Submission and TLS client certificate

Christian Rößner c at roessner-network-solutions.com
Sun Aug 18 20:14:50 EEST 2019


Hi,

> Am 18.08.2019 um 16:52 schrieb Stephan Bosch via dovecot <dovecot at dovecot.org>:
> 
> 
> 
>>> On 18/08/2019 10:09, Christian Rößner via dovecot wrote:
>> Hi,
>> is there some configuration parameter in Dovecot, which sends a TLS client certificate to the SMTP server? I would need this to have XCLIENT enabled and TLS with Postfix. This way I could permit sending based on the certificates fingerprint.
> 
> Can you elaborate? Are you talking about the submission relay service or submission of outgoing messages from e.g. Sieve?

The submission relay service. I like the idea of this service. Currently I did not activate the relay trust option, because I have no idea on how I could give permissions on the Postfix side. 

If Dovecot would send the certificate as reply to the smtpd_ask_ccert option, I could turn on XCLIENT in Dovecot and give permission based on the certificate fingerprint. 

At the moment I do STARTTLS from Dovecot to Postfix and have added Dovecot‘s IP to mynetworks in Postfix. But I would prefer XCLIENT.

Thanks in advance

Christian

> 
> Regards,
> 
> Stephan.
> 
>> Thanks in advance
>> Christian
>> Von unterwegs aus gesendet
>> --
>> Rößner-Network-Solutions
>> Karl-Bröger-Str. 10, 36304 Alsfeld <x-apple-data-detectors://0/0>
>> Fax: +49 6631 78823409 <tel:+49%206631%2078823409>, Mobil: +49 171 9905345 <tel:+49%20171%209905345>
>> USt-IdNr.: DE225643613, https://roessner.website <https://roessner.website/>
>> PGP Fingerprint: 8FB3 132F 85D8 C9C7 A9F1  9A3F 5183 D46C B885 897E


More information about the dovecot mailing list