Skip to content
Snippets Groups Projects
Unverified Commit 097319fe authored by Snawoot's avatar Snawoot Committed by GitHub
Browse files

Merge pull request #111 from wietse-postfix/tlsrpt

Minimal support for TLSRPT in Postfix 3.10 and later
parents 3f685799 4044b872
Branches
Tags
No related merge requests found
......@@ -2,6 +2,7 @@ host: 127.0.0.1
port: 8461
reuse_port: true
shutdown_timeout: 20
# tlsrpt: true
cache:
type: internal
options:
......
......@@ -2,6 +2,7 @@ host: 127.0.0.1
port: 8461
reuse_port: true
shutdown_timeout: 20
# tlsrpt: true
cache:
type: postgres
options:
......
......@@ -2,6 +2,7 @@ host: 127.0.0.1
port: 8461
reuse_port: true
shutdown_timeout: 20
# tlsrpt: true
cache:
type: redis
options:
......
......@@ -2,6 +2,7 @@ host: 127.0.0.1
port: 8461
reuse_port: true
shutdown_timeout: 20
# tlsrpt: true
cache:
type: redis_sentinel
options:
......
......@@ -2,6 +2,7 @@ host: 127.0.0.1
port: 8461
reuse_port: true
shutdown_timeout: 20
# tlsrpt: true
cache:
type: sqlite
options:
......
path: "/var/run/mta-sts.sock"
mode: 0666
shutdown_timeout: 20
# tlsrpt: true
cache:
type: sqlite
options:
......
......@@ -30,6 +30,8 @@ The file is in YAML syntax with the following elements:
*shutdown_timeout*: (_float_) time limit granted to existing client sessions for finishing when server stops. Default: 20
*tlsrpt*: (_bool_) include response attributes for TLSRPT support (Postfix 3.10 and later). Default: false
*cache*::
* *type*: (_str_: _internal_|_sqlite_|_redis_|_redis_sentinel_|postgres) cache backend type. Default: internal
......
......@@ -4,6 +4,7 @@ HOST = "127.0.0.1"
PORT = 8461
REUSE_PORT = True
TIMEOUT = 4
TLSRPT = False
SHUTDOWN_TIMEOUT = 20
STRICT_TESTING = False
CONFIG_LOCATION = "/etc/mta-sts-daemon.yml"
......
......@@ -33,6 +33,7 @@ class STSSocketmapResponder:
self._port = cfg['port']
self._reuse_port = cfg['reuse_port']
self._shutdown_timeout = cfg['shutdown_timeout']
self._tlsrpt = cfg['tlsrpt']
self._grace = cfg['cache_grace']
# Construct configurations and resolvers for every socketmap name
......@@ -225,6 +226,8 @@ class STSSocketmapResponder:
resp = "OK secure match=" + ":".join(mxlist)
if zone_cfg.require_sni:
resp += " servername=hostname"
if self._tlsrpt:
resp += " policy_type=sts policy_domain=" + domain
return netstring.encode(resp.encode('utf-8'))
else:
return netstring.encode(b'NOTFOUND ')
......
......@@ -87,6 +87,7 @@ def populate_cfg_defaults(cfg):
cfg['reuse_port'] = cfg.get('reuse_port', defaults.REUSE_PORT)
cfg['shutdown_timeout'] = cfg.get('shutdown_timeout',
defaults.SHUTDOWN_TIMEOUT)
cfg['tlsrpt'] = cfg.get('tlsrpt', defaults.TLSRPT)
cfg['cache_grace'] = cfg.get('cache_grace', defaults.CACHE_GRACE)
if 'proactive_policy_fetching' not in cfg:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment