"Docs":"Admin exports web API functions for the admin web interface. All its methods are\nexported under api/. Function calls require valid HTTP Authentication\ncredentials of a user.",
"Docs":"Accounts returns the names of all configured accounts.",
"Params":[],
"Returns":[
{
"Name":"r0",
"Typewords":[
"[]",
"string"
]
}
]
},
{
"Name":"Account",
"Docs":"Account returns the parsed configuration of an account.",
"Params":[
{
"Name":"account",
"Typewords":[
"string"
]
}
],
"Returns":[
{
"Name":"r0",
"Typewords":[
"{}",
"any"
]
}
]
},
{
"Name":"ConfigFiles",
"Docs":"ConfigFiles returns the paths and contents of the static and dynamic configuration files.",
"Params":[],
"Returns":[
{
"Name":"staticPath",
"Typewords":[
"string"
]
},
{
"Name":"dynamicPath",
"Typewords":[
"string"
]
},
{
"Name":"static",
"Typewords":[
"string"
]
},
{
"Name":"dynamic",
"Typewords":[
"string"
]
}
]
},
{
"Name":"MTASTSPolicies",
"Docs":"MTASTSPolicies returns all mtasts policies from the cache.",
"Params":[],
"Returns":[
{
"Name":"records",
"Typewords":[
"[]",
"PolicyRecord"
]
}
]
},
{
"Name":"TLSReports",
"Docs":"TLSReports returns TLS reports overlapping with period start/end, for the given\ndomain (or all domains if empty). The reports are sorted first by period end\n(most recent first), then by domain.",
"Params":[
{
"Name":"start",
"Typewords":[
"timestamp"
]
},
{
"Name":"end",
"Typewords":[
"timestamp"
]
},
{
"Name":"domain",
"Typewords":[
"string"
]
}
],
"Returns":[
{
"Name":"reports",
"Typewords":[
"[]",
"TLSReportRecord"
]
}
]
},
{
"Name":"TLSReportID",
"Docs":"TLSReportID returns a single TLS report.",
"Params":[
{
"Name":"domain",
"Typewords":[
"string"
]
},
{
"Name":"reportID",
"Typewords":[
"int64"
]
}
],
"Returns":[
{
"Name":"r0",
"Typewords":[
"TLSReportRecord"
]
}
]
},
{
"Name":"TLSRPTSummaries",
"Docs":"TLSRPTSummaries returns a summary of received TLS reports overlapping with\nperiod start/end for one or all domains (when domain is empty).\nThe returned summaries are ordered by domain name.",
"Params":[
{
"Name":"start",
"Typewords":[
"timestamp"
]
},
{
"Name":"end",
"Typewords":[
"timestamp"
]
},
{
"Name":"domain",
"Typewords":[
"string"
]
}
],
"Returns":[
{
"Name":"domainSummaries",
"Typewords":[
"[]",
"TLSRPTSummary"
]
}
]
},
{
"Name":"DMARCReports",
"Docs":"DMARCReports returns DMARC reports overlapping with period start/end, for the\ngiven domain (or all domains if empty). The reports are sorted first by period\nend (most recent first), then by domain.",
"Params":[
{
"Name":"start",
"Typewords":[
"timestamp"
]
},
{
"Name":"end",
"Typewords":[
"timestamp"
]
},
{
"Name":"domain",
"Typewords":[
"string"
]
}
],
"Returns":[
{
"Name":"reports",
"Typewords":[
"[]",
"DomainFeedback"
]
}
]
},
{
"Name":"DMARCReportID",
"Docs":"DMARCReportID returns a single DMARC report.",
"Params":[
{
"Name":"domain",
"Typewords":[
"string"
]
},
{
"Name":"reportID",
"Typewords":[
"int64"
]
}
],
"Returns":[
{
"Name":"report",
"Typewords":[
"DomainFeedback"
]
}
]
},
{
"Name":"DMARCSummaries",
"Docs":"DMARCSummaries returns a summary of received DMARC reports overlapping with\nperiod start/end for one or all domains (when domain is empty).\nThe returned summaries are ordered by domain name.",
"Params":[
{
"Name":"start",
"Typewords":[
"timestamp"
]
},
{
"Name":"end",
"Typewords":[
"timestamp"
]
},
{
"Name":"domain",
"Typewords":[
"string"
]
}
],
"Returns":[
{
"Name":"domainSummaries",
"Typewords":[
"[]",
"DMARCSummary"
]
}
]
},
{
"Name":"LookupIP",
"Docs":"LookupIP does a reverse lookup of ip.",
"Params":[
{
"Name":"ip",
"Typewords":[
"string"
]
}
],
"Returns":[
{
"Name":"r0",
"Typewords":[
"Reverse"
]
}
]
},
{
"Name":"DNSBLStatus",
