debian/examples/tls/starttls.m4


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

divert(-1)dnl
#-----------------------------------------------------------------------------
# $Sendmail: starttls.m4,v 8.14.3 2009-02-28 22:32:11 cowboy Exp $
#
# Copyright (c) 2002-2009 Richard Nelson.  All Rights Reserved.
#
# examples/tls/starttls.m4.  Generated from starttls.m4.in by configure.
#
# starttls.m4 m4 file to support user->MTA, MSP->MTA, and MTA->MTA
# encryption and/or authentication.
#
# To use this file, add this line to sendmail.mc and possibly submit.mc:
# `include(`/etc/mail/tls/starttls.m4')dnl'
#
#-----------------------------------------------------------------------------
#
divert(0)dnl
VERSIONID(`$Id: starttls.m4,v 8.14.3-7 2009-02-28 22:32:11 cowboy Exp $')
dnl #
dnl #---------------------------------------------------------------------
dnl # Bring in Autoconf results
dnl #---------------------------------------------------------------------
ifdef(`sm_version', `dnl',
`include(`/usr/share/sendmail/cf/debian/autoconf.m4')dnl')
dnl #
dnl # Check to see if inclusion is valid (version >= 8.11.0, tls enabled)
ifelse(eval(sm_version_math >= 527104), `1', `dnl
ifelse(sm_enable_tls, `yes', `dnl
dnl #
dnl # To support shared keyfiles, we need it to be group readable
dnl #
define(`confDONT_BLAME_SENDMAIL',dnl
    defn(`confDONT_BLAME_SENDMAIL')`,GroupReadableKeyFile')dnl
dnl #
dnl # Set a more reasonable timeout on negotiation
dnl #
define(`confTO_STARTTLS', `2m')dnl      #           , def=10m
dnl #
dnl # Do not touch anything above this line...
dnl #
dnl # CA directory - CA certs should be herein
define(`confCACERT_PATH', `/etc/ssl/certs')dnl
dnl #
dnl # CA file (may be the same as client/server certificate)
define(`confCACERT',      `/etc/mail/tls/sendmail-server.crt')dnl
dnl #
dnl # Server certificate/key (can be in the same file, and shared w/client)
dnl # NOTE: The key must *NOT* be encrypted !!!
define(`confSERVER_CERT', `/etc/mail/tls/sendmail-server.crt')dnl
define(`confSERVER_KEY',  `/etc/mail/tls/sendmail-common.key')dnl
dnl #
dnl # Clien certificate/key (can be in the same file, and shared w/server)
dnl # NOTE: The key must *NOT* be encrypted !!!
define(`confCLIENT_CERT', `/etc/mail/tls/sendmail-client.crt')dnl
define(`confCLIENT_KEY',  `/etc/mail/tls/sendmail-common.key')dnl
dnl #
dnl # DH parameters
define(`confDH_PARAMETERS',`/etc/mail/tls/sendmail-common.prm')dnl
dnl #
dnl # Optional settings
define(`confTLS_SRV_OPTIONS', `')dnl          # do not request user certs
dnl #
dnl # Do not touch anything below this line...
')')dnl