Comments (3)
Another idea to secure local server configurations using MTA-STS:
- Check if we have the MTA-STS policy set (try to get it, check if our hostname is listed in
mx
directives). - If policy exists and applied for us - reject messages sent over plain-text connections.
- Add configuration directive to disallow plain-text submission manually
from maddy.
First two points may break interoperability with non-MTA-STS-capable senders, so I guess it makes sense to leave them out by default and instead add option to disable unencrypted sessions. Same goes for #50.
In the light of HTTP endpoint design mentioned in #67, we might want to add endpoint to allow easier configuration for MTA-STS:
mta_sts {
endpoint https://0.0.0.0:443 # can be ommited, implied by default
max_age 600 # seconds
mx *.asd.sd
# our hostname is added implicitly
}
from maddy.
First two points may break interoperability with non-MTA-STS-capable senders, so I guess it makes sense to leave them out by default and instead add option to disable unencrypted sessions.
Yes. It's the sender's responsibility to check the MTA-STS policy. Indeed, we can always add an option to disable unencrypted sessions.
In the light of HTTP endpoint design mentioned in #67, we might want to add endpoint to allow easier configuration for MTA-STS
I'd really like MTA-STS to be enabled by default. It's an important part of e-mail security. Without it, encryption is basically useless (because of downgrade attacks).
from maddy.
Related Issues (20)
- Check the From header for inbound mail HOT 2
- Bug report: ssl cert expired for docs site HOT 6
- Strict CRLF check in SMTP protocol
- Unable to start Ubuntu 22.04.3 LTS aarch64 HOT 8
- [Feature request] auto configure DKIM key via libdns HOT 2
- Bug report: submission: listening on tls://0.0.0.0:465 not open HOT 1
- cannot specify tls_client directive HOT 4
- Feature request: additional infos in "queue: delivered" logging HOT 1
- Feature request System command filter. run_on header
- queue: infinite retries after reducing max_tries and bogus retry interval HOT 2
- cross compilation error : pq.Error does not implement error (method Error has pointer receiver) HOT 2
- Documentation for aliases
- Feature request: Make the DMARC check to be enforced regardless of DMARC record existence
- Specifying `tls_client` on `target.smtp` crashes at startup
- conn_max_idle_time ignored leading to remote: QUIT error
- does smtp send mail must be 25 port of targe host? HOT 3
- Website is down HOT 2
- SORT should return UIDs but returns none HOT 1
- outdated docs default tls version
- Strange Behavior with fetchmail
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from maddy.