mirror of
https://github.com/mjl-/mox.git
synced 2025-06-28 20:18:16 +03:00
8ca198882e
the original next-hop domain. not anything after resolving cname's, because then it takes just a single injected dns cname record to lead us to an unrelated server (that we would verify, but it's the wrong server). also don't fallback to just strict tls when something is wrong. we must use the policy to check if an mx host is allowed. the whole idea is that unsigned dns records cannot be trusted. i noticed this while implementing dane.