mirror of
https://github.com/mjl-/mox.git
synced 2025-01-14 01:06:27 +03:00
add metric for number of times we fallback to plaintext delivery
This commit is contained in:
parent
f9eb18b6a8
commit
a6d55b7e76
1 changed files with 13 additions and 7 deletions
|
@ -78,6 +78,12 @@ var (
|
|||
"reason", // nopolicy (no mta-sts and no dane), norequiretls (smtp server does not support requiretls)
|
||||
},
|
||||
)
|
||||
metricPlaintextFallback = promauto.NewCounter(
|
||||
prometheus.CounterOpts{
|
||||
Name: "mox_queue_plaintext_fallback_total",
|
||||
Help: "Delivery attempts with fallback to plain text delivery.",
|
||||
},
|
||||
)
|
||||
)
|
||||
|
||||
// todo: rename function, perhaps put some of the params in a delivery struct so we don't pass all the params all the time?
|
||||
|
@ -180,8 +186,6 @@ func deliverDirect(cid int64, qlog *mlog.Log, resolver dns.Resolver, dialer smtp
|
|||
nmissingRequireTLS := 0
|
||||
// todo: should make distinction between host permanently not accepting the message, and the message not being deliverable permanently. e.g. a mx host may have a size limit, or not accept 8bitmime, while another host in the list does accept the message. same for smtputf8, ../rfc/6531:555
|
||||
for _, h := range hosts {
|
||||
var badTLS, ok bool
|
||||
|
||||
// ../rfc/8461:913
|
||||
if policy != nil && !policy.Matches(h.Domain) {
|
||||
var policyHosts []string
|
||||
|
@ -222,15 +226,17 @@ func deliverDirect(cid int64, qlog *mlog.Log, resolver dns.Resolver, dialer smtp
|
|||
// usually with verification of the certificate.
|
||||
var daneRequired bool
|
||||
|
||||
var badTLS, ok bool
|
||||
enforceMTASTS := policy != nil && policy.Mode == mtasts.ModeEnforce
|
||||
permanent, daneRequired, badTLS, secodeOpt, remoteIP, errmsg, ok = deliverHost(nqlog, resolver, dialer, cid, ourHostname, transportName, h, enforceMTASTS, haveMX, origNextHopAuthentic, origNextHop, expandedNextHopAuthentic, expandedNextHop, &m, tlsMode)
|
||||
|
||||
// If we had a TLS-related failure when doing opportunistic (optional) TLS, and no
|
||||
// DANE records were not found, we should try again without TLS. This could be an
|
||||
// old server that only does ancient TLS versions, or has a misconfiguration. Note
|
||||
// that opportunistic TLS does not do regular certificate verification, so that can't
|
||||
// be the problem.
|
||||
// If we had a TLS-related failure when doing TLS, and we don't have a requirement for MTA-STS/DANE,
|
||||
// we try again without TLS. This could be an old
|
||||
// server that only does ancient TLS versions, or has a misconfiguration. Note that
|
||||
// opportunistic TLS does not do regular certificate verification, so that can't be
|
||||
// the problem.
|
||||
if !ok && badTLS && (!enforceMTASTS && tlsMode == smtpclient.TLSOpportunistic && !daneRequired || m.RequireTLS != nil && !*m.RequireTLS) {
|
||||
metricPlaintextFallback.Inc()
|
||||
if m.RequireTLS != nil && !*m.RequireTLS {
|
||||
metricTLSRequiredNoIgnored.WithLabelValues("badtls").Inc()
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue