1. Knowledge Base
  2. MDaemon® Email Server

How to setup Mail Transfer Agent Strict Transport Security (MTA-STS) in MDaemon

SMTP MTA Strict Transport Security (MTA-STS) is a mechanism enabling mail service providers (SPs) to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections.

SMTP MTA Strict Transport Security (MTA-STS) can also specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate.

To set up MTA-STS for your own domain, you will need an MTA-STS policy file that can be downloaded via HTTPS from the URL https://mta-sts.domain.tld/.well-known/mta-sts.txt, where "domain.tld" is your domain name.

The policy text file should contain lines in the following format:

version: STSv1
mode: testing
mx: mail.domain.tld
max_age: 86400

Mode can be "none", "testing", or "enforce". There should be an "mx" line for each of your MX hostnames. A wildcard can be used for subdomains, such as "*.domain.tld". Max age is in seconds. Common values are 86400 (1 day) and 604800 (1 week).

A DNS TXT record at _mta-sts.domain.tld, where "domain.tld" is your domain name must be created.

This DNS txt record must have a value in the format:

v=STSv1; id=20220408T010101;

The value for "id" must be changed every time the policy file is changed. It is common to use a timestamp for the id.