TLS-RPT通常搭配MTA-STS使用,关于MTA-STS可以参考文末推荐文章。
如何设置 TLS-RPT
准备报告接收端点
配置 DNS TXT 记录
以Gmail为例,针对_smtp._tls.gmail.com 设置一条TXT记录,记录值如下:
v=TLSRPTv1;rua=mailto:sts-reports@google.com
以Outlook邮箱为例,针对_smtp._tls.outlook.com 设置一条TXT记录,记录值如下:
v=TLSRPTv1;rua=https://tlsrpt.azurewebsites.net/report
通过上述两个示例,可以看出rua支持mailto:到一个特定邮箱,也支持指向一个https站点。
验证 TLS-RPT 配置是否生效
[root@localhost ~]# dig +short _smtp._tls.outlook.com TXT "v=TLSRPTv1;rua=https://tlsrpt.azurewebsites.net/report"
TLS_RPT报告示例
"organization-name":"Google Inc.",
"date-range":{
"start-datetime":"2025-08-20T00:00:00Z",
"end-datetime":"2025-08-20T23:59:59Z"
},
"contact-info":"smtp-tls-reporting@google.com",
"report-id":"2025-08-20T00:00:00Z_mailabc.cn",
"policies":[
{
"policy":{
"policy-type":"sts",
"policy-string":[
"version: STSv1",
"mode: testing",
"mx: mailabc.cn",
"max_age: 86400"
],
"policy-domain":"mailabc.cn"
},
"summary":{
"total-successful-session-count":0,
"total-failure-session-count":3
},
"failure-details":[
{
"result-type":"validation-failure",
"sending-mta-ip":"xxx.xxx.xxx.xxx",
"receiving-ip":"xxx.xxx.xxx.xxx",
"receiving-mx-hostname":"mx.mailabc.cn",
"failed-session-count":2
},
{
"result-type":"validation-failure",
"sending-mta-ip":"xxx.xxx.xxx.xxx",
"receiving-ip":"xxx.xxx.xxx.xxx",
"receiving-mx-hostname":"mx.mailabc.cn",
"failed-session-count":1
}
]
}
]
}
1. https://dmarcly.com/blog/zh-CN/how-to-set-up-mta-sts-and-tls-reporting
2. RFC 8460: https://www.rfc-editor.org/rfc/rfc8460
未标注来源的文章均为原创作品,版权所有,转载请注明出处。非原创文章均已标注来源,如有侵权请告知。
如您喜欢本站,可以收藏加关注(扫码关注右上角微信公众号mailabc)。如您有好的建议,可以反馈至feedback@mailabc.cn邮箱。
