Am 11.07.2014 12:31, schrieb BlueStar88:
> On Fri, 11 Jul 2014 12:02:34 +0200
> Robert Schetterer <r...@sys4.de> wrote:
>
>
>> something like this ?
>>
>> relay_clientcerts (default: empty)
>>
>> List of tables with remote SMTP client-certificate fingerprints or
>> public key fingerprints (Postfix 2.9 and later) for which the Postfix
>> SMTP server will allow access with the permit_tls_clientcerts feature.
>> The fingerprint digest algorithm is configurable via the
>> smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to
>> Postfix version 2.5).
>
> Hello Robert,
>
> no, this is for client (person/login) authentification (MUA->MTA) only, not
> for CA-trustchain checks on host based certificates (MTA->MTA). Although
> there are shared directives, like "smtpd_tls_ask_ccert" for example...
>
>
> Regards
>
> BlueStar88
>
not what you want but perhaps workaround
do sender verify via tls ( untested total )
smtpd_sender_restrictions = hash:/etc/postfix/sender_access
/etc/postfix/sender_access:
exmaple.com reject_unverified_sender
address_verify_default_transport = verify_tls
verify_tls unix - - n - - smtp
-o smtp_tls_security_level=encrypt ( or what you like )
no idea if this will work, for more advanced answers wait gurus response
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
