Le 25 janv. 2016 à 13:02, Haravikk a écrit :
[…]
Since dovecot is also providing authentication to postfix I’ve already created an exemption from the client certificate requirement for SMTP connections by doing the following:
protocol !smtp { ssl_ca = </path/to/ca.pem ssl_verify_client_cert = yes auth_ssl_require_client_cert = yes }
However, I’m not sure how to do the same thing for unencrypted IMAP connections. Is there a way that I can enable client certificate support for only IMAP port 993, leaving port 143 to handle regular unencrypted IMAP with a username and password? I’ve already added the local network to the trusted networks list, so that Roundcube can use plaintext authentication, can I limit client certificate support in a similar way?
Hello Haravikk,
Perhaps could you try to devise an exception based on one (or more) "remote" section(s), as in:
remote ip.of.webmail.server {
ssl_verify_client_cert = no
[other settings, if needed]
}
But I guess you would need to combine this with inner protocol blocks, and probably to replace the "protocol !smtp" block with less general settings.
HTH, Axel