On 2016-02-01 19:39, Haravikk wrote:
Hi there,
Hi,
I’m trying to configure client certificate authentication such that it
is only required for users (with valid username/password) when sending
e-mail *from* my mail server.
Where do you set it?
However, setting smtpd_tls_req_ccert = yes causes postfix to request a
certificate from all incoming connections, including mail servers that
are attempting to deliver mail.
Is there a way to enable client certificates only for auth
connections? I’ve already set smtpd_tls_auth_only = yes, but I’m not
sure how to enable client certificates only for senders, without
causing incoming messages to also be blocked.
When you set it in master.cf only for the submission service it's only
required for clients connecting to port 587.
Connections to port 25 are not required to present a client cert.
Thanks,
Haravikk
--
Christian
