-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(ALL): support MTA-STS #157
Comments
@McPizza0 A suggestion: Use Caddy on a VPS with the on-demand ssl feature. Caddy let's you setup an ASK endpoint to first check your DB or however else you want to verify that this domain is one that UnInbox knows of and is allowed to generate a cert for. If that endpoint responds with a |
Ah super smart @Eckhardt-D ! this would actually solve the whole issue! do we sneak this in before release on friday April 5th? 🤔 |
@McPizza0 Yes with Caddy static file server also very easy to set up. Think it would be possible to set up before Friday, but think mostly the tasks like setting up and securing the VPS, CI/CD? etc. will be the longest. I think the source code could live in a dir here for the Caddyfile example that should be copied to |
this comes in 2 parts:
sending & receiving
for sending:
(easy) we need to instuct users to add another couple of DNS records
(very hard) we need users to create a CNAME record pointing to our MTA-STS template.
mta-sts.userdomain.com needs to be https and serve 1 single text file from a .well-known directory (https://mta-sts.[domain]/.well-known/mta-sts.txt)
we can host the MTS-STS record, but need a way to generate SSL certs for all the user domains that will be pointing to it
maybe best would be a single VPS that we can push domains to and have letsEncrypt generate certs?
The text was updated successfully, but these errors were encountered: