mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-22 07:17:05 +00:00
Fix MTA-STS policy id so it does not have invalid characters, fixes #1779
This commit is contained in:
parent
224242dfde
commit
6fd3195275
@ -340,11 +340,13 @@ def build_zone(domain, all_domains, additional_records, www_redirect_domains, en
|
||||
# 'break' was not encountered above, so both domains are good
|
||||
mta_sts_enabled = True
|
||||
if mta_sts_enabled:
|
||||
# Compute a up-to-32-character hash of the policy file. We'll take a SHA-1 hash of the policy
|
||||
# file (20 bytes) and encode it as base-64 (60 bytes) but then just take its first 20 bytes
|
||||
# which should be sufficient to change whenever the policy file changes.
|
||||
# Compute an up-to-32-character hash of the policy file. We'll take a SHA-1 hash of the policy
|
||||
# file (20 bytes) and encode it as base-64 (28 bytes, using alphanumeric alternate characters
|
||||
# instead of '+' and '/' which are not allowed in an MTA-STS policy id) but then just take its
|
||||
# first 20 characters, which is more than sufficient to change whenever the policy file changes
|
||||
# (and ensures any '=' padding at the end of the base64 encoding is dropped).
|
||||
with open("/var/lib/mailinabox/mta-sts.txt", "rb") as f:
|
||||
mta_sts_policy_id = base64.b64encode(hashlib.sha1(f.read()).digest()).decode("ascii")[0:20]
|
||||
mta_sts_policy_id = base64.b64encode(hashlib.sha1(f.read()).digest(), altchars=b"AA").decode("ascii")[0:20]
|
||||
mta_sts_records.extend([
|
||||
("_mta-sts", "TXT", "v=STSv1; id=" + mta_sts_policy_id, "Optional. Part of the MTA-STS policy for incoming mail. If set, a MTA-STS policy must also be published.")
|
||||
])
|
||||
|
Loading…
Reference in New Issue
Block a user