
  暗号化ツール
    SSL上での利用
    PGP
      暗号化PGP
      暗号化GnuPG
  自動返信メール
  virtusertable
[FTP]
[Web]
[Ports]
[Shell]
[User]
[iManager]
[CPX]
[Webmin]
管理上級編
v2
Top 		v2
Start 		v2
Email 		v2
Ftp 		v2
Web 		v2
Ports 		v2
Shell 		v2
User 		v2
Perl 		v2
Java 		v2
System 		v2
iManager 		v2
CPX


Sendmailcert TLS / SSL 上でのイーメール

本ページは 2006-08-25 更新されました

注意: このページは、レンタルサーバー SPEEDEX VPS v2 の技術サポートです。
2009年6月現在、VPS v2 の新規オーダーを受けしておりますが、 VPS v3 の採用をお勧めします。
現在提供中のサービスについては SPEEDEX のメニューページを参照ください。
SPEEDEX VPS v1 サーバーご利用の場合は v1 サーバーサポートページを参照ください。
SPEEDEX VPS v3 サーバーご利用の場合は v3 サーバーサポートページを参照ください。
SPEEDEX OneDom サーバーご利用の場合は OneDom サーバーサポートページを参照ください。

注意: Outlook と Norton Anti-Virus のようなアンチウイルスソフトウエアを使っている場合 TLS 上でのメール送受信でエラーが発生することがあります。

インストールに関しては Sendmailcert を参照ください。

イーメールクライアントの設定に関しては イーメールを SSL で使う を参照ください。

以下は、sendmailcert のマニュアルページの一部です。最新のものは、サーバー上で # man sendmailcert を実行し読むことができます。

SENDMAILCERT(1) SENDMAILCERT(1)









NAME


  sendmailcert - sendmail certificate utility




SYNOPSIS


  sendmailcert [options] --help | query | setup | uninstall




DESCRIPTION


  sendmailcert creates a self-signed SSL/TLS certificate and


  configures sendmail to use it for STARTTLS. Alternately,


  it can query existing certificates or uninstall certifi-


  cates by removing them from the sendmail configuration.




 By using the --mycert/--mykey/--mycacert options, you can


  also use sendmailcert to help configure sendmail to use


  purchased SSL/TLS certificates.




 With STARTTLS configured, sendmail will offer e-mail


  clients the option of encrypting user names, passwords and


  outgoing e-mail sent to the sendmail server.




KEYWORD ARGUMENTS


  sendmailcert requires one of the following keyword argu-


  ments:




 query


  Display information about the currently configured


  SSL/TLS certificates.




 setup


  Create a self-signed certificate and configure send-


  mail to use the certificate for STARTTLS. If sendmail


  is already configured to use SSL/TLS, sendmailcert


  will create a new cert and update the sendmail con-


  figuration to use it.




 Note: By using the --mycert/--mykey/--mycacert


  options, setup will let you specify your own certifi-


  cate, key and certificate authority (CA) certificate.




 uninstall


  Remove the certificates from the sendmail configura-


  tion. (This operation modifies only the sendmail con-


  figuration; it does not remove existing certificates


  from the certs subdirectory.)




OPTIONS


  --server=<hostname>


  Override the server's default hostname that appears


  in the certificates. If omitted, this option defaults


  to the value returned by the hostname command.




 Note: The hostname in the certificates should exactly


  match the outgoing mail server name specified in


  e-mail clients. (Otherwise many clients will display


  a certificate warning each time an outgoing e-mail is


  sent.)




 sendmailcert verifies that the hostname resolves to


  some IP address and exits if name resolution fails.




 --country=<XX>


  Override the 2-character ISO 3166-compliant country


  code that will appear in the certificates that are


  generated. If omitted, this option defaults to US.




 --mycert=<filename>


  Use a purchased certificate (rather than having send-


  mailcert generate one that is self-signed) by speci-


  fying its file name (including complete path). If the


  file is not in the certs subdirectory of the direc-


  tory that contains sendmail.cf, sendmailcert will


  copy it there. If you specify the --mycert option,


  you must also specify --mykey and --mycacert.




