Advanced Sendmail Part 1

Slides:



Advertisements
Similar presentations
CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved AOS & CPPM INTEGRATION CONFIGURATION & TESTING EAP TLS & EAP PEAP by Abilash Soundararajan.
Advertisements

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Chapter 8 Web Security.
TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.
Apache Security with SSL Using FreeBSD SANOG VI IP Services Workshop July 18, 2005 Hervey Allen Network Startup Resource Center.
Secure Sockets Layer (SSL) Fred Schank Kevin Wetter.
Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison Securing Your Condor Pool With SSL.
SSL Technology Overview and Troubleshooting Tips.
CSCI 6962: Server-side Design and Programming
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Electronic Payment Systems. How do we make an electronic payment? Credit and debit cards Smart cards Electronic cash (digital cash) Electronic wallets.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
1 Apache and Virtual Sites and SSL Dorcas Muthoni.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Types of Electronic Infection
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina.
Windows 2000 Certificate Authority By Saunders Roesser.
Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)
PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
Lemon security. Previous security enhancements user lemon: lemon-db-admin-OraMon will create user lemon (Miro). - OraMon switches to user lemon at its.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Apache with SSL building from source
Module 8: Securing Network Traffic by Using IPSec and Certificates
Using SSL – Secure Socket Layer
Created by : Ashish Shah, J.M. PATEL COLLEGE OF COMMERCE
The Secure Sockets Layer (SSL) Protocol
Created by : Ashish Shah, J.M. PATEL COLLEGE OF COMMERCE
Module 8: Securing Network Traffic by Using IPSec and Certificates
Transport Layer Security (TLS)
Unit 8 Network Security.
Electronic Payment Security Technologies
Presentation transcript:

Advanced Sendmail 8.13.3 Part 1 STARTTLS Advanced Sendmail 8.13.3 Part 1 April 25, 2017 September 2005

Advanced Sendmail 8.13.3 Part 1 STARTTLS: Objectives Advanced Sendmail 8.13.3 Part 1 Define STARTTLS and the reasons for using it Describe how the SSL protocol works Identify the STARTTLS configuration variables Describe how the Sendmail clients and servers determine whether a server supports STARTTLS Identify how to set up a private certificate authority (CA) Describe how to use gen_cf to create a configuration file for STARTTLS Describe the line that must be added to the access file. April 25, 2017 September 2005

Advanced Sendmail 8.13.3 Part 1 STARTTLS Advanced Sendmail 8.13.3 Part 1 STARTTLS is the SMTP command to "Start Transport Layer Security”; or in other words to turn on Secure Socket Layer (SSL). Transport Layer Security (TLS) provides authentication (identification), privacy, confidentiality, and integrity for securing a mail transaction. TLS uses different STARTTLS algorithms for encryption, signing, and message authentication. To use Sendmail with STARTTLS, you must install the OpenSSL software on your system from http://www.software.hp.com. You can use the /usr/newconfig/etc/mail/cf/cf/gen_cf script to generate the sendmail.cf configuration file that supports the STARTTLS feature. HP only supports STARTTLS if used in conjunction with the access database. HP does not support the use of custom rulesets. April 25, 2017 September 2005

Step by Step SSL Protocol Advanced Sendmail 8.13.3 Part 1 Server Certificate Client suggests/requests information from the SSL server SSL client (e.g. browser) SSL server April 25, 2017 September 2005

Step by Step SSL Protocol (cont’d) Advanced Sendmail 8.13.3 Part 1 Server Certificate Server responds with its digital certificate and encryption preferences. Encryption level negotiation complete. SSL client (e.g. browser) SSL server April 25, 2017 September 2005

Step by Step SSL Protocol (cont’d) Advanced Sendmail 8.13.3 Part 1 Server Certificate 1) Client verifies the server certificate 2) It computes a shared secret session key 3) It encrypts the shared secret session key using the master’s public key and sends it to the server SSL client (e.g. browser) SSL server April 25, 2017 September 2005

Step by Step SSL Protocol (cont’d) Advanced Sendmail 8.13.3 Part 1 Server decrypts the master public key and computes shared session key Server Certificate Server Certificate SSL client (e.g. browser) SSL server Additional Notes It is important to note that the generated shared secret session key is encrypted before being sent to the server so nobody can “steal” it. April 25, 2017 September 2005

