${conf.entries}
${if lib.attrsets.hasAttr "withEmail" conf && lib.lists.length conf.withEmail > 0 then ''
- mail IN A ${myconfig.env.servers.immaeEu.ips.main.ip4}
mx-1 IN A ${myconfig.env.servers.eldiron.ips.main.ip4}
- ${builtins.concatStringsSep "\n" (map (i: "mail IN AAAA ${i}") myconfig.env.servers.immaeEu.ips.main.ip6)}
+ mx-2 IN A ${myconfig.env.servers.immaeEu.ips.main.ip4}
${builtins.concatStringsSep "\n" (map (i: "mx-1 IN AAAA ${i}") myconfig.env.servers.eldiron.ips.main.ip6)}
+ ${builtins.concatStringsSep "\n" (map (i: "mx-2 IN AAAA ${i}") myconfig.env.servers.immaeEu.ips.main.ip6)}
${lib.concatStringsSep "\n\n" (map (e:
let
n = if e.domain == "" then "@" else "${e.domain} ";
in
''
; ------------------ mail: ${n} ---------------------------
- ${n} IN MX 10 mail.${conf.name}.
- ${n} IN MX 50 mx-1.${conf.name}.
+ ${n} IN MX 10 mx-1.${conf.name}.
+ ${n} IN MX 20 mx-2.${conf.name}.
; https://tools.ietf.org/html/rfc6186
_submission._tcp${suffix} SRV 0 1 587 smtp.immae.eu.
_pop3s._tcp${suffix} SRV 10 1 995 pop3.immae.eu.
_sieve._tcp${suffix} SRV 0 1 4190 imap.immae.eu.
+ ; MTA-STS
+ ; https://blog.delouw.ch/2018/12/16/using-mta-sts-to-enhance-email-transport-security-and-privacy/
+ ; https://support.google.com/a/answer/9261504
+ _mta-sts${suffix} IN TXT "v=STSv1;id=20190630054629Z"
+ _smtp._tls${suffix} IN TXT "v=TLSRPTv1;rua=mailto:postmaster+mta-sts@immae.eu"
+ mta-sts${suffix} IN A ${myconfig.env.servers.eldiron.ips.main.ip4}
+ ${builtins.concatStringsSep "\n" (map (i: "mta-sts${suffix} IN AAAA ${i}") myconfig.env.servers.eldiron.ips.main.ip6)}
+
; Mail sender authentications
${n} IN TXT "v=spf1 mx ~all"
_dmarc${suffix} IN TXT "v=DMARC1; p=none; adkim=r; aspf=r; fo=1; rua=mailto:postmaster+rua@immae.eu; ruf=mailto:postmaster+ruf@immae.eu;"