Wietse Venema via Postfix-users wrote in <4ynn0f4f5gzj...@spike.porcupine.org>: |I scanned the draft version 3. On the Postfix side this appears |to involve: | |- For "_smtps._tcp.example.com" SRV responses that don't name the |standard SMTP port, it may be helpful to automatically turn on TLS |wrappermode for a configurable list of service names. This is nice |to have and relatively easy to implement. It takes a few lines |to create a matchlist duriong process startup, and another few lines |to query it. | |- When an SRV response for "_smtps._tcp.example.com" names the |standard SMTP port, the feature overrides a default TLS security |level "may" with "encrypt". This is on/off configurable and needs |a few lines of code in the SMTP client's MX host iterator to |upgrade a default TLS security level from "may" to "encrypt.
Yes, that likely should be it. I even had changed the 550 reply code for STARTTLS-inside-Implicit-TLS to 554 because of postfix. (I thought 550 because of "policy reason", but "transaction failed", whatever.) |I think that is enough analysis. I don't feel compelled to spend |time to actually implement and test this unless there is a viable |path to wide adoption. Jeremy Harris has also not made his adjustment public, he only extended the SRV lookup capabilities to be a list of protocols (likely to be able to easily add _smtps in addition to _smtp, if i try to make some sense of some email words). He said he had to extend a bit more in order to be able to carry the TLS related state adjustments around. Well. This is only partial satisfying ;), but life ain't a wish concert is the saying. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) | |In Fall and Winter, feel "The Dropbear Bard"s pint(er). | |The banded bear |without a care, |Banged on himself for e'er and e'er | |Farewell, dear collar bear _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
