Daemon which provides TLS client policy for Postfix via socketmap, according to domain MTA-STS policy
Project description
postfix-mta-sts-resolver
Daemon which provides TLS client policy for Postfix via socketmap, according to domain MTA-STS policy. Current support of RFC8461 is limited - daemon lacks some minor features:
- Proactive policy fetch
- Fetch error reporting
- Fetch ratelimit
Dependencies
- Python 3.5.3+
- aiodns
- aiohttp
- pynetstring
- PyYAML
- (optional) uvloop
- pycares>=2.3.0
Installation
Method 1. System-wide install
Run in project directory:
python3 -m pip install .
Package scripts shall be available in standard executable locations upon completion.
Method 2. Running from project directory
Installing dependencies:
python3 -m pip install -r requirements.txt
Now script can be run right from source directory.
pip user install
Both previous methods can be run with --user option of pip installer. In this case superuser privileges are not required and package shall be installed to user home directory. So, for first method script executabled will appear in ~/.local/bin.
Method 3. Install into virtualenv
See "Building virtualenv"
Building virtualenv
Run make in project directory in order to build virtualenv. As result of it, new directory venv shall appear. venv contains interpreter and all required dependencies, i.e. encloses package with depencencies in separate environment. It is possible to specify alternative path where virtualenv directory shall be placed. Specify VENV variable for make command. Example:
make VENV=~/postfix-mta-sts-resolver
Such virtual environment can be moved to another machine of similar type (as far python interpreter is compatible with new environment). If virtualenv is placed into same location on new machine, application can be runned this way:
venv/bin/mta-sts-daemon
Otherwise, some hacks required. First option - explicitly call virtualenv interpreter:
venv/bin/python venv/bin/mta-sts-daemon
Second option - specify new path in shebang of scripts installed in virtualenv. It is recommended to build virtualenv at same location which app shall occupy on target system.
Configuration
See example config in source code directory. Default config location is: /etc/postfix/mta-sts-daemon.yml
Postfix configuration
Add line like
smtp_tls_policy_maps = socketmap:inet:127.0.0.1:8461:postfix
into your main.cf config.
Credits
Inspired by this forum thread.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file postfix_mta_sts_resolver-0.2.3.tar.gz.
File metadata
- Download URL: postfix_mta_sts_resolver-0.2.3.tar.gz
- Upload date:
- Size: 8.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.18.4 setuptools/38.5.1 requests-toolbelt/0.8.0 tqdm/4.19.5 CPython/2.7.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 16f1c0b4310cf3363e48b305569f0696ca63389aee19e2bddb53117ad1345036 |
|
| MD5 | d598998997af5206d97d81f0ed33fee3 |
|
| BLAKE2b-256 | 9aad130cdc6a2bf127f5200bbc073655547e927aaf617baa472c25890724af36 |
File details
Details for the file postfix_mta_sts_resolver-0.2.3-py3-none-any.whl.
File metadata
- Download URL: postfix_mta_sts_resolver-0.2.3-py3-none-any.whl
- Upload date:
- Size: 11.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.18.4 setuptools/38.5.1 requests-toolbelt/0.8.0 tqdm/4.19.5 CPython/2.7.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c947633697d181b1028f12ec11313afb229b092e7faa7d9e5e9d536d30de5f1c |
|
| MD5 | b0b3a7451267fde8c5dcdb096e5c11d5 |
|
| BLAKE2b-256 | 0e052e52ae3d215632352ba70091e4aaa9399a43f30b4c9ecf7a1d747cce0dcc |
