Hi folks - reviving an old thread from 2010:

http://www.dovecot.org/list/dovecot/2010-December/055837.html

We're basically looking to do the same thing: require client certificates for external connections, while preserving certificate-less username/password authentication for internal connections.

Any tips on the best way to accomplish this?

'ssl_verify_client_cert = yes' can go within a local {} block, but it doesn't seem to force the client to submit a certificate.

Thanks in advance -

Robert Giles