Internet Express for Tru64 UNIX Version 6.10 Administration Guide (5900-1418, March 2011)
1. Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source
Configuration Rules.
2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.
3. On the Configure Sendmail Server menu, make sure that Server is selected and click on
Configure.
4. From the Configure Sendmail Server menu, choose Configure Trusted Layer Security (TLS).
A form is displayed, showing the current performance values.
5. Click in the Enable TLS for Server Connections checkbox to enable TLS.
6. Modify the values in the fields as desired. See Table 11.
7. Click in the Disable Client Verification checkbox to disable client verification,
8. Click Submit.
In addition, all remote systems that the server will connect to using TLS, must enable TLS to complete
the transmission loop in a secure manner.
After the fields are completed, TLS support can be enabled. To debug a non-working connection,
check the mail log for error messages.
Enabling Support Using the Access Database
Secure connections to servers and clients can be defined by adding lines to the access database
(access db text file) and then running makemap to create the updated access_db file.
Here are four examples that offer or do not offer TLS support for certain connections. Each line
illustrates the line format used in the access database. The line format for the text file is:
First field <tab> second field <tab> third field
By default, STARTLS is requested on all outgoing connections and offered on incoming connections
when certificates are configured. By placing a line in the access database, STARTLS can be turned
off.
Try_TLS: general.mymachine.com YES
Try_TLS: mymachine.com NO
Try_TLS: 42.0 NO
Try_TLS: 127.0 NO
Here, STARTLS is offered to general.mymachine.com. It is not offered to mymachine.com,
any address starting with 42.0 or 127.0
To turn on TLS support for connecting as a client, the access_db line format is as follows:
VERIFY
TLS_Srv: host-name or address ENCR:bits
VERIFY:BITS
The third fields shown here are optional.
To turn on TLS support for connecting as the server the access_db file format line is:
VERIFY
TLS_Clt: host-name or address ENCR:bits
VERIFY:bits
The third fields shown here are optional.
Here are some additional client examples:
Access database text line
StartTLS connection as client to system abcTLS_Serv:abc.hp.com
StartTLS connection and certificate verification requiredTLS_Serv:abc.hp.com VERIFY
Must encrypt with at least 64 bitsTLS_Serv:abc.hp.com ENCR:64
Certificate verification and encryption strength of at least 64 bitsTLS_Serv:abc.hp.com VERIFY:64
116 Mail Delivery Administration