• Feedback
  • USEnglish

  • Adding MTA-STS on outbound postfix.

So I’m currently running this docker image: GitHub Icon GitHub - Snawoot/postfix-mta-sts-resolver: Daemon which provides TLS client policy for Postfix via socketmap, according to domain MTA-STS policy

GitHub Icon GitHub
GitHub - Snawoot/postfix-mta-sts-resolver: Daemon which provides TLS client policy for Postfix via socketmap, according to domain MTA-STS policy
Daemon which provides TLS client policy for Postfix via socketmap, according to domain MTA-STS policy - Snawoot/postfix-mta-sts-resolver
Daemon which provides TLS client policy for Postfix via socketmap, according to domain MTA-STS policy - Snawoot/postfix-mta-sts-resolver

It’s working great, though I noticed this morning that I had not started the image until after a reboot.
Basically, it checks whether a domain has implemented MTA-STS and uses a postfix tls transport to verify. It works great in all honesty, and I would suggest being added as a mailcow docker pull.
There is no reporting that I’m aware of, so if the devs want to help out, I’m sure it would be appreciated by the developer.

If anyone is wondering, it’s a pretty simple install.

  1. git clone and create storage
  2. add “smtp_tls_policy_maps = socketmap:inet:$HOST:8461:postfix” to extra.cf
  3. start up docker image and add to mailcowdockerized_mailcow-network
  4. restart postfix-mailcow image

Have something to say?

Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

I think anyone serious with Email security should implement DNSSEC and go for RFC 7672 (SMTP with DANE) (set postfix smtp_tls_security_level to dane).

No one is typing