> On Jul 31, 2017, at 10:55 AM, Wietse Venema <wie...@porcupine.org> wrote:
>
> Postfix does not implement TLS-related Milter macros. That would
> require some new code. Currently, the cleanup daemon does not know
> anything about TLS, so getting that info from the smtpd(8) process
> would also require some new code.
It sure looks to me like smtpd (at EHLO time) supports:
src/milter/milter.h:#define S8_MAC_TLS_VERSION "{tls_version}"
src/milter/milter.h:#define S8_MAC_CIPHER "{cipher}"
src/milter/milter.h:#define S8_MAC_CIPHER_BITS "{cipher_bits}"
src/milter/milter.h:#define S8_MAC_CERT_SUBJECT "{cert_subject}"
src/milter/milter.h:#define S8_MAC_CERT_ISSUER "{cert_issuer}"
I don't know what milters expect to find in "{cert_issuer}" and
"{cert_subject}". The CN or the full DN (and if so in what
encoding). We provide CNs, but perhaps Sendmail provides
DNs?
--
Viktor.
