Mailing List Archive

From:: Josh Rickmar <jrick@zettaport.com>
Subject:: Document 'smtps verify' in smtpd.conf(5)
To:: tech@openbsd.org
Date:: Sat, 10 May 2025 11:03:41 -0400

Download raw body.

Thread

2025-05-10 15:03 Josh Rickmar:
Document 'smtps verify' in smtpd.conf(5)
- 2025-05-10 19:00 Omar Polo:
  Document 'smtps verify' in smtpd.conf(5)

'listen on ... smtps' has an optional verify option to require valid
client certificates, just like tls-require.

diff /usr/src
path + /usr/src
commit - 688324ca4b6c1798f8866b037dac8edbf1d58395
blob - 910f94f7c91be7a95bb15e72eadabb9b207d84bd
file + usr.sbin/smtpd/smtpd.conf.5
--- usr.sbin/smtpd/smtpd.conf.5
+++ usr.sbin/smtpd/smtpd.conf.5
@@ -530,10 +530,14 @@ In addition, if the
 option is provided,
 the From header is rewritten
 to match the sender provided in the SMTP session.
-.It Cm smtps
+.It Cm smtps Op Cm verify
 Support SMTPS, by default on port 465.
 Mutually exclusive with
 .Cm tls .
+With the
+.Cm verify
+option, clients must also provide a valid certificate
+to establish an SMTP session.
 .It Cm tag Ar tag
 Clients connecting to the listener are tagged with the given
 .Ar tag .

2025-05-10 15:03 Josh Rickmar:
Document 'smtps verify' in smtpd.conf(5)
- 2025-05-10 19:00 Omar Polo:
  Document 'smtps verify' in smtpd.conf(5)