Sending email in a secure, IPv6 world

This is a guide to updating your Linux server for SSL-enabled, IPv6-happy email transmission using sendmail! Here are the things you need to have already:

• An IPv6 address for your server. Your internet hosting provider will be able to provide this to you, if you don't already have one.
• An SSL certificate, signed by a trusted third party.
• Access to your domain's primary DNS editor.
• A working sendmail system!

DNS

Add your IPv6 address to your SPF entry. For example, mine is:

v=spf1 mx a ip6:2a01:4f8:d15:788::2 -all

Add AAAA entries to your DNS. For each A record that you have, add an AAAA record with the value set to your IPV6 address.

sendmail

Edit your sendmail.mc to reference your SSL certificate, eg:

define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/mydomain.crt')dnl
define(`confSERVER_KEY', `/etc/pki/tls/private/mydomain-nopass.key')dnl

Configure and start saslauthd:

service saslauthd start
chkconfig saslauthd on

Run /etc/mail/make, then restart sendmail

After waiting for DNS propagation of your DNS changes, send an email to a gmail address and check your maillog (eg, /var/log/maillog). The log should show verify=OK and "Message accepted for delivery".

Sending a test email:

(echo: subject: test; echo) | /usr/sbin/sendmail -v -Am -i user@example.net

Comments

It's quiet in here...Add your comment

• iPhone SysAdmin Tools
• Life at Blurtit
• Linux Solutions
• Rackspace Cloud Hosting
• Web Programming

Related Reading

• Live Script Run Times for Swinny.net
• Using the Mac Migration Assistant
• Screenshot browser element in Javascript
• CSS method for adding "new window" icon to external links
• NorDevCon 2016
• Inspiring talks on "Digital Creativity"
• PHP-MySQL webserver, post El Capitan
• Get a CentOS Server Web-Ready
• Switching a website to SSL