Blog author here. There's two parts to get it working on Postfix:
To enable MTA-STS for inbound email: Add DNS entries for the MTA-STS record and mta-sts.<domain>. Run a web server that serves the mta-sts.txt file (or use static hosting, like GitHub pages/Netlify/AWS S3/etc). Set up HTTPS on the web server. The repo in the post shows an NGINX approach with Let's Encrypt.
To enable MTA-STS for outbound email: you'll need to configure https://github.com/Snawoot/postfix-mta-sts-resolver. Be sure to read through the DANE related challenges in the README as there are some tradeoffs.
To enable MTA-STS for inbound email: Add DNS entries for the MTA-STS record and mta-sts.<domain>. Run a web server that serves the mta-sts.txt file (or use static hosting, like GitHub pages/Netlify/AWS S3/etc). Set up HTTPS on the web server. The repo in the post shows an NGINX approach with Let's Encrypt.
To enable MTA-STS for outbound email: you'll need to configure https://github.com/Snawoot/postfix-mta-sts-resolver. Be sure to read through the DANE related challenges in the README as there are some tradeoffs.