Hello, First, am I correct in assuming that SASL is something which can be used to pass authentication information coming from the mail client, "through" postfix, into dovecot (in my case) which will then be able to validate the supplied authentication information, and if it checks out, then that "seal of approval" is sent back to postfix, so that it can treat the user as someone being "on the same network" (i.e. being allowed to relay mail bound for an external server)? Next, assuming I got the first part correct, is it possible to configure <subj> to only allow users who have presented a proper (read: fully verified) client certificate to be allowed to relay mails through the server? (i.e. simply supplying username/password authentication would not be sufficient, they must also present a certificate signed by the server's CA). A simple yes/no would suffice, I just want to know if I'm wasting my time trying to figure out how to do it. -- Kind regards, Jan Danielsson
Attachment:
signature.asc
Description: OpenPGP digital signature