Michael Holzt wrote:
But if the switch to TLS has basically the same effect as opening a new
connection, we should probably run the connect-hook again at that time.
Or we could have an additional 'connect_tls' (or 'connect_restart'?)
hook (which could also be used on port 465 for the deprecated ssmtp).
It is and it isn't the same thing as opening a new connection. I think
of connect() being at the TCP level and everything after EHLO/HELO to be
at the SMTP level. I don't think that it would be appropriate to
generically rerun the connect hook after TLSSTART (but see below).
I consider TLS beeing implemented by unrecognized_command unclean anyway. We
should probably have a special TLS-Hook and TLS is only offered by the core
if a plugin is installed into the TLS-Hook (like AUTH is implemented). This
would also allow to have more than one TLS-Plugin, for example a generic
plugin first, starting a encrypted connection, and a second plugin next,
checking e.g. a client certificate. Would be more flexible imho.
At this point, I think TLS is stable enough that this would be my
preferred route as well. I wonder if it is time to provide a
register_extension() sub that could be used to generically support
extended SMTP commands without having to hack the core every time one
comes around. AUTH could get refitted to use this method then.
In any case, once we have a tls() hook, we can then have a post_tls()
hook which would be the appropriate place to redo any connect()-like
hooks (like the OP wanted).
John
