This is a development build of Courier.
• Cleanup of the internal DNS resolver. Get rid of the default global
instance, force explicit instantiation and destruction of the resolver
object. Add support for DNSSEC, not used for anything, right now.
I'd like to make a small request, if you have a few spare minutes. Download
and compile this build. You do not need to install it, just run
"testmxlookup" that gets built in the courier subdirectory, like this:
testmxlookup -dnssec <domain>
You should get back a list of MX records for the specified domain, as usual.
In the event that someone does happen to have working DNSSEC, each IP
address in the list will be also marked with "(DNSSEC)", but that's not
important, as long as the list of MX IPs is returned at all.
This is to gauge the percentage of population with DNS servers that can't
talk to DNSSEC-enabled clients. In the event that the "-dnssec" option
doesn't work, also try:
testmxlookup -dnssec -udpsize 512 <domain>
• Ignore errors received in response to a STARTTLS request, by default, if
the non-encrypted connection can still be used. Sad state of TLS with SMTP.
Provide an option to revert to previous, hard-line behavior. Provide a hook
to run an external script to report a peer that fails a STARTTLS.