external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-03 00:07:05 +00:00
Code Issues Releases Wiki Activity

softfail SPF

Browse Source
This commit is contained in:
KiekerJan 2023-03-10 21:29:05 +01:00
parent 824db18c5e
commit 2d9aa20b36
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
management/dns_update.py
View File

@ -308,11 +308,12 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True)
if not has_rec(None, "MX", prefix="10 "): if not has_rec(None, "MX", prefix="10 "):
records.append((None, "MX", "10 %s." % env["PRIMARY_HOSTNAME"], "Required. Specifies the hostname (and priority) of the machine that handles @%s mail." % domain)) records.append((None, "MX", "10 %s." % env["PRIMARY_HOSTNAME"], "Required. Specifies the hostname (and priority) of the machine that handles @%s mail." % domain))
# SPF record: Permit the box ('mx', see above) to send mail on behalf of # SPF record: Permit the box ('mx', see above) to send mail on behalf of the domain,
# the domain, and no one else. # and no one else. Set to softfail because we also have DMARC and DKIM as discussed
# here: https://www.mailhardener.com/blog/why-mailhardener-recommends-spf-softfail-over-fail
# Skip if the user has set a custom SPF record. # Skip if the user has set a custom SPF record.
if not has_rec(None, "TXT", prefix="v=spf1 "): if not has_rec(None, "TXT", prefix="v=spf1 "):
records.append((None, "TXT", 'v=spf1 mx -all', "Recommended. Specifies that only the box is permitted to send @%s mail." % domain)) records.append((None, "TXT", 'v=spf1 mx ~all', "Recommended. Specifies that only the box is permitted to send @%s mail." % domain))
# Append the DKIM TXT record to the zone as generated by DKIMpy. # Append the DKIM TXT record to the zone as generated by DKIMpy.
# Skip if the user has set a DKIM record already. # Skip if the user has set a DKIM record already.