Step by Step SSL Protocol (cont’d) Advanced Sendmail 8.13.3 Part 1 Server Certificate Server Certificate Client and server exchange encrypted data using the shared session key SSL client (e.g. browser) SSL server April 25, 2017 September 2005

STARTTLS configuration variables Advanced Sendmail 8.13.3 Part 1 UseTLS - Enables the TLS handshake in the SMTP transaction. CERT_DIR - Specifies the directory for storing Sendmail certificates. CACERT_PATH - Specifies the path that stores the certificates of all the Certificate Authorities known to the Sendmail server. CACertFile - Specifies the file containing the certificate of the Certificate Authority that issued the certificate of the Sendmail server. ServerCertFile and ClientCertfile - Refers to the server and client certificate. ServerkeyFile and Clientkeyfile - Specifies the private keys that correspond to the certificates of the Sendmail server and the Sendmail client. Additional information about configuration variables You can set the UseTLS variable to either True or False. For example: O UseTLS=True The CERT_DIR variable may be set as follows: # CA directory O CACertPath=/etc/mail/certs/ The SERVER_CERTand CLIENT_CERT variables indicate that the certificate of the server is used when acting as a server and when acting as a client. For example: # Server Cert O ServerCertFile=/etc/mail/certs/oldcert.pem # Client Cert O ClientCertFile=/etc/mail/certs/oldcert.pem The SERVER_KEYand CLIENT_KEY variables are shown as follows: For example: # Server private key O ServerKeyFile=/etc/mail/certs/oldreq.pem # Client private key O ClientKeyFile=/etc/mail/certs/oldreq.pem April 25, 2017 September 2005

When Sendmail is a Server Advanced Sendmail 8.13.3 Part 1 When Sendmail is a Client Clients issue the EHLO command during an SMTP session to determine whether the server supports STARTTLS. If the server supports STARTTLS, it will include it in the list of commands the client can issue. ehlo localhost 250-inet16.india.hp.com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-STARTTLS <<<<<<<< Note 250-DELIVERBY 250 HELP If the "next" mail server offers "STARTTLS" as one of its allowed commands, our Sendmail (which has been compiled to support STARTTLS) will always accept the offer and issue a STARTTLS command--even if it has no certificates configured! Jun 14 10:02:33 inet16 sm-mta[11679]: i5E4WXu0011679: <-- STARTTLS Jun 14 10:02:33 inet16 sm-mta[11679]: i5E4WXu0011679: --- 220 2.0.0 Ready to start TLS Jun 14 10:02:35 inet16 sm-mta[11679]: STARTTLS: cert verify: depth=0 C=IN/ST=Karnataka/L=Bangalore/O=Hewlett- Packard/OU=STSD/CN=inet14.india.hp.com/emailAddress=mganesh@india.hp.com, state=0,reason=self signed certificate Jun 14 10:02:35 inet16 sm-mta[11679]: STARTTLS=server, get_verify: 18 get_peer: 0x40082b30 Jun 14 10:02:35 inet16 sm-mta[11679]: STARTTLS=server, relay=inet14.india.hp.com [15.70.189.227], version=TLSv1/SSLv3, verif y=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jun 14 10:02:35 inet16 sm-mta[11679]: STARTTLS=server, certsubject=/ cert-issuer=/C=IN/ST=Karnataka/L=Bangalore/O=Hewlett- Packard/OU=STSD/CN=inet14.india.hp.com/emailAddress=mganesh@india.hp.com Jun 14 10:02:35 inet16 sm-mta[11679]: AUTH: available mech=EXTERNAL, allowed mech=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 April 25, 2017 September 2005

