Hi,
Benny Pedersen:
why should dovecot need an auth server ?, if dovecot have this its not dovecot that use it as client, eq outside clients can use it
I'm not sure I understand what you're trying to say…
as i read it you want mta to do the lmtp auth client ?
The MTA (Postfix) should authenticate itself with a TLS client certificate when it connects to Dovecot via LMTP. Dovecot (the LMTP server part) should verify the client cert against a CA certificate before allowing a client to deliver mail via LMTP.
According to <https://doc.dovecot.org/2.4.1/core/summaries/settings.html#auth_ssl_require_client_cert>:
If yes, authentication fails when a valid SSL client certificate is not provided.
… but in my case it doesn't fail, although it should.
https://brokkr.net/2019/10/31/lets-do-dovecot-slowly-and-properly-part-3-lmt... should be basicly, take attention on address
Nothing in there says anything about SSL, TLS, or client certificates, so I don't know what point you're trying to make here.
- Roland