Is there a possibility in cloudron to propagate a mta-sts policy?
7dowWilkes last edited by girish
is there a way in cloudron to propagate a mts-sts-policy?
For this a txt-file would have to be accessible under a certain domain, e.g. https://mta-sts.domain.org/.well-known/mta-sts.txt
If there is not something like this in cloudron yet, would this be implementable in principle?
Many thanks and greetings
micmc last edited by micmc
@7dowWilkes Sounds like a great idea to me, if it can possibly be implemented. +1
jdaviescoates last edited by
I'd never heard of this so I did a search and found this about it from the UK Gov't
you can find the RFC - Proposed Standard at https://datatracker.ietf.org/doc/rfc8461/
you only need 3 records in your dns:
- _mta-sts.example.com. IN TXT "v=STSv1; id=20160831085700Z;" --> the id is a time-stamp for the policy
- _smtp._tls.example.com. IN TXT "v=TLSRPTv1; rua=mailto:firstname.lastname@example.org" --> for error analysis and for an MTA-STS validator
- mta-sts.example.com. IN A IP-of-your-webserver --> to propagate the policy under https://mta-sts.example.com/.well-known/mta-sts.txt
The policy could look like this:
instead of enforce you can also choose "testing" or "none"
see also https://support.google.com/a/answer/9276511?hl=en
cloudron would therefore "only" need a central webservice via which the policy under ".well-known/mta-sts.txt" could be published to the respective domains in cloudron
the dns entries could also be set automatically by cloudron or once manually by the domain-owner
@7dowWilkes the problem for me is actually the webserver, which has to make the policy available. probably this is the actual feature-request, if cloudron doesn't offer this possibility yet
@girish perfect! That's cool
That suggestion in turn came from https://forum.cloudron.io/topic/2315/cloudron-email-feature-improvements-ideas