mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-11-22 02:17:26 +00:00
Merge pull request #419 from dhpiggott/improve-dmarc-and-spf-descriptions
Improve DMARC and SPF record descriptions
This commit is contained in:
commit
d3c82d7363
@ -247,16 +247,16 @@ def build_zone(domain, all_domains, additional_records, env, is_zone=True):
|
|||||||
# Append a DMARC record.
|
# Append a DMARC record.
|
||||||
# Skip if the user has set a DMARC record already.
|
# Skip if the user has set a DMARC record already.
|
||||||
if not has_rec("_dmarc", "TXT", prefix="v=DMARC1; "):
|
if not has_rec("_dmarc", "TXT", prefix="v=DMARC1; "):
|
||||||
records.append(("_dmarc", "TXT", 'v=DMARC1; p=quarantine', "Optional. Specifies that mail that does not originate from the box but claims to be from @%s is suspect and should be quarantined by the recipient's mail system." % domain))
|
records.append(("_dmarc", "TXT", 'v=DMARC1; p=quarantine', "Recommended. Specifies that mail that does not originate from the box but claims to be from @%s or which does not have a valid DKIM signature is suspect and should be quarantined by the recipient's mail system." % domain))
|
||||||
|
|
||||||
# For any subdomain with an A record but no SPF or DMARC record, add strict policy records.
|
# For any subdomain with an A record but no SPF or DMARC record, add strict policy records.
|
||||||
all_resolvable_qnames = set(r[0] for r in records if r[1] in ("A", "AAAA"))
|
all_resolvable_qnames = set(r[0] for r in records if r[1] in ("A", "AAAA"))
|
||||||
for qname in all_resolvable_qnames:
|
for qname in all_resolvable_qnames:
|
||||||
if not has_rec(qname, "TXT", prefix="v=spf1 "):
|
if not has_rec(qname, "TXT", prefix="v=spf1 "):
|
||||||
records.append((qname, "TXT", 'v=spf1 a mx -all', "Prevents unauthorized use of this domain name for outbound mail by requiring outbound mail to originate from the indicated host(s)."))
|
records.append((qname, "TXT", 'v=spf1 a mx -all', "Recommended. Prevents unauthorized use of this domain name for outbound mail by specifying that only servers pointed to by a parallel A or MX record are valid sources for mail from @%s." % (qname + "." + domain)))
|
||||||
dmarc_qname = "_dmarc" + ("" if qname is None else "." + qname)
|
dmarc_qname = "_dmarc" + ("" if qname is None else "." + qname)
|
||||||
if not has_rec(dmarc_qname, "TXT", prefix="v=DMARC1; "):
|
if not has_rec(dmarc_qname, "TXT", prefix="v=DMARC1; "):
|
||||||
records.append((dmarc_qname, "TXT", 'v=DMARC1; p=reject', "Prevents unauthorized use of this domain name for outbound mail by requiring a valid DKIM signature."))
|
records.append((dmarc_qname, "TXT", 'v=DMARC1; p=reject', "Recommended. Prevents unauthorized use of this domain name for outbound mail by specifying that the SPF rule should be honoured for mail from @%s." % (qname + "." + domain)))
|
||||||
|
|
||||||
|
|
||||||
# Sort the records. The None records *must* go first in the nsd zone file. Otherwise it doesn't matter.
|
# Sort the records. The None records *must* go first in the nsd zone file. Otherwise it doesn't matter.
|
||||||
|
Loading…
Reference in New Issue
Block a user