From 0c39326acb011d38943b64a5f24d11bebbabfaa7 Mon Sep 17 00:00:00 2001 From: Jeff Volkenant Date: Sat, 24 Apr 2021 12:40:19 -0700 Subject: [PATCH] Fix to allow for non forced "enforce" MTA_STS_MODE --- setup/start.sh | 2 +- setup/web.sh | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/setup/start.sh b/setup/start.sh index cedc426d..d99d39a6 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -94,7 +94,7 @@ PUBLIC_IP=$PUBLIC_IP PUBLIC_IPV6=$PUBLIC_IPV6 PRIVATE_IP=$PRIVATE_IP PRIVATE_IPV6=$PRIVATE_IPV6 -MTA_STS_MODE=${MTA_STS_MODE-} +MTA_STS_MODE=${DEFAULT_MTA_STS_MODE:-enforce} EOF # Start service configuration. diff --git a/setup/web.sh b/setup/web.sh index 42c301ec..4433ff0d 100755 --- a/setup/web.sh +++ b/setup/web.sh @@ -126,13 +126,13 @@ chmod a+r /var/lib/mailinabox/mozilla-autoconfig.xml # nginx configuration at /.well-known/mta-sts.txt # more documentation is available on: # https://www.uriports.com/blog/mta-sts-explained/ -# default mode is "enforce". Change to "testing" which means -# "Messages will be delivered as though there was no failure -# but a report will be sent if TLS-RPT is configured" if you -# are not sure you want this yet. Or "none". +# default mode is "enforce". In /etc/mailinabox.conf change +# "MTA_STS_MODE=testing" which means "Messages will be delivered +# as though there was no failure but a report will be sent if +# TLS-RPT is configured" if you are not sure you want this yet. Or "none". PUNY_PRIMARY_HOSTNAME=$(echo "$PRIMARY_HOSTNAME" | idn2) cat conf/mta-sts.txt \ - | sed "s/MODE/${MTA_STS_MODE:-enforce}/" \ + | sed "s/MODE/${MTA_STS_MODE}/" \ | sed "s/PRIMARY_HOSTNAME/$PUNY_PRIMARY_HOSTNAME/" \ > /var/lib/mailinabox/mta-sts.txt chmod a+r /var/lib/mailinabox/mta-sts.txt