Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(ALL): support MTA-STS #157

Open
McPizza0 opened this issue Mar 21, 2024 · 3 comments · May be fixed by #211
Open

feat(ALL): support MTA-STS #157

McPizza0 opened this issue Mar 21, 2024 · 3 comments · May be fixed by #211
Assignees
@BlankParticle
Labels
backlog these issues would not be addressed until a certain checkpoint is reached feature request Year 1 something we'll try to do in year 1

Comments

@McPizza0
Copy link
Member

this comes in 2 parts:

sending & receiving

for sending:

(easy) we need to instuct users to add another couple of DNS records
(very hard) we need users to create a CNAME record pointing to our MTA-STS template.

mta-sts.userdomain.com needs to be https and serve 1 single text file from a .well-known directory (https://mta-sts.[domain]/.well-known/mta-sts.txt)

we can host the MTS-STS record, but need a way to generate SSL certs for all the user domains that will be pointing to it

maybe best would be a single VPS that we can push domains to and have letsEncrypt generate certs?
@McPizza0 McPizza0 added backlog these issues would not be addressed until a certain checkpoint is reached feature request Year 1 something we'll try to do in year 1 labels Mar 21, 2024
@Eckhardt-D
Copy link

@McPizza0 A suggestion:

Use Caddy on a VPS with the on-demand ssl feature. Caddy let's you setup an ASK endpoint to first check your DB or however else you want to verify that this domain is one that UnInbox knows of and is allowed to generate a cert for. If that endpoint responds with a 200 then the cert will be generated for it.

@McPizza0
Copy link
Member Author

McPizza0 commented Apr 2, 2024

Ah super smart @Eckhardt-D !

this would actually solve the whole issue!
and the VPS can just host and serve the file since its the same for all users

do we sneak this in before release on friday April 5th? 🤔

@Eckhardt-D
Copy link

@McPizza0 Yes with Caddy static file server also very easy to set up. Think it would be possible to set up before Friday, but think mostly the tasks like setting up and securing the VPS, CI/CD? etc. will be the longest. I think the source code could live in a dir here for the Caddyfile example that should be copied to /etc/caddy/Caddyfile also the little server that will run for the ask endpoint. That would need to connect to the DB probably for verification.

@BlankParticle BlankParticle linked a pull request Apr 2, 2024 that will close this issue
Draft
16 tasks
@BlankParticle BlankParticle self-assigned this Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BlankParticle BlankParticle

Labels
backlog these issues would not be addressed until a certain checkpoint is reached feature request Year 1 something we'll try to do in year 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: mta-sts support un/inbox
3 participants
@McPizza0 @Eckhardt-D @BlankParticle