add option to handle autoconfig and mta-sts requests without TLS, for when it is reverse proxied

for #5 with hints from belst & idnovic
2025-07-12 17:44:35 +03:00 · 2023-02-25 11:28:15 +01:00
parent ac3a3e496e
commit 0ede7f78c1
5 changed files with 28 additions and 10 deletions
--- a/http/mtasts.go
+++ b/http/mtasts.go
@ -1,6 +1,7 @@
 package http

 import (
+	"net"
 	"net/http"
 	"strings"
 	"time"
@ -18,9 +19,14 @@ func mtastsPolicyHandle(w http.ResponseWriter, r *http.Request) {
 		http.NotFound(w, r)
 		return
 	}
-	domain, err := dns.ParseDomain(strings.TrimPrefix(r.Host, "mta-sts."))
+	host, _, err := net.SplitHostPort(strings.TrimPrefix(r.Host, "mta-sts."))
 	if err != nil {
-		log.Errorx("mtasts policy request: bad domain", err, mlog.Field("host", r.Host))
+		http.NotFound(w, r)
+		return
+	}
+	domain, err := dns.ParseDomain(host)
+	if err != nil {
+		log.Errorx("mtasts policy request: bad domain", err, mlog.Field("host", host))
 		http.NotFound(w, r)
 		return
 	}
--- a/http/web.go
+++ b/http/web.go
@ -110,12 +110,12 @@ func ListenAndServe() {
 			}))
 		}
 		if l.AutoconfigHTTPS.Enabled {
-			srv := ensureServe(true, config.Port(l.AutoconfigHTTPS.Port, 443), "autoconfig-https")
+			srv := ensureServe(!l.AutoconfigHTTPS.NonTLS, config.Port(l.AutoconfigHTTPS.Port, 443), "autoconfig-https")
 			srv.mux.HandleFunc("/mail/config-v1.1.xml", safeHeaders(autoconfHandle(l)))
 			srv.mux.HandleFunc("/autodiscover/autodiscover.xml", safeHeaders(autodiscoverHandle(l)))
 		}
 		if l.MTASTSHTTPS.Enabled {
-			srv := ensureServe(true, config.Port(l.MTASTSHTTPS.Port, 443), "mtasts-https")
+			srv := ensureServe(!l.AutoconfigHTTPS.NonTLS, config.Port(l.MTASTSHTTPS.Port, 443), "mtasts-https")
 			srv.mux.HandleFunc("/.well-known/mta-sts.txt", safeHeaders(mtastsPolicyHandle))
 		}
 		if l.PprofHTTP.Enabled {