-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EOP-164: add support pages for MTA-STS in Momentum #760
base: main
Are you sure you want to change the base?
Conversation
✅ Deploy Preview for support-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
@@ -0,0 +1,27 @@ | |||
--- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On this page, clicking the mta-sts
link in the breadcrumb gives me a 404. Can we fix it? Please review breadcrumbs in all new pages.
content/momentum/4/mta-sts.md
Outdated
|
||
### Example 1: Recipient domain enforces MTA-STS and MX is allowed as per the MTA-STS policy | ||
|
||
> **MTA-STS policy retrieved from https://mta-sts.domain.com/.well-known/mta-sts.txt** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(nit) These (bogus) links show up as links in the doc. Is there a way to defeat that (e.g. by marking as code?), or do we care?
- [mta_sts_dns_cname_max_depth](/momentum/4/config/mta-sts/mta-sts-dns-cname-max-depth) | ||
- [mta_sts_policy_store](/momentum/4/config/mta-sts/mta-sts-policy-store) | ||
|
||
## Related [Debug_Flags](/momentum/4/config/ref-debug-flags) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this page, the default list for ERROR and CRITICAL list most but not all of the types, plus ALL. IMO, it should just say ALL.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I consider it serves not only "default" settings, but an example of listing the logging of interest. A partial list + ALL won't change the final value of the "default".
The page lists some there and followed by
Use ALL instead of listing each service debug flag.
I don't have a strong opinion to change it.
content/momentum/4/mta-sts.md
Outdated
checks and encryption for delivering email. RFC 8461 describes the use of MTA-STS for improving | ||
SMTP security between MTAs. | ||
|
||
If the per-domain config option [use_mta_sts](/momentum/4/config/mta-sts/use-mta-sts) is set to `true`, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to ignore the global-level option. Maybe "global or per-domain"?
|
||
When this option is `true`, the MTA-STS policy mode will be considered along with the configuration | ||
values for [TLS](/momentum/4/config/ref-tls) and [TLS_Verify](/momentum/4/config/tls-verify). | ||
The more strict policy will apply. E.g. When the MTA-STS policy mode is `enforce`, regardless the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"regardless of the"
When the MTA-STS policy mode is `none`, the policy will be ignored and the configuration values for | ||
`TLS` and `TLS_Verify` will be respected. | ||
|
||
The default value is `true` when the domain level `use_mta_sts` is `true`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how about "when use_mta_sts
is true
for a domain"?
<a name="config.use-mta-sts"></a> | ||
## Name | ||
|
||
use_mta_sts — specify whether Momentum should do MTA-STS policy fetching for a domain or not |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO, the "or not" is implied and not needed
@@ -44,6 +44,8 @@ description: "This section documents all the non module specific console command | |||
| [message fail quiet](/momentum/4/console-commands/message-fail-quiet) | fail a message and do not create a non-delivery receipt (NDR) | | |||
| [message retry](/momentum/4/console-commands/message-retry) | perform an immediate delivery attempt on a message | | |||
| [module](/momentum/4/console-commands/4-module) | manage loaded modules online | | |||
| [mta_sts](/momentum/4/console-commands/mta_sts) | commands to display and manage MTA-STS policy for a domain | | |||
| [\pager](/momentum/4/console-commands/pager) | Page output of long console commands in the console. | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this duplicated?
@@ -0,0 +1,100 @@ | |||
--- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Kris had raised an issue on slack about the new feature not being searchable. Let's see if the issue gets resolved just by the virtue of merging the PR into main
. If not, we'll have to revisit and seek help if needed.
|
||
## Scope | ||
|
||
`mta_sts_dns_cname_max_depth` is valid in the global scope. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wrong name
`mta-sts show domain {domain name}` | ||
|
||
`mta-sts refresh policy {domain name}` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo, should be "mta_sts"
What Changed
How To Test or Verify
PR Checklist
Below are some checklists to follow for the correct procedure in different circumstance. The first list ("All PRs Checklist") should be followed for ALL PRs. The next 2 are additive to this list depending on what type of PR you are using.
For example: If you are submitting a content change to one of the support documents, your checklist would include the:
If you are submitting a feature addition, enhancement, or bug fix, your checklist would include the:
All PRs Checklist
team-FE
orteam-SAZ
)Content Changes Checklist
examples/article.md
in the root of the project directory and on the momentum doc's preface articleDevelopment Changes Checklist (some checks are automatic github actions and will not be listed here. ie. "all tests pass")
cypress/
directory in the root of the project