diff --git a/assets/podman/caddy/Caddyfile b/assets/podman/caddy/Caddyfile
index 5e5135d..05fcde9 100644
--- a/assets/podman/caddy/Caddyfile
+++ b/assets/podman/caddy/Caddyfile
@@ -39,6 +39,7 @@ maps.guirao.net {
 }
 
 mail.guirao.net,
+mta-sts.guirao.net,
 autoconfig.guirao.net,
 autodiscover.guirao.net {
 	reverse_proxy host.containers.internal:8080 {
diff --git a/constructs/dns.ts b/constructs/dns.ts
index 38542d0..34e9ed0 100644
--- a/constructs/dns.ts
+++ b/constructs/dns.ts
@@ -106,7 +106,7 @@ export class DNS extends Construct {
     });
 
     new Route53Record(this, "dkim-ecc-record", {
-      name: "202509e._domainkey." + this.zone.name,
+      name: "202512e._domainkey." + this.zone.name,
       zoneId: this.zone.zoneId,
       type: "TXT",
       ttl: 300,
@@ -116,7 +116,7 @@ export class DNS extends Construct {
     });
 
     new Route53Record(this, "dkim-rsa-record", {
-      name: "202509r._domainkey." + this.zone.name,
+      name: "202512e._domainkey." + this.zone.name,
       zoneId: this.zone.zoneId,
       type: "TXT",
       ttl: 300,
@@ -194,7 +194,7 @@ export class DNS extends Construct {
       zoneId: this.zone.zoneId,
       type: "TXT",
       ttl: 300,
-      records: ["v=STSv1; id=8777202045385525987"],
+      records: ["v=STSv1; id=20251219"],
     });
 
     new Route53Record(this, "txt-dmarc-record", {
diff --git a/constructs/s3.ts b/constructs/s3.ts
index 742032b..8f71206 100644
--- a/constructs/s3.ts
+++ b/constructs/s3.ts
@@ -30,25 +30,33 @@ export class S3 extends Construct {
         },
       });
 
-      let lifecycleRules: S3BucketLifecycleConfigurationRule[] = [
-        {
-          id: "Trashcan",
-          status: "Enabled",
-          abortIncompleteMultipartUpload: [{ daysAfterInitiation: 7 }],
-          noncurrentVersionExpiration: [{ noncurrentDays: 90 }],
-          filter: [{ prefix: "" }],
-        },
-      ];
-
+      let lifecycleRules: S3BucketLifecycleConfigurationRule[] = [];
       if (name == "backups") {
         lifecycleRules = lifecycleRules.concat([
           {
             id: "Backups",
             status: "Enabled",
-            expiration: [{ days: 14 }],
+            expiration: [{ days: 30 }],
+            filter: [{ prefix: "stalwart/" }],
+          },
+          {
+            id: "Trashcan",
+            status: "Enabled",
+            abortIncompleteMultipartUpload: [{ daysAfterInitiation: 1 }],
+            noncurrentVersionExpiration: [{ noncurrentDays: 10 }],
             filter: [{ prefix: "stalwart/" }],
           },
         ]);
+      } else {
+        lifecycleRules = lifecycleRules.concat([
+          {
+            id: "Trashcan",
+            status: "Enabled",
+            abortIncompleteMultipartUpload: [{ daysAfterInitiation: 7 }],
+            noncurrentVersionExpiration: [{ noncurrentDays: 90 }],
+            filter: [{ prefix: "" }],
+          },
+        ]);
       }
 
       new S3BucketLifecycleConfiguration(this, `${name}-lifecycle`, {
diff --git a/package.json b/package.json
index 794375e..825c901 100644
--- a/package.json
+++ b/package.json
@@ -28,7 +28,7 @@
   },
   "devDependencies": {
     "@types/jest": "^30",
-    "@types/node": "^24",
+    "@types/node": "^25",
     "jest": "^30",
     "ts-jest": "^29",
     "ts-node": "^10",