Hi list,
I'm currently looking into ways of making use of client certificates. I want to force external clients (i.e. anything outside the local subnet) to use client certificates. It is my understanding that this in itself can be achieved with the "ssl_require_client_cert" setting.
However, I also want local clients (i.e. anything from a specific subnet) to be able to authenticate by the usual means (i.e. password-based).
As far as I know dovecot is not able to operate on multiple ports, as stated in the FAQ 1. The redirect approach, which is also mentioned there, is of no help to me, because in my case I would need a different setup on both ports. Other suggestions 2 won't work in my case either.
I probably could get away with using "imaps" for external clients, while using "imap" (without SSL) for internal ones. Having said this, I don't quite like the idea, especially since the traffic might pass through some potentially unsecure networks and I don't want to bother with VPN/SSH tunnels for that purpose. A native SSL/TLS solution would be very much appreciated.
Is there a (recommended) way to do this?
Thanks in advance.
Best regards, Karol Babioch