GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » MTA-STS (Increase email security with MTA-STS and TLS reporting)
MTA-STS [message #151347] Sat, 26 March 2022 09:50
bcs is currently offline  bcs
Messages: 1
Registered: March 2022
I would like that the functionality MTA-STS will implemented in future versions of Kerio Connect.
This functionality is already implemented by MDemon and Google Workspace, I think that it is very useful for e-mail security, and it would be taken in serious consideration.

MTA-STS is an inbound mail protocol designed to add a layer of encryption/security between sending and receiving mail servers. It was designed to patch an existing hole in the STARTTLS protocol that allowed for communication to be unencrypted via an attacker who could remove parts of the SMTP session (such as the "250 STARTTLS" response). This is accomplished by bringing DNS as a third party to verify connections.

MTA-STS is short for SMTP MTA-STS, which is short for Simple Mail Transfer Protocol (SMTP) Mail Transfer Agent (MTA) Strict Transport Security (STS). The purpose of MTA-STS is to encrypt and secure communications between SMTP servers via TLS (Transport Layer Security) preventing man-in-the-middle attackers from viewing and manipulating in-transit emails.

The MTA-STS protocol works by having a DNS record that tells mail servers to fetch a policy file via HTTPS from a defined subdomain. This file contains a list of the receiver's mail servers which are authenticated and approved to receive the messages and also what policy to apply to inbound messages.
Previous Topic: 9.4.0 CentOS 7
Next Topic: Cannot receive from Mailchimp since 8.2.2
Goto Forum:
  


Current Time: Fri Dec 02 23:01:36 CET 2022

Total time taken to generate the page: 0.03289 seconds