mta-sts | Online tool for MTA-STS checking | Email library

by aykevl Python Version: Current License: BSD-2-Clause

X-Ray Key Features Code Snippets Community Discussions(1)Vulnerabilities Install Support

kandi X-RAY | mta-sts Summary

mta-sts is a Python library typically used in Messaging, Email applications. mta-sts has no bugs, it has no vulnerabilities, it has a Permissive License and it has low support. However mta-sts build file is not available. You can download it from GitHub.

Online tool for MTA-STS checking:

Support

Quality

Security

License

Reuse

Support

mta-sts has a low active ecosystem.

It has 30 star(s) with 7 fork(s). There are 3 watchers for this library.

It had no major release in the last 6 months.

There are 5 open issues and 4 have been closed. On average issues are closed in 8 days. There are 2 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of mta-sts is current.

Quality

mta-sts has 0 bugs and 0 code smells.

Security

mta-sts has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

mta-sts code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

mta-sts is licensed under the BSD-2-Clause License. This license is Permissive.

Permissive licenses have the least restrictions, and you can use them in most projects.

Reuse

mta-sts releases are not available. You will need to build from source code and install.

mta-sts has no build file. You will be need to create the build yourself to build the component from source.

Installation instructions are not available. Examples and code snippets are available.

It has 1067 lines of code, 35 functions and 12 files.

It has high code complexity. Code complexity directly impacts maintainability of the code.

Top functions reviewed by kandi - BETA

kandi has reviewed mta-sts and discovered the below as its top functions. This is intended to give you an instant insight into mta-sts implemented functionality, and help decide if they suit your requirements.

Check if domain is valid
Check the policy file
Make an event source
Add a warning
Render a report
Set the error message
Stacks the error and returns it
Render a sub report
Check that fields are valid
Query DNS for DNS records
Check the DNS record
Retrieve DNS records for a domain
Check the domain name of the domain
Generate a report
Check the mailserver
Returns whether this policy matches the policy
Return whether the given policy name matches the given policy name

Get all kandi verified functions for this library.

mta-sts Key Features

No Key Features are available at this moment for mta-sts.

mta-sts Examples and Code Snippets

No Code Snippets are available at this moment for mta-sts.

Community Discussions

Trending Discussions on mta-sts

When an e-mail message fails MTA-STS checks, it must not be delivered; will the sender be informed about the delivery failure? When?

QUESTION

When an e-mail message fails MTA-STS checks, it must not be delivered; will the sender be informed about the delivery failure? When?

Asked 2021-May-12 at 09:47

Short:

When an e-mail message about to be send fails MTA-STS checks, it must not be delivered by design; will the sender be informed about the delivery failure? When?

Long & Background info:

When implementing mta-sts on custom domains to enforce the use of TLS connections, misconfigurations of the mta-sts.txt policy file (or a smtp-server not supporting TLS connections) will result in e-mail not being delivered as an enforced policy will require TLS connections to deliver the e-mail.

Via TLS-reporting the domain holder - not the sender - could be informed about any problems, provided TLS reporting is set-up to a different domain or tool that notifies on a different address than the domain in question.

My question is about any senders of e-mail messages. In a testcase with policy file mentioning incorrect mx records, no e-mails are delivered (as expected), but the test sender did not receive any messages about delivery problems (yet).

Is this expected behaviour? Or will the sender be informed after a number hours? If so, how many hours? - I ask because a delivery failure and NDR (non-delivery-reports) are usually returned instantly.

If a user misspelled an e-mail address or the receving server is down, the sender is informed about the trouble and can take action. Sometimes even the "delivery is delayed" is announced; not failed yet, but not delivered either.

I get the impression that the sender is not informed that a message is not delivered and is "silently blackholed / discarded". To be clear: that the message is not delivered is expected behaviour in this test case.

Spec: https://tools.ietf.org/html/rfc8461

...

ANSWER

Answered 2021-May-12 at 09:47

After running some testcases, I have experienced the following:

(This was done by a Outlook.com smtp server.)

