JoshData
commented
6 years ago :+1:
Open justinmayer opened 6 years ago
JoshData
commented
6 years ago :+1:
sydneyli
commented
5 years ago hey, interested in taking a stab at this, and also giving users the option to enable TLSRPT! will try to get something working this wknd.
jookk
commented
4 years ago I see changelog entry about mta-sts and had some reading :O Is it true, that mta-sts needs match https certificate hostname? So box.example.eu mailserver needs https certificate with box.example.eu? In my usage scenario, It wont work, because I have only one public ip and there is another webserver with web apps... Question is, if with mta-sts enabled will be working mail delivery / sending? Thanks all :)
JoshData
commented
4 years ago @jookk MTA-STS won't be activated unless HTTPS certificates are present, so you should be fine.
MTA-STS is a new IETF standard that enables sending downgrade-resistant email over SMTP by piggybacking on the browser Certificate Authority model. Implementing this standard for Mail-in-a-Box would ostensibly mitigate downgrade-to-plaintext attacks on MiaB servers.
IETF standard: https://datatracker.ietf.org/doc/draft-ietf-uta-mta-sts/ Validator: https://aykevl.nl/apps/mta-sts/
The steps for MTA-STS implementation are summarized on the above validator page.