"Docs":"DNSBLStatus returns the IPs from which outgoing connections may be made and\ntheir current status in DNSBLs that are configured. The IPs are typically the\nconfigured listen IPs, or otherwise IPs on the machines network interfaces, with\ninternal/private IPs removed.\n\nThe returned value maps IPs to per DNSBL statuses, where \"pass\" means not listed and\nanything else is an error string, e.g. \"fail: ...\" or \"temperror: ...\".",
"Params":[],
"Returns":[
{
"Name":"r0",
"Typewords":[
"{}",
"{}",
"string"
]
}
]
},
{
"Name":"DomainRecords",
"Docs":"DomainRecords returns lines describing DNS records that should exist for the\nconfigured domain.",
"Params":[
{
"Name":"domain",
"Typewords":[
"string"
]
}
],
"Returns":[
{
"Name":"r0",
"Typewords":[
"[]",
"string"
]
}
]
},
{
"Name":"DomainAdd",
"Docs":"DomainAdd adds a new domain and reloads the configuration.",
"Params":[
{
"Name":"domain",
"Typewords":[
"string"
]
},
{
"Name":"accountName",
"Typewords":[
"string"
]
},
{
"Name":"localpart",
"Typewords":[
"string"
]
}
],
"Returns":[]
},
{
"Name":"DomainRemove",
"Docs":"DomainRemove removes an existing domain and reloads the configuration.",
"Docs":"AccountRemove removes an existing account and reloads the configuration.",
"Params":[
{
"Name":"accountName",
"Typewords":[
"string"
]
}
],
"Returns":[]
},
{
"Name":"AddressAdd",
"Docs":"AddressAdd adds a new address to the account, which must already exist.",
"Params":[
{
"Name":"address",
"Typewords":[
"string"
]
},
{
"Name":"accountName",
"Typewords":[
"string"
]
}
],
"Returns":[]
},
{
"Name":"AddressRemove",
"Docs":"AddressRemove removes an existing address.",
"Params":[
{
"Name":"address",
"Typewords":[
"string"
]
}
],
"Returns":[]
},
{
"Name":"SetPassword",
"Docs":"SetPassword saves a new password for an account, invalidating the previous password.\nSessions are not interrupted, and will keep working. New login attempts must use the new password.\nPassword must be at least 8 characters.",
"Docs":"DMARCEvaluationStats returns a map of all domains with evaluations to a count of\nthe evaluations and whether those evaluations will cause a report to be sent.",
"Params":[],
"Returns":[
{
"Name":"r0",
"Typewords":[
"{}",
"EvaluationStat"
]
}
]
},
{
"Name":"DMARCEvaluationsDomain",
"Docs":"DMARCEvaluationsDomain returns all evaluations for aggregate reports for the\ndomain, sorted from oldest to most recent.",
"Params":[
{
"Name":"domain",
"Typewords":[
"string"
]
}
],
"Returns":[
{
"Name":"r0",
"Typewords":[
"Domain"
]
},
{
"Name":"r1",
"Typewords":[
"[]",
"Evaluation"
]
}
]
},
{
"Name":"DMARCRemoveEvaluations",
"Docs":"DMARCRemoveEvaluations removes evaluations for a domain.",
"Docs":"TLSRPTResults returns all TLSRPT results in the database.",
"Params":[],
"Returns":[
{
"Name":"r0",
"Typewords":[
"[]",
"TLSResult"
]
}
]
},
{
"Name":"TLSRPTResultsPolicyDomain",
"Docs":"TLSRPTResultsPolicyDomain returns the TLS results for a domain.",
"Params":[
{
"Name":"policyDomain",
"Typewords":[
"string"
]
}
],
"Returns":[
{
"Name":"r0",
"Typewords":[
"Domain"
]
},
{
"Name":"r1",
"Typewords":[
"[]",
"TLSResult"
]
}
]
},
{
"Name":"LookupTLSRPTRecord",
"Docs":"LookupTLSRPTRecord looks up a TLSRPT record and returns the parsed form, original txt\nform from DNS, and error with the TLSRPT record as a string.",
"Params":[
{
"Name":"domain",
"Typewords":[
"string"
]
}
],
"Returns":[
{
"Name":"record",
"Typewords":[
"nullable",
"TLSRPTRecord"
]
},
{
"Name":"txt",
"Typewords":[
"string"
]
},
{
"Name":"errstr",
"Typewords":[
"string"
]
}
]
},
{
"Name":"TLSRPTRemoveResults",
"Docs":"TLSRPTRemoveResults removes the TLS results for a domain for the given day. If\nday is empty, all results are removed.",
