I was reading an old, old thread (*) and am trying to relay based on a cert.
I have a mail server for imap/smtp. I have a number of machines on an internal network. I cannot talk to the mail server on port 25 from where the internal network is (thanks to my ISP). I was hoping to relay over the submission port, using a client cert from the internal machines. But I’m not sure how to accept either an auth authentication or by providing a cert. Should I bite the bullet and add some random other port (2525 or whatever) that only accepts connections with a TLS client cert? Also, I assume the pki cert file is used both when acting as a server and when acting as a client? Is this correct? I.e., if I set up listening on a port with tsl-require that the client machine will send it’s certificate from the 'pki “name” cert <file>’ line? Sean * https://misc.opensmtpd.narkive.com/2puCGKoq/client-certificate-verification-prompt