Lightweight MTA-STS + DANE/TLSA resolver and TLS policy server for Postfix, prioritizing DANE.
10K+
Introducing Our Lightweight MTA-STS + DANE/TLSA Resolver: A cutting-edge solution designed for Postfix that complies with industry standards and prioritizes DANE where possible.
At Zuplu, we believe that secure communication should be a standard, not a luxury. That's why we're excited to announce that we are open-sourcing our TLS policy evaluating server!
By sharing our technology with the community, we aim to empower organizations of all sizes and private postmasters to enhance their email security and protect their communications. Together, we can create a safer digital landscape for everyone.
Join us in this mission! Explore our open-source solution and integrate it into your Postfix setup. ππ
Our solution is packaged in a lightweight Docker image (approximately 8 MB compressed) that includes its own properly configured DNS resolver, Unbound. This simplifies your setup process significantly!
Simply run the following command:
docker volume create postfix-tlspol-data
docker run -d \
-v postfix-tlspol-data:/data \
-p 127.0.0.1:8642:8642 \
--restart unless-stopped \
--name postfix-tlspol \
zuplu/postfix-tlspol:latest
In /etc/postfix/main.cf:
smtp_dns_support_level = dnssec
smtp_tls_security_level = dane
smtp_tls_dane_insecure_mx_policy = dane
smtp_tls_policy_maps = socketmap:inet:127.0.0.1:8642:QUERY
smtp_dns_support_level = dnssec
smtp_tls_security_level = dane
smtp_tls_policy_maps = socketmap:inet:127.0.0.1:8642:QUERYwithTLSRPT
Note the QUERYwithTLSRPT that enables TLSRPT support for Postfix 3.10+.
After changing the Postfix configuration, do:
postfix reload
Thatβs all!
Visit our GitHub repository for more information about how it works: https://github.com/Zuplu/postfix-tlspolβ
Content type
Image
Digest
sha256:6e0f79fd5β¦
Size
8.9 MB
Last updated
11 days ago
docker pull zuplu/postfix-tlspol