## page was copied from DnsTemplate ##master-page:HelpTemplate <> <> = MTA-STS = RFC8461 SMTP MTA Strict Transport Security (MTA-STS) https://datatracker.ietf.org/doc/html/rfc8461 https://maildata.jp/specification/mta-sts.html == MTA-STSのプロセス == 3.1. MTA-STS TXT Records The MTA-STS TXT record is a TXT record with the name "_mta-sts" at the Policy Domain. For the domain "example.com", this record would be "_mta-sts.example.com". MTA-STS TXT records MUST be US-ASCII, semicolon-separated key/value pairs containing the following fields: {{{ _mta-sts.gmail.com. 300 IN TXT "v=STSv1; id=20190429T010101;" }}} idは1~32文字の英数字です。 3.2. MTA-STS Policies The policy itself is a set of key/value pairs (similar to header fields in [RFC5322]) served via the HTTPS GET method from the fixed "well-known" [RFC5785] path of ".well-known/mta-sts.txt" served by the Policy Host. The Policy Host DNS name is constructed by prepending "mta-sts" to the Policy Domain. ポリシーファイルは、RFC5785の規定に沿って、「.well-known」というフォルダに「mta-sts.txt」というファイル名で保存します。 https://mta-sts.gmail.com/.well-known/mta-sts.txt {{{ version: STSv1 mode: enforce mx: gmail-smtp-in.l.google.com mx: *.gmail-smtp-in.l.google.com max_age: 86400 }}} == 接続手順 == 5.1. Policy Application Control Flow 2. For each candidate MX, in order of MX priority, attempt to deliver the message. If a policy is present with an "enforce" mode, when attempting to deliver to each candidate MX, ensure STARTTLS support and host identity validity as described in Section 4, "Policy Validation". If a candidate fails validation, continue to the next candidate (if there is one). ---- CategoryDns CategoryWatch CategoryTemplate