Use postfix-tlspol for DANE/MTA-STS policy lookups

Postfix with plain DANE only secures domains that configure DNSSEC and publish TLSA records. With postfix-tlspol we support MTA-STS protected connections and get caching for its policy results. Finally, we use this as a stepping stone to build TLSRPT support on top.
2025-06-29 00:57:56 +02:00
parent ed771e37f7
commit 0812ca1e48
4 changed files with 15 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -29,6 +29,7 @@ SNM branch corresponding to your NixOS version.
  * [x] Submission TLS on port 465
  * [x] Submission StartTLS on port 587
  * [x] LMTP with Dovecot
+  * [x] DANE and MTA-STS validation
 * Dovecot
  * [x] Maildir folders
  * [x] IMAP with TLS on port 993