Sending email in a secure, IPv6 world

This is a guide to updating your Linux server for SSL-enabled, IPv6-happy email transmission using sendmail! Here are the things you need to have already:

  • An IPv6 address for your server. Your internet hosting provider will be able to provide this to you, if you don't already have one.
  • An SSL certificate, signed by a trusted third party.
  • Access to your domain's primary DNS editor.
  • A working sendmail system!

DNS

Add your IPv6 address to your SPF entry. For example, mine is:

v=spf1 mx a ip6:2a01:4f8:d15:788::2 -all

Add AAAA entries to your DNS. For each A record that you have, add an AAAA record with the value set to your IPV6 address.

sendmail

Edit your sendmail.mc to reference your SSL certificate, eg:

define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/mydomain.crt')dnl
define(`confSERVER_KEY', `/etc/pki/tls/private/mydomain-nopass.key')dnl

Configure and start saslauthd:

service saslauthd start
chkconfig saslauthd on
Run /etc/mail/make, then restart sendmail

After waiting for DNS propagation of your DNS changes, send an email to a gmail address and check your maillog (eg, /var/log/maillog). The log should show verify=OK and "Message accepted for delivery".

Sending a test email:

(echo: subject: test; echo) | /usr/sbin/sendmail -v -Am -i user@example.net


Comments

It's quiet in here...Add your comment