From 3f09c880979ed9ee1d46b40cde79339222b8091c Mon Sep 17 00:00:00 2001 From: "A. Schippers" Date: Fri, 6 Mar 2020 19:20:39 +0100 Subject: [PATCH] Updated changelog --- CHANGELOG.md | 6 ++++++ security.md | 7 ++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d4247085..b91b722a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ CHANGELOG ========= +MTA-STS: + +* Added support for client side MTA-STS when there is a valid SSL Certificate on the primary domain +* Automatically adds reporting when alias "tlsrpt@" is added. +* Starts default on 'testing', but changes will be kept between MiaB Upgrades. + v0.44 (February 15, 2020) ------------------------- diff --git a/security.md b/security.md index 8c9d43e5..3f6ebc82 100644 --- a/security.md +++ b/security.md @@ -98,7 +98,12 @@ While domain policy records prevent other servers from sending mail with a "From The box restricts the envelope sender address (also called the return path or MAIL FROM address --- this is different from the "From:" header) that users may put into outbound mail. The envelope sender address must be either their own email address (their SMTP login username) or any alias that they are listed as a permitted sender of. (There is currently no restriction on the contents of the "From:" header.) -Incoming Mail +### MTA-STS + +SMTP MTA Strict Transport Security ([SMTP MTA-STS for short](https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#SMTP_MTA_Strict_Transport_Security)). + +MTA-STS is a mechanism that instructs an SMTP server that the communication with the other SMTP server MUST be encrypted and that the domain name on the certificate should match the domain in the policy. It uses a combination of DNS and HTTPS to publish a policy that tells the sending party what to do when an encrypted channel can not be negotiated. + ------------- ### Encryption