Submission and TLS client certificate
Christian Rößner
c at roessner-network-solutions.com
Sun Aug 18 20:14:50 EEST 2019
Hi,
> Am 18.08.2019 um 16:52 schrieb Stephan Bosch via dovecot <dovecot at dovecot.org>:
>
>
>
>>> On 18/08/2019 10:09, Christian Rößner via dovecot wrote:
>> Hi,
>> is there some configuration parameter in Dovecot, which sends a TLS client certificate to the SMTP server? I would need this to have XCLIENT enabled and TLS with Postfix. This way I could permit sending based on the certificates fingerprint.
>
> Can you elaborate? Are you talking about the submission relay service or submission of outgoing messages from e.g. Sieve?
The submission relay service. I like the idea of this service. Currently I did not activate the relay trust option, because I have no idea on how I could give permissions on the Postfix side.
If Dovecot would send the certificate as reply to the smtpd_ask_ccert option, I could turn on XCLIENT in Dovecot and give permission based on the certificate fingerprint.
At the moment I do STARTTLS from Dovecot to Postfix and have added Dovecot‘s IP to mynetworks in Postfix. But I would prefer XCLIENT.
Thanks in advance
Christian
>
> Regards,
>
> Stephan.
>
>> Thanks in advance
>> Christian
>> Von unterwegs aus gesendet
>> --
>> Rößner-Network-Solutions
>> Karl-Bröger-Str. 10, 36304 Alsfeld <x-apple-data-detectors://0/0>
>> Fax: +49 6631 78823409 <tel:+49%206631%2078823409>, Mobil: +49 171 9905345 <tel:+49%20171%209905345>
>> USt-IdNr.: DE225643613, https://roessner.website <https://roessner.website/>
>> PGP Fingerprint: 8FB3 132F 85D8 C9C7 A9F1 9A3F 5183 D46C B885 897E
More information about the dovecot
mailing list