On Wed, May 24, 2023 at 02:25:38PM +0200, Paul Menzel via Postfix-users wrote:
> Running the *Public Email & DNS Testbed* [1], I was reminded, that we > have MTA-STS set up, but do not take the MTAT-STS policy of other > domains into account. > > As a solution I found *postfix-mta-sts-resolver* [2], which warns about > a “RFC violation” [3]: > > Do you know of other solutions? Given how thinly MTA-STS is implemented, the simplest solution is to just route a few of the major mta-sts domains (gmail.com, outlook.com, and a few others) to a dedicated smtp(8) transport that uses the mta-sts policy addon, and just enable DANE for the rest. We may yet integrate mta-sts support into Postfix some day, but for now you'll need to compromise in some manner. -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org