"Docs":"CheckResult is the analysis of a domain, its actual configuration (DNS, TLS,\nconnectivity) and the mox configuration. It includes configuration instructions\n(e.g. DNS records), and warnings and errors encountered.",
"Docs":"This hostname, IPs must resolve back to this.",
"Typewords":[
"Domain"
]
},
{
"Name":"IPNames",
"Docs":"IP to names.",
"Typewords":[
"{}",
"[]",
"string"
]
},
{
"Name":"Errors",
"Docs":"",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Warnings",
"Docs":"",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Instructions",
"Docs":"",
"Typewords":[
"[]",
"string"
]
}
]
},
{
"Name":"Domain",
"Docs":"Domain is a domain name, with one or more labels, with at least an ASCII\nrepresentation, and for IDNA non-ASCII domains a unicode representation.\nThe ASCII string must be used for DNS lookups.",
"Fields":[
{
"Name":"ASCII",
"Docs":"A non-unicode domain, e.g. with A-labels (xn--...) or NR-LDH (non-reserved letters/digits/hyphens) labels. Always in lower case.",
"Typewords":[
"string"
]
},
{
"Name":"Unicode",
"Docs":"Name as U-labels. Empty if this is an ASCII-only domain.",
"Docs":"An IP is evaluated against each directive until a match is found.",
"Typewords":[
"[]",
"Directive"
]
},
{
"Name":"Redirect",
"Docs":"Modifier that redirects SPF checks to other domain after directives did not match. Optional. For \"redirect=\".",
"Typewords":[
"string"
]
},
{
"Name":"Explanation",
"Docs":"Modifier for creating a user-friendly error message when an IP results in status \"fail\".",
"Typewords":[
"string"
]
},
{
"Name":"Other",
"Docs":"Other modifiers.",
"Typewords":[
"[]",
"Modifier"
]
}
]
},
{
"Name":"Directive",
"Docs":"Directive consists of a mechanism that describes how to check if an IP matches,\nan (optional) qualifier indicating the policy for a match, and optional\nparameters specific to the mechanism.",
"Fields":[
{
"Name":"Qualifier",
"Docs":"Sets the result if this directive matches. \"\" and \"+\" are \"pass\", \"-\" is \"fail\", \"?\" is \"neutral\", \"~\" is \"softfail\".",
"Docs":"For include, a, mx, ptr, exists. Always in lower-case when parsed using ParseRecord.",
"Typewords":[
"string"
]
},
{
"Name":"IPstr",
"Docs":"Original string for IP, always with /subnet.",
"Typewords":[
"string"
]
},
{
"Name":"IP4CIDRLen",
"Docs":"For a, mx, ip4.",
"Typewords":[
"nullable",
"int32"
]
},
{
"Name":"IP6CIDRLen",
"Docs":"For a, mx, ip6.",
"Typewords":[
"nullable",
"int32"
]
}
]
},
{
"Name":"Modifier",
"Docs":"Modifier provides additional information for a policy.\n\"redirect\" and \"exp\" are not represented as a Modifier but explicitly in a Record.",
"Fields":[
{
"Name":"Key",
"Docs":"Key is case-insensitive.",
"Typewords":[
"string"
]
},
{
"Name":"Value",
"Docs":"",
"Typewords":[
"string"
]
}
]
},
{
"Name":"DKIMCheckResult",
"Docs":"",
"Fields":[
{
"Name":"Records",
"Docs":"",
"Typewords":[
"[]",
"DKIMRecord"
]
},
{
"Name":"Errors",
"Docs":"",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Warnings",
"Docs":"",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Instructions",
"Docs":"",
"Typewords":[
"[]",
"string"
]
}
]
},
{
"Name":"DKIMRecord",
"Docs":"",
"Fields":[
{
"Name":"Selector",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"TXT",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"Record",
"Docs":"",
"Typewords":[
"nullable",
"Record"
]
}
]
},
{
"Name":"Record",
"Docs":"Record is a DKIM DNS record, served on \u003cselector\u003e._domainkey.\u003cdomain\u003e for a\ngiven selector and domain (s= and d= in the DKIM-Signature).\n\nThe record is a semicolon-separated list of \"=\"-separated field value pairs.\nStrings should be compared case-insensitively, e.g. k=ed25519 is equivalent to k=ED25519.\n\nExample:\n\n\tv=DKIM1;h=sha256;k=ed25519;p=ln5zd/JEX4Jy60WAhUOv33IYm2YZMyTQAdr9stML504=",
