SMTP MTA Strict Transport Security (MTA-STS)

Discussion in 'In The News' started by maileradmin, Sep 28, 2018.

  1. maileradmin

    maileradmin Mailer Forum Staff Member

    Joined:
    Feb 17, 2011
    Messages:
    209
    Likes Received:
    33
    Trophy Points:
    28
    Gender:
    Male
    Just published as an RFC in the last few days
    https://tools.ietf.org/html/rfc8461


    More explanation can be found at: https://www.hardenize.com/blog/mta-sts
     
  2. DAgent

    DAgent Moderator

    Joined:
    Mar 14, 2011
    Messages:
    470
    Likes Received:
    125
    Trophy Points:
    43
    Home Page:
    This was long overdue and it makes perfect sense for ISPs to apply. Any kind of DNS hack (like hosts.conf override) was making everyone vulnerable on the client side. This is a good RFC, even more useful than DKIM in my opinion
     
  3. SuperGenii

    SuperGenii www.DataMCP.com

    Joined:
    Apr 9, 2011
    Messages:
    180
    Likes Received:
    27
    Trophy Points:
    63
    Location:
    Southern California
    finally something interesting...
     
  4. DoldGigga

    DoldGigga VIP

    Joined:
    Mar 25, 2011
    Messages:
    747
    Likes Received:
    91
    Trophy Points:
    28
    Looks like another excuse for them to sell SSL certs by eventually denying delivery of email from anyone who doesn't implement this. It also doesn't solve the only actual problem - rampant and out-of-control censorship by "big tech", who wants everyone huddled around their shitty social media ghettos. An actual solution would be one that makes it so only the intended recipient of an email message should be able to read the email and not the intermediary servers...but does so without the added hassle of something like PGP.
     
  5. nickphx

    nickphx VIP

    Joined:
    Apr 2, 2011
    Messages:
    1,253
    Likes Received:
    415
    Trophy Points:
    83
    Gender:
    Male
    Location:
    phoenix.
    letsencrypt certs work fine for TLS

    letsencrypt certonly --standalone -d <mail.example.com>
    postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/<your.domain>/fullchain.pem'
    postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/<your.domain>/privkey.pem'
     
  6. DoldGigga

    DoldGigga VIP

    Joined:
    Mar 25, 2011
    Messages:
    747
    Likes Received:
    91
    Trophy Points:
    28
    Letsencrypt:
    • 90 day cert expiration
    • 50 domains per week limit
    • Most of their money coming from same companies trying to stop you from freely communicating on the internet.
    • What could go wrong? Absolutely nothing!
    :D
     
  7. nickphx

    nickphx VIP

    Joined:
    Apr 2, 2011
    Messages:
    1,253
    Likes Received:
    415
    Trophy Points:
    83
    Gender:
    Male
    Location:
    phoenix.
    * crontabs are hard
    * wat? I haven't had that issue.
    * ok? so? you can't fight the power and pay the bills man.
    * hopefully the sweet release of an early death.
     
  8. DoldGigga

    DoldGigga VIP

    Joined:
    Mar 25, 2011
    Messages:
    747
    Likes Received:
    91
    Trophy Points:
    28

Share This Page