Comments (5)
Snawoot
commented on June 14, 2024
Hello,
This is already covered for Postfix in README: https://github.com/Snawoot/postfix-mta-sts-resolver#operability-check
I'm not sure about Sendmail because I've never tried it with pmsr and integration with pmsr in Sendmail is relatively new. I'll leave this issue open, maybe other people may suggest any difference in logs which or anything what allows to validate correctness of setup.
from postfix-mta-sts-resolver.
dilyanpalauzov
commented on June 14, 2024
To validate the lookup in sendmail one has to call
# sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> /map sts github.com
map_lookup: sts (github.com) no match (68)
> /map sts microsoft.com
map_lookup: sts (microsoft.com) returns secure match=.mail.protection.outlook.com servername=hostname (0)
>
My question was rather about a site, which on purpose has misconfigured its MTA-STS setup. Thus, when a sender has properly configured MTA-STS for outbound mails, writing to that site will fail.
from postfix-mta-sts-resolver.
Snawoot
commented on June 14, 2024
@dilyanpalauzov Ah, now I get it. I also was collaborating with STARTTLS Everywhere project, there was an idea to build something like https://badssl.com/ but for MTA-STS. It was never implemented, though. Would be nice if somebody will make it.
from postfix-mta-sts-resolver.
dilyanpalauzov
commented on June 14, 2024
I raised the question on the ietf-smtp maling list - https://mailarchive.ietf.org/arch/msg/ietf-smtp/59u831ZQlnhGhTmmmcxDwboxZyk/ .
from postfix-mta-sts-resolver.
Related Issues (20)
- Client tls issue when using unix socket instead of inet tcp HOT 3
- dependencies unclear HOT 1
- Support unix sockets for daemon HOT 2
- Allow configuring the unix socket permissions HOT 1
- Policies for Smarthosts HOT 2
- Make systemd dependency optional HOT 4
- mta-sts-query returns NONE instead of FETCH_ERROR when DNS error HOT 1
- mta-sts-query documentation mentions verbosity, but it's not implemented HOT 2
- Notice for Postfix 3.4+ users HOT 2
- Postfix client TLS configuration problem when sending emails to google.com HOT 6
- MTA-STS Overrides DANE HOT 16
- MTA-STS fails with gmail.com HOT 5
- Move to aioredis v2 HOT 1
- TypeError HOT 3
- KeyError: 'url' with Debian Buster and python 3.7 HOT 1
- Allow configuring the unix socket owner and group HOT 3
- Querying IDN domains causes an error HOT 1
- Support for redis sentinel HOT 1
- Email deliverability fails to protonmail.com HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from postfix-mta-sts-resolver.