Gilles Chehade wrote, On 06/19/14 02:11:
On Thu, Jun 19, 2014 at 01:01:22AM -0700, Clint Pachl wrote:
When I submit mail to smtpd, Mozilla Seamonkey prompts me with the
following:
This site has requested that you identify yourself with a certificate:
mail.targetmeister.com:587
Organization: ""
Issued Under: "StartCom Ltd."
The above prompt only occurs the first time I send mail after restarting
Seamonkey. I do have an email signer/recipient certificate stored in
Seamonkey. I just comply with the above request by sending my certificate
and my mail is successfully relayed.
My question: is OpenSMTPD asking my email client for a certificate when
relaying mail?
yup
I'm just curious about what is going on. I'm fairly new to OpenSMTPD. This
did not happen previously when using Postfix. Is this just additional
automated security offered by OpenSMTPD?
yup, client certificate validation is output in the headers and will let
you known if the client has not presented a cert, presented a cert which
couldn't be verified/failed/succeeded.
Well that's awesome! Thanks Gilles.
I guess it's optional by default and `listen on tls-require verify`
makes client certificates mandatory, right?
What is the use-case of the client cert if the client is already
supplying valid authentication credentials (user/pass)?
I guess I fail to see the benefit of client-to-server certificate
verification, as opposed to mta-to-mta.
Can client certs somehow be used in lieu of user/pass credentials? I
don't see a way to store trusted client certs on the server. What am I
missing?
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
