Postfix snapshot 20180617, released a few minutes ago, introduces Postfix SMTP client support for multiple deliveries per TLS-encrypted connection. This is not to be confused with closing a connection and reusing some TLS state in a new connection.
Below is a fragment from the RELEASE_NOTES file. Wietse Major changes with snapshot 20180617 ==================================== Preliminary Postfix SMTP client support for multiple deliveries per TLS-encrypted connection. This is primarily to improve mail delivery performance for destinations that throttle clients when they don't combine deliveries. This feature is enabled with "smtp_tls_connection_reuse=yes" in main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps. It supports all Postfix TLS security levels including dane and dane-only. With connection reuse enabled as described above, the Postfix SMTP client uses the tlsproxy(8) server to encrypt a connection (even under low-traffic conditions). The tlsproxy(8) service was introduced in Postfix 2.8, to support STARTTLS in postscreen(8). Under high-traffic conditions, the Postfix SMTP client will use the scache(8) connection cache to store and retrieve open connections. This part already existed for plaintext SMTP, and it works in the same way for TLS-encryped connections. The following illustrates how TLS connections are reused: Initial plaintext SMTP handshake: smtp(8) -> remote SMTP server Reused SMTP/TLS connection, or new SMTP/TLS connection: smtp(8) -> tlsproxy(8) -> remote SMTP server Cached SMTP/TLS connection: scache(8) -> tlsproxy(8) -> remote SMTP server There are a few refinements planned: - Log the TLS properties every time a connection is reused. Currently, the properties are logged when a TLS session is created. - Retire a tlsproxy(8) process after max_idle*max_use seconds, even if it is not idle. This limits the impact of memory leaks in libraries or in Postfix itself.