On 8/23/2011 6:42 AM, Alano Conraz wrote: > Create the .db file with postmap. > postmap hash:relay_clientcerts > > > thanks for the hint! > I did it and it almost worked. Almost, because the smtp server asked > me for a certificate, but i can still send messages with my MUA with > no certificate (or with a non-registered certificate). > Which option should i change ? > I thought it was relay_clientcerts, i tried > smtpd_client_restrictions too (i don't want to remove the option > permit_sasl_authentication, i just add check_ccert_access > hash:/etc/postfix/relay_clientcerts). > > Thanks. > >
List the authorized certificate fingerprints in relay_clientcerts, and everywhere you have permit_mynetworks ADD permit_tls_clientcerts. If that's not working as expected, you'll need to show your config and what is happening. Please see http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones