In 2020 when RedHat took over CentOS, many predicted it was with the intent of destroying it, being derived from RHEL it was a direct competitor, some say those people have been vindicated, as that's exactly what RedHat did, and its short life-span replacement, CentOS Stream, is just another Fedora, this left FreePBX devs in a bind.
Asterisk and FreePBX allow for a myriad of customisations, some of these however need hand editing asterisk files as well as some FreePBX configuring (due to how FreePBX uses its database and overwrites some asterisk files), so some things you just can't entirely do from within FreePBX, or in asterisk (when using FreePBX that is), like set up Lenny, or provide a Weather service.
Let me start by saying Synology NAS's may have a place if you are a complete Windows only network. Disk Station makes it easy to configure shares, and when homes is enabled it's easy to backup file history and Windows system images, even storing multimedia, and if the Synology DS is the only media server/streamer on your LAN, you can even use Synology Media Server at a pinch - but it's not suitable for much else.
MTA-STS and TLS-RPT are security-type mechanisms that go hand-in-hand which we use to make declarations to other Mail Servers (via DNS) that we only want to accept encrypted connections for MTA transactions.
It tells others that they shouldn't try deliver mail to us if a secure TLS connection can't be established to our Mail Servers. For this to be effective, you must first configure DNSSEC.
Moving on to the third article in our securing Email to stop spoofing series we configure DMARC, or Domain-based Message Authentication, Reporting, and Conformance.
DMARC, in simple terms is an alignment test using DKIM and SPF, so it's important that you first configure both SPF and DKIM.
Continuing with the second article in our securing Email to stop spoofing series we take a look at DKIM, or Domain Keys Identified Mail, which is an Email authentication method to detect forgeries, it allows the receiving Mail Server to check if an Email that claims to have come from a specific domain, actually did.
it does this is by the senders Mail Server adding a digital signature to each outbound message, then the receivers Mail Server looking up that domains public key in DNS to verify the signature.