Dear Postfix folks,
On 02/19/18 20:11, Wietse Venema wrote: > Jonathan Sélea: >>>> [...]. One can of course automate periodic SMTP TLS policy >>>> updates from the STS URIs of a handful of providers, and let the >>>> usual outbound TLS policy take care of the rest: >>>> >>>> http://www.postfix.org/TLS_README.html#client_tls_policy >>> I'm much in favor of reusing the Postfix SMTP client's TLS policy >>> lookup mechanism for this, for example >>> >>> smtp_policy_maps = socketmap:inet:host:port:name >>> >>> and to extend the policy map feature set as needed. >>> >>> If the (key, value) interface turns out to be too restrictive, this >>> interface could be generalized towards something like the SMTP >>> server access policy delegation protocol (possibly with multiple >>> commands, multiple request attributes, or multiple reply attributes). >>> >>> Like DKIM/DMARC I do not think that complex policies like STS should >>> be built into core Postfix SMTP components. >>> >> >> It sounds like it is a fairly "easy" implementation? If so, when can >> expect a testing version for this? > > By my estimate this would involve multiple weeks of sustained effort > by a highly-skilled person. The elapsed time would be considerably > longer because Postfix maintainers have real jobs, don't take time > off to do work on the side, and STS development would compete with > other Postfix development. I would not even estimate the year of > completion. > > The bulk of Postfix SMTPUTF8 support was done by a developer who > acquired sponsorship from CNNIC (I spent some time to make it nice). > If you have 10 grand lying around, maybe you can find someone. $10.000 doesn’t seem a lot judging from all the companies and organizations using Postfix in their critical infrastructure. Are Postfix developers and companies listed somewhere, which could give a quote for the implementation? If not, could interested people please reply with their contact detail? Kind regards, Paul
smime.p7s
Description: S/MIME Cryptographic Signature