Categories
EOP exchange exchange online Exchange Online Protection Exchange Server

Reporting on MTA-STS Failures

This article is a follow up to the Enabling Better Mail Flow Security for Exchange Online which discusses setting up MTA-STS and in this article we cover the reporting for MTA-STS.

To get daily reports from each sending infrastructure to receive reports on MTA-STS you just create a DNS record in the following format:

_smtp._tls.c7solutions.com IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@c7solutions.com"

It took about a week before I got some reports and at this time they have only come, now daily, from Google. They come as a JSON file compressed in the GZip format and once expanded appear as follows:

{
 "organization-name":"Google Inc.",
 "date-range":
 {
  "start-datetime":"2020-10-08T00:00:00Z",
  "end-datetime":"2020-10-08T23:59:59Z"
 },
 "contact-info":"smtp-tls-reporting@google.com",
 "report-id":"2020-10-08T00:00:00Z_c7solutions.com",
 "policies":
 [
  {
   "policy":
   {
    "policy-type":"sts",
    "policy-string":
    [
     "version: STSv1\r",
     "mode: testing\r",
     "mx: mail.domain.com\r",
     "mx: c7solutions-com.mail.protection.outlook.com\r",
     "max_age: 86400"
    ],
    "policy-domain":"c7solutions.com"
   },
   "summary":
   {
    "total-successful-session-count":1,
    "total-failure-session-count":0
   }
  }
 ]
}

As we can see, nothing interesting – it worked for the one email I got into this domain from Gmail that day! On one result its not time to change the policy from “testing” to “enforce” but it might be soon as I know it is working.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.