> On Apr 5, 2026, at 7:58 AM, Wietse Venema via Postfix-users > <[email protected]> wrote: > > Dan Mahoney via Postfix-users: >> Folks, >> >> Are these features on the roadmap in the future in mainline at any >> point, or is the current way of doing things (snawoot's mta-sts-resolver >> and sys4's libtlsrpt) basically the canonical method? >> >> The postfix port under FreeBSD isn't linked against the tlsrpt >> libs, although I've asked the maintainer if it's possible. > > There are no short-term plans to build a libtlsrpt client into > Postfix. That might happen after the client-server protocol has > been stable for a few years. > > Before we can even think of building STS into Postfix, its SMTP TLS > policy support needs to be overhauled first. Viktor and I have been > thinking on and off about that since 2022 (instead of one level, > one would configure a range, or a collection of levels). > > Additionally, STS requires an HTTPS client. This involves a) dragging > in a large C library dependency (never!), b) re-inventing that wheel > with Postfix C code, or c) implementing it in a better language > that has decent HTTPS support.
At least libcurl is a common dependency for a lot of things, it may be better received by package maintainers than "just this one weird library for this one weird edge-case that solves an already-solved problem in a dumb way but that corporate compliance officers may ask you to support". But I completely grok your position. Thanks Wietse, -Dan _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
