sandeep pawar:
> Hi,
>
> I am using postfix to send mails to external world. One of the external
> recipient mentioned the requirement to setup MTLS, where they want a
> publicly signed client side certificate to establish TLS. I want to present
> client side certificate only to the required domain as it can cause issues
> at times as per the doc. Is it possible to create a separate smtp transport
> and pass client TLS_CERT_FILE to it or should I use a different postfix
> instance altogether?
>
> snippet from master.cf
> tlsenforce unix - - n - - smtp -o
> smtp_tls_cert_file=/etc/postfix/cert.pem -o
> smtp_tls_key_file=/etc/postfix/cert.pem -o smtp_tls_loglevel=2 -o
> smtp_tls_policy_maps=cdb:/etc/postfix/tls_maps
Assuming that this is an exceptional case and most email will not
use MTLS:
Postfix 3.0 and later:
----------------------
/etc/postfix/main.cf
transport_maps = inline:{ { example.com = tlsenforce: } }
All Postfix versions:
---------------------
/etc/postfix/main.cf
transport_maps = hash:/etc/postfix/transport
/etc/postfix/transport:
# No "=" here.
example.com tlsenforce:
This requires that you execute "postmap hash:/etc/postfix/transport".
Wietse
