On Tue, Jun 19, 2018 at 01:22:53PM -0400, Wietse Venema wrote:
> Unfortunately, this would be suboptimal when a site has muliple MX hosts
> (It may end up making connections to each of them).
>
> Viktor's suggestion to skip the dane cache makes more sense.
>
> Viktor, cache wshould terminate after "postfix reload".
In that case, perhaps the below will work?
diff --git a/src/smtp/smtp_tls_policy.c b/src/smtp/smtp_tls_policy.c
index 13735b21..b5f72376 100644
--- a/src/smtp/smtp_tls_policy.c
+++ b/src/smtp/smtp_tls_policy.c
@@ -824,6 +824,20 @@ static void dane_init(SMTP_TLS_POLICY *tls, SMTP_ITERATOR
*iter)
dane_incompat(tls, iter, NONDANE_DEST, "non DNSSEC destination");
return;
}
+
+ /*
+ * Without the context of a particular MX host, the nexthop is merely a
+ * opportunistic "candidate" for DANE policy. Just return "may" for now.
+ *
+ * XXX: This state should only be reached from smtp_reuse_session(),
+ * perhaps add a safety flag in iter that is co-requisite with a NULL
+ * iter->rr, or else panic?
+ */
+ if (!iter->rr) {
+ tls->level = TLS_LEV_MAY;
+ return;
+ }
+
/* When TLSA lookups fail, we defer the message */
if ((dane = tls_dane_resolve(iter->port, "tcp", iter->rr,
var_smtp_tls_force_tlsa)) == 0) {
--
Viktor.
