smtpd: document "pki" option for relay delivery in smtpd.conf(5)

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

smtpd: document "pki" option for relay delivery in smtpd.conf(5)

Nick Gasson
Hi,

I struggled a bit to configure smtpd to relay to a remote server that
requires SSL client certificates. The solution is to just add a "pki
host.example.org" option, but "pki" is not listed as a valid option for
the relay delivery method, even though the parser accepts it.

Index: smtpd.conf.5
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v
retrieving revision 1.251
diff -u -p -u -p -r1.251 smtpd.conf.5
--- smtpd.conf.5        27 Aug 2020 08:58:30 -0000      1.251
+++ smtpd.conf.5        13 Sep 2020 12:37:03 -0000
@@ -280,6 +280,14 @@ and
 .Dq smtps
 protocols for authentication.
 Server certificates for those protocols are verified by default.
+.It Cm pki Ar pkiname
+For secure connections,
+use the certificate associated with
+.Ar pkiname
+(declared in a
+.Ic pki
+directive)
+to prove the client's identity to the remote mail server.
 .It Cm srs
 When relaying a mail resulting from a forward,
 use the Sender Rewriting Scheme to rewrite sender address.

--
Thanks,
Nick

Reply | Threaded
Open this post in threaded view
|

Re: smtpd: document "pki" option for relay delivery in smtpd.conf(5)

Todd C. Miller-3
On Sun, 13 Sep 2020 20:45:35 +0800, Nick Gasson wrote:

> I struggled a bit to configure smtpd to relay to a remote server that
> requires SSL client certificates. The solution is to just add a "pki
> host.example.org" option, but "pki" is not listed as a valid option for
> the relay delivery method, even though the parser accepts it.

Looks good to me.  Anyone else want to OK this?

 - todd

Reply | Threaded
Open this post in threaded view
|

Re: smtpd: document "pki" option for relay delivery in smtpd.conf(5)

Giovanni Bechis-7
On 9/13/20 11:09 PM, Todd C. Miller wrote:

> On Sun, 13 Sep 2020 20:45:35 +0800, Nick Gasson wrote:
>
>> I struggled a bit to configure smtpd to relay to a remote server that
>> requires SSL client certificates. The solution is to just add a "pki
>> host.example.org" option, but "pki" is not listed as a valid option for
>> the relay delivery method, even though the parser accepts it.
>
> Looks good to me.  Anyone else want to OK this?
>
>  - todd
>
ok giovanni@

 Cheers
  Giovanni

Reply | Threaded
Open this post in threaded view
|

Re: smtpd: document "pki" option for relay delivery in smtpd.conf(5)

Todd C. Miller-3
In reply to this post by Nick Gasson
On Sun, 13 Sep 2020 20:45:35 +0800, Nick Gasson wrote:

> I struggled a bit to configure smtpd to relay to a remote server that
> requires SSL client certificates. The solution is to just add a "pki
> host.example.org" option, but "pki" is not listed as a valid option for
> the relay delivery method, even though the parser accepts it.

Committed.

 - todd