MTA-STA for Exim, thanks to Perl

MTA-STS (RFC8461) is a new standard that makes it possible to send downgrade-resistant email over SMTP. In that sense, it is like an alternative to DANE. It does this by piggybacking on the browser Certificate Authority model.

There is a validator here which defaults to checking gmail.com, and possibly can answer your questions about it without the "tl;dr" factor of the RFC.

This perl script was posted on the Exim mailing list, and is designed to work with the Exim Perl interpreter. On demand, this script will check if MTA-STS data is in a LMDB database. If it is not then it will poll a domain for MTA-STS info and put the info into the database. Then, respond to EXIM with required info for processing the outgoing email.

This script provides reboot resistant caching of MTA-STS data. And if the database is not found, it will reconstruct the database and restart the caching.

Exim is the most popular MTA to if you are running your own mail server this is a good chance you are using it.

The link again: https://github.com/Bobberty/MTASTS-EXIM-PERL

Leave a comment

About Dean

user-pic I blog about Perl. Need an open source firewall or some perl work in Australia? Give me a call!