"Fields":[
{
"Name":"Version",
"Docs":"Version, fixed \"DKIM1\" (case sensitive). Field \"v\".",
"Typewords":[
"string"
]
},
{
"Name":"Hashes",
"Docs":"Acceptable hash algorithms, e.g. \"sha1\", \"sha256\". Optional, defaults to all algorithms. Field \"h\".",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Key",
"Docs":"Key type, \"rsa\" or \"ed25519\". Optional, default \"rsa\". Field \"k\".",
"Typewords":[
"string"
]
},
{
"Name":"Notes",
"Docs":"Debug notes. Field \"n\".",
"Typewords":[
"string"
]
},
{
"Name":"Pubkey",
"Docs":"Public key, as base64 in record. If empty, the key has been revoked. Field \"p\".",
"Typewords":[
"[]",
"uint8"
]
},
{
"Name":"Services",
"Docs":"Service types. Optional, default \"*\" for all services. Other values: \"email\". Field \"s\".",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Flags",
"Docs":"Flags, colon-separated. Optional, default is no flags. Other values: \"y\" for testing DKIM, \"s\" for \"i=\" must have same domain as \"d\" in signatures. Field \"t\".",
"Typewords":[
"[]",
"string"
]
}
]
},
{
"Name":"DMARCCheckResult",
"Docs":"",
"Fields":[
{
"Name":"Domain",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"TXT",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"Record",
"Docs":"",
"Typewords":[
"nullable",
"DMARCRecord"
]
},
{
"Name":"Errors",
"Docs":"",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Warnings",
"Docs":"",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Instructions",
"Docs":"",
"Typewords":[
"[]",
"string"
]
}
]
},
{
"Name":"DMARCRecord",
"Docs":"",
"Fields":[
{
"Name":"Version",
"Docs":"\"v=DMARC1\"",
"Typewords":[
"string"
]
},
{
"Name":"Policy",
"Docs":"Required, for \"p=\".",
"Typewords":[
"DMARCPolicy"
]
},
{
"Name":"SubdomainPolicy",
"Docs":"Like policy but for subdomains. Optional, for \"sp=\".",
"Typewords":[
"DMARCPolicy"
]
},
{
"Name":"AggregateReportAddresses",
"Docs":"Optional, for \"rua=\".",
"Typewords":[
"[]",
"URI"
]
},
{
"Name":"FailureReportAddresses",
"Docs":"Optional, for \"ruf=\"",
"Typewords":[
"[]",
"URI"
]
},
{
"Name":"ADKIM",
"Docs":"\"r\" (default) for relaxed or \"s\" for simple. For \"adkim=\".",
"Typewords":[
"Align"
]
},
{
"Name":"ASPF",
"Docs":"\"r\" (default) for relaxed or \"s\" for simple. For \"aspf=\".",
"Typewords":[
"Align"
]
},
{
"Name":"AggregateReportingInterval",
"Docs":"Default 86400. For \"ri=\"",
"Typewords":[
"int32"
]
},
{
"Name":"FailureReportingOptions",
"Docs":"\"0\" (default), \"1\", \"d\", \"s\". For \"fo=\".",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"ReportingFormat",
"Docs":"\"afrf\" (default). Ffor \"rf=\".",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Percentage",
"Docs":"Between 0 and 100, default 100. For \"pct=\".",
"Typewords":[
"int32"
]
}
]
},
{
"Name":"URI",
"Docs":"URI is a destination address for reporting.",
"Fields":[
{
"Name":"Address",
"Docs":"Should start with \"mailto:\".",
"Typewords":[
"string"
]
},
{
"Name":"MaxSize",
"Docs":"Optional maximum message size, subject to Unit.",
"Docs":"Aggregate reporting URI, for \"rua=\". \"rua=\" can occur multiple times, each can be a list. Must be URL-encoded strings, with \",\", \"!\" and \";\" encoded.",
"Typewords":[
"[]",
"[]",
"string"
]
},
{
"Name":"Extensions",
"Docs":"",
"Typewords":[
"[]",
"Extension"
]
}
]
},
{
"Name":"Extension",
"Docs":"Extension is an additional key/value pair for a TLSRPT record.",
"Fields":[
{
"Name":"Key",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"Value",
"Docs":"",
"Typewords":[
"string"
]
}
]
},
{
"Name":"MTASTSCheckResult",
"Docs":"",
"Fields":[
{
"Name":"TXT",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"Record",
