Viktor Dukhovni:
>
> > On Jul 31, 2017, at 10:55 AM, Wietse Venema <wie...@porcupine.org> wrote:
> >
> > Postfix does not implement TLS-related Milter macros. That would
> > require some new code. Currently, the cleanup daemon does not know
> > anything about TLS, so getting that info from the smtpd(8) process
> > would also require some new code.
>
> It sure looks to me like smtpd (at EHLO time) supports:
>
> src/milter/milter.h:#define S8_MAC_TLS_VERSION "{tls_version}"
> src/milter/milter.h:#define S8_MAC_CIPHER "{cipher}"
> src/milter/milter.h:#define S8_MAC_CIPHER_BITS "{cipher_bits}"
> src/milter/milter.h:#define S8_MAC_CERT_SUBJECT "{cert_subject}"
> src/milter/milter.h:#define S8_MAC_CERT_ISSUER "{cert_issuer}"
>
> I don't know what milters expect to find in "{cert_issuer}" and
> "{cert_subject}". The CN or the full DN (and if so in what
> encoding). We provide CNs, but perhaps Sendmail provides
> DNs?
I looked at the code for the cleanup daemon which is TLS unaware.
So the corrected reply would be that we may have partial support.
Wietse
