> On Feb 2, 2017, at 2:47 PM, Jaime Hablutzel Egoavil <[email protected]>
> wrote:
>
>>> When authenticating to Postfix with a client certificate, is it currently
>>> possible to make Postfix match any of the client certificate subject
>>> attributes (e.g. emailaddress) against the user to be authenticated through
>>> SMTP authentication mechanisms?.
>>
>> No. But policy services can be used to limit particular senders
>> to particular client certificate fingerprints.
>
> You are talking about the "check_ccert_access" directive don't you?
No, I'm talking about policy services:
http://www.postfix.org/SMTPD_POLICY_README.html
http://www.postfix.org/SMTPD_POLICY_README.html#protocol
> Could you point me to clearest documentation or example on doing example
> what you said, i.e. limit particular senders to particular client
> certificate fingerprints.?
request=smtpd_access_policy
...
[email protected]
...
ccert_subject=solaris9.porcupine.org
ccert_issuer=Wietse+20Venema
ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04
--
Viktor.
