diff --git a/.well-known/mta-sts.txt b/.well-known/mta-sts.txt index 8530a9e..1e933e3 100644 --- a/.well-known/mta-sts.txt +++ b/.well-known/mta-sts.txt @@ -1,7 +1,21 @@ +# MTA-STS Policy File for lewsion.com +# For more information, see: https://tools.ietf.org/html/rfc8461 + version: STSv1 -mode: [enforce|testing|none] # 1. Decide your mode. -mx: mx1.your_domain.tld # 2. Add your primary mailserver hostname (see MX records in your DNS) -mx: mx2.your_domain.tld # 3. If you have secondary mailservers, add one line for each. - # In case all servers share the same subdomain, you may also use wildcards like *.mail.protection.outlook.com -max_age: 1209600 # 4. Depending on your mode above, 1209600 seconds = 2 weeks might be a good value. - # 5. Remove all the comments (if that wasn't obvious to you). +# Policy version. Always 'STSv1' as per RFC 8461. + +mode: testing +# Policy mode. Possible values: +# enforce - Enforce the policy (recommended for production) +# testing - Report violations but do not enforce (use for testing) +# none - Disable MTA-STS + +mx: mail.lewsion.com +# Primary mail server hostname (must match your DNS MX records). +# Add additional 'mx:' lines for each secondary mail server if needed. +# Example: +# mx: mx2.lewsion.com + +max_age: 1209600 +# Policy lifetime in seconds (e.g., 1209600 = 14 days). +# Increase for production, decrease for testing. \ No newline at end of file diff --git a/README.md b/README.md index 7ebcc24..cb2ac3d 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ In case the sending e-mail server is not able to initiate a secure connection, i _Optional (but **highly recommended**):_ -7. Create another `TXT` record for `_smtp._tls.` in your domain's DNS to enable reporting (see [RFC 8460](https://datatracker.ietf.org/doc/html/rfc8460)). +1. Create another `TXT` record for `_smtp._tls.` in your domain's DNS to enable reporting (see [RFC 8460](https://datatracker.ietf.org/doc/html/rfc8460)). You may copy & paste this to your DNS provider: ```dns