Florian Wagner schrieb: > Hi, > > I'm currently playing around with client certificates in postfix. > > Is there any way do do something similar to reject_sender_login_mismatch > with certificate authentication? A table to map from certificate > fingerprints to allowed addresses? >
postfwd (a policy daemon found at http://www.postfwd.org) will do this with a ruleset like: &&TLS_DENY { REJECT wrong tls fingerprint for sender '$$sender'; }; [email protected] ; ccert_fingerprint==!!(AA:BB:CC:DD:EE) ; action=&&TLS_DENY [email protected] ; ccert_fingerprint==!!(EE:DD:CC:BB:AA) ; action=&&TLS_DENY ...
