On Wed, Apr 06, 2016 at 10:13:42AM -0500, Edgar Pettijohn wrote: > > > Sent from my iPhone > > > On Apr 6, 2016, at 4:01 AM, Kai Wirt <u-tu...@gmx.de> wrote: > > > > > > > > Hi, > > > > when i used sendmail i allowed my clients to relay mail if they > > authenticated via SMTPAUTH or if they could present a valid certificate > > with STARTTLS. > > I'm trying to do the same with OpenSMTPD. I understand, that I can have two > > different listeners. One which accepts SMTPAUTH. And one which has > > tls-require verify. But from what I could tell from the man pages there is > > no way to have tls-require and auth as alternatives on one listener. > > > > My use case is that I have clients > > By client to you mean a person logging in with a mail client. Or another > server using you as a relay?
To be more precise i prefer authentication using client certificates. This works fine with most of the mail software i use. However i have a few mobile devices which don't support client certificates. For these i use SMTPAUTH. Currently i use two different listeners on two different ports for this. What i would like to achieve is to have only one listener on the submission port and then accept mails either if the client authenticated using SMTPAUTH _or_ if the client was able to present a valid certificate. If i am not mistaken having auth and tls-require verify enforces both. The solution in sendmail was, that clients were treated as local in both cases. > > > which don't have certificates and should be allowed to relay with SMTPAUTH. > > And I have other mailservers which use OpenSMTPD as smarthost and which > > have certificates. For the latter I don't like to configure credentials. > > > > This sounds possible. You may have to get clever with tagging. > This is what i currently do. The listener with tls-require verify tags with a keyword and i accept mail from local (this is the smtpauth part) and mail tagged with the keyword. Kai -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
