Remove technical subdomains from MTA-STS policies and TLS records (closes #429)

2025-11-09 21:31:12 +08:00 · 2024-05-23 14:47:50 +02:00 · 2024-05-23 14:47:50 +02:00 · f366dc3fd3
commit f366dc3fd3
parent d52180dcf1
2 changed files with 12 additions and 6 deletions
--- a/crates/common/src/config/smtp/resolver.rs
+++ b/crates/common/src/config/smtp/resolver.rs
@ -308,11 +308,13 @@ impl Policy {
 impl Core {
    pub fn build_mta_sts_policy(&self) -> Option<Policy> {
-        self.smtp
+        self.smtp.session.mta_sts_policy.clone().and_then(|policy| {
-            .session
+            policy.try_build(self.tls.certificates.load().keys().filter(|key| {
-            .mta_sts_policy
+                !key.starts_with("mta-sts.")
-            .clone()
+                    && !key.starts_with("autoconfig.")
-            .and_then(|policy| policy.try_build(self.tls.certificates.load().keys()))
+                    && !key.starts_with("autodiscover.")
            }))
        })
    }
 }
--- a/crates/jmap/src/api/management/domain.rs
+++ b/crates/jmap/src/api/management/domain.rs
@ -297,7 +297,11 @@ impl JMAP {
        // Add TLSA records
        for (name, key) in self.core.tls.certificates.load().iter() {
-            if !name.ends_with(domain_name) {
+            if !name.ends_with(domain_name)
                || name.starts_with("mta-sts.")
                || name.starts_with("autoconfig.")
                || name.starts_with("autodiscover.")
            {
                continue;
            }