mirror of
https://github.com/mjl-/mox.git
synced 2025-07-10 07:14:40 +03:00
better handling of outgoing tls reports to recipient domains vs hosts
based on discussion on uta mailing list. it seems the intention of the tlsrpt is to only send reports to recipient domains. but i was able to interpret the tlsrpt rfc as sending reports to mx hosts too ("policy domain", and because it makes sense given how DANE works per MX host, not recipient domain). this change makes the behaviour of outgoing reports to recipient domains work more in line with expectations most folks may have about tls reporting (i.e. also include per-mx host tlsa policies in the report). this also keeps reports to mx hosts working, and makes them more useful by including the recipient domains of affected deliveries.
This commit is contained in:
@ -570,14 +570,24 @@ describe-static" and "mox config describe-domains":
|
||||
# DMARC evaluations are sent to domains if their DMARC policy requests them.
|
||||
# Reports are sent at whole hours, with a minimum of 1 hour and maximum of 24
|
||||
# hours, rounded up so a whole number of intervals cover 24 hours, aligned at
|
||||
# whole days in UTC. (optional)
|
||||
# whole days in UTC. Reports are sent from the postmaster@<mailhostname> address.
|
||||
# (optional)
|
||||
NoOutgoingDMARCReports: false
|
||||
|
||||
# Do not send TLS reports. By default, reports about successful and failed SMTP
|
||||
# STARTTLS connections are sent to domains if their TLSRPT DNS record requests
|
||||
# them. Reports covering a 24 hour UTC interval are sent daily. (optional)
|
||||
# Do not send TLS reports. By default, reports about failed SMTP STARTTLS
|
||||
# connections and related MTA-STS/DANE policies are sent to domains if their
|
||||
# TLSRPT DNS record requests them. Reports covering a 24 hour UTC interval are
|
||||
# sent daily. Reports are sent from the postmaster address of the configured
|
||||
# domain the mailhostname is in. If there is no such domain, or it does not have
|
||||
# DKIM configured, no reports are sent. (optional)
|
||||
NoOutgoingTLSReports: false
|
||||
|
||||
# Also send TLS reports if there were no SMTP STARTTLS connection failures. By
|
||||
# default, reports are only sent when at least one failure occurred. If a report
|
||||
# is sent, it does always include the successful connection counts as well.
|
||||
# (optional)
|
||||
OutgoingTLSReportsForAllSuccess: false
|
||||
|
||||
# domains.conf
|
||||
|
||||
# NOTE: This config file is in 'sconf' format. Indent with tabs. Comments must be
|
||||
|
Reference in New Issue
Block a user