Bug 68677

Summary: STARTTLS, keys and encryption
Product: [Retired] Red Hat Linux Reporter: Aaron Sherman <ajs>
Component: sendmailAssignee: Florian La Roche <laroche>
Status: CLOSED WONTFIX QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1Keywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-01-22 17:43:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
spec file and redhat.config.m4 patches for STARTTLS none

Description Aaron Sherman 2002-07-12 14:38:58 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.5 (X11; Linux i686; U;) Gecko/20020606

Description of problem:
This is a request that in future versions of Red Hat the following things be
done at install time for server configurations:

1. Sendmail is installed with TLSSTART configured
2. A self-signed key is generated
3. The .mc is configured to find the key and enable TLSSTART

This does not accomplish truely secure communication, and the documentation
should reflect that, but having Red Hat install out of the box with a sendmail
that is capable of encryption would go a long way. It would also be a great
enterprise sales tie-in (if you and your client/vendor/whatever are both running
Red Hat for your mail servers, your traffic will automatically be encrypted, and
authentication simply requires buying and installing a key).

I'm recommending that you not only do this for future releases but that you
release an enhancement update for all of the 7.x platforms that turns this
feature on. Q/A will tell, but it turning this on by default should not affect
any existing installations unless they enable it in their configuration, and
since rpm preserves your old config, updates should not have any impact unless
the customer wants to take advantage of it.


Version-Release number of selected component (if applicable):

Comment 1 Mark Allen 2002-07-19 08:12:32 UTC
Created attachment 65904 [details]
spec file and redhat.config.m4 patches for STARTTLS

Comment 2 Mark Allen 2002-07-19 08:15:01 UTC
I've uploaded patches against the rawhide sendmail (8.12.5) SRPM to include
STARTTLS support in sendmail.  I haven't added the logic to the specfile to
create certificates yet, but that wouldn't be terribly difficult.  I happen to
agree with ajs. :-)  Hopefully, this will make it easier on y'all.

These modifications compile on my alpha, but I haven't tested on intel -- yet.

Comment 3 Florian La Roche 2003-01-22 17:43:04 UTC
The config files in the newest rpm are prepared for this, but you will still
have to enable it in the configuration before using TLS.

greetings,

Florian La Roche