[Dovecot] Dovecot Postfix and ssl_require_client_cert
Hi,
I have a working mail system with postfix 2.7 and dovecot 1.2.15. I use secure connections for imap and smtp. When I try to use client certificate authorisation I have some problems. As soon as I enable the dovecot feature ssl_require_client_cert I have to present a valid certificate to receive or send email. Receiving emails works fine, but I can not send emails any more.
The only way I could get this to work was to disable smtpd_sasl_auth_enable so postfix did not tries to get authorisation from dovecot. This way I can not have sasl authorisation for localnet and client certificate authorisation from extern.
The reson seams to be that postfix does not sent the valid-client-cert along with the other parameter that are needed to satisfy the auth-process of dovecot.
I found a few threads from 2008 where this problem is discussed but without a final solution.
Is there a way to enable ssl_require_client_cert in dovecot and have smtpd_sasl_auth_enable=yes in postfix? Better would be a way to tell dovecot only to use ssl_require_client_cert during the imap autorisation.
I did not get it to work. I miss something?
Cheers mezzo
View this message in context: http://old.nabble.com/Dovecot-Postfix-and-ssl_require_client_cert-tp32307666... Sent from the Dovecot mailing list archive at Nabble.com.
On 22.8.2011, at 2.18, mezzo wrote:
I have a working mail system with postfix 2.7 and dovecot 1.2.15. .. Is there a way to enable ssl_require_client_cert in dovecot and have smtpd_sasl_auth_enable=yes in postfix? Better would be a way to tell dovecot only to use ssl_require_client_cert during the imap autorisation.
With v1.2 you'd have to run two separate Dovecot installations with different configs. With v2.0 you should be able to do:
protocol !smtp { ssl_require_client_cert = yes }
participants (2)
-
mezzo
-
Timo Sirainen