[arch-general] Recommend new package : Postfix and MTA-STS (RFC8461)
Genes Lists
lists at sapience.com
Sun Sep 8 16:37:52 UTC 2019
Topic: Email
Suggest: New package for officia repo [2]
MTA-STS is taking off and the major email providers are supporting it.
Details are described in RFC8461 [1] from Sep 2018.
As of now it has support by Google (gmail), yahoo, comcast, hotmail and
others.
MTA-STS is a new standard that aims to improve the security of SMTP by
enabling domain names to opt into strict transport layer security mode
that requires authentication (with valid public certificates) and
encryption (TLS).
There are 2 components to this
(a) Sending: Making email server advertise mta-sts
(b) Receivng: Postfix needs policy daemon
(a) is pretty straightforward to set up, (b) requires a daemon to
support the policy for incoming mail.
It would be pretty awesome if someone would think about an offocial
postfix-mta-sts-resolve package [2].
Postfix can use this daemon - see some discussion on this here [5] where
Wietse got involved as well.
There is an AUR package but it is quite out of date and I think this
would actually be better to be in the official repos if someone was
interested in taking it on. Probably as an optional package for postfix
This is important for any business use and of course for anyone running
their own mail server on Arch. Over time it is likely that any server
which does not turn this on at least for sending may find their email
being disadvantaged.
There are several places where this is discussed in more detail - here's
a couple for convenience [3].
Thanks,
gene
[1] https://tools.ietf.org/html/rfc8461
[2] https://github.com/Snawoot/postfix-mta-sts-resolver
[3] https://weekly-geekly.github.io/articles/424961/index.html
https://www.hardenize.com/blog/mta-sts
https://www.uriports.com/blog/mta-sts-explained/
https://starttls-everywhere.org/
[5] http://postfix.1071664.n5.nabble.com/MTA-STS-when-td95086.html
More information about the arch-general
mailing list