On 3/10/20 10:33 PM, Viktor Dukhovni wrote:
On Tue, Mar 10, 2020 at 03:33:44PM +0100, Adam Cecile wrote:
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_fingerprint_digest=sha1
-o relay_clientcerts=hash:/etc/postfix/relay_clientcerts
-o
smtpd_client_restrictions=permit_tls_clientcerts,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o content_filter=dkimproxy:[127.0.0.1]:10028
I don't see "-o smtpd_tls_ask_ccert=yes" in there...
Thanks a lot, that was it !
I think Postfix doc could be improved, mentioning "smtpd_tks_ask_ccert"
here http://www.postfix.org/postconf.5.html#permit_tls_clientcerts would
have been helpful.
Regards, Adam.
