John Bucy

I'm happy that Vishal is taking the lead here but I would like to see a little more discussion about the requirements perhaps on #19765

Hi Vishal, glad to connect! I wrote a [doc ](https://docs.google.com/document/d/1F2yRVulML-qdoQkXzWIv5DPumKDSTvIQGr-MZxluEQ0/edit) detailing my assumptions for STARTTLS. I think the implementation in #27437 supports some more use cases that I think are...

Vishal and I had a call last night to discuss, here are some general notes from the call, I'll add some more specific discussion topics in separate comments. Vishal’s org...

I think the current state of the tracing/deep protocol inspection code has some limitations and it will take some iteration to make it work with an MTA such as postfix...

would the postfix [XCLIENT](https://www.postfix.org/XCLIENT_README.html) extension work for you instead of x-req-id? I was planning on adding this once we get basic starttls done

STARTTLS, in the current state of the code here: - the server must advertise the capability - the client must initiate STARTTLS command - if client/downstream sends starttls and server/upstream...

> cc @jsbucy Thanks very much for your hard work and response. > > Then could you help to review this PR also? I think we still need some owner...

@VishalDamgude are you using this with upstream_ssl enabled or disabled?