It's worth noting that blog post covers only one-way MTA-STS, announcing STS policy to other SMTP peers, protecting only inbound mail from MTA-STS enabled servers.
In order to ensure strict transport security on sender side (for mail outbound from server), one have add support for MTA-STS to mail server itself.
It's an external policy server for Postfix which retrieves, validates, caches and prefetches STS policies for target mail domains. postfix-mta-sts-resolver package is already available in Debian repos and I guess it'll be included in upcoming Ubuntu 20.04 LTS. If I recall correctly there are also FreeBSD port, docker images and AUR package for Arch Linux.
[+] [-] Snawoot|6 years ago|reply
In order to ensure strict transport security on sender side (for mail outbound from server), one have add support for MTA-STS to mail server itself.
I'm developer of such solution for Postfix mail server: https://github.com/Snawoot/postfix-mta-sts-resolver
It's an external policy server for Postfix which retrieves, validates, caches and prefetches STS policies for target mail domains. postfix-mta-sts-resolver package is already available in Debian repos and I guess it'll be included in upcoming Ubuntu 20.04 LTS. If I recall correctly there are also FreeBSD port, docker images and AUR package for Arch Linux.
[+] [-] geordee|6 years ago|reply