generate mta-sts.txt on the fly from DNS data

88abf6ce · Bastien Durel · b19ae5bc · 88abf6ce · 88abf6ce · 88abf6ce
Commit 88abf6ce authored Aug 24, 2018 by Bastien Durel
--- a/.gitignore
+++ b/.gitignore
 /vendor/
+/config.inc
--- a/config.inc.dist
+++ b/config.inc.dist
+<?php // -*- php -*-
+## set minimum TTL
+# $ttl = 86400;
+## set mode
+# $mode = 'enforce';
+## restrict domains
+# $domains = ['example.com', 'example.met']
--- a/mta-sts.txt.php
+++ b/mta-sts.txt.php
+<?php
+
+$s = $_SERVER['SERVER_NAME'];
+if (strpos($s, 'mta-sts.') !== 0)
+    throw new Exception("Incorrect HTTP host");
+$s = substr($s, 8);
+$mode = 'enforce';
+$ttl = 0;
+# Here we may tweak mode/minimum TTL and restrict domains
+if (file_exists('config.inc'))
+    include_once('config.inc');
+if (isset($domains)) {
+    if (!in_array($s, $domains)) {
+        http_response_code(403);
+        die ("Incorrect domain: $s");
+    }
+}
+# you use a DNSSEC-enabled resolver, don't you ?
+$mx_rr = dns_get_record($s, DNS_MX);
+$mx = [];
+foreach ($mx_rr as $rr) {
+    $mx[$rr['pri']] = $rr['target'];
+    $ttl = max($ttl, $rr['ttl']);
+}
+rsort($mx);
+$mx = array_unique($mx);
+
+header('Content-Type: text/plain');
+echo "version: STSv1\n";
+echo "mode: $mode\n";
+echo "max_age: $ttl\n";
+foreach ($mx as $addr) echo "mx: $addr\n";