From 11701a67c80653ebbf4a7b5345417cb39008422b Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Wed, 11 Nov 2020 11:41:06 +0100 Subject: [PATCH] dns: deploy MTA-STS --- bundles/nginx/files/site_template | 4 ++++ bundles/nginx/metadata.py | 2 +- data/powerdns/files/bind-zones/felix-kunsmann.de | 2 -- data/powerdns/files/bind-zones/franzi.business | 8 ++++++-- data/powerdns/files/bind-zones/kunbox.net | 8 +++++--- data/powerdns/files/bind-zones/kunsmann.eu | 8 ++++++-- data/powerdns/files/bind-zones/trans-agenda.eu | 7 +++++++ nodes/htz/ex42-1048908.py | 9 +++++++++ 8 files changed, 38 insertions(+), 10 deletions(-) diff --git a/bundles/nginx/files/site_template b/bundles/nginx/files/site_template index 1c3e8b5..ab755c3 100644 --- a/bundles/nginx/files/site_template +++ b/bundles/nginx/files/site_template @@ -1,5 +1,9 @@ server { +% if domain_aliases: + server_name ${domain} ${' '.join(sorted(domain_aliases))}; +% else: server_name ${domain}; +% endif root ${webroot if webroot else '/var/www/{}/'.format(vhost)}; index ${' '.join(index)}; diff --git a/bundles/nginx/metadata.py b/bundles/nginx/metadata.py index d10cc1d..f9ccaaf 100644 --- a/bundles/nginx/metadata.py +++ b/bundles/nginx/metadata.py @@ -48,7 +48,7 @@ def letsencrypt(metadata): for vhost, config in metadata.get('nginx/vhosts', {}).items(): domain = config.get('domain', vhost) - domains[domain] = set() + domains[domain] = config.get('domain_aliases', set()) return { 'letsencrypt': { diff --git a/data/powerdns/files/bind-zones/felix-kunsmann.de b/data/powerdns/files/bind-zones/felix-kunsmann.de index a766f26..46f6cca 100644 --- a/data/powerdns/files/bind-zones/felix-kunsmann.de +++ b/data/powerdns/files/bind-zones/felix-kunsmann.de @@ -3,5 +3,3 @@ ${header} $ORIGIN felix-kunsmann.de. @ IN MX 10 mx0.kunbox.net. - -_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net" diff --git a/data/powerdns/files/bind-zones/franzi.business b/data/powerdns/files/bind-zones/franzi.business index 036c92f..a5c2a3b 100644 --- a/data/powerdns/files/bind-zones/franzi.business +++ b/data/powerdns/files/bind-zones/franzi.business @@ -16,6 +16,9 @@ dimension IN AAAA 2a01:4f8:10b:2a5f::2 matrix IN A 94.130.52.224 matrix IN AAAA 2a01:4f8:10b:2a5f::2 +mta-sts IN A 94.130.52.224 +mta-sts IN AAAA 2a01:4f8:10b:2a5f::2 + sewfile IN A 116.203.205.248 IN AAAA 2a01:4f8:c0c:c71b::1 IN TXT "v=spf1 a mx ~all" @@ -31,7 +34,8 @@ wiki IN AAAA 2a01:4f8:10b:2a5f::2 _matrix._tcp IN SRV 10 10 8448 matrix -2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB" _dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@kunsmann.eu; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" -_token._dnswl IN TXT "gg3mbwjx9bbuo5osvhq7oz6bc881wcmc" +_mta-sts IN TXT "v=STSv1;id=20201111;" _smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net" +_token._dnswl IN TXT "gg3mbwjx9bbuo5osvh7oz6bc881wcmc" +2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB" diff --git a/data/powerdns/files/bind-zones/kunbox.net b/data/powerdns/files/bind-zones/kunbox.net index b1c5606..40de748 100644 --- a/data/powerdns/files/bind-zones/kunbox.net +++ b/data/powerdns/files/bind-zones/kunbox.net @@ -12,6 +12,8 @@ $ORIGIN kunbox.net. ; Mail servers mx0 