I’m using dovecot to provide encrypted IMAP e-mail support for remote clients
and it’s working great. However, I also need to set up a webmail front-end
(Roundcube), which I’m hoping to have use unencrypted IMAP on port 143 (as only
port 993 is available externally).
The problem I’m running into is that I want to require client certificate
authentication on port 993, but dovecot is apparently requiring a certificate
on all connections, which is preventing Roundcube from connecting.
Since dovecot is also providing authentication to postfix I’ve already created
an exemption from the client certificate requirement for SMTP connections by
doing the following:
protocol !smtp {
ssl_ca = </path/to/ca.pem
ssl_verify_client_cert = yes
auth_ssl_require_client_cert = yes
}
However, I’m not sure how to do the same thing for unencrypted IMAP
connections. Is there a way that I can enable client certificate support for
only IMAP port 993, leaving port 143 to handle regular unencrypted IMAP with a
username and password? I’ve already added the local network to the trusted
networks list, so that Roundcube can use plaintext authentication, can I limit
client certificate support in a similar way?
Thanks,
Haravikk
