On 7/20/20 4:42 AM, Siavash Tavakoli wrote: >
> On 19/07/2020 18:18, PGNet Dev wrote: >> >> What in my dovecot submission config^^ do I need to change/add to get it to >> 'present' a client cert to the postfix relay for client cert verification? >> > > Submission uses the global outgoing ssl settings: > > https://doc.dovecot.org/settings/core/#ssl-client-cert > https://doc.dovecot.org/settings/core/#ssl-client-key well _that_ should have been obvious ... sigh. works perfectly. thx! it might be useful to have those client cert/key mentioned in the 'example' 10-ssl.conf, grep ssl_client conf.d/10-ssl.conf # RedHat-based systems. Note that ssl_client_ca_file isn't recommended with #ssl_client_ca_dir = #ssl_client_ca_file = #ssl_client_require_valid_cert = yes and, a minor typo @ https://doc.dovecot.org/settings/core/#ssl-client-key ssl_client_key Default: <empty> Client certificate private key used in outgoing SSL connections. Example Setting: ssl_client_cert = </etc/dovecot/dovecot-client.crt should be - ssl_client_cert = </etc/dovecot/dovecot-client.crt + ssl_client_key = </etc/dovecot/dovecot-client.key thanks again!
