external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2026-03-04 15:54:48 +01:00
Code Issues Releases Wiki Activity

MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce

Browse Source
This commit is contained in:
Joshua Tauberer
2020-05-17 12:10:38 -04:00
parent afc9f9686a
commit 10bedad3a3
8 changed files with 90 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
setup/management.sh
View File

@@ -50,7 +50,7 @@ hide_output $venv/bin/pip install --upgrade pip
hide_output $venv/bin/pip install --upgrade \
rtyaml "email_validator>=1.0.0" "exclusiveprocess" \
flask dnspython python-dateutil \
"idna>=2.0.0" "cryptography==2.2.2" boto psutil
"idna>=2.0.0" "cryptography==2.2.2" boto psutil postfix-mta-sts-resolver
# CONFIGURATION

12
setup/start.sh
View File

@@ -82,14 +82,10 @@ if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then
chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version
fi
# Default policy (initial) for MTA_STS = testing in the current state of inclusion.
# it can be changed to "none", "testing" or "enforce". With this extention, this is preserved by
# future upgrades
MTA_STS="${DEFAULT_MTA_STS:-testing}"
# Save the global options in /etc/mailinabox.conf so that standalone
# tools know where to look for data.
# tools know where to look for data. The default MTA_STS_MODE setting
# is blank unless set by an environment variable, but see web.sh for
# how that is interpreted.
cat > /etc/mailinabox.conf << EOF;
STORAGE_USER=$STORAGE_USER
STORAGE_ROOT=$STORAGE_ROOT
@@ -98,7 +94,7 @@ PUBLIC_IP=$PUBLIC_IP
PUBLIC_IPV6=$PUBLIC_IPV6
PRIVATE_IP=$PRIVATE_IP
PRIVATE_IPV6=$PRIVATE_IPV6
MTA_STS=$MTA_STS
MTA_STS_MODE=${MTA_STS_MODE-}
EOF
# Start service configuration.

9
setup/web.sh
View File

@@ -126,12 +126,13 @@ chmod a+r /var/lib/mailinabox/mozilla-autoconfig.xml
# nginx configuration at /.well-known/mta-sts.txt
# more documentation is available on:
# https://www.uriports.com/blog/mta-sts-explained/
# default mode is "testing", which means: "Messages will be delivered as
# though there was no failure but a report will be sent if TLS-RPT is configured"
# other valid modes are: "enforce" and "none".
# default mode is "enforce". Change to "testing" which means
# "Messages will be delivered as though there was no failure
# but a report will be sent if TLS-RPT is configured" if you
# are not sure you want this yet. Or "none".
PUNY_PRIMARY_HOSTNAME=$(echo "$PRIMARY_HOSTNAME" | idn2)
cat conf/mta-sts.txt \
| sed "s/MODE/$MTA_STS/" \
| sed "s/MODE/${MTA_STS_MODE:-enforce}/" \
| sed "s/PRIMARY_HOSTNAME/$PUNY_PRIMARY_HOSTNAME/" \
> /var/lib/mailinabox/mta-sts.txt
chmod a+r /var/lib/mailinabox/mta-sts.txt