On Wed, May 24, 2023 at 02:25:38PM +0200, Paul Menzel via Postfix-users wrote:
> Running the *Public Email & DNS Testbed* [1], I was reminded, that we
> have MTA-STS set up, but do not take the MTAT-STS policy of other
> domains into account.
>
> As a solution I found *postfix-mta-sts-resolver* [2], which warns about
> a “RFC violation” [3]:
>
> Do you know of other solutions?
Given how thinly MTA-STS is implemented, the simplest solution is to
just route a few of the major mta-sts domains (gmail.com, outlook.com,
and a few others) to a dedicated smtp(8) transport that uses the mta-sts
policy addon, and just enable DANE for the rest.
We may yet integrate mta-sts support into Postfix some day, but for now
you'll need to compromise in some manner.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
