mta-sts-daemon - Man Page

mta-sts-daemon [OPTION]...

This daemon opens a socket where Postfix can query and retrieve the MTA-STS policy for a domain.  The configuration file is described in mta-sts-daemon.yml(5).

MTA-STS, specified in RFC 8461 [0], is a security standard for email servers. When a site configures MTA-STS, other mail servers can require the successful authentication of that site when forwarding mail there.

-h,  --help

show a help message and exit

-v,  --verbosity VERBOSITY

set log verbosity level: debug, info (default), warn, error, or fatal.

-c,  --config FILE

config file location (default: /etc/mta-sts-daemon.yml)

-g,  --group GROUP

change eGID to this group (default: none)

-l,  --logfile FILE

log file location (default: none)

-p,  --pidfile PIDFILE

name of the file to write the current pid to (default: none)

-u,  --user USER

change eUID to this user (default: none)

--disable-uvloop

do not use uvloop even if it is available (default: enabled if available)

Configure Postfix in /etc/postfix/main.cf:

smtp_tls_policy_maps = socketmap:inet:127.0.0.1:8461:postfix
smtp_tls_CApath = /etc/ssl/certs/

Reload Postfix.  Then verify it works:

/usr/sbin/postmap -q dismail.de socketmap:inet:127.0.0.1:8461:postfix

This configuration overrides DANE TLS authentication. If you wish to meet the requirement of RFC 8461, section 2, you should list a DANE policy resolver (or a static lookup table for domains known to implement both MTA-STS & DANE) before mta-sts-daemon in smtp_tls_policy_maps.

mta-sts-query(1), mta-sts-daemon.yml(5)

0.

SMTP MTA Strict Transport Security (MTA-STS): https://tools.ietf.org/html/rfc8461

mta-sts-daemon.yml(5), mta-sts-query(1).