From b805f8695e971d9c4a5a5f3c2d77c36bf6106697 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sun, 17 May 2020 12:43:58 -0400 Subject: [PATCH] Move status checks for www, autoconfig, autodiscover, and mta-sts to within the section for the parent domain Since we're checking the MTA-STS policy, there's no need to check that the domain resolves etc. directly. --- management/status_checks.py | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/management/status_checks.py b/management/status_checks.py index 2cd56f74..101a3537 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -311,6 +311,17 @@ def run_domain_checks(rounded_time, env, output, pool): domains_to_check = mail_domains | dns_domains | web_domains + # Remove "www", "autoconfig", "autodiscover", and "mta-sts" subdomains, which we group with their parent, + # if their parent is in the domains to check list. + domains_to_check = [ + d for d in domains_to_check + if not ( + d.split(".", 1)[0] in ("www", "autoconfig", "autodiscover", "mta-sts") + and len(d.split(".", 1)) == 2 + and d.split(".", 1)[1] in domains_to_check + ) + ] + # Get the list of domains that we don't serve web for because of a custom CNAME/A record. domains_with_a_records = get_domains_with_a_records(env) @@ -361,6 +372,26 @@ def run_domain_checks_on_domain(domain, rounded_time, env, dns_domains, dns_zone if domain in dns_domains: check_dns_zone_suggestions(domain, env, output, dns_zonefiles, domains_with_a_records) + # Check auto-configured subdomains. See run_domain_checks. + # Skip mta-sts because we check the policy directly. + for label in ("www", "autoconfig", "autodiscover"): + subdomain = label + "." + domain + if subdomain in web_domains or subdomain in mail_domains: + # Run checks. + subdomain_output = run_domain_checks_on_domain(subdomain, rounded_time, env, dns_domains, dns_zonefiles, mail_domains, web_domains, domains_with_a_records) + + # Prepend the domain name to the start of each check line, and then add to the + # checks for this domain. + for attr, args, kwargs in subdomain_output[1].buf: + if attr == "add_heading": + # Drop the heading, but use its text as the subdomain name in + # each line since it is in Unicode form. + subdomain = args[0] + continue + if len(args) == 1 and isinstance(args[0], str): + args = [ subdomain + ": " + args[0] ] + getattr(output, attr)(*args, **kwargs) + return (domain, output) def check_primary_hostname_dns(domain, env, output, dns_domains, dns_zonefiles):