infrastructure/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2025-07-12 10:24:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

better handling of outgoing tls reports to recipient domains vs hosts

Browse Source 
based on discussion on uta mailing list. it seems the intention of the tlsrpt
is to only send reports to recipient domains. but i was able to interpret the
tlsrpt rfc as sending reports to mx hosts too ("policy domain", and because it
makes sense given how DANE works per MX host, not recipient domain). this
change makes the behaviour of outgoing reports to recipient domains work more
in line with expectations most folks may have about tls reporting (i.e. also
include per-mx host tlsa policies in the report). this also keeps reports to mx
hosts working, and makes them more useful by including the recipient domains of
affected deliveries.
This commit is contained in:
Mechiel Lukkien
2023-11-20 11:31:46 +01:00
parent e5f77a0411
commit 73a2a09711
8 changed files with 466 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
webadmin/admin.go
View File

@ -2069,10 +2069,15 @@ func (Admin) TLSRPTResults(ctx context.Context) []tlsrptdb.TLSResult {
}
// TLSRPTResultsPolicyDomain returns the TLS results for a domain.
func (Admin) TLSRPTResultsPolicyDomain(ctx context.Context, policyDomain string) (dns.Domain, []tlsrptdb.TLSResult) {
func (Admin) TLSRPTResultsDomain(ctx context.Context, isRcptDom bool, policyDomain string) (dns.Domain, []tlsrptdb.TLSResult) {
dom, err := dns.ParseDomain(policyDomain)
xcheckf(ctx, err, "parsing domain")
if isRcptDom {
results, err := tlsrptdb.ResultsRecipientDomain(ctx, dom)
xcheckf(ctx, err, "get result for recipient domain")
return dom, results
}
results, err := tlsrptdb.ResultsPolicyDomain(ctx, dom)
xcheckf(ctx, err, "get result for policy domain")
return dom, results
@ -2101,12 +2106,17 @@ func (Admin) LookupTLSRPTRecord(ctx context.Context, domain string) (record *TLS
// TLSRPTRemoveResults removes the TLS results for a domain for the given day. If
// day is empty, all results are removed.
func (Admin) TLSRPTRemoveResults(ctx context.Context, domain string, day string) {
func (Admin) TLSRPTRemoveResults(ctx context.Context, isRcptDom bool, domain string, day string) {
dom, err := dns.ParseDomain(domain)
xcheckf(ctx, err, "parsing domain")
err = tlsrptdb.RemoveResultsPolicyDomain(ctx, dom, day)
xcheckf(ctx, err, "removing tls results")
if isRcptDom {
err = tlsrptdb.RemoveResultsRecipientDomain(ctx, dom, day)
xcheckf(ctx, err, "removing tls results")
} else {
err = tlsrptdb.RemoveResultsPolicyDomain(ctx, dom, day)
xcheckf(ctx, err, "removing tls results")
}
}
// TLSRPTSuppressAdd adds a reporting address to the suppress list. Outgoing