Hello Tom,
I'm also interested in this question.
On 15/08/17 15:55, Tom Browder wrote:
(2) use TLS client certs for the authentication of the relay clients, and
I see problem with this part. Nothing in docs says postfix uses or at
least properly traces and logs client CNs from presented certificates.
Therefore your system would resemble one-account-for-all configuration.
Depending on requirements it might still work for you, but basically
it'd be an open relay put into a TLS-protected network (which you can
frankly organize even without postfix help).
--
With Best Regards,
Marat Khalili
