Maddy: Difference between revisions
imported>Onny mNo edit summary |
imported>Onny Add setup instructions for MTA-STS |
||
| Line 59: | Line 59: | ||
Now that your server also runs a DNS daemon besides the mail server, you have to configure it as the external nameserver of your domain <code>example.org</code>. Please consult your domain provider on how to do that. | Now that your server also runs a DNS daemon besides the mail server, you have to configure it as the external nameserver of your domain <code>example.org</code>. Please consult your domain provider on how to do that. | ||
=== MTA-STS === | |||
MTA-STS enforces secure TLS configuration for servers which support this standard. We already advertised this feature in the DNS records above, but we also have to serve a static configuration file using a web server. We use the web server [[Caddy]] to do this but of course you can [Category:Web_Servers use others too]. | |||
{{file|/etc/nixos/configuration.nix|nix|<nowiki> | |||
caddy = { | |||
enable = true; | |||
virtualHosts."mta-sts.example.org".extraConfig = '' | |||
encode gzip | |||
file_server | |||
root * ${ | |||
pkgs.runCommand "testdir" {} '' | |||
mkdir "$out/.well-known" | |||
echo " | |||
version: STSv1 | |||
mode: enforce | |||
max_age: 604800 | |||
mx: mx1.example.org | |||
" > "$out/.well-known/mta-sts.txt" | |||
'' | |||
} | |||
''; | |||
}; | |||
</nowiki>}} | |||
Replace the domain <code>mta-sts.example.org</code> and the domain <code>mx1.example.org</code> with the ones you're using. | |||
=== Managing users and inboxes === | === Managing users and inboxes === | ||