use smaller headers

Ostorlab · Oct 28, 2024 · f06aad9 · f06aad9
1 parent 71f7ab7
commit f06aad9
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/WEB_SERVICE/DNS/_MEDIUM/MTA_STS_MISCONFIGURATION/description.md b/WEB_SERVICE/DNS/_MEDIUM/MTA_STS_MISCONFIGURATION/description.md
@@ -1,6 +1,6 @@
 MTA-STS is a security protocol that enables mail servers to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections. Misconfigurations in MTA-STS can compromise email security, lead to delivery failures, and expose organizations to downgrade attacks. The following areas are key concerns in MTA-STS configuration:
 
-## 1. Policy File Format
+#### 1. Policy File Format
 MTA-STS policies must be served over HTTPS and located at `.well-known/mta-sts.txt`. Common misconfigurations include:
 * Incorrect MIME type (must be `text/plain`)
 * Invalid syntax in policy file
@@ -20,7 +20,7 @@ mx: mail.example.com
 mx: backup-mail.example.com
 ```
 
-## 2. DNS Record Configuration
+#### 2. DNS Record Configuration
 The `_mta-sts` TXT record must be properly formatted. Misconfigurations include:
 * Invalid record format
 * Missing or incorrect version field
@@ -33,15 +33,15 @@ _mta-sts.example.com. IN TXT "v=invalid; id=12345678"
 _mta-sts.example.com. IN TXT "v=STSv1; id=20230101T123456"
 ```
 
-## 3. Mode Selection
+#### 3. Mode Selection
 Incorrect mode selection can either expose the organization to risks or cause unnecessary email delivery failures:
 * `testing`: No enforcement, only reporting
 * `enforce`: Strict enforcement of policy
 * `none`: Policy disabled
 
 Jumping directly to `enforce` mode without testing can lead to email delivery outages.
 
-## 4. Max Age Setting
+#### 4. Max Age Setting
 Inappropriate `max_age` values can impact security and operational efficiency:
 * Too low (e.g., 300 seconds): Excessive DNS lookups and policy fetching
 * Too high (e.g., 31536000 seconds): Difficulty in policy updates during incidents
@@ -51,7 +51,7 @@ Inappropriate `max_age` values can impact security and operational efficiency:
 max_age: 86400
 ```
 
-## 5. MX Pattern Matching
+#### 5. MX Pattern Matching
 Incorrect MX patterns in the policy file can cause legitimate emails to be rejected:
 
 ```bash
@@ -67,7 +67,7 @@ mx: mail2.example.com
 mx: backup.example.com
 ```
 
-## 6. HTTPS Configuration
+#### 6. HTTPS Configuration
 The MTA-STS policy must be served over a valid HTTPS connection. Common issues include:
 * Expired SSL certificates
 * Invalid certificate chain