Miles Brennan wrote: >Philip Prindeville wrote: > > >>Hi. >> >>I have a mail host that accepts mail externally from untrusted hosts >>on port 25, and internally I'd like to use SMTP-over-SSL over >>port 587 (as per RFC 2476). >>Thanks, >>-Philip >> >> > >I've written a detailed FC5 HOWTO here: >http://www.brennan.id.au/12-Sendmail_Server.html . It's enough to get >you started. > >I haven't had time to do explicit testing and upgrade the HOWTO from >FC5, however most of the configs are still FC6 compatible. > >Cheers, >Miles > > Gave it a gander, thanks. But I still have a couple of questions. This is to use TLS (port 465), right? Not SMTP-over-SSL on port 587. My understanding was that TLS was deprecated, and that a lot of UA's didn't do it correctly. Also, when you have client sendmail's running, how do you configure them to use the certificate to authenticate themselves with the mailhost? I tried changing the stock submit.mc to: ... define(`confCLIENT_CERT',`/etc/pki/tls/certs/sendmail.pem')dnl define(`confCLIENT_KEY',`/etc/pki/tls/certs/sendmail.pem')dnl dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1] FEATURE(`msp', `[192.168.1.3]', `MSA')dnl but no joy. What am I missing? Oh, and I copied the sendmail.pem file from the server to the client as well. -Philip