'\" t
.\"     Title: mta-sts-daemon.yml
.\"    Author: [see the "AUTHOR(S)" section]
.\" Generator: Asciidoctor 1.5.8
.\"      Date: 2020-12-05
.\"    Manual: mta-sts-daemon.yml
.\"    Source: postfix-mta-sts-resolver
.\"  Language: English
.\"
.TH "MTA\-STS\-DAEMON.YML" "5" "2020-12-05" "postfix\-mta\-sts\-resolver" "mta\-sts\-daemon.yml"
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.ss \n[.ss] 0
.nh
.ad l
.de URL
\fI\\$2\fP <\\$1>\\$3
..
.als MTO URL
.if \n[.g] \{\
.  mso www.tmac
.  am URL
.    ad l
.  .
.  am MTO
.    ad l
.  .
.  LINKSTYLE blue R < >
.\}
.SH "NAME"
mta\-sts\-daemon.yml \- configuration file for mta\-sts\-daemon
.SH "DESCRIPTION"
.sp
This configuration file configures the listening socket, caching behaviour,
and manipulation of MTA\-STS mode.
.SH "SYNTAX"
.sp
The file is in YAML syntax with the following elements:
.sp
\fBhost\fP: (\fIstr\fP) daemon bind address
.sp
\fBport\fP: (\fIint\fP) daemon bind port
.sp
\fBpath\fP: (\fIstr\fP) daemon UNIX socket bind address (path). If specified, \fBhost\fP and \fBport\fP are ignored and UNIX socket is bound instead of TCP.
.sp
\fBmode\fP: (\fIint\fP) file mode for daemon UNIX socket. If not specified default filemode is used. This option has effect only when UNIX socket is used. If file mode specified in octal form (most common case), it has to be prepended with leading zero. Example: 0666
.sp
\fBreuse_port\fP: (\fIbool\fP) allow multiple instances to share same port (available on Unix, Windows)
.sp
\fBcache_grace\fP: (\fIfloat\fP) age of cache entries in seconds which do not require policy refresh and update. Default: 60
.sp
\fBshutdown_timeout\fP: (\fIfloat\fP) time limit granted to existing client sessions for finishing when server stops. Default: 20
.sp
\fBcache\fP
.RS 4
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fBtype\fP: (\fIstr\fP: \fIinternal\fP|\fIsqlite\fP|\fIredis\fP) cache backend type
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fBoptions\fP:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
Options for \fIinternal\fP type:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fBcache_size\fP: (\fIint\fP) number of cache entries to store in memory
.RE
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
Options for \fIsqlite\fP type:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fBfilename\fP: (\fIstr\fP) path to database file
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fBthreads\fP: (\fIint\fP) number of threads in pool for SQLite connections
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fBtimeout\fP: (\fIfloat\fP) timeout in seconds for acquiring connection from pool or DB lock
.RE
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
Options for \fIredis\fP type:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
All parameters are passed to \f(CRaioredis.create_redis_pool\fP [0]. Check there for a parameter reference.
.RE
.RE
.RE
.RE
.sp
\fBproactive_policy_fetching\fP
.RS 4
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fBenabled\fP: (\fIbool\fP) enable proactive policy fetching in the background. Default: false
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fBinterval\fP: (\fIint\fP) if proactive policy fetching is enabled, it is scheduled every this many seconds.
It is unaffected by \f(CRcache_grace\fP and vice versa. Default: 86400
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fBconcurrency_limit\fP: (\fIint\fP) the maximum number of concurrent domain updates. Default: 100
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fBgrace_ratio\fP: (\fIfloat\fP) proactive fetch for a particular domain is skipped if its cached policy age is less than \f(CRinterval/grace_ratio\fP. Default: 2.0
.RE
.RE
.sp
\fBdefault_zone\fP
.RS 4
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fBstrict_testing\fP: (\fIbool\fP) enforce policy for testing domains
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fBtimeout\fP: (\fIint\fP) network operations timeout for resolver in that zone
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fBrequire_sni\fP: (\fIbool\fP) add option \f(CRservername=hostname\fP to policy responses to make Postfix send SNI in TLS handshake as required by RFC 8461. Requires Postfix version 3.4+. Default: true
.RE
.RE
.sp
\fBzones\fP
.RS 4
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fBZONENAME\fP:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
Same as options in \fIdefault_zone\fP
.RE
.RE
.RE
.sp
The timeout is used for the DNS and HTTP requests.
.sp
MTA\-STS "testing" mode can be interpreted as "strict" mode.  This may be
useful (though noncompliant) in the beginning of MTA\-STS deployment, when many
domains operate under "testing" mode.
.SH "EXAMPLE"
.sp
.if n .RS 4
.nf
host: 127.0.0.1
port: 8461
reuse_port: true
shutdown_timeout: 20
proactive_policy_fetching:
  enabled: true
  interval: 86400
  concurrency_limit: 100
  grace_ratio: 2
cache:
  type: internal
  options:
    cache_size: 10000
default_zone:
  strict_testing: false
  timeout: 4
zones:
  myzone:
    strict_testing: false
    timeout: 4
.fi
.if n .RE
.SH "SEE ALSO"
.sp
\fBmta\-sts\-daemon\fP(1), \fBmta\-sts\-query\fP(1)
.SH "NOTES"
.sp
0.
.RS 4
.URL "https://aioredis.readthedocs.io/en/latest/api_reference.html#aioredis.create_redis_pool" "" ""
.RE