>> [...]. One can of course automate periodic SMTP TLS policy >> updates from the STS URIs of a handful of providers, and let the >> usual outbound TLS policy take care of the rest: >> >> http://www.postfix.org/TLS_README.html#client_tls_policy > I'm much in favor of reusing the Postfix SMTP client's TLS policy > lookup mechanism for this, for example > > smtp_policy_maps = socketmap:inet:host:port:name > > and to extend the policy map feature set as needed. > > If the (key, value) interface turns out to be too restrictive, this > interface could be generalized towards something like the SMTP > server access policy delegation protocol (possibly with multiple > commands, multiple request attributes, or multiple reply attributes). > > Like DKIM/DMARC I do not think that complex policies like STS should > be built into core Postfix SMTP components. > It sounds like it is a fairly "easy" implementation? If so, when can expect a testing version for this? I will gladly test this! -- Jonathan
0x94B964DD.asc
Description: application/pgp-keys
smime.p7s
Description: S/MIME Cryptographic Signature