On Wed, Mar 11, 2020 at 10:49:32AM +0100, Adam Cecile wrote: > On 3/10/20 10:33 PM, Viktor Dukhovni wrote: > > On Tue, Mar 10, 2020 at 03:33:44PM +0100, Adam Cecile wrote: > > > >> submission inet n - y - - smtpd > >> -o syslog_name=postfix/submission > >> -o smtpd_tls_security_level=encrypt > >> -o smtpd_sasl_auth_enable=yes > >> -o smtpd_tls_fingerprint_digest=sha1 > >> -o relay_clientcerts=hash:/etc/postfix/relay_clientcerts > >> -o > >> smtpd_client_restrictions=permit_tls_clientcerts,permit_sasl_authenticated,reject > >> -o milter_macro_daemon_name=ORIGINATING > >> -o content_filter=dkimproxy:[127.0.0.1]:10028 > > I don't see "-o smtpd_tls_ask_ccert=yes" in there... > > > Thanks a lot, that was it !
No worries, glad it solved your problem. [ No need to separately reply also to my address, I did not set "Reply-To" to the list address by accident, but please don't follow up on this side remark. ] > I think Postfix doc could be improved, mentioning "smtpd_tls_ask_ccert" > here http://www.postfix.org/postconf.5.html#permit_tls_clientcerts would > have been helpful. Feel free to post a patch. The relevant source file is "proto/postconf.proto", from which both the HTML and the manpage are machine-generated. You can find the source at either: http://www.postfix.org/download.html or clone it via git from: https://github.com/vdukhovni/postfix In that repository all the upstream files are in an additional top-level "postfix" sub-directory, so the file in question is in postfix/proto/postconf.proto. That repository is not the dev upstream version of Postfix, rather it is mostly a convenient place for me to keep track of all the upstream snapshots. So it is not monitored for issues or pull requests. Small changes to Postfix can be proposed on this list, and larger features that may require more extensive discussion on postfix-devel. -- Viktor.
