I got a connection from someone with a client certification:
Received: from foo.bar (foo.bar [10.0.0.1])
(using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
(Client CN "mail.foo.bar", Issuer "StartCom Class 1 Primary
Intermediate Server CA" (not verified))
by myserver.com (Postfix) with ESMTPS id 62A9141C05A4
for <m...@myserver.com>; Wed, 12 Jun 2013 14:46:07 +0200 (CEST)
My problem is the following entry in the header:
-> (not verified)
I would like to verify the fingerprint of this client certificate of the
incoming connection.
At least it would be fine if the certificate could be checked.
I have not found any option how to tell postfix to check client connection
certificates (I mean incoming TLS connections).
How can I check the certificate of the incoming email? By fingerprint would be
nice. And I would like to refuse it if check fails.
--
Best regards,
Peter Bauer
Linux & UNIX developper
