From cbc7e280d6133343959d467ba009f4f10c1df495 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Mon, 30 Mar 2015 00:51:19 +0000 Subject: [PATCH] set the SPF record after custom DNS records so that the SPF record doesn't prevent all custom TXT records from coming in --- management/dns_update.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/management/dns_update.py b/management/dns_update.py index 77e9c810..7f5cdac2 100755 --- a/management/dns_update.py +++ b/management/dns_update.py @@ -183,10 +183,6 @@ def build_zone(domain, all_domains, additional_records, env, is_zone=True): # The MX record says where email for the domain should be delivered: Here! records.append((None, "MX", "10 %s." % env["PRIMARY_HOSTNAME"], "Required. Specifies the hostname (and priority) of the machine that handles @%s mail." % domain)) - # SPF record: Permit the box ('mx', see above) to send mail on behalf of - # the domain, and no one else. - records.append((None, "TXT", 'v=spf1 mx -all', "Recommended. Specifies that only the box is permitted to send @%s mail." % domain)) - # Add DNS records for any subdomains of this domain. We should not have a zone for # both a domain and one of its subdomains. subdomains = [d for d in all_domains if d.endswith("." + domain)] @@ -207,6 +203,7 @@ def build_zone(domain, all_domains, additional_records, env, is_zone=True): return False # The user may set other records that don't conflict with our settings. + # Don't put any TXT records above this line, or it'll prevent any custom TXT records. for qname, rtype, value in get_custom_records(domain, additional_records, env): if has_rec(qname, rtype): continue records.append((qname, rtype, value, "(Set by user.)")) @@ -229,6 +226,10 @@ def build_zone(domain, all_domains, additional_records, env, is_zone=True): if not has_rec(qname, rtype) and not has_rec(qname, "CNAME") and not has_rec(qname, "A"): records.append((qname, rtype, value, explanation)) + # SPF record: Permit the box ('mx', see above) to send mail on behalf of + # the domain, and no one else. + records.append((None, "TXT", 'v=spf1 mx -all', "Recommended. Specifies that only the box is permitted to send @%s mail." % domain)) + # Append the DKIM TXT record to the zone as generated by OpenDKIM. opendkim_record_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim/mail.txt') with open(opendkim_record_file) as orf: