aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use postfix-tlspol for DANE/MTA-STS policy lookups

Browse Source 
Postfix with plain DANE only secures domains that configure DNSSEC and
publish TLSA records. With postfix-tlspol we support MTA-STS protected
connections and get caching for its policy results.

Finally, we use this as a stepping stone to build TLSRPT support on top.
This commit is contained in:
Martin Weinelt
2025-06-29 00:57:56 +02:00
parent ed771e37f7
commit 0812ca1e48
4 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/release-notes.rst
View File

@@ -21,10 +21,13 @@ NixOS 25.11
``mailserver.enableSubmission``.
- DMARC reports are now sent with the ``noreply-dmarc`` localpart from the
system domain.
- DANE and MTA-STS are now validated for outgoing SMTP connections using
`postfix-tlspol`_.
.. _RFC 8301 3.2: https://www.rfc-editor.org/rfc/rfc8301#section-3.2
.. _RFC 8314 3.3: https://www.rfc-editor.org/rfc/rfc8314#section-3.3
.. _RFC 8314 4.1: https://www.rfc-editor.org/rfc/rfc8314#section-4.1
.. _postfix-tlspol: https://github.com/Zuplu/postfix-tlspol
NixOS 25.05
-----------