This article is a follow up to the Enabling Better Mail Flow Security for Exchange Online which discusses setting up MTA-STS and in this article we cover the reporting for MTA-STS.
To get daily reports from each sending infrastructure to receive reports on MTA-STS you just create a DNS record in the following format:
_smtp._tls.c7solutions.com IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@c7solutions.com"It took about a week before I got some reports and at this time they have only come, now daily, from Google. They come as a JSON file compressed in the GZip format and once expanded appear as follows:
{
"organization-name":"Google Inc.",
"date-range":
{
"start-datetime":"2020-10-08T00:00:00Z",
"end-datetime":"2020-10-08T23:59:59Z"
},
"contact-info":"smtp-tls-reporting@google.com",
"report-id":"2020-10-08T00:00:00Z_c7solutions.com",
"policies":
[
{
"policy":
{
"policy-type":"sts",
"policy-string":
[
"version: STSv1\r",
"mode: testing\r",
"mx: mail.domain.com\r",
"mx: c7solutions-com.mail.protection.outlook.com\r",
"max_age: 86400"
],
"policy-domain":"c7solutions.com"
},
"summary":
{
"total-successful-session-count":1,
"total-failure-session-count":0
}
}
]
}As we can see, nothing interesting – it worked for the one email I got into this domain from Gmail that day! On one result its not time to change the policy from “testing” to “enforce” but it might be soon as I know it is working.
Leave a Reply