Skip to content

Java implementation library for RFC 8461 - SMTP MTA Strict Transport Security.

License

Notifications You must be signed in to change notification settings

mimecast/mta-sts

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

MTA-STS

By Vlad Marian [email protected]

Overview

SMTP MTA Strict Transport Security

This is a Java implementation of MTA-STS with support for TLSRPT record fetching.

The libray does not provide a production ready trust manager or policy cache. A X509TrustManager implementation needs to be provided and should enable revocation checks. An abstract PolicyCache is provided to aid in integrating with your cloud cache.

This project can be compiled into a runnable JAR. A CLI interface is implemented.

Best practices

The following validations are off by default:

  • Require HTTPS response Content-Type as text/plain.

In practice we see policis that will not have it or have a different value.

  • Require policy line endings as CRLF.

While the policy states: This resource contains the following CRLF-separated key/value pairs but in the ABNF you see: sts-policy-term = LF / CRLF

Contributions

Contributions of any kind (bug fixes, new features...) are welcome! This is a development tool and as such it may not be perfect and may be lacking in some areas.

Certain future functionalities are marked with TODO comments throughout the code. This however does not mean they will be given priority or ever be done.

Any merge request made should align to existing coding style and naming convention. Before submitting a merge request please run a comprehensive code quality analysis (IntelliJ, SonarQube).

Read more here.

Disclosure

This project makes use of sample passwords as needed for testing and demonstration purposes.

  • avengers - Test keystore password that contains a single entry issued to Tony Stark. (Easter egg)

These passwords are not in use within Mimecast production environments.

RFC Excerpts

Usage

Guidelines