I scanned the draft version 3. On the Postfix side this appears
to involve:
- For "_smtps._tcp.example.com" SRV responses that don't name the
standard SMTP port, it may be helpful to automatically turn on TLS
wrappermode for a configurable list of service names. This is nice
to have and relatively easy to implement. It takes a few lines
to create a matchlist duriong process startup, and another few lines
to query it.
- When an SRV response for "_smtps._tcp.example.com" names the
standard SMTP port, the feature overrides a default TLS security
level "may" with "encrypt". This is on/off configurable and needs
a few lines of code in the SMTP client's MX host iterator to
upgrade a default TLS security level from "may" to "encrypt.
I think that is enough analysis. I don't feel compelled to spend
time to actually implement and test this unless there is a viable
path to wide adoption.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
