Skip to content

rsclarke/terraform-cloudflare-fastmail-email

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

terraform-cloudflare-fastmail-email

MX, SPF, DKIM and DMARC records with MTA-STS policy (via terraform-cloudflare-mta-sts) for email hosted by Fastmail.

This creates cloudflare_record resources for MX, SPF, DKIM, DMARC and MTA-STS of the given zone_id suitable for fastmail.com. A Cloudflare Worker as part of the terraform-cloudflare-mta-sts dependency serves the MTA-STS policy.

The SPF policy includes Fastmail by default and rejects all others (-all), additional terms can be specified using the spf_terms variable.

The DMARC policy is set to reject and you must provide an email address for DMARC Aggregate and Failure reports through the dmarc_rua and dmarc_ruf variables respectively. Similarly, a TLS aggregate reporting location (mailto: or https:) must be specified in the tlsrpt_rua variable.

Usage

resource "cloudflare_zone" "example_com" {
  zone = "example.com"
}

module {
  source = "rsclarke/fastmail-email/cloudflare"

  zone_id   = cloudflare_zone.example_com.id
  zone_name = cloudflare_zone.example_com.name

  dmarc_rua = ["[email protected]"]
  dmarc_ruf = ["[email protected]", "[email protected]"]
  spf_terms = ["-ip4:192.0.2.0/24", "+ip6:2001:DB8::/32"]

  mta_sts_mode    = "enforce"
  mta_sts_mx      = ["mx.example.net"]
  mta_sts_max_age = 604800
  tlsrpt_rua      = ["mailto:[email protected]", "https://example.org/mta-sts/report"]
}

Providers

Name Version
cloudflare >= 2.0

Inputs

Name Description Type Required
zone_id Cloudflare Zone ID string yes
zone_name Cloudflare Zone Name string yes
dmarc_rua Email addresses for DMARC Aggregate reports (excluding mailto:), at least one and contains the @ symbol. list(string) yes
dmarc_rua Email addresses for DMARC Failure (or Forensic) reports (excluding mailto:), at least one and contains the @ symbol. list(string) yes
spf_terms Additional SPF terms to include, include:spf.messagingengine.com -all are already provided. list(string) no
mta_sts_mode Sending MTA policy application, rfc8461#section-5. Default testing string no
mta_sts_mx List of additional permitted MX hosts for the MTA STS policy. This does not create the resources for. list(string) no
mta_sts_max_age Maximum lifetime of the MTA STS policy in seconds, up to 31557600, defaults to 604800 (1 week) number no
tlsrpt_rua Locations to which MTA STS aggregate reports about policy violations should be sent, either mailto: or https: schema. list(string) yes

Outputs

This module does not expose any outputs.

About

MX, SPF, DKIM and DMARC records with MTA-STS policy for email hosted by Fastmail

registry.terraform.io/modules/rsclarke/fastmail-email/cloudflare/latest

Topics

security email terraform cloudflare spf dkim spam-protection dmarc mx mta-sts

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases 4

v2.1.0 Latest
Nov 7, 2021
+ 3 releases

Languages