Sendmail as a MTA client with x509 certificates authentication

My institution has decided to disallow un-authenticated bind to smtp server. Either username and password or x509 client certificate authentication is required.

I'm a exim4 user, but I was in charge of fixing a couple of sendmail-using servers.

So I did some research and the key points looks like adding in /etc/mail/postfix.mc:

define(`CERT_DIR', `/usr/local/ssl')
define(`confCACERT_PATH', `CERT_DIR/certs')
define(`confCACERT', `CERT_DIR/certs/my-ca-chain.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/certs/server.pem')
define(`confCLIENT_KEY', `CERT_DIR/private/server.key')
define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl

actually last line is about key certificate being 640 with group openldap, which is exactly my case.

Then run make (or make && make install for freebsd) and then /etc/init.d/sendmail restart.