home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

Previous Section Next Section

$={tls}
Possible values for TLS policy in access map V8.12 and above

The tls_server rule set is called at the start of any connection in which the local sendmail would normally issue the STARTTLS SMTP command. The tls_client rule set is called at the start of any inbound connection in which the STARTTLS SMTP command was offered. Both rule sets look up information in the access database. (See Section 10.10.8.2 for a full description of this process.)

The tls_server rule set prefixes its lookups with a literal TLS_Srv: expression, and the tls_client rule set prefixes its lookups with a literal TLS_Clt: expression. Among the possible returned values from the lookup can be two special keywords: 

TLS_Srv:hostA.domain            VERIFY
TLS_Clt:hostB.domain            ENCR:bits

These two special keywords (VERIFY and ENCR) are not defined inside sendmail. Instead, they are defined as values given to the class $={tls}.

The $={tls} is properly defined in your default configuration file and should never need adjustment.[8]

[8] The $={tls} class will be renamed $={Tls} with V8.13.
    Previous Section Next Section