Advanced Sendmail 8.13.3 Part 1 STARTTLS set up Advanced Sendmail 8.13.3 Part 1 Warning: do not use sendmail –bs for testing the STARTTLS set up. The set up discussed in this class uses a private CA (certificate authority). Private CAs are often used for STARTTLS within a company. Install OpenSSL on the Sendmail server that will be the private CA. You can download OpenSSL from software.hp.com (security and manageability, OPENSSL). Setting up a private CA is for example use only. Always consider a commercial CA prior to using a private CA. Building a private CA is the most complex method of signing certificates. Evaluate alternatives to choose the approach suitable for the situation. The cacert.pem file You will see the cacert.pem file created in this procedure. This file is the certificate created for the certificate authority. This public key will be distributed to the Sendmail systems that recognize this CA, and it will be referenced in their configurations. When you create a private CA to sign certificates for Sendmail, it is common to make this the root CA in the Sendmail configuration. April 25, 2017 September 2005

Set up a private CA on the Sendmail Server Advanced Sendmail 8.13.3 Part 1 # cd /etc/mail # mkdir certs # cd certs # /opt/openssl/misc/CA.sh – newca (see notes for output on this command) # mv demoCA CA # cd CA # chmod 0700 private # cp /opt/openssl/openssl.cnf sendmailssl.cnf vi sendmailssl.cnf Change dir =./demoCA To dir =./etc/mail/certs/CA Step 4 Output CA certificate filename (or enter to create) "press enter" Making CA certificate ... Generating a 1024 bit RSA private key ..................................................................................................++++++ ................................++++++ writing new private key to './demoCA/private/./cakey.pem' Enter PEM pass phrase: "enter a secret word, record it for later" Verifying - Enter PEM pass phrase: "" ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Georgia Locality Name (eg, city) []:Atlanta Organization Name (eg, company) [Internet Widgits Pty Ltd]:HP Organizational Unit Name (eg, section) []:<enter> Common Name (eg, YOUR name) []:wtecd350.atl.hp.com "Use the system name" Email Address []:root@wtecd350.atl.hp.com Step 5 The directory structure called demoCA contains the files needed for the private CA, the name is changed to something that sounds less temporary, in this case it is changed to CA. Step 7 The security is tightened on the private directory which holds the certificate authority’s private key. April 25, 2017 September 2005

Create certificate request (csr) Advanced Sendmail 8.13.3 Part 1 # cd /etc/mail # mkdir certs # umask 0066 # openssl req –nodes –new –x509 –keyout key.pem –out newcert.pem (see notes for output on this command) # openssl x509 –x509toreq –in newcert.pem –signkey key.pem –out csr.pem FTP/move the csr.pem to the CA host (wtecd350.atl.hp.com) in the /etc/mail/certs/CA directory. Step 4 Output Generating a 1024 bit RSA private key .......++++++ ...................................................++++++ writing new private key to 'key.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Georgia Locality Name (eg, city) []:Atlanta Organization Name (eg, company) [Internet Widgits Pty Ltd]:HP Organizational Unit Name (eg, section) []:<enter> Common Name (eg, YOUR name) []:wtecd350.atl.hp.com Email Address []:root@wtecd350.atl.hp.com Output from Step 5 Getting request Private Key Generating certificate request Regarding Step 6, if If you have two servers (rather than one as we do in this example), you create the certificate on both servers and FTP the certificates to the CA. The certificates would need to be signed on the CA and FTP’d back to the original server. April 25, 2017 September 2005

Sign the certificate request (csr) Advanced Sendmail 8.13.3 Part 1 # cd /etc/mail/certs/CA # openssl ca –config ./sendmailssl.cnf –policy policy_anything –out cert.pem –infiles csr.pem (see output in notes) Move/FTP the cert.pem to the /etc/mail/certs directory on the Sendmail host. Move/FTP the CA/cacert.pem to the /etc/mail/certs/CA directory on the Sendmail host. # cd /etc/mail # chmod –R 600 certs Additional notes Step 2 Output Using configuration from ./sendmailssl.cnf Enter pass phrase for /etc/mail/certs/CA/private/cakey.pem: "the secret word when you created CA" Check that the request matches the signature Signature ok Certificate Details:     Serial Number: 1 (0x1)     Validity         Not Before: May 1 04:49:41 2005 GMT         Not After : May 1 04:49:41 2006 GMT     Subject:         countryName = US         stateOrProvinceName = Georgia         localityName = Atlanta         organizationName = HP     commonName = wtecd350.atl.hp.com     emailAddress = root@wtecd350.atl.hp.com X509v3 extensions:     X509v3 Basic Constraints:     CA:FALSE     Netscape Comment:     OpenSSL Generated Certificate X509v3 Subject Key Identifier:     B1:C4:FF:E8:55:EE:DB:B8:5C:8E:40:9B:33:74:0C:4F:9A:A7:58:3D X509v3 Authority Key Identifier:         keyid:48:B2:FF:06:F3:47:88:81:8E:85:A4:16:29:BF:8D:73:8B:4E:6D:9D       DirName:/C=US/ST=Georgia/L=Atlanta/O=HP/CN=wtecd350.atl.hp.com/emailAddress=root@wtecd350.atl.hp.com      serial:BE:EA:34:CA:BE:73:80:26 Certificate is to be certified until May 1 04:49:41 2006 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated April 25, 2017 September 2005

