CentOS 5.5 and SendMail 8.13: Configure smarthost for using TLS

Step 1
Check if sendmail is compiled with TLS (for encryption) and SASL (for authentication). This is the command to use to check it.

#/usr/sbin/sendmail -d0.1 -bv root

You must read something like “Compiled with…STARTTLS”

Att.: If you’ve installed sendmail using yum, TLS support is present !

Step 2
Install all these packages

# yum install sendmail sendmail-cf cyrus-sasl-plain cyrus-sasl-md5

Step 3
Create certificates

# cd /etc/pki/tls/certs
# make sendmail.pem


Step 4
Configure Sendmail
Create a new file /etc/mail/auth/authinfo

AuthInfo:[smarthot servername] “U:smmsp" "I:[username]" "P:[password]" "M:PLAIN"

Edit /etc/mail/auth/sendmail.mc

....
FEATURE(`authinfo',`hash /etc/mail/authinfo.db')dnl
define(`SMART_HOST', `[smarthot servername]')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
...

Step 5
Compile & restart

# make -C /etc/mail
# /etc/init.d/sendmail restart

Linkografia
Configure sendmail to work with Gmail smtp relay