diff --git a/edge/config/advanced/auth-ldap/index.html b/edge/config/advanced/auth-ldap/index.html index c65c0ea6..721d1659 100644 --- a/edge/config/advanced/auth-ldap/index.html +++ b/edge/config/advanced/auth-ldap/index.html @@ -604,6 +604,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -625,11 +645,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/advanced/auth-oauth2/index.html b/edge/config/advanced/auth-oauth2/index.html index 98fc8a1f..f1a61aac 100644 --- a/edge/config/advanced/auth-oauth2/index.html +++ b/edge/config/advanced/auth-oauth2/index.html @@ -604,6 +604,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -625,11 +645,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/advanced/dovecot-master-accounts/index.html b/edge/config/advanced/dovecot-master-accounts/index.html index 5e788a06..4a9145ff 100644 --- a/edge/config/advanced/dovecot-master-accounts/index.html +++ b/edge/config/advanced/dovecot-master-accounts/index.html @@ -604,6 +604,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -625,11 +645,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/advanced/full-text-search/index.html b/edge/config/advanced/full-text-search/index.html index 009cdf06..6e86018d 100644 --- a/edge/config/advanced/full-text-search/index.html +++ b/edge/config/advanced/full-text-search/index.html @@ -604,6 +604,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -625,11 +645,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/advanced/ipv6/index.html b/edge/config/advanced/ipv6/index.html index fe909b82..841bc83d 100644 --- a/edge/config/advanced/ipv6/index.html +++ b/edge/config/advanced/ipv6/index.html @@ -604,6 +604,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -625,11 +645,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/advanced/kubernetes/index.html b/edge/config/advanced/kubernetes/index.html index d5b318d5..09f9ee4f 100644 --- a/edge/config/advanced/kubernetes/index.html +++ b/edge/config/advanced/kubernetes/index.html @@ -604,6 +604,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -625,11 +645,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/advanced/mail-fetchmail/index.html b/edge/config/advanced/mail-fetchmail/index.html index d8413c3a..0c6ad679 100644 --- a/edge/config/advanced/mail-fetchmail/index.html +++ b/edge/config/advanced/mail-fetchmail/index.html @@ -604,6 +604,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -625,11 +645,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/advanced/mail-forwarding/aws-ses/index.html b/edge/config/advanced/mail-forwarding/aws-ses/index.html index 393bbed3..bf5b18c6 100644 --- a/edge/config/advanced/mail-forwarding/aws-ses/index.html +++ b/edge/config/advanced/mail-forwarding/aws-ses/index.html @@ -599,6 +599,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -620,11 +640,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/advanced/mail-forwarding/relay-hosts/index.html b/edge/config/advanced/mail-forwarding/relay-hosts/index.html index 171e7b04..d4b8eb35 100644 --- a/edge/config/advanced/mail-forwarding/relay-hosts/index.html +++ b/edge/config/advanced/mail-forwarding/relay-hosts/index.html @@ -604,6 +604,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -625,11 +645,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/advanced/mail-getmail/index.html b/edge/config/advanced/mail-getmail/index.html index bb2d2122..73a7e33b 100644 --- a/edge/config/advanced/mail-getmail/index.html +++ b/edge/config/advanced/mail-getmail/index.html @@ -604,6 +604,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -625,11 +645,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/advanced/mail-sieve/index.html b/edge/config/advanced/mail-sieve/index.html index 3944cf14..3f9a5cd0 100644 --- a/edge/config/advanced/mail-sieve/index.html +++ b/edge/config/advanced/mail-sieve/index.html @@ -604,6 +604,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -625,11 +645,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/advanced/maintenance/update-and-cleanup/index.html b/edge/config/advanced/maintenance/update-and-cleanup/index.html index d863d1b8..5c269e6a 100644 --- a/edge/config/advanced/maintenance/update-and-cleanup/index.html +++ b/edge/config/advanced/maintenance/update-and-cleanup/index.html @@ -599,6 +599,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -620,11 +640,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/advanced/optional-config/index.html b/edge/config/advanced/optional-config/index.html index 3935b5b8..9a854b5b 100644 --- a/edge/config/advanced/optional-config/index.html +++ b/edge/config/advanced/optional-config/index.html @@ -606,6 +606,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -627,11 +647,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/advanced/override-defaults/dovecot/index.html b/edge/config/advanced/override-defaults/dovecot/index.html index e6ce1ba0..3904a25b 100644 --- a/edge/config/advanced/override-defaults/dovecot/index.html +++ b/edge/config/advanced/override-defaults/dovecot/index.html @@ -604,6 +604,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -625,11 +645,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/advanced/override-defaults/postfix/index.html b/edge/config/advanced/override-defaults/postfix/index.html index 5b0dad9f..e6c2d0ad 100644 --- a/edge/config/advanced/override-defaults/postfix/index.html +++ b/edge/config/advanced/override-defaults/postfix/index.html @@ -599,6 +599,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -620,11 +640,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/advanced/override-defaults/user-patches/index.html b/edge/config/advanced/override-defaults/user-patches/index.html index 129019f1..e75fda9d 100644 --- a/edge/config/advanced/override-defaults/user-patches/index.html +++ b/edge/config/advanced/override-defaults/user-patches/index.html @@ -599,6 +599,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -620,11 +640,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/advanced/podman/index.html b/edge/config/advanced/podman/index.html index 1474dc1c..e8d62794 100644 --- a/edge/config/advanced/podman/index.html +++ b/edge/config/advanced/podman/index.html @@ -604,6 +604,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -625,11 +645,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/best-practices/autodiscover/index.html b/edge/config/best-practices/autodiscover/index.html index 290fc98a..229f348e 100644 --- a/edge/config/best-practices/autodiscover/index.html +++ b/edge/config/best-practices/autodiscover/index.html @@ -15,10 +15,10 @@ - + - + @@ -605,26 +605,6 @@ - -
  • - - - - - DKIM, DMARC & SPF - - - - -
  • - - - - - - - - @@ -651,6 +631,46 @@ + + + + + +
  • + + + + + DKIM, DMARC & SPF + + + + +
  • + + + + + + + + + +
  • + + + + + MTA-STS + + + + +
  • + + + + diff --git a/edge/config/best-practices/dkim_dmarc_spf/index.html b/edge/config/best-practices/dkim_dmarc_spf/index.html index fc5a6209..7ccb4795 100644 --- a/edge/config/best-practices/dkim_dmarc_spf/index.html +++ b/edge/config/best-practices/dkim_dmarc_spf/index.html @@ -15,10 +15,10 @@ - + - + @@ -603,6 +603,26 @@ + +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + @@ -733,11 +753,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/best-practices/mta-sts/index.html b/edge/config/best-practices/mta-sts/index.html new file mode 100644 index 00000000..4f5d1e3e --- /dev/null +++ b/edge/config/best-practices/mta-sts/index.html @@ -0,0 +1,2065 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Best practices | MTA-STS - Docker Mailserver + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + + Skip to content + + +
    +
    + +
    + + + + + + +
    + + +
    + +
    + + + + + + + + + +
    +
    + + + + + +
    +
    +
    + + + + + + + +
    +
    +
    + + + + + + + + + +
    +
    + + + + + + + + + + + + + + + + + + + + +

