Skip to content

co-cddo/mta-sts.digital.cabinet-office.gov.uk

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

mta-sts-template

This templated repository automatically deploys a GitHub Pages site for hosting a mta-sts.txt file. You should be configuring a mta-sts.txt deployment for every domain you recieve emails with.

When using this template you need to set the new name to the mta-sts fully qualified domain name, like mta-sts.gc3.security.gov.uk, this is to ensure the auto-discovery and deployment of Pages works appropriately. You can alternatively set the MTASTS_DOMAIN environment variable in the workflow.

By default, this repo looks up your MX records and sets the mta-sts to testing mode using the configure workflow.

Steps

  1. Publish a TLS-RPT record, like _smtp._tls 300 TXT "v=TLSRPTv1;rua=mailto:tls-rua@mailcheck.service.ncsc.gov.uk"
  2. Use this template, making sure to set the new repository name to the full mta-sts domain, like mta-sts.gc3.security.gov.uk
  3. Observe the Actions to make sure configure.yml and gh-pages.yml deploy correctly
  4. Configure your DNS to point to GitHub
    • If deploying in co-cddo, use the CNAME co-cddo.github.io (mta-sts 60 CNAME co-cddo.github.io.)
  5. Check the Custom domain in Settings → Pages and ensure Enforce HTTPS is checked
  6. Check your deployment by visiting the domain, where you should get automatically redirected to /.well-known/mta-sts.txt (e.g. https://mta-sts.gc3.security.gov.uk)
  7. Set your _mta-sts TXT record, like _mta-sts 60 TXT "v=STSv1; id=20240215" (where the id value is set to the current date, you'll need to change this if mta-sts.txt is updated)

More information

You can find more about MTA-STS here:

Other example deployments