Create a configuration file for STARTTLS Advanced Sendmail 8.13.3 Part 1 The following steps are taken to run gen_cf to create a configuration file for STARTTLS. # cd /usr/newconfig/etc/mail/cf/cf ./gen_cf 4: Security Options 2: STARTTLS 3: Anti-spamming Options 1: Access DB 5: Generate sendmail.cf Backup the sendmail.cf file: cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf/bak Move the sendmail.cf.gen file to the /etc/mail directory cp /usr/newconfig/etc.mail/cf/cf/sendmail.cf.gen Output from Step 2e Do you want to continue and build the configuration file? Press any to continue or [n/N] to unset all options NOTE: To enable Starttls the sendmail.cf file needs to be changed. To enable Starttls the following options need to be enabled: UseTLS, CACertFile, ServerCertFile, ServerKeyFile, ClientCertFile and ClientKeyFile. The current value of these variables in the sendmail.cf are: UseTLS : Commented CACertFile : Commented ServerCertFile : Commented ServerKeyFile : Commented ClientCertFile : Commented ClientKeyFile : Commented April 25, 2017 September 2005

Sendmail.cf file configuration additions and changes Advanced Sendmail 8.13.3 Part 1 Important note: There is a bug with the /dev/random file. If you have a /dev/random file and a /dev/urandom file add the following to the sendmail.cf: O RandFile=egd:/dev/random Modify the following parameter: O UseTLS=True April 25, 2017 September 2005

Allow relaying based on the CA - configuration file changes Advanced Sendmail 8.13.3 Part 1 To allow relaying based on the CA the following changes need to be made to the sendmail.cf configuration file STARTTLS parameters. O UseTLS=True O CACertPath=/etc/mail/certs O CACertFile=/etc/mail/certs/CA/cacert.pem O ServerCertFile=/etc/mail/certs/cert.pem O ServerKeyFile=/etc/mail/certs/key.pem O ClientCertFile=/etc/mail/certs/cert.pem O ClientKeyFile=/etc/mail/certs/key.pem # O CRLFile=/etc/mail/certs/crlf April 25, 2017 September 2005

Example - Sendmail STARTTLS relay based on CA Issuer Advanced Sendmail 8.13.3 Part 1 Following is an example set up using linux to linux systems. The two systems are as follows: linux1.ban.hp.com: This is the sending system linux4.ban.hp.com: This is the relaying system On the linux1.ban.hp.com system the configuration parameters are set as follows: O CACertPath=/etc/mail/certs O CACertFile=/etc/mail/certs/CA/cacert.pem O ServerCertFile=/etc/mail/certs/cert.pem O ServerKeyFile=/etc/mail/certs/key.pem O ClientCertFile=/etc/mail/certs/cert.pem O ClientKeyFile=/etc/mail/certs/key.pem # “Smart” relay host (may be null) DSlinux4.ban.hp.com April 25, 2017 September 2005

