On Fri, 11 Jul 2014 12:02:34 +0200 Robert Schetterer <r...@sys4.de> wrote:
>something like this ? > >relay_clientcerts (default: empty) > > List of tables with remote SMTP client-certificate fingerprints or >public key fingerprints (Postfix 2.9 and later) for which the Postfix >SMTP server will allow access with the permit_tls_clientcerts feature. >The fingerprint digest algorithm is configurable via the >smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to >Postfix version 2.5). Hello Robert, no, this is for client (person/login) authentification (MUA->MTA) only, not for CA-trustchain checks on host based certificates (MTA->MTA). Although there are shared directives, like "smtpd_tls_ask_ccert" for example... Regards BlueStar88
signature.asc
Description: PGP signature
