* Bill Cole via mailop <mailop-20160...@billmail.scconsult.com>: > On 2024-11-16 at 19:55:52 UTC-0500 (Sat, 16 Nov 2024 18:55:52 -0600) > Michael Rathbun via mailop <m...@honet.com> > is rumored to have said: > > > I confess to being completely mystified. What is the nature of these TLS > > reports, and where do they come from? > > Presumably RFC8460 https://datatracker.ietf.org/doc/html/rfc8460. Intimately > related to MTA-STS, RFC8461. > > It can also be used with DANE, but I don't know of anyone doing so.
This will likely change in the near future. The upcoming, yearly Postfix release will implement TLSRPT (see: https://postfix.org/TLSRPT_README.html) and I expect many Postfix based platforms to adopt this standard and start sending out TLSRPT reports. TLSRPT support is the result of a collaboration between Wietse Venema (postfix) and us (sys4). We want to foster TLSRPT and to make it happen we decided to contribute a generic low-level TLSRPT client library and a report generator. Both projects' code is located at https://github.com/sys4/tlsrpt/. NOTE: The client library is ready to use. The report generator is still work in progress and on time to be released when the new Postfix version hits the road around February 2025. If you want to test it, please test it and please report issues if you experience problems. Both, client library and report generator, are GPL3. We hope other OSS SMTP projects will adopt the TLSRPT client library to implement TLSRPT as well. Monitoring your own platform for TLS related issues is fine, but it doesn't give you a picture how partners and other sending parties experience your mail system when they connect to it. This is where TLSRPT comes in. It's reports will allow you to detect if your world-wide inbound TLS-encrypted SMTP communication meets your security policies. p@rick P.S. As a side-effect the upcoming Postfix release, assisted by another third party tool, will also support MTA-STS. P.P.S. Others may call it collateral damage and not side-effect. But who am I to tell. I'm biased. Along with Victor I'm team "DANE". ;-) -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