Advanced Sendmail 8.13.3 Part 1 Test the Relay Advanced Sendmail 8.13.3 Part 1 On the linux1 system the following command is entered to test the relay: [root@linux mail] # echo “Subject: test starttls” | sendmail –v –oL99 ban@atl.hp.com (The log level of 99 is turned on to see maximum logging for some of the STARTTLS output; this is done by turning on -oL99 ) Example output ban@atl.hp.com... Connecting to linux4.ban.hp.com. via relay... 220 linux4.ban.hp.com ESMTP Sendmail 8.12.11/8.12.11; Sun, 1 May 2005 11:20:42 -0400 >>> EHLO linux 250-linux4.ban.hp.com Hello linux1.ban.hp.com [192.168.1.7], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH GSSAPI 250-STARTTLS 250-DELIVERBY 250 HELP >>> STARTTLS 220 2.0.0 Ready to start TLS >>> EHLO linux 250-linux4.ban.hp.com Hello linux1.ban.hp.com [192.168.1.7], pleased to meet you 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH EXTERNAL GSSAPI >>> MAIL From:<root@hp.com> SIZE=23 250 2.1.0 <root@hp.com>... Sender ok >>> RCPT To:<ban@atl.hp.com> >>> DATA 250 2.1.5 <ban@atl.hp.com>... Recipient ok 354 Enter mail, end with "." on a line by itself >>> . 250 2.0.0 j41FKgJV003083 Message accepted for delivery ban@atl.hp.com... Sent (j41FKgJV003083 Message accepted for delivery) Closing connection to linux4.ban.hp.com. >>> QUIT 221 2.0.0 linux4.ban.hp.com closing connection April 25, 2017 September 2005

The /var/log/maillog output Advanced Sendmail 8.13.3 Part 1 A look at the /var/log/mailog output shows the relay that is used. May 1 11:53:49 linux sendmail[1543]: STARTTLS=client, init=1 May 1 11:53:49 linux sendmail[1543]: STARTTLS=client, start=ok May 1 11:53:49 linux sendmail[1543]: STARTTLS=client, get_verify: 0 get_peer: 0x8149538 May 1 11:53:49 linux sendmail[1543]: STARTTLS=client, relay=linux4.ban.hp.com., version=TLSv1/SSLv3, verify=OK, cipher=EDH-RSA-DES CBC3-SHA, bits=168/168 May 1 11:53:49 linux sendmail[1543]: STARTTLS=client, cert-subject=/C=US/ST=Georgia/L=Atlanta/O=HP/CN=linux4.ban.hp.com/ Email=root@linux4.ban.hp.com, cert-issuer=/C=US/ST=Georgia/L=Atlanta/O=HP/CN=unix.ban.hp.com/ Email=root@unix.ban.hp.com, verifymsg=ok Continuation of output May 1 11:53:50 linux sendmail[1543]: j41Frn6h001543: to=ban@atl.hp.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, maile =relay, pri=30023, relay=linux4.ban.hp.com. [192.168.1.31], dsn=2.0.0, stat=Sent (j41G99fb003201 Message accepted for delivery)  April 25, 2017 September 2005

Add a line to the access database Advanced Sendmail 8.13.3 Part 1 On the linux4 (relay system) you must add the following line to the access file and then rebuild the access database. CERTISSUER:/C=US/ST=Georgia/L=Atlanta/O=HP/CN=unix.ban.hp.com/emailAddress=root@unix.ban.hp.com RELAY Note that the email tag is emailAddress. Make sure you add emailAddress to the access database. (see additional notes for output that represents an incoming email message) Incoming email message representation May 1 12:09:09 linux4 sendmail[3201]: STARTTLS=server, get_verify: 0 get_peer: 0x8960538 May 1 12:09:09 linux4 sendmail[3201]: STARTTLS=server, relay=linux1.ban.hp.com [192.168.1.7], version=TLSv1/SSLv3, verify=OK, cipher=EDH-RSA-DES-CBC3-SHA, bits=168/168 cert-subject=/C=US/ST=Georgia/L=Atlanta/O=HP/CN=linux1.ban.hp.com/ emailAddress=root@linux1.ban.hp.com, cert-issuer=/C=US/ST=Georgia/L=Atlanta/O=HP/CN=unix.ban.hp.com/ emailAddress=root@unix.ban.hp.com May 1 12:09:09 linux4 sendmail[3201]: AUTH: available mech=PLAIN LOGIN GSSAPI ANONYMOUS EXTERNAL, allowed mech=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 April 25, 2017 September 2005

Advanced Sendmail 8.13.3 Part 1 April 25, 2017 September 2005

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.