🔒 Strengthen Your Email Security with postfix-tlspol! 🔒

Introducing Our Lightweight MTA-STS + DANE/TLSA Resolver: A cutting-edge solution designed for Postfix that complies with industry standards and prioritizes DANE where possible.

At Zuplu, we believe that secure communication should be a standard, not a luxury. That's why we're excited to announce that we are open-sourcing our TLS policy evaluating server!

By sharing our technology with the community, we aim to empower organizations of all sizes and private postmasters to enhance their email security and protect their communications. Together, we can create a safer digital landscape for everyone.

Join us in this mission! Explore our open-source solution and integrate it into your Postfix setup. 🚀🔒

Installation Made Easy with Docker

Our solution is packaged in a lightweight Docker image (approximately 10 MB compressed) that includes its own Valkey (Redis) database and a properly configured DNS resolver, Unbound. This simplifies your setup process significantly!

How To Install

Simply run the following command:

docker volume create postfix-tlspol-data
docker run -d \
    -v postfix-tlspol-data:/data \
    -p 127.0.0.1:8642:8642 \
    --restart unless-stopped \
    --name postfix-tlspol \
    zuplu/postfix-tlspol:latest

Postfix Configuration

In /etc/postfix/main.cf:

smtp_dns_support_level = dnssec
smtp_tls_security_level = dane
smtp_tls_dane_insecure_mx_policy = dane
smtp_tls_policy_maps = socketmap:inet:127.0.0.1:8642:QUERY

After changing the Postfix configuration, do:

postfix reload

That‘s all!

Visit our GitHub repository for more information about how it works: https://github.com/Zuplu/postfix-tlspol⁠