I have configured my domain with MTA-STS and TLS-RPT. I begin to see the mta-sts reports from Google and Microsoft. This merely confirm that my configuration is ok.
Is this all I need to do to ensure my Zimbra is now enforcing STARTTLS base on the recipient's domain MTA-STS policy if they configured it? Or there are few more things to do?
Because I don't see anything in our Zimbra Postfix configuration that actually making use of MTA-STS. I think the parameter is smtp_tls_policy_maps. But it is empty. Or is it related to smtp_tls_dane_insecure_mx_policy? It is default to dane.
I also found Postfix documentation on MTA-STS: https://www.postfix.org/TLSRPT_README.html#mta-sts
It appears there are libraries or tools needed to install so that it will query DNS for mta-sts. This is what smtp_tls_policy_maps will be used for. Am I right?
Thanks.
Is this all I need to do to ensure my Zimbra is now enforcing STARTTLS base on the recipient's domain MTA-STS policy if they configured it? Or there are few more things to do?
Because I don't see anything in our Zimbra Postfix configuration that actually making use of MTA-STS. I think the parameter is smtp_tls_policy_maps. But it is empty. Or is it related to smtp_tls_dane_insecure_mx_policy? It is default to dane.
I also found Postfix documentation on MTA-STS: https://www.postfix.org/TLSRPT_README.html#mta-sts
It appears there are libraries or tools needed to install so that it will query DNS for mta-sts. This is what smtp_tls_policy_maps will be used for. Am I right?
Thanks.
Statistics: Posted by yeak — Mon Feb 24, 2025 11:10 am