    MTA-STS

    + +

    MTA-STS is an optional mechanism for a domain to signal support for STARTTLS.

    +
      +
    • It can be used to prevent man-in-the-middle-attacks from hiding STARTTLS support that would force DMS to send outbound mail through an insecure connection.
    • +
    • MTA-STS is an alternative to DANE without the need of DNSSEC.
    • +
    • MTA-STS is supported by some of the biggest mail providers like Google Mail and Outlook.
    • +
    +

    Supporting MTA-STS for outbound mail

    +

    Enable this feature via the ENV setting ENABLE_MTA_STS=1.

    +
    +

    If you have configured DANE

    +

    Enabling MTA-STS will by default override DANE if both are configured for a domain.

    +

    This can be partially addressed by configuring a dane-only policy resolver before the MTA-STS entry in smtp_tls_policy_maps. See the postfix-mta-sts-resolver documentation for further details.

    +
    +

    Supporting MTA-STS for inbound mail

    +

    While this feature in DMS supports ensuring STARTTLS is used when mail is sent to another mail server, you may setup similar for mail servers sending mail to DMS.

    +

    This requires configuring your DNS and hosting the MTA-STS policy file via a webserver. A good introduction can be found on dmarcian.com.

    + + + + + + + + +
    +
    + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + \ No newline at end of file diff --git a/edge/config/debugging/index.html b/edge/config/debugging/index.html index 24d39ed3..c19dd558 100644 --- a/edge/config/debugging/index.html +++ b/edge/config/debugging/index.html @@ -606,6 +606,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -627,11 +647,11 @@
  • - + - Auto-discovery + MTA-STS diff --git a/edge/config/environment/index.html b/edge/config/environment/index.html index e388550f..9685bafe 100644 --- a/edge/config/environment/index.html +++ b/edge/config/environment/index.html @@ -660,6 +660,13 @@ ENABLE_DNSBL +
  • + +
  • + + ENABLE_MTA_STS + +
  • @@ -1704,6 +1711,26 @@ +
  • + + + + + Auto-discovery + + + + +
  • + + + + + + + + +
  • @@ -1725,11 +1752,11 @@
  • - + - Auto-discovery + MTA-STS @@ -3059,6 +3086,13 @@ ENABLE_DNSBL +
  • + +
  • + + ENABLE_MTA_STS + +
  • @@ -4156,6 +4190,13 @@
  • 0 => DNS block lists are disabled
  • 1 => DNS block lists are enabled
  • +
    ENABLE_MTA_STS
    +

    Enables MTA-STS support for outbound mail.

    + +

    See MTA-STS for further explanation.

    ENABLE_OPENDKIM

    Enables the OpenDKIM service.