I was reading an old, old thread (*) and am trying to relay based on a cert.

I have a mail server for imap/smtp.  I have a number of machines on an internal 
network.  I cannot talk to the mail server on port 25 from where the internal 
network is (thanks to my ISP).

I was hoping to relay over the submission port, using a client cert from the 
internal machines.  But I’m not sure how to accept either an auth 
authentication or by providing a cert.  Should I bite the bullet and add some 
random other port (2525 or whatever) that only accepts connections with a TLS 
client cert?

Also, I assume the pki cert file is used both when acting as a server and when 
acting as a client?  Is this correct?   I.e., if I set up listening on a port 
with tsl-require that the client machine will send it’s certificate from the 
'pki “name” cert <file>’ line?



Reply via email to