Hi,
Am 18.08.2019 um 16:52 schrieb Stephan Bosch via dovecot dovecot@dovecot.org:
On 18/08/2019 10:09, Christian Rößner via dovecot wrote: Hi, is there some configuration parameter in Dovecot, which sends a TLS client certificate to the SMTP server? I would need this to have XCLIENT enabled and TLS with Postfix. This way I could permit sending based on the certificates fingerprint.
Can you elaborate? Are you talking about the submission relay service or submission of outgoing messages from e.g. Sieve?
The submission relay service. I like the idea of this service. Currently I did not activate the relay trust option, because I have no idea on how I could give permissions on the Postfix side.
If Dovecot would send the certificate as reply to the smtpd_ask_ccert option, I could turn on XCLIENT in Dovecot and give permission based on the certificate fingerprint.
At the moment I do STARTTLS from Dovecot to Postfix and have added Dovecot‘s IP to mynetworks in Postfix. But I would prefer XCLIENT.
Thanks in advance
Christian
Regards,
Stephan.
Thanks in advance Christian Von unterwegs aus gesendet
Rößner-Network-Solutions Karl-Bröger-Str. 10, 36304 Alsfeld x-apple-data-detectors://0/0 Fax: +49 6631 78823409 tel:+49%206631%2078823409, Mobil: +49 171 9905345 tel:+49%20171%209905345 USt-IdNr.: DE225643613, https://roessner.website https://roessner.website/ PGP Fingerprint: 8FB3 132F 85D8 C9C7 A9F1 9A3F 5183 D46C B885 897E