1MTA-STS-DAEMON(1) mta-sts-daemon MTA-STS-DAEMON(1)
2
6 mta-sts-daemon - provide MTA-STS policy to Postfix as policy map
7
9 mta-sts-daemon [OPTION]...
10
12 This daemon opens a socket where Postfix can query and retrieve the
13 MTA-STS policy for a domain. The configuration file is described in
14 mta-sts-daemon.yml(5).
15 MTA-STS, specified in RFC 8461 [0], is a security standard for email
17 servers. When a site configures MTA-STS, other mail servers can require
18 the successful authentication of that site when forwarding mail there.
19
21 -h, --help
22 show a help message and exit
23 -v, --verbosity VERBOSITY
25 set log verbosity level: debug, info (default), warn, error, or
26 fatal.
27 -c, --config FILE
29 config file location (default: /etc/mta-sts-daemon.yml)
30 -g, --group GROUP
32 change eGID to this group (default: none)
33 -l, --logfile FILE
35 log file location (default: none)
36 -p, --pidfile PIDFILE
38 name of the file to write the current pid to (default: none)
39 -u, --user USER
41 change eUID to this user (default: none)
42 --disable-uvloop
44 do not use uvloop even if it is available (default: enabled if
45 available)
46
48 Configure Postfix in /etc/postfix/main.cf:
49 smtp_tls_policy_maps = socketmap:inet:127.0.0.1:8461:postfix
51 smtp_tls_CApath = /etc/ssl/certs/
52 Reload Postfix. Then verify it works:
54 /usr/sbin/postmap -q dismail.de socketmap:inet:127.0.0.1:8461:postfix
56 This configuration overrides DANE TLS authentication. If you wish to
58 meet the requirement of RFC 8461, section 2, you should list a DANE
59 policy resolver (or a static lookup table for domains known to
60 implement both MTA-STS & DANE) before mta-sts-daemon in
61 smtp_tls_policy_maps.
62
64 mta-sts-query(1), mta-sts-daemon.yml(5)
65
67 0.
68 SMTP MTA Strict Transport Security (MTA-STS):
69 https://tools.ietf.org/html/rfc8461
70postfix-mta-sts-resolver 2023-09-09 MTA-STS-DAEMON(1)