From 6864d5bd93da05a08619e754c19f860d9ba66f58 Mon Sep 17 00:00:00 2001
From: missytake <missytake@systemli.org>
Date: Tue, 14 Apr 2026 11:11:19 +0200
Subject: [PATCH] config: make IPv4-only relays use self-signed TLS certs

---
 chatmaild/src/chatmaild/config.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/chatmaild/src/chatmaild/config.py b/chatmaild/src/chatmaild/config.py
index 6f9acd04..aad44694 100644
--- a/chatmaild/src/chatmaild/config.py
+++ b/chatmaild/src/chatmaild/config.py
@@ -1,3 +1,4 @@
+import ipaddress
 from pathlib import Path
 
 import iniconfig
@@ -79,7 +80,7 @@ class Config:
                 )
             self.tls_cert_mode = "external"
             self.tls_cert_path, self.tls_key_path = parts
-        elif self.mail_domain.startswith("_"):
+        elif self.mail_domain.startswith("_") or is_valid_ipv4(params["mail_domain"]):
             self.tls_cert_mode = "self"
             self.tls_cert_path = "/etc/ssl/certs/mailserver.pem"
             self.tls_key_path = "/etc/ssl/private/mailserver.key"
@@ -175,3 +176,12 @@ def get_default_config_content(mail_domain, **overrides):
                 lines.append(line)
         content = "\n".join(lines)
     return content
+
+
+def is_valid_ipv4(address: str) -> bool:
+    """Check if a mail_domain is an IPv4 address."""
+    try:
+        ipaddress.IPv4Address(address)
+        return True
+    except ValueError:
+        return False