Paul Menzel:
> Dear Postfix folks,
>
>
> On 02/19/18 20:11, Wietse Venema wrote:
> > Jonathan S?lea:
> >>>> [...]. One can of course automate periodic SMTP TLS policy
> >>>> updates from the STS URIs of a handful of providers, and let the
> >>>> usual outbound TLS policy take care of the rest:
> >>>>
> >>>> http://www.postfix.org/TLS_README.html#client_tls_policy
> >>> I'm much in favor of reusing the Postfix SMTP client's TLS policy
> >>> lookup mechanism for this, for example
> >>>
> >>> smtp_policy_maps = socketmap:inet:host:port:name
> >>>
> >>> and to extend the policy map feature set as needed.
> >>>
> >>> If the (key, value) interface turns out to be too restrictive, this
> >>> interface could be generalized towards something like the SMTP
> >>> server access policy delegation protocol (possibly with multiple
> >>> commands, multiple request attributes, or multiple reply attributes).
> >>>
> >>> Like DKIM/DMARC I do not think that complex policies like STS should
> >>> be built into core Postfix SMTP components.
> >>>
> >>
> >> It sounds like it is a fairly "easy" implementation? If so, when can
> >> expect a testing version for this?
> >
> > By my estimate this would involve multiple weeks of sustained effort
> > by a highly-skilled person. The elapsed time would be considerably
> > longer because Postfix maintainers have real jobs, don't take time
> > off to do work on the side, and STS development would compete with
> > other Postfix development. I would not even estimate the year of
> > completion.
> >
> > The bulk of Postfix SMTPUTF8 support was done by a developer who
> > acquired sponsorship from CNNIC (I spent some time to make it nice).
> > If you have 10 grand lying around, maybe you can find someone.
>
> $10.000 doesn?t seem a lot judging from all the companies and
> organizations using Postfix in their critical infrastructure.
>
> Are Postfix developers and companies listed somewhere, which could
> give a quote for the implementation?
The two developers are fully employed and can't take money; if
someone can provide a viable design, then I think that we would
consider it. This could be hashed out on the postfix-devel list.
> If not, could interested people please reply with their contact
> detail?
Wietse
