Last active
October 9, 2025 00:45
-
-
Save dotysan/5ca9bee46425d1b3af47319801e6692c to your computer and use it in GitHub Desktop.
CloudFlare Worker for MTA-STS policy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // const mode = 'testing'; | |
| const mode = 'enforce'; | |
| // const max_age = 86400; // 1 day | |
| const max_age = 604800; // 1 week | |
| const mx_list = [ | |
| 'aspmx.l.google.com', | |
| 'alt1.aspmx.l.google.com', | |
| 'alt2.aspmx.l.google.com', | |
| 'alt3.aspmx.l.google.com', | |
| 'alt4.aspmx.l.google.com', | |
| ]; | |
| const sts = `version: STSv1 | |
| mode: ${mode} | |
| ${mx_list.map(i=> 'mx: '+ i).join('\n')} | |
| max_age: ${max_age}`; | |
| export default{ | |
| async fetch() { | |
| return new Response(sts); | |
| }, | |
| }; |
Author
I had to adjust the
mx_listslightly:
Yep. My original example was on a really old Google Workplace account. I just pushed some more modern/simple updates.
Author
And add an A record to be able to route the traffic to this worker:
- Type: A
- Name: mta-sts
- IPv4 address: 192.0.2.1
- Proxy status: On (this is important!)
- TTL: Auto
To be clear, you don't need an A record. And this could be dangerous.
Just use a route instead. mta-sts.*/.well-known/mta-sts.txt
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks a lot @dotysan!
I had to adjust the
mx_listslightly:And add an A record to be able to route the traffic to this worker: