Documentation ¶
Overview ¶
Package tlsrptdb stores reports from "SMTP TLS Reporting" in its database.
Index ¶
- Variables
- func AddReport(ctx context.Context, log mlog.Log, verifiedFromDomain dns.Domain, ...) error
- func AddTLSResults(ctx context.Context, results []TLSResult) error
- func Close()
- func Init() error
- func RemoveResultsPolicyDomain(ctx context.Context, policyDomain dns.Domain, dayUTC string) error
- func RemoveResultsRecipientDomain(ctx context.Context, recipientDomain dns.Domain, dayUTC string) error
- func SuppressAdd(ctx context.Context, ba *TLSRPTSuppressAddress) error
- func SuppressRemove(ctx context.Context, id int64) error
- func SuppressUpdate(ctx context.Context, id int64, until time.Time) error
- type TLSRPTSuppressAddress
- type TLSReportRecord
- type TLSResult
Constants ¶
This section is empty.
Variables ¶
var ( ReportDBTypes = []any{TLSReportRecord{}} ReportDB *bstore.DB // Accessed directly by tlsrptsend. ResultDBTypes = []any{TLSResult{}, TLSRPTSuppressAddress{}} ResultDB *bstore.DB )
Functions ¶
func AddReport ¶
func AddReport(ctx context.Context, log mlog.Log, verifiedFromDomain dns.Domain, mailFrom string, hostReport bool, r *tlsrpt.Report) error
AddReport adds a TLS report to the database.
The report should have come in over SMTP, with a DKIM-validated verifiedFromDomain. Using HTTPS for reports is not recommended as there is no authentication on the reports origin.
The report is currently required to only cover a single domain in its policy domain. Only reports for known domains are added to the database.
Prometheus metrics are updated only for configured domains.
func AddTLSResults ¶ added in v0.0.8
AddTLSResults adds or merges all tls results for delivering to a policy domain, on its UTC day to a recipient domain to the database. Results may cause multiple separate reports to be sent.
func RemoveResultsPolicyDomain ¶ added in v0.0.8
RemoveResultsPolicyDomain removes all TLSResults for the policy domain on the day from the database.
func RemoveResultsRecipientDomain ¶ added in v0.0.8
func RemoveResultsRecipientDomain(ctx context.Context, recipientDomain dns.Domain, dayUTC string) error
RemoveResultsRecipientDomain removes all TLSResults for the recipient domain on the day from the database.
func SuppressAdd ¶ added in v0.0.8
func SuppressAdd(ctx context.Context, ba *TLSRPTSuppressAddress) error
SuppressAdd adds an address to the suppress list.
func SuppressRemove ¶ added in v0.0.8
SuppressRemove removes a reporting address record from the suppress list.
Types ¶
type TLSRPTSuppressAddress ¶ added in v0.0.8
type TLSRPTSuppressAddress struct { ID int64 Inserted time.Time `bstore:"default now"` ReportingAddress string `bstore:"unique"` Until time.Time `bstore:"nonzero"` Comment string }
TLSRPTSuppressAddress is a reporting address for which outgoing TLS reports will be suppressed for a period.
func SuppressList ¶ added in v0.0.8
func SuppressList(ctx context.Context) ([]TLSRPTSuppressAddress, error)
SuppressList returns all reporting addresses on the suppress list.
type TLSReportRecord ¶
type TLSReportRecord struct { ID int64 `bstore:"typename Record"` Domain string `bstore:"index"` // Policy domain to which the TLS report applies. Unicode. FromDomain string MailFrom string HostReport bool // Report for host TLSRPT record, as opposed to domain TLSRPT record. Report tlsrpt.Report }
TLSReportRecord is a TLS report as a database record, including information about the sender.
todo: should be named just Record, but it would cause a sherpa type name conflict.
func RecordID ¶
func RecordID(ctx context.Context, id int64) (TLSReportRecord, error)
RecordID returns the report for the ID.
func Records ¶
func Records(ctx context.Context) ([]TLSReportRecord, error)
Records returns all TLS reports in the database.
func RecordsPeriodDomain ¶
func RecordsPeriodDomain(ctx context.Context, start, end time.Time, policyDomain dns.Domain) ([]TLSReportRecord, error)
RecordsPeriodPolicyDomain returns the reports overlapping start and end, for the given policy domain. If policy domain is empty, records for all domains are returned.
type TLSResult ¶ added in v0.0.8
type TLSResult struct { ID int64 // Domain potentially with TLSRPT DNS record, with addresses that will receive // reports. Either a recipient domain (for MTA-STS policies) or an (MX) host (for // DANE policies). Unicode. PolicyDomain string `bstore:"unique PolicyDomain+DayUTC+RecipientDomain,nonzero"` // DayUTC is of the form yyyymmdd. DayUTC string `bstore:"nonzero"` // Reports are sent per recipient domain and per MX host. For reports to a // recipient domain, we type send a result for MTA-STS and one or more MX host // (DANE) results. Unicode. RecipientDomain string `bstore:"index,nonzero"` Created time.Time `bstore:"default now"` Updated time.Time `bstore:"default now"` IsHost bool // Result is for MX host (DANE), not recipient domain (MTA-STS). // Whether to send a report. TLS results for delivering messages with TLS reports // will be recorded, but will not cause a report to be sent. SendReport bool // Set after sending to recipient domain, before sending results to policy domain // (after which the record is removed). SentToRecipientDomain bool // Reporting addresses from the recipient domain TLSRPT record, not necessarily // those we sent to (e.g. due to failure). Used to leave results to MX target // (DANE) policy domains out that were already sent in the report to the recipient // domain, so we don't report twice. RecipientDomainReportingAddresses []string // Set after sending report to policy domain. SentToPolicyDomain bool // Results is updated for each TLS attempt. Results []tlsrpt.Result }
TLSResult is stored in the database to track TLS results per policy domain, day and recipient domain. These records will be included in TLS reports.
func Results ¶ added in v0.0.8
Results returns all TLS results in the database, for all policy domains each with potentially multiple days. Sorted by RecipientDomain and day.
func ResultsPolicyDomain ¶ added in v0.0.8
ResultsDomain returns all TLSResults for a policy domain, potentially for multiple days.