Postfix TLS connection reuse will improve delivery performance,
especially for sites that punish clients that send one message per
connection. This feature is evolving in a 'non-production' Postfix
release, currently postfix-3.4-20180603-nonprod.
Instead of changing how Postfix schedules deliveries, this builds
on the Postfix connection caching infrastructure that already exists
for plaintext connections. The idea then is to also use that cache
for TLS connections.
Of course there must be a clear distinction between connections
with different TLS properties, so that a less secure connection
will not be reused when a more secure connection is needed.
The high-level architecture looks like this:
Initial SMTP handshake:
smtp(8) -> remote SMTP server
Reused TLS session, or new TLS session:
smtp(8) -> tlsproxy(8) -> remote SMTP server
Cached TLS session:
scache(8) -> tlsproxy(8) -> remote SMTP server
The implementation will support all security levels including DANE.
The code needs some more polishing and testing. I expect that it
will become part of the regular release this summer.
Wietse