"Docs":"",
"Typewords":[
"nullable",
"MTASTSRecord"
]
},
{
"Name":"PolicyText",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"Policy",
"Docs":"",
"Typewords":[
"nullable",
"Policy"
]
},
{
"Name":"Errors",
"Docs":"",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Warnings",
"Docs":"",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Instructions",
"Docs":"",
"Typewords":[
"[]",
"string"
]
}
]
},
{
"Name":"MTASTSRecord",
"Docs":"",
"Fields":[
{
"Name":"Version",
"Docs":"\"STSv1\", for \"v=\". Required.",
"Typewords":[
"string"
]
},
{
"Name":"ID",
"Docs":"Record version, for \"id=\". Required.",
"Typewords":[
"string"
]
},
{
"Name":"Extensions",
"Docs":"Optional extensions.",
"Typewords":[
"[]",
"Pair"
]
}
]
},
{
"Name":"Pair",
"Docs":"Pair is an extension key/value pair in a MTA-STS DNS record or policy.",
"Fields":[
{
"Name":"Key",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"Value",
"Docs":"",
"Typewords":[
"string"
]
}
]
},
{
"Name":"Policy",
"Docs":"Policy is an MTA-STS policy as served at \"https://mta-sts.\u003cdomain\u003e/.well-known/mta-sts.txt\".",
"Fields":[
{
"Name":"Version",
"Docs":"\"STSv1\"",
"Typewords":[
"string"
]
},
{
"Name":"Mode",
"Docs":"",
"Typewords":[
"Mode"
]
},
{
"Name":"MX",
"Docs":"",
"Typewords":[
"[]",
"STSMX"
]
},
{
"Name":"MaxAgeSeconds",
"Docs":"How long this policy can be cached. Suggested values are in weeks or more.",
"Typewords":[
"int32"
]
},
{
"Name":"Extensions",
"Docs":"",
"Typewords":[
"[]",
"Pair"
]
}
]
},
{
"Name":"STSMX",
"Docs":"STSMX is an allowlisted MX host name/pattern.\ntodo: find a way to name this just STSMX without getting duplicate names for \"MX\" in the sherpa api.",
"Fields":[
{
"Name":"Wildcard",
"Docs":"\"*.\" wildcard, e.g. if a subdomain matches. A wildcard must match exactly one label. *.example.com matches mail.example.com, but not example.com, and not foor.bar.example.com.",
"Typewords":[
"bool"
]
},
{
"Name":"Domain",
"Docs":"",
"Typewords":[
"Domain"
]
}
]
},
{
"Name":"SRVConfCheckResult",
"Docs":"",
"Fields":[
{
"Name":"SRVs",
"Docs":"Service (e.g. \"_imaps\") to records.",
"Typewords":[
"{}",
"[]",
"nullable",
"SRV"
]
},
{
"Name":"Errors",
"Docs":"",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Warnings",
"Docs":"",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Instructions",
"Docs":"",
"Typewords":[
"[]",
"string"
]
}
]
},
{
"Name":"SRV",
"Docs":"An SRV represents a single DNS SRV record.",
"Fields":[
{
"Name":"Target",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"Port",
"Docs":"",
"Typewords":[
"uint16"
]
},
{
"Name":"Priority",
"Docs":"",
"Typewords":[
"uint16"
]
},
{
"Name":"Weight",
"Docs":"",
"Typewords":[
"uint16"
]
}
]
},
{
"Name":"AutoconfCheckResult",
"Docs":"",
"Fields":[
{
"Name":"IPs",
"Docs":"",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Errors",
"Docs":"",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Warnings",
"Docs":"",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Instructions",
"Docs":"",
"Typewords":[
"[]",
"string"
]
}
]
},
{
"Name":"AutodiscoverCheckResult",
"Docs":"",
"Fields":[
{
"Name":"Records",
"Docs":"",
"Typewords":[
"[]",
"AutodiscoverSRV"
]
},
{
"Name":"Errors",
"Docs":"",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Warnings",
"Docs":"",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"Instructions",
"Docs":"",
"Typewords":[
"[]",
"string"
]
}
]
},
{
"Name":"AutodiscoverSRV",
"Docs":"",
"Fields":[
{
"Name":"Target",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"Port",
"Docs":"",
"Typewords":[
"uint16"
]
},
{
"Name":"Priority",
"Docs":"",
"Typewords":[
"uint16"
]
},
{
"Name":"Weight",
"Docs":"",
"Typewords":[
"uint16"
]
},
{
"Name":"IPs",
