On 15.08.2017 14:55, Tom Browder wrote:
> I want to: (1) use TLS for an encrypted SMTP connections from
> authorized relay clients, (2) use TLS client certs for the
> authentication of the relay clients, and (3) avoid use of
> SASL entirely.
In your master.cf, you can use something along these lines:
submission inet n - n - - smtpd
-o relay_clientcerts=hash:${config_directory}/relay_clientcerts
-o smtpd_client_restrictions=permit_mynetworks,permit_tls_clientcerts,reject
(...add more settings according to your needs...)
This will enable client-certificate based authentication for port 587,
with the file relay_clientcerts storing certificate fingerprint data.
-Ralph
