It appears that Viktor Dukhovni <uta@ietf.org> said: > - If the question is about the software stack, then: > > * Any MTA that supports STARTTLS already supports both inbound.
Almost -- it needs to have a cert that matches its name and is signed and/or matches the TLSA record. A lot of the default installations I've seen still generate a self-signed cert. This isn't a huge burden but it's not entirely trivial, particularly since the acme web validation method doesn't work unless you can spin up a web server with the same name as the mail server. > * Outbound support for MTA-STS is unlikely in the leading open source > MTAs > * Outbound support for DANE is starting to be available even in > some of the cloud provider stacks, but is not yet prevalent. Yup. I think that publishing stuff for inbound mta-sts is worth it since for most people a large fraction of incoming mail will check it. R's, John _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
