1MTA-STS-DAEMON.YML(5) mta-sts-daemon.yml MTA-STS-DAEMON.YML(5)
2
3
4
6 mta-sts-daemon.yml - configuration file for mta-sts-daemon
7
9 This configuration file configures the listening socket, caching
10 behaviour, and manipulation of MTA-STS mode.
11
13 The file is in YAML syntax with the following elements:
14
15 host: (str) daemon bind address
16
17 port: (int) daemon bind port
18
19 path: (str) daemon UNIX socket bind address (path). If specified, host
20 and port are ignored and UNIX socket is bound instead of TCP.
21
22 mode: (int) file mode for daemon UNIX socket. If not specified default
23 filemode is used. This option has effect only when UNIX socket is used.
24 If file mode specified in octal form (most common case), it has to be
25 prepended with leading zero. Example: 0666
26
27 reuse_port: (bool) allow multiple instances to share same port
28 (available on Unix, Windows)
29
30 cache_grace: (float) age of cache entries in seconds which do not
31 require policy refresh and update. Default: 60
32
33 shutdown_timeout: (float) time limit granted to existing client
34 sessions for finishing when server stops. Default: 20
35
36 cache
37
38 • type: (str: internal|sqlite|redis) cache backend type
39
40 • options:
41
42 • Options for internal type:
43
44 • cache_size: (int) number of cache entries to store in
45 memory
46
47 • Options for sqlite type:
48
49 • filename: (str) path to database file
50
51 • threads: (int) number of threads in pool for SQLite
52 connections
53
54 • timeout: (float) timeout in seconds for acquiring
55 connection from pool or DB lock
56
57 • Options for redis type:
58
59 • All parameters are passed to aioredis.create_redis_pool
60 [0]. Check there for a parameter reference.
61
62 proactive_policy_fetching
63
64 • enabled: (bool) enable proactive policy fetching in the
65 background. Default: false
66
67 • interval: (int) if proactive policy fetching is enabled, it is
68 scheduled every this many seconds. It is unaffected by
69 cache_grace and vice versa. Default: 86400
70
71 • concurrency_limit: (int) the maximum number of concurrent
72 domain updates. Default: 100
73
74 • grace_ratio: (float) proactive fetch for a particular domain is
75 skipped if its cached policy age is less than
76 interval/grace_ratio. Default: 2.0
77
78 default_zone
79
80 • strict_testing: (bool) enforce policy for testing domains
81
82 • timeout: (int) network operations timeout for resolver in that
83 zone
84
85 • require_sni: (bool) add option servername=hostname to policy
86 responses to make Postfix send SNI in TLS handshake as required
87 by RFC 8461. Requires Postfix version 3.4+. Default: true
88
89 zones
90
91 • ZONENAME:
92
93 • Same as options in default_zone
94
95 The timeout is used for the DNS and HTTP requests.
96
97 MTA-STS "testing" mode can be interpreted as "strict" mode. This may be
98 useful (though noncompliant) in the beginning of MTA-STS deployment,
99 when many domains operate under "testing" mode.
100
102 host: 127.0.0.1
103 port: 8461
104 reuse_port: true
105 shutdown_timeout: 20
106 proactive_policy_fetching:
107 enabled: true
108 interval: 86400
109 concurrency_limit: 100
110 grace_ratio: 2
111 cache:
112 type: internal
113 options:
114 cache_size: 10000
115 default_zone:
116 strict_testing: false
117 timeout: 4
118 zones:
119 myzone:
120 strict_testing: false
121 timeout: 4
122
124 mta-sts-daemon(1), mta-sts-query(1)
125
127 0.
128 https://aioredis.readthedocs.io/en/latest/api_reference.html#aioredis.create_redis_pool
129
130
131
132postfix-mta-sts-resolver 2022-07-22 MTA-STS-DAEMON.YML(5)