Verified Commit 0b87cbfd authored by Kristian Klausen's avatar Kristian Klausen 🎉
Browse files

mta_sts: Switch to enforce mode and bump max_age to 30 days

Checking the SMTP TLS reports, the last failure was 2021-12-10/11 from
Mail.ru and 2021-08-28/29 from Google.

Bumping the max_age to 30 days as the RFC states: "To mitigate the risks
of attacks at policy refresh time, it is expected that this value
typically be in the range of weeks or greater."[1].

[1] https://datatracker.ietf.org/doc/html/rfc8461
parent d9b3b218
......@@ -32,7 +32,7 @@ server {
location = /.well-known/mta-sts.txt {
default_type text/plain;
return 200 'version: STSv1\nmode: testing\nmax_age: 604800\nmx: {{ config.mx | join('\\nmx: ')}}\n';
return 200 'version: STSv1\nmode: enforce\nmax_age: 2592000\nmx: {{ config.mx | join('\\nmx: ')}}\n';
}
location / {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment