config: make IPv4-only relays use self-signed TLS certs

2026-05-20 04:48:06 +00:00 · 2026-03-12 17:36:08 +01:00
parent bbacd74c9f
commit 808eb3e53e
1 changed files with 11 additions and 1 deletions
--- a/chatmaild/src/chatmaild/config.py
+++ b/chatmaild/src/chatmaild/config.py
@@ -1,3 +1,4 @@
+import ipaddress
 import os
 from pathlib import Path

@@ -76,7 +77,7 @@ class Config:
                )
            self.tls_cert_mode = "external"
            self.tls_cert_path, self.tls_key_path = parts
-        elif self.mail_domain.startswith("_"):
+        elif self.mail_domain.startswith("_") or is_valid_ipv4(self.mail_domain):
            self.tls_cert_mode = "self"
            self.tls_cert_path = "/etc/ssl/certs/mailserver.pem"
            self.tls_key_path = "/etc/ssl/private/mailserver.key"
@@ -157,3 +158,12 @@ def get_default_config_content(mail_domain, **overrides):
                lines.append(line)
        content = "\n".join(lines)
    return content
+
+
+def is_valid_ipv4(address: str) -> bool:
+    """Check if a mail_domain is an IPv4 address."""
+    try:
+        ipaddress.IPv4Address(address)
+        return True
+    except ValueError:
+        return False