Viktor Dukhovni:
> [...]. One can of course automate periodic SMTP TLS policy
> updates from the STS URIs of a handful of providers, and let the
> usual outbound TLS policy take care of the rest:
>
> http://www.postfix.org/TLS_README.html#client_tls_policy
I'm much in favor of reusing the Postfix SMTP client's TLS policy
lookup mechanism for this, for example
smtp_policy_maps = socketmap:inet:host:port:name
and to extend the policy map feature set as needed.
If the (key, value) interface turns out to be too restrictive, this
interface could be generalized towards something like the SMTP
server access policy delegation protocol (possibly with multiple
commands, multiple request attributes, or multiple reply attributes).
Like DKIM/DMARC I do not think that complex policies like STS should
be built into core Postfix SMTP components.
Wietse
