Hi, I am looking for a way to get the mutual client authentication certificate from incoming e-mail messages (in particular with TLSv1.3+). With a policy server I am able to get ccert_subject, ccert_issuer and ccert_fingerprint (http://www.postfix.org/SMTPD_POLICY_README.html#protocol), but I would like to get the full certificate and not just its fingerprint. Increasingly users of large cloud service operators (O365, Google, etc.) can authenticate to third parties for value added mail sending on the basis of postfix, but their cloud operator cannot tell them (let alone ahead) with what certificate they will authenticate themselves when sending their message (to prevent "message insertion"). So we need to present them the full certificate we observe and they will then have to confirm whether we can accept that as “them" ;-) Does anyone have an idea how to implement this?
Regards Christian
