From ab7a5d4e4d2ef9d25a1bb2add72840f090f99ebd Mon Sep 17 00:00:00 2001 From: ValdikSS Date: Thu, 17 Dec 2020 23:16:39 +0300 Subject: [PATCH] Try to print MTA-STS missing DNS policy error reason When proper (not self-signed) TLS certificate is not provisioned on the domain yet, MiaB prints only: MTA-STS policy is missing: STSFetchResult.NONE which may confuse the administrator, as .well-known/mta-sts.txt file is already present and opens correctly. Print more human-friendly reason for this case. --- management/status_checks.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/management/status_checks.py b/management/status_checks.py index 36da034a..015d913d 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -660,7 +660,16 @@ def check_mail_domain(domain, env, output): else: output.print_error("MTA-STS policy is present but has unexpected settings. [{}]".format(policy[1])) else: - output.print_error("MTA-STS policy is missing: {}".format(valid)) + certmessage = '' + cert = get_ssl_certificates(env).get(domain) + if not cert: + certmessage = "No TLS certificate provisioned for this domain" + else: + cert_status = check_certificate(domain, cert['certificate'], cert['private-key']) + if cert_status[0] != 'OK': + certmessage = "TLS certificate is not valid" + + output.print_error("MTA-STS policy is missing: {}".format(certmessage if certmessage else valid)) else: output.print_error("""This domain's DNS MX record is incorrect. It is currently set to '%s' but should be '%s'. Mail will not