Maddy: Difference between revisions

(3 intermediate revisions by 3 users not shown)

Line 124:

=== MTA-STS ===

MTA-STS enforces secure TLS configuration for servers which support this standard. We already advertised this feature in the DNS records above, but we also have to serve a static configuration file using a web server. We use the web server [[Caddy]] to do this but of course you can ~~[[Category:Web_Servers use others~~ too]].

MTA-STS enforces secure TLS configuration for servers which support this standard. We already advertised this feature in the DNS records above, but we also have to serve a static configuration file using a web server. We use the web server [[Caddy]] to do this but of course you can other Web Servers too.

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

Line 154:

# nix shell nixpkgs#hash-slinger --command tlsa --~~create --selector 1~~ --protocol tcp ~~-p 25 --create~~ mx1.example.org

# nix shell nixpkgs#hash-slinger --command tlsa --port=25 --protocol=tcp mx1.example.org

</syntaxhighlight>

Add the key to a new TLSA record in your nameserver

Or you can generate it directly from the TLS-certificate that you are using with maddy:<syntaxhighlight lang="console">

# openssl x509 -in cert.pem -pubkey -noout | openssl ec -pubin -outform der | sha256sum

</syntaxhighlight>Add the key to a new TLSA record in your nameserver

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

Line 353:

Line 355:

[[Category:Mail Server]]

[[Category:Server]]

@@ Line 124: / Line 124: @@
 === MTA-STS ===
-MTA-STS enforces secure TLS configuration for servers which support this standard. We already advertised this feature in the DNS records above, but we also have to serve a static configuration file using a web server. We use the web server [[Caddy]] to do this but of course you can [[Category:Web_Servers use others too]].
+MTA-STS enforces secure TLS configuration for servers which support this standard. We already advertised this feature in the DNS records above, but we also have to serve a static configuration file using a web server. We use the web server [[Caddy]] to do this but of course you can other Web Servers too.
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
@@ Line 154: / Line 154: @@
 <syntaxhighlight lang="console">
-# nix shell nixpkgs#hash-slinger --command tlsa  --create --selector 1 --protocol tcp -p 25 --create mx1.example.org
+# nix shell nixpkgs#hash-slinger --command tlsa --port=25 --protocol=tcp mx1.example.org
 </syntaxhighlight>
-Add the key to a new TLSA record in your nameserver
+Or you can generate it directly from the TLS-certificate that you are using with maddy:<syntaxhighlight lang="console">
+# openssl x509 -in cert.pem -pubkey -noout | openssl ec -pubin -outform der | sha256sum
+</syntaxhighlight>Add the key to a new TLSA record in your nameserver
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
@@ Line 353: / Line 355: @@
 [[Category:Mail Server]]
+[[Category:Server]]