mta-sts | Java implementation library for RFC

 by   mimecast Java Version: 1.3.5 License: Apache-2.0

X-RayKey FeaturesCode SnippetsCommunity Discussions(1)VulnerabilitiesInstallSupport

kandi X-RAY | mta-sts Summary

kandi X-RAY | mta-sts Summary

mta-sts is a Java library typically used in Telecommunications, Media, Telecom applications. mta-sts has no bugs, it has no vulnerabilities, it has build file available, it has a Permissive License and it has low support. You can download it from GitHub.

SMTP MTA Strict Transport Security. This is a Java implementation of MTA-STS with support for TLSRPT record fetching. The libray does not provide a production ready trust manager or policy cache. A X509TrustManager implementation needs to be provided and should enable revocation checks. An abstract PolicyCache is provided to aid in integrating with your cloud cache. This project can be compiled into a runnable JAR. A CLI interface is implemented.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              mta-sts has a low active ecosystem.
              It has 17 star(s) with 3 fork(s). There are 3 watchers for this library.
              OutlinedDot
              It had no major release in the last 6 months.
              mta-sts has no issues reported. There are no pull requests.
              It has a neutral sentiment in the developer community.
              The latest version of mta-sts is 1.3.5

            kandi-Quality Quality

              mta-sts has no bugs reported.

            kandi-Security Security

              mta-sts has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

            kandi-License License

              mta-sts is licensed under the Apache-2.0 License. This license is Permissive.
              Permissive licenses have the least restrictions, and you can use them in most projects.

            kandi-Reuse Reuse

              mta-sts releases are not available. You will need to build from source code and install.
              Build file is available. You can build the component from source.

            Top functions reviewed by kandi - BETA

            kandi has reviewed mta-sts and discovered the below as its top functions. This is intended to give you an instant insight into mta-sts implemented functionality, and help decide if they suit your requirements.
            • Gets policy data as JSON
            • Get list of MX records
            • Get the max age
            • Returns the string representation of the mode
            • Resolves a DNS query
            • Look up record
            • Loops the records
            • Gets the policy
            • Gets the OkHttpClient
            • Store local Https response
            • Stop the server
            • Put entries in database
            • Closes the output stream
            • Save map to file
            • Parse the rua token
            • Match MX domain string
            • Parse the command line arguments
            • Get the port number
            • Get the extended policy string representation of this policy
            • Returns a string representation of the policy
            • Get any MX record for the specified domain
            • Main method
            • Returns the CLI options
            • Prints options usage
            • Returns a DNS TXT record
            • Gets the TXT record
            Get all kandi verified functions for this library.

            mta-sts Key Features

            No Key Features are available at this moment for mta-sts.

            mta-sts Examples and Code Snippets

            No Code Snippets are available at this moment for mta-sts.

            Community Discussions

            Trending Discussions on mta-sts

            When an e-mail message fails MTA-STS checks, it must not be delivered; will the sender be informed about the delivery failure? When?

            QUESTION

            When an e-mail message fails MTA-STS checks, it must not be delivered; will the sender be informed about the delivery failure? When?
            Asked 2021-May-12 at 09:47
            Short:

            When an e-mail message about to be send fails MTA-STS checks, it must not be delivered by design; will the sender be informed about the delivery failure? When?

            Long & Background info:

            When implementing mta-sts on custom domains to enforce the use of TLS connections, misconfigurations of the mta-sts.txt policy file (or a smtp-server not supporting TLS connections) will result in e-mail not being delivered as an enforced policy will require TLS connections to deliver the e-mail.

            Via TLS-reporting the domain holder - not the sender - could be informed about any problems, provided TLS reporting is set-up to a different domain or tool that notifies on a different address than the domain in question.

            My question is about any senders of e-mail messages. In a testcase with policy file mentioning incorrect mx records, no e-mails are delivered (as expected), but the test sender did not receive any messages about delivery problems (yet).

