Hello,
Here is my submission definition on *server* master.cf:
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_fingerprint_digest=sha1
# -o relay_clientcerts=hash:/etc/postfix/relay_clientcerts
# -o
smtpd_client_restrictions=permit_tls_clientcerts,permit_sasl_authenticated,reject
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o content_filter=dkimproxy:[127.0.0.1]:10028
That I turned into:
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_fingerprint_digest=sha1
-o relay_clientcerts=hash:/etc/postfix/relay_clientcerts
-o
smtpd_client_restrictions=permit_tls_clientcerts,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o content_filter=dkimproxy:[127.0.0.1]:10028
File /etc/postfix/relay_clientcerts contains client certificate
retreived by running: openssl x509 -fingerprint -sha1 -in
/etc/ssl/certs/ssl-cert-snakeoil.pem then a space the the client hostname
On *client* main.cf contains the following:
smtp_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtp_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtp_use_tls = yes
relayhost = [server.hostname.com]:587
But when I send an email, server says:
postfix/submission/smtpd[569]: NOQUEUE: reject: RCPT from
unknown[1.2.3.4]: 554 5.7.1 <unknown[1.2.3.4]>: Client host rejected:
Access denied....
Can someone give me a hint to get this working ?
Thanks in advance,
Regards, Adam.