Hi, I struggled a bit to configure smtpd to relay to a remote server that requires SSL client certificates. The solution is to just add a "pki host.example.org" option, but "pki" is not listed as a valid option for the relay delivery method, even though the parser accepts it.
Index: smtpd.conf.5 =================================================================== RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v retrieving revision 1.251 diff -u -p -u -p -r1.251 smtpd.conf.5 --- smtpd.conf.5 27 Aug 2020 08:58:30 -0000 1.251 +++ smtpd.conf.5 13 Sep 2020 12:37:03 -0000 @@ -280,6 +280,14 @@ and .Dq smtps protocols for authentication. Server certificates for those protocols are verified by default. +.It Cm pki Ar pkiname +For secure connections, +use the certificate associated with +.Ar pkiname +(declared in a +.Ic pki +directive) +to prove the client's identity to the remote mail server. .It Cm srs When relaying a mail resulting from a forward, use the Sender Rewriting Scheme to rewrite sender address. -- Thanks, Nick