"Docs":"",
"Typewords":[
"[]",
"string"
]
}
]
},
{
"Name":"PolicyRecord",
"Docs":"PolicyRecord is a cached policy or absence of a policy.",
"Fields":[
{
"Name":"Domain",
"Docs":"Domain name, with unicode characters.",
"Typewords":[
"string"
]
},
{
"Name":"Inserted",
"Docs":"",
"Typewords":[
"timestamp"
]
},
{
"Name":"ValidEnd",
"Docs":"",
"Typewords":[
"timestamp"
]
},
{
"Name":"LastUpdate",
"Docs":"Policies are refreshed on use and periodically.",
"Typewords":[
"timestamp"
]
},
{
"Name":"LastUse",
"Docs":"",
"Typewords":[
"timestamp"
]
},
{
"Name":"Backoff",
"Docs":"",
"Typewords":[
"bool"
]
},
{
"Name":"RecordID",
"Docs":"As retrieved from DNS.",
"Typewords":[
"string"
]
},
{
"Name":"Version",
"Docs":"\"STSv1\"",
"Typewords":[
"string"
]
},
{
"Name":"Mode",
"Docs":"",
"Typewords":[
"Mode"
]
},
{
"Name":"MX",
"Docs":"",
"Typewords":[
"[]",
"STSMX"
]
},
{
"Name":"MaxAgeSeconds",
"Docs":"How long this policy can be cached. Suggested values are in weeks or more.",
"Docs":"Text that make up the policy, as retrieved. We didn't store this in the past. If empty, policy can be reconstructed from Policy field. Needed by TLSRPT.",
"Docs":"TLSReportRecord is a TLS report as a database record, including information\nabout the sender.\n\ntodo: should be named just Record, but it would cause a sherpa type name conflict.",
"Docs":"Domain is where DMARC record was found, not necessarily message From. Reports we generate use unicode names, incoming reports may have either ASCII-only or Unicode domains.",
"Docs":"SourceIP must match the pattern ((1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5]).){3} (1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])| ([A-Fa-f0-9]{1,4}:){7}[A-Fa-f0-9]{1,4}",
"Typewords":[
"string"
]
},
{
"Name":"Count",
"Docs":"",
"Typewords":[
"int32"
]
},
{
"Name":"PolicyEvaluated",
"Docs":"",
"Typewords":[
"PolicyEvaluated"
]
}
]
},
{
"Name":"PolicyEvaluated",
"Docs":"",
"Fields":[
{
"Name":"Disposition",
"Docs":"",
"Typewords":[
"Disposition"
]
},
{
"Name":"DKIM",
"Docs":"",
"Typewords":[
"DMARCResult"
]
},
{
"Name":"SPF",
"Docs":"",
"Typewords":[
"DMARCResult"
]
},
{
"Name":"Reasons",
"Docs":"",
"Typewords":[
"[]",
"PolicyOverrideReason"
]
}
]
},
{
"Name":"PolicyOverrideReason",
"Docs":"",
"Fields":[
{
"Name":"Type",
"Docs":"",
"Typewords":[
"PolicyOverride"
]
},
{
"Name":"Comment",
"Docs":"",
"Typewords":[
"string"
]
}
]
},
{
"Name":"Identifiers",
"Docs":"",
"Fields":[
{
"Name":"EnvelopeTo",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"EnvelopeFrom",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"HeaderFrom",
"Docs":"",
"Typewords":[
"string"
]
}
]
},
{
"Name":"AuthResults",
"Docs":"",
"Fields":[
{
"Name":"DKIM",
"Docs":"",
"Typewords":[
"[]",
"DKIMAuthResult"
]
},
{
"Name":"SPF",
"Docs":"",
"Typewords":[
"[]",
"SPFAuthResult"
]
}
]
},
{
"Name":"DKIMAuthResult",
"Docs":"",
"Fields":[
{
"Name":"Domain",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"Selector",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"Result",
"Docs":"",
"Typewords":[
"DKIMResult"
]
},
{
"Name":"HumanResult",
"Docs":"",
"Typewords":[
"string"
]
}
]
},
{
"Name":"SPFAuthResult",
"Docs":"",
"Fields":[
{
"Name":"Domain",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"Scope",
"Docs":"",
"Typewords":[
"SPFDomainScope"
]
},
{
"Name":"Result",
"Docs":"",
"Typewords":[
"SPFResult"
]
}
]
},
{
"Name":"DMARCSummary",
"Docs":"DMARCSummary presents DMARC aggregate reporting statistics for a single domain\nover a period.",
"Fields":[
{
"Name":"Domain",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"Total",
"Docs":"",
"Typewords":[
"int32"
]
},
{
"Name":"DispositionNone",
"Docs":"",
"Typewords":[
"int32"
]
},
{
