factor out retrieve_dkim_record to reduce code duplication

This commit is contained in:
Scott Bronson 2016-09-30 21:18:49 -07:00
parent 6150f91461
commit 3375ede034
2 changed files with 23 additions and 22 deletions

View File

@ -253,10 +253,7 @@ def build_zone(domain, all_domains, additional_records, www_redirect_domains, en
# Append the DKIM TXT record to the zone as generated by OpenDKIM. # Append the DKIM TXT record to the zone as generated by OpenDKIM.
# Skip if the user has set a DKIM record already. # Skip if the user has set a DKIM record already.
opendkim_record_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim/mail.txt') m, val = retrieve_dkim_record(env)
with open(opendkim_record_file) as orf:
m = re.match(r'(\S+)\s+IN\s+TXT\s+\( ((?:"[^"]+"\s+)+)\)', orf.read(), re.S)
val = "".join(re.findall(r'"([^"]+)"', m.group(2)))
if not has_rec(m.group(1), "TXT", prefix="v=DKIM1; "): if not has_rec(m.group(1), "TXT", prefix="v=DKIM1; "):
records.append((m.group(1), "TXT", val, "Recommended. Provides a way for recipients to verify that this machine sent @%s mail." % domain)) records.append((m.group(1), "TXT", val, "Recommended. Provides a way for recipients to verify that this machine sent @%s mail." % domain))
@ -287,6 +284,13 @@ def build_zone(domain, all_domains, additional_records, www_redirect_domains, en
return records return records
def retrieve_dkim_record(env):
opendkim_record_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim/mail.txt')
with open(opendkim_record_file) as orf:
m = re.match(r'(\S+)\s+IN\s+TXT\s+\( ((?:"[^"]+"\s+)+)\)', orf.read(), re.S)
val = "".join(re.findall(r'"([^"]+)"', m.group(2)))
return m, val
######################################################################## ########################################################################
def build_tlsa_record(env): def build_tlsa_record(env):

View File

@ -11,7 +11,7 @@ import dateutil.parser, dateutil.tz
import idna import idna
import psutil import psutil
from dns_update import get_dns_zones, build_tlsa_record, get_custom_dns_config, get_secondary_dns, get_custom_dns_record from dns_update import get_dns_zones, build_tlsa_record, get_custom_dns_config, get_secondary_dns, get_custom_dns_record, retrieve_dkim_record
from web_update import get_web_domains, get_domains_with_a_records from web_update import get_web_domains, get_domains_with_a_records
from ssl_certificates import get_ssl_certificates, get_domain_ssl_files, check_certificate from ssl_certificates import get_ssl_certificates, get_domain_ssl_files, check_certificate
from mailconfig import get_mail_domains, get_mail_aliases from mailconfig import get_mail_domains, get_mail_aliases
@ -609,6 +609,17 @@ def check_mail_domain(domain, env, output):
if "@" + domain not in [address for address, *_ in get_mail_aliases(env)]: if "@" + domain not in [address for address, *_ in get_mail_aliases(env)]:
check_alias_exists("Postmaster contact address", "postmaster@" + domain, env, output) check_alias_exists("Postmaster contact address", "postmaster@" + domain, env, output)
# ensure the DKIM keys are correct for this domain
dkim_domain = 'mail._domainkey.' + domain
m, val = retrieve_dkim_record(env)
# it appears dnspython doesn't join long lines so we'll do it with a replace statement
# https://github.com/rthalley/dnspython/blob/master/dns/rdtypes/txtbase.py#L42
dkim = query_dns(dkim_domain, "TXT").replace('" "', '')
if dkim == '"' + val + '"':
output.print_ok("Domain's DKIM record is set correctly. [%s]" % (dkim_domain))
else:
output.print_warning("Domain's DKIM record is not set to [%s%s]" % (dkim_domain, val))
# Stop if the domain is listed in the Spamhaus Domain Block List. # Stop if the domain is listed in the Spamhaus Domain Block List.
# The user might have chosen a domain that was previously in use by a spammer # The user might have chosen a domain that was previously in use by a spammer
# and will not be able to reliably send mail. # and will not be able to reliably send mail.
@ -620,20 +631,6 @@ def check_mail_domain(domain, env, output):
which may prevent recipients from receiving your mail. which may prevent recipients from receiving your mail.
See http://www.spamhaus.org/dbl/ and http://www.spamhaus.org/query/domain/%s.""" % (dbl, domain)) See http://www.spamhaus.org/dbl/ and http://www.spamhaus.org/query/domain/%s.""" % (dbl, domain))
# ensure the DKIM keys are correct for this domain
dkim_domain = 'mail._domainkey.' + domain
opendkim_record_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim/mail.txt')
with open(opendkim_record_file) as orf:
m = re.match(r'(\S+)\s+IN\s+TXT\s+\( ((?:"[^"]+"\s+)+)\)', orf.read(), re.S)
expected = '"' + "".join(re.findall(r'"([^"]+)"', m.group(2))) + '"'
# it appears dnspython doesn't join long lines so we'll do it with a replace statement
# https://github.com/rthalley/dnspython/blob/master/dns/rdtypes/txtbase.py#L42
dkim = query_dns(dkim_domain, "TXT").replace('" "', '')
if dkim == expected:
output.print_ok("Domain's DKIM record is set correctly. [%s]" % (dkim_domain))
else:
output.print_warning("Domain's DKIM record is not set to [%s%s]" % (dkim_domain, expected))
def check_web_domain(domain, rounded_time, ssl_certificates, env, output): def check_web_domain(domain, rounded_time, ssl_certificates, env, output):
# See if the domain's A record resolves to our PUBLIC_IP. This is already checked # See if the domain's A record resolves to our PUBLIC_IP. This is already checked
# for PRIMARY_HOSTNAME, for which it is required for mail specifically. For it and # for PRIMARY_HOSTNAME, for which it is required for mail specifically. For it and