search

stalwartlabs / mail-server

Secure & Modern All-in-One Mail Server (IMAP, JMAP, POP3, SMTP)
https://stalw.art
5.34k stars 224 forks source link

[enhancement]: Remove technical subdomains from default MX patterns for MTA-STS #429

Closed yannikbloscheck closed 6 months ago

yannikbloscheck commented 6 months ago

Which feature or improvement would you like to request?

The default MX patterns used by the MTA-STS get created from the available TLS certificates, but there is one problem with it: I also need to use TLS certificates for the CNAME entries of mta-sts.example.com, autoconfig.example.com and autodiscover.example.com. So I added those to the ACME provider. Therefore by default they also appear in the mta-sts.txt as MX entries. For now I just used the MX patterns override field and that of course works. It might be a good idea though to automatically exclude entries starting with mta-sts., autoconfig. or autodiscover. from that default list.

Is your feature request related to a problem?

No response

Code of Conduct

yannikbloscheck commented 6 months ago

Probably also better remove technical subdomains from the TSLA records

marcoxyz123 commented 6 months ago

The TLSA records should reflect the correct port what they are used for, in this case "443". The missing TLSA records for IMAPS and SMTPs should be added to.