Merge pull request #6759 from mailcow/fix/6720

[Web] Allow wildcard subdomains for MTA-STS
2025-10-04 00:02:07 -04:00 · 2025-09-22 14:20:36 +02:00 · 2025-09-22 14:20:36 +02:00 · caca32bbba
commit caca32bbba
parent d31e74c778 a36485f0f1
2 changed files with 13 additions and 3 deletions
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@ -1107,11 +1107,21 @@ function user_get_alias_details($username) {
  }
  return $data;
 }
-function is_valid_domain_name($domain_name) {
+function is_valid_domain_name($domain_name, $options = array()) {
  if (empty($domain_name)) {
    return false;
  }
+
+  // Convert domain name to ASCII for validation
  $domain_name = idn_to_ascii($domain_name, 0, INTL_IDNA_VARIANT_UTS46);
+
+  // Remove '*.' if wildcard subdomains are allowed
+  if (isset($options['allow_wildcard']) &&
+      $options['allow_wildcard'] == true &&
+      strpos($domain_name, '*.') === 0) {
+    $domain_name = substr($domain_name, 2);
+  }
+
  return (preg_match("/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i", $domain_name)
       && preg_match("/^.{1,253}$/", $domain_name)
       && preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $domain_name));
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@ -1446,7 +1446,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
          }
          foreach ($mx as $index => $mx_domain) {
            $mx_domain = idn_to_ascii(strtolower(trim($mx_domain)), 0, INTL_IDNA_VARIANT_UTS46);
-            if (!is_valid_domain_name($mx_domain)) {
+            if (!is_valid_domain_name($mx_domain, array('allow_wildcard' => true))) {
              $_SESSION['return'][] = array(
                'type' => 'danger',
                'log' => array(__FUNCTION__, $_action, $_type, $_data, $_attr),
@ -3897,7 +3897,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
            foreach ($mx as $index => $mx_domain) {
              $mx_domain = idn_to_ascii(strtolower(trim($mx_domain)), 0, INTL_IDNA_VARIANT_UTS46);
              $invalid_mx = false;
-              if (!is_valid_domain_name($mx_domain)) {
+              if (!is_valid_domain_name($mx_domain, array('allow_wildcard' => true))) {
                $invalid_mx = $mx_domain;
                break;
              }