[SOLVED] Mutual TLS

  • Like
Reactions: MartinH
That's not possible directly via the GUI.
PMG itself has no support for this, but it seems Postfix can be configured [0].

Setting this option in postfix will add the requirement for every client to provide a certificate. This in turn can lead to issues if clients don't provide one [1].


[0] http://www.postfix.org/TLS_README.html#server_vrfy_client
[1] http://www.postfix.org/TLS_README.html#client_tls_limits

Hi, thanks for your fast reply.

Sorry for the misunderstanding. We need to send mails form Proxmox Mail GW to a server which require mutual TLS. So we need to provide our certificate to the remote mail server.
 
I'm sorry, I missed that.

If you require your postfix to present a client certificate to a server you send mails to, then the following applies:
http://www.postfix.org/TLS_README.html#client_cert_key

This comes with its own issues again though.
Thank you very much Mira

That's works perfect, but I am a little bit worry about: "Client certificates are not usually needed, and can cause problems in configurations that work well without them."

What kinds of problems should I expect? I it possible to do this setting only for one remote server?
 
That I can't answer. We don't have experience with that kind of a setup and it's not supported by us.

But I assume some mail servers can't handle it if a sending server sends a client certificate?
 
  • Like
Reactions: MartinH

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!