Add module to inspect MTA-STS policies #628
Description
Description
Checks for and parses MTA-STS policies, e.g. _mta-sts.target.domain as a TXT record, and mta-sts.target.domain which should host https://mta-sts.target.domain/.well-known/mta-sts.txt
MTA-STS policies contain hostnames for mail servers for which sending sources should enforce TLS based transport, e.g. not send emails in clear text.
It advertises to third parties, that if they are connecting to any MX listed (or which matches a wildcard) in the MTA-STS policy, that TLS must be utilised and the server must present a valid/trusted server certificate.
Typically the same servers that are in a domain's MX records will be listed here, however some hidden/related DNS names may be listed which are not presently advertised in MX records.
Example policy:
version: STSv1
mode: enforce
mx: mail.example.com
mx: *.example.net
mx: backupmx.example.com
max_age: 604800
I have written a module to do this and will submit PR shortly.