diff options
author | jmg <jmg@FreeBSD.org> | 2013-10-19 18:51:06 +0000 |
---|---|---|
committer | jmg <jmg@FreeBSD.org> | 2013-10-19 18:51:06 +0000 |
commit | a25e3add85ff606c3740e4c8346bc9cb1c13f7e3 (patch) | |
tree | 9c5fa17e375961b2b89a7f29f6cd354d8d559f12 /etc/defaults | |
parent | 1a884d59cfcf6f1850742e793acfc113bbc33838 (diff) | |
download | FreeBSD-src-a25e3add85ff606c3740e4c8346bc9cb1c13f7e3.zip FreeBSD-src-a25e3add85ff606c3740e4c8346bc9cb1c13f7e3.tar.gz |
Enable the automatic creation of a certificate (if one does not exists)
and enable the usage by sendmail if sendmail is enabled. Include and
document knobs to disable this feature and also set the Common Name of
the certificate created.
As the certificate is signed w/ a discarded key, it only helps prevent
Eve, but not Malory from knowing the contents of the emails.
This means that new installs (and people that use the updated freebsd.mc
file) will automaticly have STARTTLS enabled allowing incoming email to
be encrypted in most cases.
Reviewed by: gshapiro
MFC after: 3 days
Security: Yes, please.
Diffstat (limited to 'etc/defaults')
-rw-r--r-- | etc/defaults/rc.conf | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index d609bd8..b04d7cf 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -573,6 +573,8 @@ sendmail_enable="NO" # Run the sendmail inbound daemon (YES/NO). sendmail_pidfile="/var/run/sendmail.pid" # sendmail pid file sendmail_procname="/usr/sbin/sendmail" # sendmail process name sendmail_flags="-L sm-mta -bd -q30m" # Flags to sendmail (as a server) +sendmail_cert_create="YES" # Create a server certificate if none (YES/NO) +#sendmail_cert_cn="CN" # CN of the generate certificate sendmail_submit_enable="YES" # Start a localhost-only MTA for mail submission sendmail_submit_flags="-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost" # Flags for localhost-only MTA |