mta_sts: Switch to enforce mode and bump max_age to 30 days

Checking the SMTP TLS reports, the last failure was 2021-12-10/11 from Mail.ru and 2021-08-28/29 from Google. Bumping the max_age to 30 days as the RFC states: "To mitigate the risks of attacks at policy refresh time, it is expected that this value typically be in the range of weeks or greater."[1]. [1] https://datatracker.ietf.org/doc/html/rfc8461

mta_sts: Switch to enforce mode and bump max_age to 30 days
0b87cbfd · Kristian Klausen · d9b3b218 · 0b87cbfd
Verified Commit 0b87cbfd authored 2 years ago by Kristian Klausen
--- a/roles/mta_sts/templates/nginx.d.conf.j2
+++ b/roles/mta_sts/templates/nginx.d.conf.j2
@@ -32,7 +32,7 @@ server {

    location = /.well-known/mta-sts.txt {
        default_type text/plain;
-        return 200 'version: STSv1\nmode: testing\nmax_age: 604800\nmx: {{ config.mx | join('\\nmx: ')}}\n';
+        return 200 'version: STSv1\nmode: enforce\nmax_age: 2592000\nmx: {{ config.mx | join('\\nmx: ')}}\n';
    }

    location / {