1MTA-STS-DAEMON.YML(5) mta-sts-daemon.yml MTA-STS-DAEMON.YML(5)
2
6 mta-sts-daemon.yml - configuration file for mta-sts-daemon
7
9 This configuration file configures the listening socket, caching
10 behaviour, and manipulation of MTA-STS mode.
11
13 The file is in YAML syntax with the following elements:
14 host: (str) daemon bind address. Default: 127.0.0.1
16 port: (int) daemon bind port. Default: 8461
18 path: (str) daemon UNIX socket bind address (path). If specified, host
20 and port are ignored and UNIX socket is bound instead of TCP.
21 mode: (int) file mode for daemon UNIX socket. If not specified default
23 filemode is used. This option has effect only when UNIX socket is used.
24 If file mode specified in octal form (most common case), it has to be
25 prepended with leading zero. Example: 0666
26 reuse_port: (bool) allow multiple instances to share same port
28 (available on Unix, Windows). Default: true
29 cache_grace: (float) age of cache entries in seconds which do not
31 require policy refresh and update. Default: 60
32 shutdown_timeout: (float) time limit granted to existing client
34 sessions for finishing when server stops. Default: 20
35 cache
37 • type: (str: internal|sqlite|redis|redis_sentinel) cache backend
39 type. Default: internal
40 • options:
42 • Options for internal type:
44 • cache_size: (int) number of cache entries to store in
46 memory. Default: 10000
47 • Options for sqlite type:
49 • filename: (str) path to database file
51 • threads: (int) number of threads in pool for SQLite
53 connections. Default: number of CPUs
54 • timeout: (float) timeout in seconds for acquiring
56 connection from pool or DB lock. Default: 5
57 • Options for redis type:
59 • All parameters are passed to aioredis.from_url [0].
61 Check there for a parameter reference.
62 • Options for redis_sentinel type:
64 • sentinel_master_name: (str) name of the sentinel master
66 • sentinels: (list)(tuple) list of sentinels in form of
68 ip/fqdn and port
69 • All other parameters are passed to
71 aioredis.sentinel.Sentinel [1]. For additional details
72 check [2].
73 proactive_policy_fetching
75 • enabled: (bool) enable proactive policy fetching in the
77 background. Default: false
78 • interval: (int) if proactive policy fetching is enabled, it is
80 scheduled every this many seconds. It is unaffected by
81 cache_grace and vice versa. Default: 86400
82 • concurrency_limit: (int) the maximum number of concurrent
84 domain updates. Default: 100
85 • grace_ratio: (float) proactive fetch for a particular domain is
87 skipped if its cached policy age is less than
88 interval/grace_ratio. Default: 2.0
89 default_zone
91 • strict_testing: (bool) enforce policy for testing domains.
93 Default: false
94 • timeout: (int) network operations timeout for resolver in that
96 zone. Default: 4
97 • require_sni: (bool) add option servername=hostname to policy
99 responses to make Postfix send SNI in TLS handshake as required
100 by RFC 8461. Requires Postfix version 3.4+. Default: true
101 zones
103 • ZONENAME:
105 • Same as options in default_zone
107 The timeout is used for the DNS and HTTP requests.
109 MTA-STS "testing" mode can be interpreted as "strict" mode. This may be
111 useful (though noncompliant) in the beginning of MTA-STS deployment,
112 when many domains operate under "testing" mode.
113
115 host: 127.0.0.1
116 port: 8461
117 reuse_port: true
118 shutdown_timeout: 20
119 proactive_policy_fetching:
120 enabled: true
121 interval: 86400
122 concurrency_limit: 100
123 grace_ratio: 2
124 cache:
125 type: internal
126 options:
127 cache_size: 10000
128 default_zone:
129 strict_testing: false
130 timeout: 4
131 zones:
132 myzone:
133 strict_testing: false
134 timeout: 4
135
137 mta-sts-daemon(1), mta-sts-query(1)
138
140 0.
141 https://aioredis.readthedocs.io/en/latest/api/high-level/#aioredis.client.Redis.from_url
142 1.
144 https://aioredis.readthedocs.io/en/latest/getting-started/#redis-sentinel-client
145 2.
147 https://redis.readthedocs.io/en/stable/connections.html#sentinel-client
148postfix-mta-sts-resolver 2023-09-09 MTA-STS-DAEMON.YML(5)