We were using postfix to deliver bulk mail (email newsletters) to a mail relay. When TLS was disabled, Postfix was able to open up multiple connections to the relay and reuse these connections for some period of time, maintaining a high send rate with minimal RTT due to TCP connection.
After enabling TLS, postfix delivery was much slower, and packet capture revealed the connection reset after each message was delivered. Postfix documentation confirms there is no connection reuse with TLS. Unfortunately this dramatically slows down delivery to the relay because of the RTT overhead of new TCP connections.
We switched to having our app do SMTP delivery directly to the relay with connection reuse (using a standard SMTP library), rather than delivering to the local postfix instance.
This was a reasonable work-around for us. But we'd love to have postfix on hand to queue and deliver mail to the relay, if it were possible to optimize the STARTTLS support.
(In case you're curious why rapid delivery of bulk mail matters, even bulk mail can be time sensitive: for example, advocacy organizations ask subscribers to tweet or call their elected representative that morning.)
--mark B.
signature.asc
Description: OpenPGP digital signature
