Lewsion/mta-sts
3
0
Fork 0
mirror of https://github.com/Lewsion/mta-sts.git synced 2025-12-22 01:25:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add GEMINI.md and QWEN.md files with comprehensive MTA-STS policy documentation and usage instructions

Browse Source
This commit is contained in:
Endrence Leternet
2025-09-24 22:42:54 +06:00
parent 277aa4280e
commit cee3d8399f
2 changed files with 96 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
QWEN.md Normal file
View File

@@ -0,0 +1,69 @@
# MTA-STS Policy Template - Project Context
## Project Overview
This is a template repository for hosting MTA-STS (Mail Transfer Agent Strict Transport Security) policy files on GitHub Pages. The project allows users to create and host their MTA-STS policy file (`.well-known/mta-sts.txt`) to secure email delivery by enforcing SMTP-over-TLS connections.
MTA-STS is a security standard that enables domain owners to declare their email server's support for encrypted SMTP connections. When properly configured, it mitigates man-in-the-middle attacks by instructing sending email servers to only connect via encrypted channels.
## Repository Structure
- `.well-known/` - Contains the MTA-STS policy file served at the well-known location
- `mta-sts.txt` - The actual MTA-STS policy file that defines how email should be delivered
- `index.html` - Redirects visitors to the MTA-STS policy file
- `_config.yml` - Jekyll configuration to include the `.well-known` directory in builds
- `CNAME` - Defines the custom domain for GitHub Pages
- Various configuration and documentation files for GitHub Pages hosting
## Key Files and Configuration
### MTA-STS Policy File (`.well-known/mta-sts.txt`)
The current policy file contains:
```txt
version: STSv1
mode: enforce
mx: mx1.forwardemail.net
mx: mx2.forwardemail.net
max_age: 604800
```
This policy enforces encrypted connections to the specified MX servers for one week (604800 seconds).
### Domain Configuration
- The `CNAME` file points to `mta-sts.lewsion.com`, indicating the domain for which this MTA-STS policy is configured.
- GitHub Pages serves this repository at that domain via DNS CNAME record.
### Jekyll Configuration
- `_config.yml` includes the `.well-known` directory in the GitHub Pages build, which is necessary for the MTA-STS policy file to be served at the correct path.
## Setup and Usage Instructions
1. Fork or create a repository from this template
2. Modify `.well-known/mta-sts.txt` with your own MX server details
3. Set up a CNAME DNS record pointing `mta-sts.yourdomain.com` to `yourusername.github.io`
4. Configure GitHub Pages with your custom domain
5. Add a TXT DNS record `_mta-sts.yourdomain.com` with your policy ID to enable MTA-STS for your domain
6. Optionally configure TLS reporting with a `_smtp._tls.yourdomain.com` TXT record
## Development Conventions
- This is a static site that gets served via GitHub Pages
- The `.well-known/mta-sts.txt` file should follow RFC 8461 specification
- Policy IDs in DNS TXT records need to be updated when the MTA-STS policy file changes
- The repository uses Jekyll for GitHub Pages hosting
## Security Considerations
- The MTA-STS policy enforces TLS encryption for email delivery
- Proper domain validation is required to prevent unauthorized modification of MTA-STS policies
- The `max_age` directive controls how long the policy remains in effect before requiring re-verification
## Testing and Validation
- Visit `https://mta-sts.yourdomain.com` to verify the policy file is accessible
- Use tools like MXToolBox MTA-STS Lookup or Hardenize to validate your implementation
- Monitor TLS reports if you implement the optional TLS reporting configuration