Zitat von Wietse Venema <wie...@porcupine.org>:
lst_ho...@kwsoft.de:
Hello,
we need to authenticate a SMTP client connection base on the CN of the
(trusted) client certificate. The client is not under our control
(O365 connector), so we will get no notification if the key
fingerprint will change. As far as i can see Postfix is only able to
use certificate fingerprints to allow relaying, not the CN string, no?
Have i missed something or is this not considered a valid use case?
CN-based access checks are not built into Postfix, but the CN is
available in the policy delegation protocol's ccert_subject attribute,
if the client certificate can be verified with PKI.
There is a patch-in-progress (thread: TLS client certificates and
auth external) that provides the option to permit relaying based
on certificate info.
Wietse
Will this be available in the 3.5 experimental release or only later
down the road for 3.6?
Thanks
Andreas
