> Le 25 janv. 2016 à 13:02, Haravikk a écrit : > > […] > > Since dovecot is also providing authentication to postfix I’ve already > created an exemption from the client certificate requirement for SMTP > connections by doing the following: > > protocol !smtp { > ssl_ca = </path/to/ca.pem > ssl_verify_client_cert = yes > auth_ssl_require_client_cert = yes > } > > However, I’m not sure how to do the same thing for unencrypted IMAP > connections. Is there a way that I can enable client certificate support for > only IMAP port 993, leaving port 143 to handle regular unencrypted IMAP with > a username and password? I’ve already added the local network to the trusted > networks list, so that Roundcube can use plaintext authentication, can I > limit client certificate support in a similar way?
Hello Haravikk, Perhaps could you try to devise an exception based on one (or more) "remote" section(s), as in: remote ip.of.webmail.server { ssl_verify_client_cert = no [other settings, if needed] } But I guess you would need to combine this with inner protocol blocks, and probably to replace the "protocol !smtp" block with less general settings. HTH, Axel