Providing a client certification to a remote server when acting as a relay

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
rcroteau
New user
New user
Posts: 1
Joined: 2019-11-14 20:56

Providing a client certification to a remote server when acting as a relay

Post by rcroteau » 2019-11-15 03:54

HI,

I have a requirement to present a client certificate to the remote SMTP server I'm relaying to. Going thru the docs, forums and googling around, I've come to the conclusion that hMailServer doesn't allow for that requirement for now.

Am I correct in my assessment or have I missed something :?:

mikedibella
Normal user
Normal user
Posts: 230
Joined: 2016-12-08 02:21

Re: Providing a client certification to a remote server when acting as a relay

Post by mikedibella » 2019-11-15 06:03

You can do that with stunnel.

The config would look something like this:

Code: Select all

[SMTPwithClientAuth]
client = yes
accept = 127.0.0.1:2525
connect = smtp.remote-server.com:465
delay = yes
CAFile = remote-server-root-certificate.pem
Cert = my-client-certificate.pem
key = my-client-certificate.key
verify = 2
Point your Route to localhost:2525 without SSL/TLS and stunnel will connect to smtp.remote-server.com on port 465, negotiating TLS and verifying the remote's server certificate is signed by remote-server-root-certificate.pem and presenting my-client-certificate.pem as the client certificate.

Post Reply