mirror of
https://github.com/mjl-/mox.git
synced 2025-01-14 01:06:27 +03:00
for external domains (for which we only accept external dmarc reports), don't try to fetch tls certificates at startup for autoconfig host
This commit is contained in:
parent
651fa68067
commit
51e314f65a
2 changed files with 18 additions and 3 deletions
15
http/web.go
15
http/web.go
|
@ -682,13 +682,22 @@ func Listen() {
|
||||||
if l.HostnameDomain.ASCII != "" {
|
if l.HostnameDomain.ASCII != "" {
|
||||||
hosts[l.HostnameDomain] = struct{}{}
|
hosts[l.HostnameDomain] = struct{}{}
|
||||||
}
|
}
|
||||||
// All domains are served on all listeners.
|
// All domains are served on all listeners. Gather autoconfig hostnames to ensure
|
||||||
|
// presence of TLS certificates for.
|
||||||
for _, name := range mox.Conf.Domains() {
|
for _, name := range mox.Conf.Domains() {
|
||||||
dom, err := dns.ParseDomain("autoconfig." + name)
|
if dom, err := dns.ParseDomain(name); err != nil {
|
||||||
|
xlog.Errorx("parsing domain from config", err)
|
||||||
|
} else if d, _ := mox.Conf.Domain(dom); d.DMARC != nil && d.DMARC.Domain != "" && d.DMARC.DNSDomain != dom {
|
||||||
|
// Do not gather autoconfig name if this domain is configured to process reports
|
||||||
|
// for domains hosted elsewhere.
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
autoconfdom, err := dns.ParseDomain("autoconfig." + name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
xlog.Errorx("parsing domain from config for autoconfig", err)
|
xlog.Errorx("parsing domain from config for autoconfig", err)
|
||||||
} else {
|
} else {
|
||||||
hosts[dom] = struct{}{}
|
hosts[autoconfdom] = struct{}{}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -251,6 +251,12 @@ func (c *Config) allowACMEHosts(checkACMEHosts bool) {
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, dom := range c.Dynamic.Domains {
|
for _, dom := range c.Dynamic.Domains {
|
||||||
|
if dom.DMARC != nil && dom.DMARC.Domain != "" && dom.DMARC.DNSDomain != dom.Domain {
|
||||||
|
// Do not allow TLS certificates for domains for which we only accept DMARC reports
|
||||||
|
// as external party.
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
if l.AutoconfigHTTPS.Enabled && !l.AutoconfigHTTPS.NonTLS {
|
if l.AutoconfigHTTPS.Enabled && !l.AutoconfigHTTPS.NonTLS {
|
||||||
if d, err := dns.ParseDomain("autoconfig." + dom.Domain.ASCII); err != nil {
|
if d, err := dns.ParseDomain("autoconfig." + dom.Domain.ASCII); err != nil {
|
||||||
xlog.Errorx("parsing autoconfig domain", err, mlog.Field("domain", dom.Domain))
|
xlog.Errorx("parsing autoconfig domain", err, mlog.Field("domain", dom.Domain))
|
||||||
|
|
Loading…
Reference in a new issue