mirror of
https://github.com/Lewsion/mta-sts.git
synced 2025-12-22 01:25:47 +00:00
Add GEMINI.md and QWEN.md files with comprehensive MTA-STS policy documentation and usage instructions
This commit is contained in:
27
GEMINI.md
Normal file
27
GEMINI.md
Normal file
@@ -0,0 +1,27 @@
|
||||
# GEMINI.md
|
||||
|
||||
## Directory Overview
|
||||
|
||||
This directory contains the necessary files to host a Mail Transport Agent Strict Transport Security (MTA-STS) policy on GitHub Pages. The purpose of this project is to provide a simple and effective way to publish an MTA-STS policy, which helps to secure email delivery by enforcing TLS encryption.
|
||||
|
||||
This is not a code project but rather a configuration-based setup for serving a static policy file.
|
||||
|
||||
## Key Files
|
||||
|
||||
* `.well-known/mta-sts.txt`: This is the core MTA-STS policy file. It defines the MTA-STS policy mode, mail servers, and the maximum age of the policy.
|
||||
* `CNAME`: This file specifies the custom domain (`mta-sts.lewsion.com`) that is used for the GitHub Pages site.
|
||||
* `index.html`: This file acts as a simple redirect to the `mta-sts.txt` policy file, ensuring that visitors to the root of the site are directed to the policy.
|
||||
* `_config.yml`: This is a Jekyll configuration file that is used by GitHub Pages. In this project, it is configured to ensure that the `.well-known` directory is included when the site is built.
|
||||
* `README.md`: This file provides detailed instructions on how to use this repository as a template to host your own MTA-STS policy.
|
||||
|
||||
## Usage
|
||||
|
||||
The contents of this directory are intended to be used as a template for publishing an MTA-STS policy. To use this project, you would typically:
|
||||
|
||||
1. Fork this repository or use it as a template.
|
||||
2. Modify the `.well-known/mta-sts.txt` file to reflect your own mail server configuration and desired policy.
|
||||
3. Update the `CNAME` file with your own custom domain.
|
||||
4. Configure your domain's DNS settings to point to the GitHub Pages site.
|
||||
5. Create the necessary `_mta-sts` DNS TXT records to enable the policy.
|
||||
|
||||
The `README.md` file contains a comprehensive guide on how to perform these steps.
|
||||
69
QWEN.md
Normal file
69
QWEN.md
Normal file
@@ -0,0 +1,69 @@
|
||||
# MTA-STS Policy Template - Project Context
|
||||
|
||||
## Project Overview
|
||||
|
||||
This is a template repository for hosting MTA-STS (Mail Transfer Agent Strict Transport Security) policy files on GitHub Pages. The project allows users to create and host their MTA-STS policy file (`.well-known/mta-sts.txt`) to secure email delivery by enforcing SMTP-over-TLS connections.
|
||||
|
||||
MTA-STS is a security standard that enables domain owners to declare their email server's support for encrypted SMTP connections. When properly configured, it mitigates man-in-the-middle attacks by instructing sending email servers to only connect via encrypted channels.
|
||||
|
||||
## Repository Structure
|
||||
|
||||
- `.well-known/` - Contains the MTA-STS policy file served at the well-known location
|
||||
- `mta-sts.txt` - The actual MTA-STS policy file that defines how email should be delivered
|
||||
- `index.html` - Redirects visitors to the MTA-STS policy file
|
||||
- `_config.yml` - Jekyll configuration to include the `.well-known` directory in builds
|
||||
- `CNAME` - Defines the custom domain for GitHub Pages
|
||||
- Various configuration and documentation files for GitHub Pages hosting
|
||||
|
||||
## Key Files and Configuration
|
||||
|
||||
### MTA-STS Policy File (`.well-known/mta-sts.txt`)
|
||||
|
||||
The current policy file contains:
|
||||
|
||||
```txt
|
||||
version: STSv1
|
||||
mode: enforce
|
||||
mx: mx1.forwardemail.net
|
||||
mx: mx2.forwardemail.net
|
||||
max_age: 604800
|
||||
```
|
||||
|
||||
This policy enforces encrypted connections to the specified MX servers for one week (604800 seconds).
|
||||
|
||||
### Domain Configuration
|
||||
|
||||
- The `CNAME` file points to `mta-sts.lewsion.com`, indicating the domain for which this MTA-STS policy is configured.
|
||||
- GitHub Pages serves this repository at that domain via DNS CNAME record.
|
||||
|
||||
### Jekyll Configuration
|
||||
|
||||
- `_config.yml` includes the `.well-known` directory in the GitHub Pages build, which is necessary for the MTA-STS policy file to be served at the correct path.
|
||||
|
||||
## Setup and Usage Instructions
|
||||
|
||||
1. Fork or create a repository from this template
|
||||
2. Modify `.well-known/mta-sts.txt` with your own MX server details
|
||||
3. Set up a CNAME DNS record pointing `mta-sts.yourdomain.com` to `yourusername.github.io`
|
||||
4. Configure GitHub Pages with your custom domain
|
||||
5. Add a TXT DNS record `_mta-sts.yourdomain.com` with your policy ID to enable MTA-STS for your domain
|
||||
6. Optionally configure TLS reporting with a `_smtp._tls.yourdomain.com` TXT record
|
||||
|
||||
## Development Conventions
|
||||
|
||||
- This is a static site that gets served via GitHub Pages
|
||||
- The `.well-known/mta-sts.txt` file should follow RFC 8461 specification
|
||||
- Policy IDs in DNS TXT records need to be updated when the MTA-STS policy file changes
|
||||
- The repository uses Jekyll for GitHub Pages hosting
|
||||
|
||||
## Security Considerations
|
||||
|
||||
- The MTA-STS policy enforces TLS encryption for email delivery
|
||||
- Proper domain validation is required to prevent unauthorized modification of MTA-STS policies
|
||||
- The `max_age` directive controls how long the policy remains in effect before requiring re-verification
|
||||
|
||||
## Testing and Validation
|
||||
|
||||
- Visit `https://mta-sts.yourdomain.com` to verify the policy file is accessible
|
||||
- Use tools like MXToolBox MTA-STS Lookup or Hardenize to validate your implementation
|
||||
- Monitor TLS reports if you implement the optional TLS reporting configuration
|
||||
Reference in New Issue
Block a user