Closed lmeunier closed 4 months ago
The default config enables a "host tlsrpt" setting to accept TLS reports aimed at the host. See https://www.xmox.nl/config/#cfg-mox-conf-HostTLSRPT
While implementing TLS reporting, it confused me quite a bit. TLS reporting is written with/for MTA-STS. MTA-STS protects recipient domains. TLS reporting can also report on DANE TLS connectivity. DANE protects MX hosts. So I went down the rabbit hole of "TLS reporting for hosts"... Also see https://mailarchive.ietf.org/arch/msg/uta/F7m4BAnILJB6HmmAPs6rAtvcD-w/
In general, TLS reporting for MX hosts can be useful, regardless of the question of recipient domain vs MX host: Email to postmaster@
So I'm not so sure my implementation of TLS reports towards MX hosts about recipient domains is a great idea, the generated configuration is intentional, and mox should be accepting reports sent to that address.
Thanks for your response.
In general, TLS reporting for MX hosts can be useful, regardless of the question of recipient domain vs MX host: Email to postmaster@ will be delivered with TLS too, and reporting on it can be useful.
I agree with you. A TLSRPT record for MX hosts (ftth4.example.com
in my case) is useful.
My question was more about the email address defined in the mailto
TLSRPT record for the MX host. As ftth4.example.com
is not listed in the domains managed by mox (not present in the domains.conf
file), I expect that emails send to the domain ftth4.example.com
will be rejected by mox (with a permanent error 550 5.1.1 not accepting email for domain
).
I just tested it and ... it seems I was wrong and mox also accepts emails for the domain ftth4.example.com
. So everything seems to be fine (I should have tested before opening this issue, my bad).
It was not obvious to me that mox also accepts emails for the domain corresponding to the MX host.
Mox version :
Mox config files are initialized with this command :
In the "DNS records to add" section, I was asked to add to following DNS record:
Shouldn't the rua email address be tls-reports@infra.example.com instead of tls-reports@ftth4.example.com ? As there is no
MX
record forftth4.example.com
and the domainftth4.example.com
is not listed in the domains managed by mox, emails sent to tls-reports@ftth4.example.com will always be rejected.