From Bugzilla Helper: User-Agent: Mozilla/5.0 Galeon/1.2.5 (X11; Linux i686; U;) Gecko/20020606 Description of problem: This is a request that in future versions of Red Hat the following things be done at install time for server configurations: 1. Sendmail is installed with TLSSTART configured 2. A self-signed key is generated 3. The .mc is configured to find the key and enable TLSSTART This does not accomplish truely secure communication, and the documentation should reflect that, but having Red Hat install out of the box with a sendmail that is capable of encryption would go a long way. It would also be a great enterprise sales tie-in (if you and your client/vendor/whatever are both running Red Hat for your mail servers, your traffic will automatically be encrypted, and authentication simply requires buying and installing a key). I'm recommending that you not only do this for future releases but that you release an enhancement update for all of the 7.x platforms that turns this feature on. Q/A will tell, but it turning this on by default should not affect any existing installations unless they enable it in their configuration, and since rpm preserves your old config, updates should not have any impact unless the customer wants to take advantage of it. Version-Release number of selected component (if applicable):
Created attachment 65904 [details] spec file and redhat.config.m4 patches for STARTTLS
I've uploaded patches against the rawhide sendmail (8.12.5) SRPM to include STARTTLS support in sendmail. I haven't added the logic to the specfile to create certificates yet, but that wouldn't be terribly difficult. I happen to agree with ajs. :-) Hopefully, this will make it easier on y'all. These modifications compile on my alpha, but I haven't tested on intel -- yet.
The config files in the newest rpm are prepared for this, but you will still have to enable it in the configuration before using TLS. greetings, Florian La Roche