 --mykey=<filename>


  If using a purchased certificate (specified with the


  --mycert option, you must also specify the name (with


  complete path) of the file that contains the private


  key for your certificate.




 --mycacert=<filename>


  If using a purchased certificate (specified with the


  --mycert option, you must also specify the name (with


  complete path) of the file that contains the certifi-


  cate of the Certificate Authority (CA) that issued


  the certificate.




 Note: Certificate Authorities don't commonly send


  their own SSL certificate when they issue certifi-


  cates to buyers. They will generally post their cer-


  tificate on their web site. (You will need to down-


  load a copy to the server being configured.)




 --cfdir=<path>


  Override the full path to the directory that contains


  the sendmail.cf file and macro configuration (mc)


  files. If this option is omitted, sendmailcert will


  query the sendmail executable for the directory. If


  that fails, the option will default to /etc/mail.




 --help


  Display this help page.




EXAMPLES


  # sendmailcert setup




 Will generate a self-signed SSL/TLS certificate and con-


  figure sendmail to use STARTTLS.




 # sendmailcert query




 Will display information about the current SSL/TLS config-


  uration.




 # sendmailcert uninstall




 Will remove SSL/TLS configuration lines from the send-


  mail.cf file. (It will not remove existing certificates


  from the file system.)




NOTES


  To verify that the sendmail executable is compiled to sup-


  port STARTTLS, issue this command (as root):




 # sendmail -d0.1 < /dev/null | grep STARTTLS




 Output should include the substring "STARTTLS".




 To verify that the configuration works, telnet to port 25


  or 587, and see if sendmail offers STARTTLS in its greet-


  ing (in response to your "ehlo" command). Here is a sample


  session:




 % telnet mail.example.com 587


  Trying 192.168.234.35...


  Connected to mail.example.com.


  Escape character is '^]'.


  220 mail.example.com ESMTP Sendmail 8.13.1/8.13.1; Thu, 21 Jul


  2005 13:30:08 -0700 (MDT)




 ehlo client.example.com


  250-mail.example.com Hello client.example.com


  [192.168.234.5], pleased to meet you


  250-ENHANCEDSTATUSCODES


  250-PIPELINING


  250-8BITMIME


  250-SIZE


  250-DSN


  250-STARTTLS <-- server supports STARTTLS


  250-DELIVERBY


  250 HELP




 quit


  221 2.0.0 mail.example.com closing connection


  Connection closed by foreign host.


  %




 To verify sendmail encryption, check /var/log/maillog for


  entries that include the string "cipher=<value> bits=<num-


  ber>".




LIMITATIONS


  The sendmail executable must have been compiled to support


  STARTTLS, and the openssl executable must be available on


  the server.




 This version of sendmailcert is designed to work with


  "standard" FreeBSD sendmail configurations. Support for


  other platforms and configurations is planned for a future


  version.




SEE ALSO


  sendmail(1), openssl(1)




 Documentation for sendmail is available at


  <http://www.sendmail.org/>. Sendmail's STARTTLS support is


  also documented in the book sendmail, 3rd ed., by Bryan


  Costales and Eric Allman (O'Reilly, c2003, ISBN


  1-56592-839-3), pp. 415-428. (Documentation for OpenSSL is


  available at <http://www.openssl.org/>.




 This script implements (more or less) the configuration


  described in my document at <http://technoids.org/starttl-


  stut.html>.




AUTHOR


  Weldon Whipple. E-mail suggestions to sendmailcert-sug-


  gest@whipple.org.




 Copyright (c) 2005 Weldon Whipple and his employers.









perl v5.8.4 2005-07-28 SENDMAILCERT(1)
SPEEDEX サポートポリシー
Copyright @ Cyber Vision Hosting Co., Ltd. All rights reserved.
Email: support@speedex.ne.jp


株式会社サイバービジョンホスティング提供サービス一覧
再販売用レンタルサーバーのSPEEDEX | VPS(仮想専用サーバー) | 共用サーバー | 独自ドメイン取得・運用 | SSLサーバー証明書 | ワイルドカードサーバー証明書 | SEO | Google Apps(TM) | クリエイティブワークの検索エンジン