Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLSRPT support (RFC 8460) #107

Open
wietse-postfix opened this issue Sep 2, 2024 · 0 comments
Open

TLSRPT support (RFC 8460) #107

wietse-postfix opened this issue Sep 2, 2024 · 0 comments
Assignees
@Snawoot
Labels
enhancement New feature or request

Comments

@wietse-postfix
Copy link

Hello, I'm the main author of the Postfix mail server. I am adding TLSRPT supprt (RFC 8460). To make that work with the MTA-STS plugin I extended the Postfix smtp_tls_policy_maps syntax with a number of attributes that are useful in TLSRPT reports, such as:

  • MTA-STS policy domain name and policy strings,
  • MX host patterns,

I also added:

  • Optional failure attribute that forces a verification failure when a certificate would satisfy conventional PKI. "forced failure" is needed in DANE support ,but I can remove this is if MTA-STS does not need it.

I'd like to solicit feedback on https://www.postfix.org/TLSRPT_README.html; of particular interest are the sections on "MTA-STS Support" and "Limitations". Questions and suggestions are welcome.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Snawoot Snawoot

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Snawoot @wietse-postfix