Better add "mta-sts" to the list of sub-domains you don't allow your users to register: https://tools.ietf.org/html/rfc8461#section-3.2 …
-
-
Also, just because "mta-sts" has been provisioned by the operator doesn't necessarily mean a user can't usurp it. You could end up with two Apache virtual hosts - one provisioned manually by the operator for MTA-STS, the other created automatically by the user onboarding code.
-
Which one gets used depends on the order in the config. I'm also reminded of .io being taken over because they let someone register the domains ns-a[1-4].io - the same names as their NS servers. So I stand by my advice - just blacklist "mta-sts".
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.