Accepted Values: Fully-qualified domain name of a mail server, or a wildcard host.This should match the servers specified in your mx records. Purpose: To specify which mail servers are allowed to handle email for your domain.email will not be blocked, but TLSRPT reports are still sent. enforce: Force all incoming email from supported providers to use valid TLS.
Once you have these ready, log in to your server as your non-root user to begin.Įxample MTA-STS Configuration File version: STSv1
G SUITE MX RECORDS WIZARD HOW TO
One Ubuntu 18.04 server set up by following the Initial Server Setup with Ubuntu 18.04, including a sudo non-root user.Īn Apache web server set up and configured by following How to Install the Apache Web Server on Ubuntu 18.04.Ī configured Certbot client in order to acquire a Let’s Encrypt certificate, by following How To Secure Apache with Let’s Encrypt on Ubuntu 18.04. You will be required to set up a subdomain as part of the tutorial, so ensure that you are able to access the DNS settings for your domain. This tutorial will use your-domain throughout, however this should be substituted with your own domain name. Prerequisitesīefore you begin this guide, you’ll need:Ī domain name already configured for receiving email, using either your own mail server or a hosted mail service, such as G Suite or Office 365. While this tutorial covers the steps for using Apache on Ubuntu 18.04 with a Let’s Encrypt certificate, the MTA-STS/TLSRPT configuration will also work on alternatives, such as Nginx on Debian. In this tutorial, you will learn how to configure MTA-STS and TLSRPT for your domain name, and then interpret your first TLS Report. MTA-STS helps to ensure the security of the connection, and TLSRPT will deliver daily reports identifying any emails that weren’t sent securely-giving crucial insight into any ongoing or previous attacks against your email system. Customers may send support tickets via email that contain confidential personal information, which needs a secure TLS connection. MTA-STS helps to ensure that once at least one secure connection has been established, TLS will be used by default from there on, which greatly reduces the risk of these attacks.Īn example use case for MTA-STS and TLS Reporting is to help create a secure customer service email system for your business. Other methods for encouraging TLS for email communications, such as STARTTLS, are still susceptible to man-in-the-middle attacks, as the initial connection is unencrypted. The primary reason for implementing MTA-STS for your domain is to ensure that confidential email that is sent to you is transmitted securely over TLS.
TLSRPT is similar to DMARC reporting, but for TLS. MTA-STS is complemented by SMTP TLS Reporting (TLSRPT), which gives you insight into which emails are successfully delivered over TLS, and which aren’t. It is similar to HTTP Strict Transport Security (HSTS), where a force-TLS policy is set and then cached for a specified amount of time, reducing the risk of man-in-the-middle or downgrade attacks. Mail Transport Agent Strict Transport Security (MTA-STS) is a new internet standard that allows you to enable strict force-TLS for email sent between supported email providers. The author selected Electronic Frontier Foundation Inc to receive a donation as part of the Write for DOnations program.
0 kommentar(er)
