Documentation ¶
Overview ¶
Package tlsrptdb stores reports from "SMTP TLS Reporting" in its database.
Index ¶
- Variables
- func AddReport(ctx context.Context, log mlog.Log, verifiedFromDomain dns.Domain, ...) error
- func AddTLSResults(ctx context.Context, results []TLSResult) error
- func Close()
- func Init() error
- func RemoveResultsPolicyDomain(ctx context.Context, policyDomain dns.Domain, dayUTC string) error
- func RemoveResultsRecipientDomain(ctx context.Context, recipientDomain dns.Domain, dayUTC string) error
- func SuppressAdd(ctx context.Context, ba *SuppressAddress) error
- func SuppressRemove(ctx context.Context, id int64) error
- func SuppressUpdate(ctx context.Context, id int64, until time.Time) error
- type Record
- type SuppressAddress
- type TLSResult
Constants ¶
This section is empty.
Variables ¶
var ( ReportDBTypes = []any{Record{}} ReportDB *bstore.DB // Accessed directly by tlsrptsend. ResultDBTypes = []any{TLSResult{}, SuppressAddress{}} ResultDB *bstore.DB )
Functions ¶
func AddReport ¶
func AddReport(ctx context.Context, log mlog.Log, verifiedFromDomain dns.Domain, mailFrom string, hostReport bool, r *tlsrpt.Report) error
AddReport adds a TLS report to the database.
The report should have come in over SMTP, with a DKIM-validated verifiedFromDomain. Using HTTPS for reports is not recommended as there is no authentication on the reports origin.
Only reports for known domains are added to the database. Unknown domains are ignored without causing an error, unless no known domain was found in the report at all.
Prometheus metrics are updated only for configured domains.
func AddTLSResults ¶ added in v0.0.8
AddTLSResults adds or merges all tls results for delivering to a policy domain, on its UTC day to a recipient domain to the database. Results may cause multiple separate reports to be sent.
func RemoveResultsPolicyDomain ¶ added in v0.0.8
RemoveResultsPolicyDomain removes all TLSResults for the policy domain on the day from the database.
func RemoveResultsRecipientDomain ¶ added in v0.0.8
func RemoveResultsRecipientDomain(ctx context.Context, recipientDomain dns.Domain, dayUTC string) error
RemoveResultsRecipientDomain removes all TLSResults for the recipient domain on the day from the database.
func SuppressAdd ¶ added in v0.0.8
func SuppressAdd(ctx context.Context, ba *SuppressAddress) error
SuppressAdd adds an address to the suppress list.
func SuppressRemove ¶ added in v0.0.8
SuppressRemove removes a reporting address record from the suppress list.
Types ¶
type Record ¶ added in v0.0.11
type Record struct { ID int64 Domain string `bstore:"index"` // Policy domain to which the TLS report applies. Unicode. FromDomain string MailFrom string HostReport bool // Report for host TLSRPT record, as opposed to domain TLSRPT record. Report tlsrpt.Report }
Record is a TLS report as a database record, including information about the sender.
func RecordsPeriodDomain ¶
func RecordsPeriodDomain(ctx context.Context, start, end time.Time, policyDomain dns.Domain) ([]Record, error)
RecordsPeriodPolicyDomain returns the reports overlapping start and end, for the given policy domain. If policy domain is empty, records for all domains are returned.
type SuppressAddress ¶ added in v0.0.11
type SuppressAddress struct { ID int64 `bstore:"typename TLSRPTSuppressAddress"` Inserted time.Time `bstore:"default now"` ReportingAddress string `bstore:"unique"` Until time.Time `bstore:"nonzero"` Comment string }
SuppressAddress is a reporting address for which outgoing TLS reports will be suppressed for a period.
func SuppressList ¶ added in v0.0.8
func SuppressList(ctx context.Context) ([]SuppressAddress, error)
SuppressList returns all reporting addresses on the suppress list.
type TLSResult ¶ added in v0.0.8
type TLSResult struct { ID int64 // Domain potentially with TLSRPT DNS record, with addresses that will receive // reports. Either a recipient domain (for MTA-STS policies) or an (MX) host (for // DANE policies). Unicode. PolicyDomain string `bstore:"unique PolicyDomain+DayUTC+RecipientDomain,nonzero"` // DayUTC is of the form yyyymmdd. DayUTC string `bstore:"nonzero"` // Reports are sent per recipient domain and per MX host. For reports to a // recipient domain, we type send a result for MTA-STS and one or more MX host // (DANE) results. Unicode. RecipientDomain string `bstore:"index,nonzero"` Created time.Time `bstore:"default now"` Updated time.Time `bstore:"default now"` IsHost bool // Result is for MX host (DANE), not recipient domain (MTA-STS). // Whether to send a report. TLS results for delivering messages with TLS reports // will be recorded, but will not cause a report to be sent. SendReport bool // Set after sending to recipient domain, before sending results to policy domain // (after which the record is removed). SentToRecipientDomain bool // Reporting addresses from the recipient domain TLSRPT record, not necessarily // those we sent to (e.g. due to failure). Used to leave results to MX target // (DANE) policy domains out that were already sent in the report to the recipient // domain, so we don't report twice. RecipientDomainReportingAddresses []string // Set after sending report to policy domain. SentToPolicyDomain bool // Results is updated for each TLS attempt. Results []tlsrpt.Result }
TLSResult is stored in the database to track TLS results per policy domain, day and recipient domain. These records will be included in TLS reports.
func Results ¶ added in v0.0.8
Results returns all TLS results in the database, for all policy domains each with potentially multiple days. Sorted by RecipientDomain and day.
func ResultsPolicyDomain ¶ added in v0.0.8
ResultsDomain returns all TLSResults for a policy domain, potentially for multiple days.