This list should be much longer, but I am too lazy to type :)
The listing does not really follow priority.

* Take better care of the private key. Possibly a seperate service process
  running with different privileges (not postfix, not root) could be realized.
  This way, if a the postfix user is compromised, the TLS information is
  still protected.

* Realize checking of the peers identity not only based on the CommonName
  field but also (or even better?) using dNSName entries (there can be more
  than one) in the X509v3 extensions.
  Respective discussion was on ietf-apps-tls@imc.org.
  [-> will become possible starting with OpenSSL-0.9.5, since it includes
  enhanced X509v3 handling.]

* Cleanup the "pfixtls" special logging, so that it fits Wietses original
  "per site" decision to make debugging easier.

* Check the "info_callback" for sensitive use. I already had to remove the
  "warning alert" issued on normal shutdown. Why is a warning issued for
  a normal shutdown??

* Check the verify callback for certificates. It was just taken from the
  sample in s_cb.c, but I never really understood it.

* Read carefully the ugly mess called "OpenSSL source code" to find out
  where, when and how memory is allocated and deallocated when dealing
  with session caching. The documenation is no help here and I am afraid
  that there might be memory leakage. It is not to severe, as a session
  is approx 2kB and smtp and smtpd lifetime is limited, but it is not
  really clean.
  [-> Has lost some of its importance since session caching is now done
  outside the SSL_CTX...]

* RFC2246 requires that cached sessions are removed in the case of failures.
  For the server side this is implemented. For the client side, I need to
  check the state and pass the necessary information through "smtp", as
  the information is not available, when the TLS shutdown is called.

* Check out and included Till Frankes (SuSE) AUTH extension for postfix.
  [-> will be realized eventually once AUTH is part of postfix mainstream.]
