Drop the MTA-STS TLSRPT record unless set explicitly
This commit is contained in:
parent
853008ddcc
commit
51aedcf6c3
2 changed files with 3 additions and 8 deletions
|
@ -7,7 +7,6 @@ In Development
|
|||
Mail:
|
||||
|
||||
* An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced.
|
||||
* MTA-STS reporting is enabled with reports sent to administrator@ the primary hostname.
|
||||
* The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT.
|
||||
|
||||
DNS:
|
||||
|
|
|
@ -351,14 +351,10 @@ def build_zone(domain, all_domains, additional_records, www_redirect_domains, en
|
|||
("_mta-sts", "TXT", "v=STSv1; id=" + mta_sts_policy_id, "Optional. Part of the MTA-STS policy for incoming mail. If set, a MTA-STS policy must also be published.")
|
||||
])
|
||||
|
||||
# Rules can be custom configured accoring to https://tools.ietf.org/html/rfc8460.
|
||||
# Enable SMTP TLS reporting (https://tools.ietf.org/html/rfc8460) if the user has set a config option.
|
||||
# Skip if the rules below if the user has set a custom _smtp._tls record.
|
||||
if not has_rec("_smtp._tls", "TXT", prefix="v=TLSRPTv1;"):
|
||||
tls_rpt_string = ""
|
||||
tls_rpt_email = env.get("MTA_STS_TLSRPT_EMAIL", "postmaster@%s" % env['PRIMARY_HOSTNAME'])
|
||||
if tls_rpt_email: # if a reporting address is not cleared
|
||||
tls_rpt_string = " rua=mailto:%s" % tls_rpt_email
|
||||
mta_sts_records.append(("_smtp._tls", "TXT", "v=TLSRPTv1;%s" % tls_rpt_string, "Optional. Enables MTA-STS reporting."))
|
||||
if env.get("MTA_STS_TLSRPT_RUA") and not has_rec("_smtp._tls", "TXT", prefix="v=TLSRPTv1;"):
|
||||
mta_sts_records.append(("_smtp._tls", "TXT", "v=TLSRPTv1; rua=" + env["MTA_STS_TLSRPT_RUA"], "Optional. Enables MTA-STS reporting."))
|
||||
for qname, rtype, value, explanation in mta_sts_records:
|
||||
if value is None or value.strip() == "": continue # skip IPV6 if not set
|
||||
if not has_rec(qname, rtype):
|
||||
|
|
Loading…
Reference in a new issue