From cb564f311466b1147596021d4be545a716eeff58 Mon Sep 17 00:00:00 2001
From: Viyurz <viyurz@viyurz.fr>
Date: Wed, 3 Jul 2024 12:41:23 +0200
Subject: [PATCH] NGINX: Add MTA-STS

---
 roles/nginx/templates/sites-enabled/mail.conf | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/roles/nginx/templates/sites-enabled/mail.conf b/roles/nginx/templates/sites-enabled/mail.conf
index d8599d5..e7bc61e 100644
--- a/roles/nginx/templates/sites-enabled/mail.conf
+++ b/roles/nginx/templates/sites-enabled/mail.conf
@@ -11,3 +11,18 @@ server {
         include /etc/nginx/snippets/proxy.conf;
     }
 }
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name mta-sts.{{ domain }};
+
+    location / {
+        return 404;
+    }
+
+    location = /.well-known/mta-sts.txt {
+        proxy_pass https://127.0.0.1:{{ ports['mailserver_https'] }};
+    }
+}