Last active
December 13, 2024 04:38
-
-
Save dotysan/5ca9bee46425d1b3af47319801e6692c to your computer and use it in GitHub Desktop.
CloudFlare Worker for MTA-STS policy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // const mode = 'testing'; | |
| const mode = 'enforce'; | |
| // const max_age = 86400; // 1 day | |
| const max_age = 604800; // 1 week | |
| const mx_list = [ | |
| 'aspmx.l.google.com', | |
| 'alt1.aspmx.l.google.com', | |
| 'alt2.aspmx.l.google.com', | |
| 'alt3.aspmx.l.google.com', | |
| 'alt4.aspmx.l.google.com', | |
| ]; | |
| const sts = `version: STSv1 | |
| mode: ${mode} | |
| ${mx_list.map(i=> 'mx: '+ i).join('\n')} | |
| max_age: ${max_age}`; | |
| export default{ | |
| async fetch() { | |
| return new Response(sts); | |
| }, | |
| }; |
Thanks a lot @dotysan!
I had to adjust the mx_list slightly:
const mode = 'testing';
// const mode = 'enforce';
const max_age = 604800; // 1 week
const mx_list = [
'aspmx.l.google.com',
'alt1.aspmx.l.google.com',
'alt2.aspmx.l.google.com',
'alt3.aspmx.l.google.com',
'alt4.aspmx.l.google.com'
];
const sts = `version: STSv1
mode: ${mode}
${mx_list.map(i=> 'mx: '+i).join('\n')}
max_age: ${max_age}`;
addEventListener('fetch', evt=> {
return evt.respondWith(new Response(sts));
});And add an A record to be able to route the traffic to this worker:
- Type: A
- Name: mta-sts
- IPv4 address: 192.0.2.1
- Proxy status: On (this is important!)
- TTL: Auto
I had to adjust the
mx_listslightly:
Yep. My original example was on a really old Google Workplace account. I just pushed some more modern/simple updates.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Don't forget to add the route to this worker: https://[example.com]/.well-known/mta-sts.txt