On Tue, May 12, 2015 at 01:06:14PM +0200, Johannes L??thberg wrote: > On 12/05, Gilles Chehade wrote: > >On Mon, May 11, 2015 at 10:43:23PM +0200, Johannes L??thberg wrote: > >>There is one server which has a feature to automatically save domains to a > >>whitelist to always force TLS on, though I don't remember which one. It > >>seems like it could be nice to implement if it wouldn't be too hard. > >> > > > >table validcrt file:/etc/mail/hosts-with-valid-certs > >accept for domain <validcrt> relay tls verify > > > > That requires checking for them manually though, instead of having OpenSMTPD > cache them itself. >
Nothing a script / filter can't achieve ;-) > >>That's cool, do you have it public somewhere? And do you know how much work > >>it would be to support DNSSEC in libasr? > >> > > > >Nope, it's nowhere public, it is a proof of concept I wrote last weekend > >to see how much effort would be required in OpenSMTPD to support it. The > >code relies on a hack because the lka.c code needs a huge refactor if we > >want it to fit in. I have started working on it, but right now the focus > >is on the upcoming major release. > > > > Ah, I see. So, do you think it would require a lot of effort to support it > properly? No rush of course, I'm just interested. > It is not a huge amount of work, but it is invasive work that requires a fair amount of focus, as well as being able to spend a few days fully on this refactor. Given how much work I have these days, I can't find enough spare time to focus on this, not to mention that we have to get the next major release out so we no longer have to deal with so many branches ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
