infrastructure/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2025-07-12 17:04:39 +03:00
Code Issues Packages Projects Releases Wiki Activity

add suppression list for outgoing dmarc and tls reports

Browse Source 
for reporting addresses that cause DSNs to be returned. that just adds noise.
the admin can add/remove/extend addresses through the webadmin.

in the future, we could send reports with a smtp mail from of
"postmaster+<signed-encoded-recipient>@...", and add the reporting recipient
on the suppression list automatically when a DSN comes in on that address, but
for now this will probably do.
This commit is contained in:
Mechiel Lukkien
2023-11-13 13:48:52 +01:00
parent 6ce69d5425
commit e24e1bee19
12 changed files with 697 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
tlsrptsend/send.go
View File

@ -441,6 +441,19 @@ Period: %s - %s UTC
msgSize := int64(len(msgPrefix)) + msgInfo.Size()
for _, rcpt := range recipients {
// If recipient is on suppression list, we won't queue the reporting message.
q := bstore.QueryDB[tlsrptdb.TLSRPTSuppressAddress](ctx, db)
q.FilterNonzero(tlsrptdb.TLSRPTSuppressAddress{ReportingAddress: rcpt.Address.Path().String()})
q.FilterGreater("Until", time.Now())
exists, err := q.Exists()
if err != nil {
return false, fmt.Errorf("querying suppress list: %v", err)
}
if exists {
log.Info("suppressing outgoing tls report", mlog.Field("reportingaddress", rcpt.Address))
continue
}
qm := queue.MakeMsg(mox.Conf.Static.Postmaster.Account, from.Path(), rcpt.Address.Path(), has8bit, smtputf8, msgSize, messageID, []byte(msgPrefix), nil)
// Don't try as long as regular deliveries, and stop before we would send the
// delayed DSN. Though we also won't send that due to IsTLSReport.
@ -451,7 +464,7 @@ Period: %s - %s UTC
no := false
qm.RequireTLS = &no
err := queueAdd(ctx, log, &qm, msgf)
err = queueAdd(ctx, log, &qm, msgf)
if err != nil {
tempError = true
log.Errorx("queueing message with tls report", err)

10
tlsrptsend/send_test.go
View File

@ -381,4 +381,14 @@ func TestSendReports(t *testing.T) {
"tls-reports3@mailhost.sender.example": report2,
}
test(tlsResults, expReports)
db.Insert(ctxbg,
&tlsrptdb.TLSRPTSuppressAddress{ReportingAddress: "tls-reports@sender.example", Until: time.Now().Add(-time.Minute)}, // Expired, so ignored.
&tlsrptdb.TLSRPTSuppressAddress{ReportingAddress: "tls-reports1@mailhost.sender.example", Until: time.Now().Add(time.Minute)}, // Still valid.
&tlsrptdb.TLSRPTSuppressAddress{ReportingAddress: "tls-reports3@mailhost.sender.example", Until: time.Now().Add(31 * 24 * time.Hour)}, // Still valid.
)
test(tlsResults, map[string]tlsrpt.Report{
"tls-reports@sender.example": report1,
"tls-reports2@mailhost.sender.example": report2,
})
}