Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
sendmail server authentication using certificates? No SMTP Auth
99 views
Skip to first unread message
Sachin Gupta
May 9, 2013, 6:09:53 AM5/9/13
to
Hi,
lets take an example:
1. i have a set of clients in a local network, trying to send mails to addresses outside the network.
2. I have a proxy server which hacks all 25 port traffic and redirects it to a locally running sendmail.
3. This sendmail instance will then direct all smtp traffic to an MTA, probably an sendmail server which acts as a gateway.
Now my locally running sendmail acts as a client to the gateway server.
My requirement is that the client sendmail server should authenticate with the server using only certificates and no user name passwords be required in this. if the certificates are verified, the client should be allowed to relay the mails to the server.
How can this be achieved. Whatever i have been able to find till now is that, certificates are used to secure the communication channel between the client and server, over which the auth details (id and passwd) are forwarded to the server.
A client cannot be simply authenticated based on certificates only?
Can this be done?
regards
lets take an example:
1. i have a set of clients in a local network, trying to send mails to addresses outside the network.
2. I have a proxy server which hacks all 25 port traffic and redirects it to a locally running sendmail.
3. This sendmail instance will then direct all smtp traffic to an MTA, probably an sendmail server which acts as a gateway.
Now my locally running sendmail acts as a client to the gateway server.
My requirement is that the client sendmail server should authenticate with the server using only certificates and no user name passwords be required in this. if the certificates are verified, the client should be allowed to relay the mails to the server.
How can this be achieved. Whatever i have been able to find till now is that, certificates are used to secure the communication channel between the client and server, over which the auth details (id and passwd) are forwarded to the server.
A client cannot be simply authenticated based on certificates only?
Can this be done?
regards
Claus Aßmann
May 9, 2013, 9:27:01 AM5/9/13
to
Sachin Gupta wrote:
> A client cannot be simply authenticated based on certificates only?
Please see cf/README, check section STARTTLS, subsection Relaying.
> A client cannot be simply authenticated based on certificates only?
Sachin Gupta
May 10, 2013, 6:08:34 PM5/10/13
to
Hi,
I understand that the STARTTLS is required to exchange the certificates between the sendmails (client and server)
But the sendmail client needs to authenticate the sendmail server.
What settings do i need to make in client sendmail so that the server gets authenticated by the client checking the certificates.
Without any checks, the server will share the certificates with the client sendmail, which will in then use these to encrypt the data over the channel.
I hope i am able to make my self clear for the requirement?
regards
I understand that the STARTTLS is required to exchange the certificates between the sendmails (client and server)
But the sendmail client needs to authenticate the sendmail server.
What settings do i need to make in client sendmail so that the server gets authenticated by the client checking the certificates.
Without any checks, the server will share the certificates with the client sendmail, which will in then use these to encrypt the data over the channel.
I hope i am able to make my self clear for the requirement?
regards
Sachin Gupta
May 10, 2013, 6:30:25 PM5/10/13
to
Please Take a look at the article http://www.dzhang.com/blog/2010/11/19/setting-up-sendmail-to-use-a-client-certificate
Here they are doing a client certificate authentication, but i need to do an server certificate authentication.
Please guide.
Here they are doing a client certificate authentication, but i need to do an server certificate authentication.
Please guide.
0 new messages