Paul Menzel: > Dear Postfix folks, > > > On 02/19/18 20:11, Wietse Venema wrote: > > Jonathan S?lea: > >>>> [...]. One can of course automate periodic SMTP TLS policy > >>>> updates from the STS URIs of a handful of providers, and let the > >>>> usual outbound TLS policy take care of the rest: > >>>> > >>>> http://www.postfix.org/TLS_README.html#client_tls_policy > >>> I'm much in favor of reusing the Postfix SMTP client's TLS policy > >>> lookup mechanism for this, for example > >>> > >>> smtp_policy_maps = socketmap:inet:host:port:name > >>> > >>> and to extend the policy map feature set as needed. > >>> > >>> If the (key, value) interface turns out to be too restrictive, this > >>> interface could be generalized towards something like the SMTP > >>> server access policy delegation protocol (possibly with multiple > >>> commands, multiple request attributes, or multiple reply attributes). > >>> > >>> Like DKIM/DMARC I do not think that complex policies like STS should > >>> be built into core Postfix SMTP components. > >>> > >> > >> It sounds like it is a fairly "easy" implementation? If so, when can > >> expect a testing version for this? > > > > By my estimate this would involve multiple weeks of sustained effort > > by a highly-skilled person. The elapsed time would be considerably > > longer because Postfix maintainers have real jobs, don't take time > > off to do work on the side, and STS development would compete with > > other Postfix development. I would not even estimate the year of > > completion. > > > > The bulk of Postfix SMTPUTF8 support was done by a developer who > > acquired sponsorship from CNNIC (I spent some time to make it nice). > > If you have 10 grand lying around, maybe you can find someone. > > $10.000 doesn?t seem a lot judging from all the companies and > organizations using Postfix in their critical infrastructure. > > Are Postfix developers and companies listed somewhere, which could > give a quote for the implementation?
The two developers are fully employed and can't take money; if someone can provide a viable design, then I think that we would consider it. This could be hashed out on the postfix-devel list. > If not, could interested people please reply with their contact > detail? Wietse