pf/php: add mta-sts support (outbound) (#6686)

* added mta-sts-resolver into postfix config + daemon * [Web] Add MTA-STS support * [Web] Fix mta-sts server_name * updated .gitignore * [ACME] fetch cert for mta-sts subdomain * [Web] change MTA-STS id to human-readable timestamp * [Web] Remove MTA-STS version STSv2 * [Web] Fix MTA-STS DNS check * [Web] add max_age limit for MTA-STS policy * Added tooltips and info texts to mta-sts webui page * postfix: replace mta-sts-resolver with postfix-tlspol --------- Co-authored-by: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
2026-01-03 20:19:15 +00:00 · 2025-08-26 09:57:05 +02:00
parent af871fdacb
commit c39712af67
18 changed files with 488 additions and 19 deletions
--- a/data/web/mta-sts.php
+++ b/data/web/mta-sts.php
@@ -0,0 +1,30 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+
+if (!isset($_SERVER['HTTP_HOST']) || strpos($_SERVER['HTTP_HOST'], 'mta-sts.') !== 0) {
+  http_response_code(404);
+  exit;
+}
+
+$domain = str_replace('mta-sts.', '', $_SERVER['HTTP_HOST']);
+$mta_sts = mailbox('get', 'mta_sts', $domain);
+
+if (count($mta_sts) == 0 ||
+    !isset($mta_sts['version']) ||
+    !isset($mta_sts['mode']) ||
+    !isset($mta_sts['max_age']) ||
+    !isset($mta_sts['mx']) ||
+    $mta_sts['active'] != 1) {
+  http_response_code(404);
+  exit;
+}
+
+header('Content-Type: text/plain; charset=utf-8');
+echo "version: {$mta_sts['version']}\n";
+echo "mode: {$mta_sts['mode']}\n";
+echo "max_age: {$mta_sts['max_age']}\n";
+foreach ($mta_sts['mx'] as $mx) {
+  echo "mx: {$mx}\n";
+}
+
+?>