> Le 25 janv. 2016 à 13:02, Haravikk a écrit :
>
> […]
>
> Since dovecot is also providing authentication to postfix I’ve already
> created an exemption from the client certificate requirement for SMTP
> connections by doing the following:
>
> protocol !smtp {
> ssl_ca = </path/to/ca.pem
> ssl_verify_client_cert = yes
> auth_ssl_require_client_cert = yes
> }
>
> However, I’m not sure how to do the same thing for unencrypted IMAP
> connections. Is there a way that I can enable client certificate support for
> only IMAP port 993, leaving port 143 to handle regular unencrypted IMAP with
> a username and password? I’ve already added the local network to the trusted
> networks list, so that Roundcube can use plaintext authentication, can I
> limit client certificate support in a similar way?
Hello Haravikk,
Perhaps could you try to devise an exception based on one (or more) "remote"
section(s), as in:
remote ip.of.webmail.server {
ssl_verify_client_cert = no
[other settings, if needed]
}
But I guess you would need to combine this with inner protocol blocks, and
probably to replace the "protocol !smtp" block with less general settings.
HTH,
Axel
