it needs further testing; if the alias tlsrpt@PRIMARY_HOSTNAME exists, a rua record will be generated

management/dns_update.py

@@ -9,7 +9,7 @@ import ipaddress
 import rtyaml
 import dns.resolver
 
-from mailconfig import get_mail_domains
+from mailconfig import get_mail_domains, get_mail_aliases
 from utils import shell, load_env_vars_from_file, safe_domain_name, sort_domains
 
 # From https://stackoverflow.com/questions/3026957/how-to-validate-a-domain-name-using-regex-php/16491074#16491074
@@ -305,6 +305,8 @@ def build_zone(domain, all_domains, additional_records, www_redirect_domains, en
 
 	# Adds autoconfiguration A records for all domains.
 	# mta-sts.* - required A record for mta-sts (serving the policy)
+
+
 	mta_sts_records = [
 		("mta-sts", "A", env["PUBLIC_IP"], "Provides MTA-STS support"),
 		("mta-sts", "AAAA", env.get('PUBLIC_IPV6'), "Provides MTA-STS support"),
@@ -312,7 +314,12 @@ def build_zone(domain, all_domains, additional_records, www_redirect_domains, en
 	]
 	# Skip if the user has set a custom _smtp._tls record.
 	if not has_rec("_smtp._tls", "TXT", prefix="v=TLSRPTv1;"):
-		mta_sts_records.append(("_smtp._tls",  "TXT", "v=TLSRPTv1;", "For reporting, add an mail alias, for example 'tlsrpt@%s' and a custom TXT record like 'v=TLSRPTv1; rua=mailto:tlsrpt@%s' for reporting" % (env["PRIMARY_HOSTNAME"], env["PRIMARY_HOSTNAME"]) ))
+		tls_rpt_email = "tlsrpt@%s" % env['PRIMARY_HOSTNAME'] 
+		tls_rpt_string = "";
+		for alias in get_mail_aliases(env):
+			if alias[0] == tls_rpt_email: tls_rpt_string = " rua:%s" % tls_rpt_email
+
+		mta_sts_records.append(("_smtp._tls",  "TXT", "v=TLSRPTv1;%s" % tls_rpt_string, "For reporting, add an mail alias, for example 'tlsrpt@%s' and a custom TXT record like 'v=TLSRPTv1; rua=mailto:tlsrpt@%s' for reporting" % (env["PRIMARY_HOSTNAME"], env["PRIMARY_HOSTNAME"]) ))
 
 	for qname, rtype, value, explanation in mta_sts_records:
 		if value is None or value.strip() == "": continue # skip IPV6 if not set