Wietse Venema:
> Wietse Venema:
> > I have built an event-driven TLS proxy for postscreen(8). This
> > addresses the problem that postscreen(8) could not be used when
> > SMTP clients require STARTTLS support.
> >
> > The new daemon is called starttlsd(8). When a non-whitelisted (*)
> > SMTP client sends a STARTTLS command, postscreen(8) will hand off
> > the connection to starttlsd(8) and read/write the plaintext to/from
> > starttlsd(8).
> >
> > The challenge was that one starttlsd(8) must be able to handle the
> > TLS <=> plaintext translation for more than one SMTP client, but
> > thanks to careful planning, it worked out of the box.
>
> This is uploaded as postfix-2.8-20101230-nonprod. The code has had
> limited testing, so keep an eye on things if you intend to expose
> it to the network.
Updated to postfix-2.8-20101231-nonprod, with minor fixes from
Victor and Christian, and with extra safety nets against deadlock
that will hopefully never be needed.
Wietse