Testcase C

MTA-STS: Deliberately incorrect, but existing third-party mx server in mta-sts file.
DNS: Correct mx server.

The sender was informed about the delivery failure after 24 hours.

It was explained in my local language what was going on; here information highlights:

That the message could was not delivered.
That it was tried multiple times to deliver.
But that the cause was being unable to connect to the remote server.
Advise was given to contact the recipient by phone to ask the recipient to inform the postmaster about the error.
It was even suggested that the problem could most likely only be solved by the postmaster.
(A link was provided but that wasn't really helpful. Additionally the technical bounce message was visible among it the technical words "failed MTA-STS validation").

Testcase B

MTA-STS: Correct and desired mx in mta-sts file.
DNS: Deliberately set to incorrect mx server, existing server though.

After 24 hours I received an error back. Confusingly the message state that the address did not exists in the target domain. Though this is true, it shouldn't have gotten this far. However, when reviewing the technical part the outlook-sending server mentioned 'failed mta-sts errors validation'. So the technical part contained the correct mta-sts validation error, but the human/user readable part only mentioned that the target address did not exist in the target server.

I guess if the address doesn't exists, any mta-sts errors are "less important" to report to the end-user. The user was advised to re-type and resend the e-mail and verify if the address with the recipient (phone was mentioned). However, even if the user followed the instructions, the next e-mail wouldn't have been delivered either, but that is beyond this testcase.

Testcase A

MTA-STS: Correct mx in mta-sts file.
DNS: Fake MX corrects.

After 24 hours I received an error back. The cause for not being able to deliver the message was being unable to resolve the domain location of the recipient. (Undesired result, but logical, mx were referring to nothing.)

The technical part of the message mentioned 'DNS query failed'. Nothing of mta-sts was mentioned.

Testcase Z (weird one)

MTA-STS: Correct mx in mta-sts file.
DNS: Incorrect but existing mx records; a cname referring to the same IP of the correct mx server (which shouldn't matter because mta-sts should compare cert with cname.)

The results, unexpected:

One email got delivered somewhere between that 24 time-window.
One email failed due to mta-sts validation error.

Temporary downtime of webserver might have been a factor, though that shouldn't have mattered. - Cannot explain.

Conclusion

I took a while to find the correct testcase as you can see. But Testcase C describes the desired behaviour. Yes, the sender is informed, after 24 hours with outlook.com as smtp-server. The user is informed in clear language. That being said, I do have an additional opinion about the timing here, mentioned below.

Limitations

Staying with the facts: I did not perform a testcase with a server trying unencrypted connections. Testcase C puts the ball into the the recipient's postmaster's court, I would be curious to see where the ball (the 'todo') would be placed, in the case of unencrypted attempts, as that cannot be solved by the recipient but must be solved by the sender or sender's postmaster.

I also did not test multiple smtp servers.

Further thoughts

That being said, MTA-STS-validation needs to be supported by the sender SMTP (correct me in comments if I am wrong*), so if a server is so old it tries do deliver an e-mail over non-encrypted connection, it will most likely not support MTA-STS so it will not validate the MTA-STS policy and simply deliver the e-mail unprotected. * Found confirmation here, from paragraph "There is a standard...")

If somebody tries to redirect some incoming e-mail by dns-poisoning, a modern smtp-server will not deliver the e-mail to an incorrect destination. So it protects against evil doing, not against legacy.

Opinion

I think the feedback delay of 24 hours is too long. Testcase C reports 11 retry attempts within that 24 hour window. Though I appreciate the system not giving up, I would argue that it might be in the interest of the sender to inform him of at least a non-regular delivery.

Source https://stackoverflow.com/questions/67440531

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install mta-sts

You can download it from GitHub.
You can use mta-sts like any standard Python library. You will need to make sure that you have a development environment consisting of a Python distribution including header files, a compiler, pip, and git installed. Make sure that your pip, setuptools, and wheel are up to date. When using pip it is generally recommended to install packages in a virtual environment to avoid changes to the system.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: