> >> [...]. One can of course automate periodic SMTP TLS policy
> >> updates from the STS URIs of a handful of providers, and let the
> >> usual outbound TLS policy take care of the rest:
> >> http://www.postfix.org/TLS_README.html#client_tls_policy
> > I'm much in favor of reusing the Postfix SMTP client's TLS policy
> > lookup mechanism for this, for example
> > smtp_policy_maps = socketmap:inet:host:port:name
> > and to extend the policy map feature set as needed.
> > If the (key, value) interface turns out to be too restrictive, this
> > interface could be generalized towards something like the SMTP
> > server access policy delegation protocol (possibly with multiple
> > commands, multiple request attributes, or multiple reply attributes).
> > Like DKIM/DMARC I do not think that complex policies like STS should
> > be built into core Postfix SMTP components.
> It sounds like it is a fairly "easy" implementation? If so, when can
> expect a testing version for this?
By my estimate this would involve multiple weeks of sustained effort
by a highly-skilled person. The elapsed time would be considerably
longer because Postfix maintainers have real jobs, don't take time
off to do work on the side, and STS development would compete with
other Postfix development. I would not even estimate the year of
The bulk of Postfix SMTPUTF8 support was done by a developer who
acquired sponsorship from CNNIC (I spent some time to make it nice).
If you have 10 grand lying around, maybe you can find someone.
> I will gladly test this!
Sure you will.