            Is this expected behaviour? Or will the sender be informed after a number hours? If so, how many hours? - I ask because a delivery failure and NDR (non-delivery-reports) are usually returned instantly.

            If a user misspelled an e-mail address or the receving server is down, the sender is informed about the trouble and can take action. Sometimes even the "delivery is delayed" is announced; not failed yet, but not delivered either.

            I get the impression that the sender is not informed that a message is not delivered and is "silently blackholed / discarded". To be clear: that the message is not delivered is expected behaviour in this test case.

            Spec: https://tools.ietf.org/html/rfc8461

            ...

            ANSWER

            Answered 2021-May-12 at 09:47

            After running some testcases, I have experienced the following:

            (This was done by a Outlook.com smtp server.)

            Testcase C
            • MTA-STS: Deliberately incorrect, but existing third-party mx server in mta-sts file.
            • DNS: Correct mx server.

            The sender was informed about the delivery failure after 24 hours.

            It was explained in my local language what was going on; here information highlights:

            1. That the message could was not delivered.
            2. That it was tried multiple times to deliver.
            3. But that the cause was being unable to connect to the remote server.
            4. Advise was given to contact the recipient by phone to ask the recipient to inform the postmaster about the error.
            5. It was even suggested that the problem could most likely only be solved by the postmaster.
            6. (A link was provided but that wasn't really helpful. Additionally the technical bounce message was visible among it the technical words "failed MTA-STS validation").
            Testcase B
            • MTA-STS: Correct and desired mx in mta-sts file.
            • DNS: Deliberately set to incorrect mx server, existing server though.

            After 24 hours I received an error back. Confusingly the message state that the address did not exists in the target domain. Though this is true, it shouldn't have gotten this far. However, when reviewing the technical part the outlook-sending server mentioned 'failed mta-sts errors validation'. So the technical part contained the correct mta-sts validation error, but the human/user readable part only mentioned that the target address did not exist in the target server.

            I guess if the address doesn't exists, any mta-sts errors are "less important" to report to the end-user. The user was advised to re-type and resend the e-mail and verify if the address with the recipient (phone was mentioned). However, even if the user followed the instructions, the next e-mail wouldn't have been delivered either, but that is beyond this testcase.

            Testcase A
            • MTA-STS: Correct mx in mta-sts file.
            • DNS: Fake MX corrects.

            After 24 hours I received an error back. The cause for not being able to deliver the message was being unable to resolve the domain location of the recipient. (Undesired result, but logical, mx were referring to nothing.)

            The technical part of the message mentioned 'DNS query failed'. Nothing of mta-sts was mentioned.

            Testcase Z (weird one)
            • MTA-STS: Correct mx in mta-sts file.
            • DNS: Incorrect but existing mx records; a cname referring to the same IP of the correct mx server (which shouldn't matter because mta-sts should compare cert with cname.)

            The results, unexpected:

            • One email got delivered somewhere between that 24 time-window.
            • One email failed due to mta-sts validation error.

            Temporary downtime of webserver might have been a factor, though that shouldn't have mattered. - Cannot explain.

            Conclusion

            I took a while to find the correct testcase as you can see. But Testcase C describes the desired behaviour. Yes, the sender is informed, after 24 hours with outlook.com as smtp-server. The user is informed in clear language. That being said, I do have an additional opinion about the timing here, mentioned below.

            Limitations

            Staying with the facts: I did not perform a testcase with a server trying unencrypted connections. Testcase C puts the ball into the the recipient's postmaster's court, I would be curious to see where the ball (the 'todo') would be placed, in the case of unencrypted attempts, as that cannot be solved by the recipient but must be solved by the sender or sender's postmaster.

            I also did not test multiple smtp servers.

            Further thoughts

            That being said, MTA-STS-validation needs to be supported by the sender SMTP (correct me in comments if I am wrong*), so if a server is so old it tries do deliver an e-mail over non-encrypted connection, it will most likely not support MTA-STS so it will not validate the MTA-STS policy and simply deliver the e-mail unprotected. * Found confirmation here, from paragraph "There is a standard...")

            If somebody tries to redirect some incoming e-mail by dns-poisoning, a modern smtp-server will not deliver the e-mail to an incorrect destination. So it protects against evil doing, not against legacy.

            Opinion

            I think the feedback delay of 24 hours is too long. Testcase C reports 11 retry attempts within that 24 hour window. Though I appreciate the system not giving up, I would argue that it might be in the interest of the sender to inform him of at least a non-regular delivery.

            Source https://stackoverflow.com/questions/67440531

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install mta-sts

            You can download it from GitHub.
            You can use mta-sts like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the mta-sts component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .

            Support

            Contributions of any kind (bug fixes, new features…​) are welcome! This is a development tool and as such it may not be perfect and may be lacking in some areas. Certain future functionalities are marked with TODO comments throughout the code. This however does not mean they will be given priority or ever be done. Any merge request made should align to existing coding style and naming convention. Before submitting a merge request please run a comprehensive code quality analysis (IntelliJ, SonarQube).
            Find more information at:

            Reuse Trending Solutions

            build-a-realtime-voice-to-image-generator-using-generative-ai
            build-a-realtime-voice-to-image-generator-using-generative-ai
            Build a Realtime Voice-to-Image Generator using Generative AI
            image-resizing-using-opencv-in-python
            image-resizing-using-opencv-in-python
            Image Resizing using OpenCV in Python
            build-your-own-gpt4all-content-generator
            build-your-own-gpt4all-content-generator
            Build your own Custom GPT Content Generator (Open-Source ChatGPT Alternative)
            validate-an-email-address-in-javascript
            validate-an-email-address-in-javascript
            How to Validate an Email Address in JavaScript
            age-calculator-using-javascript
            age-calculator-using-javascript
            Age Calculator using JavaScript
            addressing-bias-in-ai---toolkit-for-fairness,-explainability-and-privacy
            addressing-bias-in-ai---toolkit-for-fairness,-explainability-and-privacy
            Addressing Bias in AI - Toolkit for Fairness, Explainability and Privacy
            javascript-node-js-payment-processing
            javascript-node-js-payment-processing
            15 best JavaScript Node.js Payment libraries
            build-credit-risk-predictor-using-federated-learning
            build-credit-risk-predictor-using-federated-learning
            Build Credit Risk predictor using Federated Learning
            top-10-javascript-tours-and-guides-libraries-in-2023
            top-10-javascript-tours-and-guides-libraries-in-2023
            10 Best JavaScript Tours and Guides Libraries in 2023
            disease-predictor
            disease-predictor
            Disease Predictor using Pandas & Scikit
            python-face-recognition
            python-face-recognition
            28 best Python Face Recognition libraries

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/mimecast/mta-sts.git

          • CLI

            gh repo clone mimecast/mta-sts

          • sshUrl

            git@github.com:mimecast/mta-sts.git

            • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Telecommunications and MediaTelecom

            Reuse Java Kits

            25 best Java Encryption libraries
            Implementing Two-Factor Authentication (2FA)
            Basics of Java Programming
            8 best Java E-Commerce libraries
            5 best Java Automation libraries
            See all related Kits

            Consider Popular Java Libraries

            CS-Notes

            by CyC2018

            JavaGuide

            by Snailclimb

            java-design-patterns

            by iluwatar

            LeetCodeAnimation

            by MisterBooo

            spring-boot

            by spring-projects

            See all Java Libraries

            Try Top Libraries by mimecast

            dtail

            by mimecastGo

            ioriot

            by mimecastC

            robin

            by mimecastJava

            See all Learning Libraries

            Open Weaver – Develop Applications Faster with Open Source

            kandi

            Community and Support

            Company

            Follow

            • © 2023 Open Weaver Inc.