Commit 88abf6ce authored by Bastien Durel's avatar Bastien Durel
Browse files

generate mta-sts.txt on the fly from DNS data

parent b19ae5bc
<?php // -*- php -*-
## set minimum TTL
# $ttl = 86400;
## set mode
# $mode = 'enforce';
## restrict domains
# $domains = ['example.com', 'example.met']
<?php
$s = $_SERVER['SERVER_NAME'];
if (strpos($s, 'mta-sts.') !== 0)
throw new Exception("Incorrect HTTP host");
$s = substr($s, 8);
$mode = 'enforce';
$ttl = 0;
# Here we may tweak mode/minimum TTL and restrict domains
if (file_exists('config.inc'))
include_once('config.inc');
if (isset($domains)) {
if (!in_array($s, $domains)) {
http_response_code(403);
die ("Incorrect domain: $s");
}
}
# you use a DNSSEC-enabled resolver, don't you ?
$mx_rr = dns_get_record($s, DNS_MX);
$mx = [];
foreach ($mx_rr as $rr) {
$mx[$rr['pri']] = $rr['target'];
$ttl = max($ttl, $rr['ttl']);
}
rsort($mx);
$mx = array_unique($mx);
header('Content-Type: text/plain');
echo "version: STSv1\n";
echo "mode: $mode\n";
echo "max_age: $ttl\n";
foreach ($mx as $addr) echo "mx: $addr\n";
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment