IIRC smtpd_tls_ask_ccert should not be enabled on publicly referenced MTAs, because there are enough MTAs out there unable to handle client certificate requests from a server they connect to.
It that is true, would it be possible to make smtpd_tls_ask_ccert client dependent e.g. request a ccert when the client sends e.g. a specific HELO hostname? mail.example.com ask_ccert .example.net ask_ccert p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
