www.sendmail.org/~ca/email/starttls.html
This document describes the necessary steps to use this feature. Terminology TLS can provide 14 authentication (identification of the communication partner), privacy/confidentiality (communication is not intercepted or eavesdropped), and integrity (message has not been modified). TLS uses different 15 algorithms for encryption, signing, message authentication etc. An 16 introduction to these can also be found in 17 books about cryptography and in 18 RFC 2246 and its list of references. Some important terms used here are: * CA: certificate authority, * cert: a certificate (signed/issued by a CA), * private key: the private key belonging to a cert. For those familiar with public key encryption (and signing), a cert can be considered a signed public key (with associated data to identify an entity). Notice: do not list too many root CAs in that file, otherwise the TLS handshake may fail; The signature of the certificate presented by the other side is checked against these CAs. If one of them issued the certificate, the authentication is considered 20 successful. Moreover, during the TLS handshake, the 21 DNs of these CA certificates are sent to the client so it can properly select a certificate that is signed by one of those CAs. Get a cert (make sure the 22 CN is the fully qualified name of your host) and install it as confSERVER_CERT and the private key as confSERVER_KEY (make sure the file is only readable by root or the trusted user). For simplicity, use the same filenames for confCLIENT_CERT and confCLIENT_KEY, respectively. Otherwise someone/something would have to enter the passphrase each time sendmail is started as server or client. If neither /dev/urandom nor 27 EGD are available, you have to make sure that useful random data is available all the time in confRAND_FILE (use file:' as prefix). If the file hasn't been modified in the last 10 minutes before it is supposed to be used by sendmail the content is considered obsolete. In this case, the PRNG for TLS is only seeded with other random data if the DontBlameSendmail option InsufficientEntropy is set. You can create your own CA: 28 Lutz Jnicke, 29 Gregory Neil Shapiro, and 30 Martin Ouwehand (for Apache, but most of the steps can be used for an MTA too) wrote explanations how to do it. If this doesn't reveal any problems, increase the LogLevel to 14 and try again. Operation STARTTLS can be used to 33 allow relaying based on certificates, and to 34 restrict incoming or outgoing connections. For this purpose, several rulesets are available which require some 35 new macros and the 36 access map. New Macros New macros for SMTP STARTTLS are {cert_issuer} holds the 37 DN of the CA (the cert issuer). PROTOCOL protocol error occurred SOFTWARE problems during the handshake at the TLS level. Relaying SMTP STARTTLS can allow relaying for senders who have successfully authenticated themselves. Otherwise the 40 DN of the issuer is looked up in the 41 access map using the tag CERTISSUER. If it is SUBJECT, the 42 DN of the CERT subject is looked up next in the 43 access map. To make things a bit more flexible (or complicated), the values for {cert_issuer} and {cert_subject} can be optionally modified by regular expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and _CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in rulesets and map lookups, they are modified as follows: each non-printable character and the characters '<', '>', '(', ')', '"', '+' are replaced by their HEX value with a leading '+'. The parameter is the value of {verify} and STARTTLS or MAIL, respectively. If no 44 access map is in use, the connection will be accepted unless {verify} is SOFTWARE, in which case the connection is always aborted. Otherwise, {client_name}/{server_name} is looked up in the 45 access map using the tag TLS_Srv (or TLS_Clt), which is done with the ruleset LookUpDomain. If no entry is found, {client_addr}/{server_addr} is looked up in the 46 access map (same tag, ruleset LookUpAddr). If this doesn't result in an entry either, just the tag is looked up in the 47 access map (included the trailing :). Values for those entries in the 48 access map should be: VERIFY verification must have succeeded VERIFY:bits verification must have succeeded and 49 {cipher_bits} must be greater than or equal bits. ENCR:bits 50 {cipher_bits} must be greater than or equal bits. The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary or permanent error. The number of bits used for the key of the symmetric cipher (here: 3DES) is stored in the macro {auth_ssf}. Received: Header The Received: header reveals whether STARTTLS has been used. Advantages and Limits of TLS STARTTLS has the following advantages: * authentication: client and server of a SMTP connection can be identified. All of these advantages are provided transparently by MTAs without interaction of users. They do not need to have special software installed in their MUAs which additionally must be compatible with the software of the recipient. This is also the reason for several limits: * It does not provide end-to-end encryption, since a user can usually not control the whole transmission. This is in contrast to the use of TLS for http: here the user's client (a WWW browser) connects directly to the server that provides the data. Even then the message might be faked during local delivery. Summary: to get end-to-end privacy, integrity and authentication, end-user software like 65 PGP or 66 S/MIME must be used. This requires at least some knowledge of 67 such software and responsible use by end-users. This MTA seems to understand only SSLv3, but not TLSv1 or the default mode that 76 OpenSSL uses. Please don't use RSARef since there are 79 fully functional RSA implementations available. This is what sendmail (using OpenSSL) does when it acts > as client and no client cert is available. The fix will also be included in the next Windows 2000 service pack after SP2 and is already in Windows Xp 2002 beta. STARTTLS Debugging by Hand A 83 patch has been posted to the 84 OpenSSL mailing list which contains a program similar to s_client to connect to MTAs for testing STARTTLS. Credits The implementation of STARTTLS in sendmail was influenced by the example programs of 85 OpenSSL and the work of 86 Lutz Jnicke.
|