I've finally found some time to forward-port UCSPI-TLS to
mailfront-0.96. The changes are quite minimal. You can find the
latest version here:

http://www.suspectclass.com/~sgifford/ucspi-tls/mailfront-0.96-ucspitls-0.1.patch
http://www.suspectclass.com/~sgifford/ucspi-tls/mailfront-0.96-ucspitls-0.1.readme

The patch enhances mailfront's SMTP, POP, and IMAP with support for
UCSPI-TLS:

http://www.suspectclass.com/~sgifford/ucspi-tls/ucspi-tls.txt

The changes cause the frontends to recognize a request to begin TLS
encryption and pass the request along to a parent server. The actual
SSL implementation is in a tcpserver-style server, and can run all
client-directed encryption operations in a chroot jail with reduced
privileges, for much increased security. This is currently
implemented as a patch:

http://www.suspectclass.com/~sgifford/ucspi-tls/

to ucspi-ssl:

http://www.superscript.com/ucspi-ssl/intro.html

I've run a previous version of this software for about 8 months on the
machine of a consulting client, and it's worked quite well. Please
send along any questions, comments, or bug reports to me, or the
appropriate mailing list.

Thanks,

---ScottG.