Atze Zitman:
> Hello everyone,
>
> I hope I have the correct mailing list for my question. Initially I asked
> this question at:
> http://stackoverflow.com/questions/24999580/can-postfix-verify-client-certificate-fingerprint-when-supporting-starttls
>
> According to the Postfix TLS Readme there are 3 ways to configure the
> server-side to support access control:
> * permit_tls_clientcerts
> * permit_tls_all_clientcerts
> * check_ccert_access type:table
>
> But these three options are only configurable for the configuration property:
> * smtpd_client_restrictions
As documented they are also available for smtpd_{helo,sender,recipient,
data,end_of_data}_restrictions.
> The only alternative I have, is to use my policy daemon, and verify
> the authentication at the first "MAIL FROM" (MAIL STATE). At this
> point I am rejecting the sender address, based on the authentication.
> But I would like to reject the client right after the TLS negotiation.
Why? What problem are you trying to solve? Please explain the
problem instead of the solution (reject client immediately
after the TLS handshake).
Wietse
