Skip to content

Enforce MTA-STS policy #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
foxcpp opened this issue Apr 6, 2019 · 3 comments · Fixed by #81
Closed

Enforce MTA-STS policy #40

foxcpp opened this issue Apr 6, 2019 · 3 comments · Fixed by #81
Assignees
@foxcpp
Labels
mta-out Related to MSA or outgoing message processing part of MTA functionality. new feature New feature. security Related to security measures.
Milestone
0.1 - "It works"

Comments

@foxcpp
Copy link
Owner

foxcpp commented Apr 6, 2019

Look-up MTA-STS policy for remote MTAs before connecting to them, enforce TLS and cache policy.
@foxcpp foxcpp added smtp security Related to security measures. labels Apr 6, 2019
@foxcpp
Copy link
Owner Author

foxcpp commented Apr 10, 2019
edited
Loading

Another idea to secure local server configurations using MTA-STS:

  • Check if we have the MTA-STS policy set (try to get it, check if our hostname is listed in mx directives).
  • If policy exists and applied for us - reject messages sent over plain-text connections.
  • Add configuration directive to disallow plain-text submission manually

@foxcpp
Copy link
Owner Author

foxcpp commented May 19, 2019

First two points may break interoperability with non-MTA-STS-capable senders, so I guess it makes sense to leave them out by default and instead add option to disable unencrypted sessions. Same goes for #50.

In the light of HTTP endpoint design mentioned in #67, we might want to add endpoint to allow easier configuration for MTA-STS:

mta_sts {
  endpoint https://0.0.0.0:443 # can be ommited, implied by default
  max_age 600 # seconds
  mx *.asd.sd
  # our hostname is added implicitly
}

@emersion
Copy link
Collaborator

First two points may break interoperability with non-MTA-STS-capable senders, so I guess it makes sense to leave them out by default and instead add option to disable unencrypted sessions.

Yes. It's the sender's responsibility to check the MTA-STS policy. Indeed, we can always add an option to disable unencrypted sessions.

In the light of HTTP endpoint design mentioned in #67, we might want to add endpoint to allow easier configuration for MTA-STS

I'd really like MTA-STS to be enabled by default. It's an important part of e-mail security. Without it, encryption is basically useless (because of downgrade attacks).

@foxcpp foxcpp added mta-out Related to MSA or outgoing message processing part of MTA functionality. new feature New feature. and removed smtp labels May 25, 2019
@foxcpp foxcpp self-assigned this May 26, 2019
@foxcpp foxcpp mentioned this issue May 26, 2019
Merged
@foxcpp foxcpp added this to the 0.1 milestone May 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@foxcpp foxcpp

Labels
mta-out Related to MSA or outgoing message processing part of MTA functionality. new feature New feature. security Related to security measures.
Projects
None yet
Milestone
0.1 - "It works"
Development

Successfully merging a pull request may close this issue.

Implement MTA-STS policy enforcing
2 participants
@emersion @foxcpp