IN A 94.130.52.224 IN AAAA 2a01:4f8:10b:2a5f::2 +mta-sts.mx0 IN CNAME mx0 +mta-sts.mx0 IN CNAME mx0 postfixadmin.mx0 IN CNAME mx0 rspamd.mx0 IN CNAME mx0 webmail.mx0 IN CNAME mx0 @@ -25,11 +27,11 @@ ns-3 IN A 35.228.143.71 ${record} % endfor -2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB" _dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@kunsmann.eu; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" +_mta-sts IN TXT "v=STSv1;id=20201111;" +_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net" _token._dnswl IN TXT "6akc10htbgmg56e072w0w2n0wql4oezu" -_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net" - +2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB" f2k1.de._report._dmarc IN TXT "v=DMARC1" franzi.business._report._dmarc IN TXT "v=DMARC1" kunsmann.eu._report._dmarc IN TXT "v=DMARC1" diff --git a/data/powerdns/files/bind-zones/kunsmann.eu b/data/powerdns/files/bind-zones/kunsmann.eu index a608bf5..0673eea 100644 --- a/data/powerdns/files/bind-zones/kunsmann.eu +++ b/data/powerdns/files/bind-zones/kunsmann.eu @@ -16,6 +16,9 @@ git IN AAAA 2a01:4f8:10b:2a5f::2 jenkins IN A 94.130.52.224 jenkins IN AAAA 2a01:4f8:10b:2a5f::2 +mta-sts IN A 94.130.52.224 +mta-sts IN AAAA 2a01:4f8:10b:2a5f::2 + luther-ps IN CNAME luther.htz-cloud.kunbox.net. paste IN A 94.130.52.224 @@ -24,7 +27,8 @@ paste IN AAAA 2a01:4f8:10b:2a5f::2 rss IN A 94.130.52.224 rss IN AAAA 2a01:4f8:10b:2a5f::2 -2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB" _dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@kunsmann.eu; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" -_token._dnswl IN TXT "5mx0rv9ru8s1zz4tf4xlt48osh09czmg" +_mta-sts IN TXT "v=STSv1;id=20201111;" _smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net" +_token._dnswl IN TXT "5mx0rv9ru8s1zz4tf4xlt48osh09czmg" +2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB" diff --git a/data/powerdns/files/bind-zones/trans-agenda.eu b/data/powerdns/files/bind-zones/trans-agenda.eu index b918ae1..b47e135 100644 --- a/data/powerdns/files/bind-zones/trans-agenda.eu +++ b/data/powerdns/files/bind-zones/trans-agenda.eu @@ -5,7 +5,14 @@ $ORIGIN trans-agenda.eu. @ IN MX 10 mx0.kunbox.net. IN TXT "v=spf1 a mx ~all" +mta-sts IN A 94.130.52.224 +mta-sts IN AAAA 2a01:4f8:10b:2a5f::2 + part.of.the IN A 94.130.52.224 part.of.the IN AAAA 2a01:4f8:10b:2a5f::2 +_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@kunsmann.eu; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" +_mta-sts IN TXT "v=STSv1;id=20201111;" _smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net" +_token._dnswl IN TXT "5mx0rv9ru8s1zz4tf4xlt48osh09czmg" +2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB" diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py index 182557c..4af4f29 100644 --- a/nodes/htz/ex42-1048908.py +++ b/nodes/htz/ex42-1048908.py @@ -186,6 +186,15 @@ nodes['htz.ex42-1048908'] = { 'matrix.franzi.business': { 'extras': True, }, + 'mta-sts': { + 'domain': 'mta-sts.mx0.kunbox.net', + 'domain_aliases': { + 'mta-sts.franzi.business', + 'mta-sts.kunbox.net', + 'mta-sts.kunsmann.eu', + 'mta-sts.trans-agenda.eu', + }, + }, 'paste.kunsmann.eu': { 'webroot_config': { 'owner': 'kunsi',