_mta-sts TXT DNS record missing

ddavness / power-mailinabox

A Mail-in-a-Box with extra capabilities and more customizability. Not just for power users!

Creative Commons Zero v1.0 Universal

171 stars 32 forks source link

_mta-sts TXT DNS record missing #65

Open nameduser0 opened 2 years ago

nameduser0 commented 2 years ago

I have been puzzled why mta-sts doesn't work. According to this you need:

a _mta-sts TXT record in the format v=STSv1; id=20190101T000000;
an mta-sts A record
a policy file hosted over HTTPS

The _mta-sts TXT record is missing in MIAB.

Validator here

Would you prefer if issues like this were reported to the main MIAB list?

ddavness commented 2 years ago

The _mta-sts policy is only published when all the HTTPS certificates are in order - if the certificate of the mail server is not valid, MIAB will not publish it.

nameduser0 commented 2 years ago

You mean the txt record? Why wouldn't it be listed in the external DNS page like all the others? No mention of it.

ddavness commented 2 years ago

The MTA-STS TXT record is only created when all three conditions here are met:

The domain it refers to has an email user or alias (@example.com).
The certificate for the PRIMARY HOSTNAME is valid (box.example.com).
The certificate for mta-sts.example.com is valid.

https://github.com/ddavness/power-mailinabox/blob/a0d44f3d056408a3aa3d787713fbc3e362545b80/management/dns_update.py#L466-L486

nameduser0 commented 2 years ago

The record should always be visible in the external DNS page. The last criteria is unlikely to be true and is not required for mta-sts when hosted externally.