justin/new-site
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
new-site/infra/mta-sts
History
justin 7bd2f70de4 infra: MTA-STS policy + vhost + README (cert pending DNS propagation)
2026-06-06 19:36:27 -05:00
..
mta-sts.txt infra: MTA-STS policy + vhost + README (cert pending DNS propagation) 2026-06-06 19:36:27 -05:00
pw-mta-sts.conf infra: MTA-STS policy + vhost + README (cert pending DNS propagation) 2026-06-06 19:36:27 -05:00
README.md infra: MTA-STS policy + vhost + README (cert pending DNS propagation) 2026-06-06 19:36:27 -05:00

README.md

MTA-STS for performancewest.net

DNS TXT _mta-sts.performancewest.net = v=STSv1; id=20260505 (already published). TLS-RPT TXT _smtp._tls.performancewest.net published. Added A record mta-sts.performancewest.net -> 207.174.124.71 (Hestia).

Policy served at https://mta-sts.performancewest.net/.well-known/mta-sts.txt from /var/www/mta-sts/.well-known/mta-sts.txt (content = mta-sts.txt here).

PENDING: Let's Encrypt cert for mta-sts.performancewest.net (waiting on HE.net secondary DNS propagation). Once dig +short mta-sts.performancewest.net @8.8.8.8 resolves, run: sudo certbot certonly --webroot -w /var/www/certbot -d mta-sts.performancewest.net --non-interactive --agree-tos -m admin@performancewest.net then upgrade pw-mta-sts.conf to an HTTPS (443) server block (see pw-listmonk-hc.conf pattern) and reload nginx. MTA-STS requires the policy be served over valid HTTPS.