document how to publish an MTA-STS policy

3 years ago · 5634354911
parent a019607873
commit 5634354911
1 changed files with 25 additions and 0 deletions
--- a/docs/faq.rst
+++ b/docs/faq.rst
@ -369,6 +369,31 @@ How do I use webdav (radicale)?
 .. _`575`: https://github.com/Mailu/Mailu/issues/575
 .. _`1591`: https://github.com/Mailu/Mailu/issues/1591

+How do I setup a MTA-STS policy?
+````````````````````````````````
+
+Mailu can serve an `MTA-STS policy`_; To configure it you will need to:
+
+1. setup the appropriate DNS/CNAME record (``mta-sts.example.com`` -> ``mailu.example.com``) and DNS/TXT record (``_mta-sts.example.com`` -> ``v=STSv1; id=1``) paying attention to the ``TTL`` as this is used by MTA-STS.
+
+2. configure an override with the policy itself; for example, your ``overrides/mta-sts.conf`` could read:
+
+.. code-block:: bash
+
+   location ^~ /.well-known/mta-sts.txt {
+   return 200 "version: STSv1
+   mode: enforce
+   max_age: 86401
+   mx: mailu.example.com\r\n";
+   }
+
+3. add ``mta-sts.example.com`` to the ``HOSTNAMES`` configuration variable (and ensure that a valid SSL certificate is available for it)
+
+*issue reference:* `1798`_.
+
+.. _`1798`: https://github.com/Mailu/Mailu/issues/1798
+.. _`MTA-STS policy`: https://datatracker.ietf.org/doc/html/rfc8461
+
 Technical issues
 ----------------