[enhancement]: autoconfig, autodiscover, mta-sts

[marcoxyz123]

What happened?

DANE TLSA is not only for port 25. It is even for webpages or any service on TLS who can benefit from DANE TLS security. Ex.: https://wiki.mozilla.org/Security/DNSSEC-TLS-details

The DNS configuration page in webadmin shows:

TLSA _25._tcp.autodiscover.domain.com. X Y Z

It shoud be alligned to the listener and MX record entry

So it should be:

TLSA _443._tcp.autodiscover.domain.com. X Y Z TLSA _443._tcp.autoconfig.domain.com. X Y Z TLSA _443._tcp.mta-sts.domain.com. X Y Z

And

TLSA _993._tcp.mail.domain.com. X Y Z TLSA _465._tcp.mail.domain.com. X Y Z TLSA _587._tcp.mail.domain.com. X Y Z

If there would be a possibility to define on the listener even the hostname (https defaults to autodiscover, autoconfig, mta-sts, the admin page is default the hostname but shold be editable. imap, submission and submissions like defaults to imap, imaps, smtp), than for the default ACME Provider (letsencrypt) the Subject names are the listener names. In the TLS certificate section could be a dropdown to specify the certificate for the specific listener name.

Best Regards, Marco

How can we reproduce the problem?

I can reproduce the problem by doing the following steps:

Version

v0.7.x

What database are you using?

None

What blob storage are you using?

None

Where is your directory located?

None

What operating system are you using?

None

Relevant log output

No response

Code of Conduct

• [X] I agree to follow this project's Code of Conduct