Fix to allow for non forced "enforce" MTA_STS_MODE (#1970)

2021-05-08 05:18:49 -07:00 · 2021-05-08 05:18:49 -07:00 · 16e81e1439
parent b7b67e31b7
commit 16e81e1439
2 changed files with 6 additions and 6 deletions
--- a/setup/start.sh
+++ b/setup/start.sh
@ -94,7 +94,7 @@ PUBLIC_IP=$PUBLIC_IP
 PUBLIC_IPV6=$PUBLIC_IPV6
 PRIVATE_IP=$PRIVATE_IP
 PRIVATE_IPV6=$PRIVATE_IPV6
-MTA_STS_MODE=${MTA_STS_MODE-}
+MTA_STS_MODE=${DEFAULT_MTA_STS_MODE:-enforce}
 EOF
 # Start service configuration.
--- a/setup/web.sh
+++ b/setup/web.sh
@ -126,13 +126,13 @@ chmod a+r /var/lib/mailinabox/mozilla-autoconfig.xml
 # nginx configuration at /.well-known/mta-sts.txt
 # more documentation is available on: 
 # https://www.uriports.com/blog/mta-sts-explained/
-# default mode is "enforce". Change to "testing" which means
+# default mode is "enforce". In /etc/mailinabox.conf change
-# "Messages will be delivered as though there was no failure
+# "MTA_STS_MODE=testing" which means "Messages will be delivered
-# but a report will be sent if TLS-RPT is configured" if you
+# as though there was no failure but a report will be sent if
-# are not sure you want this yet. Or "none".
+# TLS-RPT is configured" if you are not sure you want this yet. Or "none".
 PUNY_PRIMARY_HOSTNAME=$(echo "$PRIMARY_HOSTNAME" | idn2)
 cat conf/mta-sts.txt \
-        | sed "s/MODE/${MTA_STS_MODE:-enforce}/" \
+        | sed "s/MODE/${MTA_STS_MODE}/" \
        | sed "s/PRIMARY_HOSTNAME/$PUNY_PRIMARY_HOSTNAME/" \
         > /var/lib/mailinabox/mta-sts.txt
 chmod a+r /var/lib/mailinabox/mta-sts.txt