Re: smtpd: document "pki" option for relay delivery in smtpd.conf(5)
On Sun, 13 Sep 2020 20:45:35 +0800, Nick Gasson wrote: > I struggled a bit to configure smtpd to relay to a remote server that > requires SSL client certificates. The solution is to just add a "pki > host.example.org" option, but "pki" is not listed as a valid option for > the relay delivery method, even though the parser accepts it. Committed. - todd
Re: smtpd: document "pki" option for relay delivery in smtpd.conf(5)
On 9/13/20 11:09 PM, Todd C. Miller wrote: > On Sun, 13 Sep 2020 20:45:35 +0800, Nick Gasson wrote: > >> I struggled a bit to configure smtpd to relay to a remote server that >> requires SSL client certificates. The solution is to just add a "pki >> host.example.org" option, but "pki" is not listed as a valid option for >> the relay delivery method, even though the parser accepts it. > > Looks good to me. Anyone else want to OK this? > > - todd > ok giovanni@ Cheers Giovanni
Re: smtpd: document "pki" option for relay delivery in smtpd.conf(5)
On Sun, 13 Sep 2020 20:45:35 +0800, Nick Gasson wrote: > I struggled a bit to configure smtpd to relay to a remote server that > requires SSL client certificates. The solution is to just add a "pki > host.example.org" option, but "pki" is not listed as a valid option for > the relay delivery method, even though the parser accepts it. Looks good to me. Anyone else want to OK this? - todd
smtpd: document "pki" option for relay delivery in smtpd.conf(5)
Hi, I struggled a bit to configure smtpd to relay to a remote server that requires SSL client certificates. The solution is to just add a "pki host.example.org" option, but "pki" is not listed as a valid option for the relay delivery method, even though the parser accepts it. Index: smtpd.conf.5 === RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v retrieving revision 1.251 diff -u -p -u -p -r1.251 smtpd.conf.5 --- smtpd.conf.527 Aug 2020 08:58:30 - 1.251 +++ smtpd.conf.513 Sep 2020 12:37:03 - @@ -280,6 +280,14 @@ and .Dq smtps protocols for authentication. Server certificates for those protocols are verified by default. +.It Cm pki Ar pkiname +For secure connections, +use the certificate associated with +.Ar pkiname +(declared in a +.Ic pki +directive) +to prove the client's identity to the remote mail server. .It Cm srs When relaying a mail resulting from a forward, use the Sender Rewriting Scheme to rewrite sender address. -- Thanks, Nick