Use DEFER_ON_TLS_ERROR here too

We just don't know whether the lookup failed because we are under attack or whether it's a glitch; the safe behaviour is to defer
3 years ago · 9f66e2672b
parent a1da4daa4c
commit 9f66e2672b
2 changed files with 5 additions and 2 deletions
--- a/core/admin/mailu/configuration.py
+++ b/core/admin/mailu/configuration.py
@ -35,6 +35,7 @@ DEFAULT_CONFIG = {
    'WILDCARD_SENDERS': '',
    'TLS_FLAVOR': 'cert',
    'INBOUND_TLS_ENFORCE': False,
+    'DEFER_ON_TLS_ERROR': True,
    'AUTH_RATELIMIT': '1000/minute;10000/hour',
    'AUTH_RATELIMIT_SUBNET': False,
    'DISABLE_STATISTICS': False,
--- a/core/admin/mailu/utils.py
+++ b/core/admin/mailu/utils.py
@ -54,8 +54,10 @@ def has_dane_record(domain, timeout=5):
                    if record.usage in [2,3]: # postfix wants DANE-only
                        return True
    except dns.resolver.NoNameservers:
-        # this could be an attack / a failed DNSSEC lookup
-        return True
+        # If the DNSSEC data is invalid and the DNS resolver is DNSSEC enabled
+        # we will receive this non-specific exception. The safe behaviour is to
+        # accept to defer the email.
+        return app.config['DEFER_ON_TLS_ERROR']
    except:
        pass