"Name":"DispositionQuarantine",
"Docs":"",
"Typewords":[
"int32"
]
},
{
"Name":"DispositionReject",
"Docs":"",
"Typewords":[
"int32"
]
},
{
"Name":"DKIMFail",
"Docs":"",
"Typewords":[
"int32"
]
},
{
"Name":"SPFFail",
"Docs":"",
"Typewords":[
"int32"
]
},
{
"Name":"PolicyOverrides",
"Docs":"",
"Typewords":[
"{}",
"int32"
]
}
]
},
{
"Name":"Reverse",
"Docs":"Reverse is the result of a reverse lookup.",
"Docs":"If set, this message is a DSN and this is a version using utf-8, for the case the remote MTA supports smtputf8. In this case, Size and MsgPrefix are not relevant.",
"Docs":"If non-empty, the transport to use for this message. Can be set through cli or admin interface. If empty (the default for a submitted message), regular routing rules apply.",
"Docs":"RequireTLS influences TLS verification during delivery. If nil, the recipient domain policy is followed (MTA-STS and/or DANE), falling back to optional opportunistic non-verified STARTTLS. If RequireTLS is true (through SMTP REQUIRETLS extension or webmail submit), MTA-STS or DANE is required, as well as REQUIRETLS support by the next hop server. If RequireTLS is false (through messag header \"TLS-Required: No\"), the recipient domain's policy is ignored if it does not lead to a successful TLS connection, i.e. falling back to SMTP delivery with unverified STARTTLS or plain text.",
"Docs":"Transport is a method to delivery a message. At most one of the fields can\nbe non-nil. The non-nil field represents the type of transport. For a\ntransport with all fields nil, regular email delivery is done.",
"Fields":[
{
"Name":"Submissions",
"Docs":"",
"Typewords":[
"nullable",
"TransportSMTP"
]
},
{
"Name":"Submission",
"Docs":"",
"Typewords":[
"nullable",
"TransportSMTP"
]
},
{
"Name":"SMTP",
"Docs":"",
"Typewords":[
"nullable",
"TransportSMTP"
]
},
{
"Name":"Socks",
"Docs":"",
"Typewords":[
"nullable",
"TransportSocks"
]
}
]
},
{
"Name":"TransportSMTP",
"Docs":"TransportSMTP delivers messages by \"submission\" (SMTP, typically\nauthenticated) to the queue of a remote host (smarthost), or by relaying\n(SMTP, typically unauthenticated).",
"Fields":[
{
"Name":"Host",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"Port",
"Docs":"",
"Typewords":[
"int32"
]
},
{
"Name":"STARTTLSInsecureSkipVerify",
"Docs":"",
"Typewords":[
"bool"
]
},
{
"Name":"NoSTARTTLS",
"Docs":"",
"Typewords":[
"bool"
]
},
{
"Name":"Auth",
"Docs":"",
"Typewords":[
"nullable",
"SMTPAuth"
]
}
]
},
{
"Name":"SMTPAuth",
"Docs":"SMTPAuth hold authentication credentials used when delivering messages\nthrough a smarthost.",
"Docs":"EvaluationStat summarizes stored evaluations, for inclusion in an upcoming\naggregate report, for a domain.",
"Fields":[
{
"Name":"Count",
"Docs":"",
"Typewords":[
"int32"
]
},
{
"Name":"SendReport",
"Docs":"",
"Typewords":[
"bool"
]
},
{
"Name":"Domain",
"Docs":"",
"Typewords":[
"Domain"
]
}
]
},
{
"Name":"Evaluation",
"Docs":"Evaluation is the result of an evaluation of a DMARC policy, to be included\nin a DMARC report.",
"Fields":[
{
"Name":"ID",
"Docs":"",
"Typewords":[
"int64"
]
},
{
"Name":"PolicyDomain",
"Docs":"Domain where DMARC policy was found, could be the organizational domain while evaluation was for a subdomain. Unicode. Same as domain found in PolicyPublished. A separate field for its index.",
"Typewords":[
"string"
]
},
{
"Name":"Evaluated",
"Docs":"Time of evaluation, determines which report (covering whole hours) this evaluation will be included in.",
"Typewords":[
"timestamp"
]
},
{
"Name":"Optional",
"Docs":"If optional, this evaluation is not a reason to send a DMARC report, but it will be included when a report is sent due to other non-optional evaluations. Set for evaluations of incoming DMARC reports. We don't want such deliveries causing us to send a report, or we would keep exchanging reporting messages forever. Also set for when evaluation is a DMARC reject for domains we haven't positively interacted with, to prevent being used to flood an unsuspecting domain with reports.",
"Typewords":[
"bool"
]
},
{
"Name":"IntervalHours",
"Docs":"Effective aggregate reporting interval in hours. Between 1 and 24, rounded up from seconds from policy to first number that can divide 24.",
"Typewords":[
"int32"
]
},
{
"Name":"Addresses",
"Docs":"\"rua\" in DMARC record, we only store evaluations for records with aggregate reporting addresses, so always non-empty.",
"Typewords":[
"[]",
"string"
]
},
{
"Name":"PolicyPublished",
"Docs":"Policy used for evaluation. We don't store the \"fo\" field for failure reporting options, since we don't send failure reports for individual messages.",
"Typewords":[
"PolicyPublished"
]
},
{
"Name":"SourceIP",
"Docs":"For \"row\" in a report record.",
"Typewords":[
"string"
]
},
{
"Name":"Disposition",
"Docs":"",
"Typewords":[
"Disposition"
]
},
{
"Name":"AlignedDKIMPass",
"Docs":"",
"Typewords":[
"bool"
]
},
{
"Name":"AlignedSPFPass",
"Docs":"",
"Typewords":[
"bool"
]
},
{
"Name":"OverrideReasons",
"Docs":"",
"Typewords":[
"[]",
"PolicyOverrideReason"
]
},
{
"Name":"EnvelopeTo",
"Docs":"For \"identifiers\" in a report record.",
"Typewords":[
"string"
]
},
{
"Name":"EnvelopeFrom",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"HeaderFrom",
"Docs":"",
"Typewords":[
"string"
]
},
{
"Name":"DKIMResults",
"Docs":"For \"auth_results\" in a report record.",
"Docs":"TLSResult is stored in the database to track TLS results per policy domain, day\nand recipient domain. These records will be included in TLS reports.",
"Fields":[
{
"Name":"ID",
"Docs":"",
"Typewords":[
"int64"
]
},
{
"Name":"PolicyDomain",
"Docs":"Domain with TLSRPT DNS record, with addresses that will receive reports. Either a recipient domain (for MTA-STS policies) or an (MX) host (for DANE policies). Unicode.",
"Typewords":[
"string"
]
},
{
"Name":"DayUTC",
"Docs":"DayUTC is of the form yyyymmdd.",
"Typewords":[
"string"
]
},
{
"Name":"RecipientDomain",
"Docs":"Reports are sent per policy domain. When delivering a message to a recipient domain, we can get multiple TLSResults, typically one for MTA-STS, and one or more for DANE (one for each MX target, or actually TLSA base domain). We track recipient domain so we can display successes/failures for delivery of messages to a recipient domain in the admin pages. Unicode.",
"Typewords":[
"string"
]
},
{
"Name":"Created",
"Docs":"",
"Typewords":[
"timestamp"
]
},
{
"Name":"Updated",
"Docs":"",
"Typewords":[
"timestamp"
]
},
{
"Name":"IsHost",
"Docs":"Result is for host (e.g. DANE), not recipient domain (e.g. MTA-STS).",
"Typewords":[
"bool"
]
},
{
"Name":"SendReport",
"Docs":"Whether to send a report. TLS results for delivering messages with TLS reports will be recorded, but will not cause a report to be sent.",
"Typewords":[
"bool"
]
},
{
"Name":"Results",
"Docs":"Results is updated for each TLS attempt.",
"Docs":"Localpart is a decoded local part of an email address, before the \"@\".\nFor quoted strings, values do not hold the double quote or escaping backslashes.\nAn empty string can be a valid localpart.",
"Docs":"An IP is a single IP address, a slice of bytes.\nFunctions in this package accept either 4-byte (IPv4)\nor 16-byte (IPv6) slices as input.\n\nNote that in this documentation, referring to an\nIP address as an IPv4 address or an IPv6 address\nis a semantic property of the address, not just the\nlength of the byte slice: a 16-byte slice can still\nbe an IPv4 address.",