external
/
mailinabox
mirror of https://github.com/mail-in-a-box/mailinabox.git
1
0
Fork 0
Code Issues Releases Wiki Activity

add SPF records to the DNS status checks

This commit is contained in:
Scott Bronson 2016-09-30 16:44:44 -07:00
parent da5497cd1c
commit d4301bd424
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
management/status_checks.py
View File

@ -344,6 +344,8 @@ def run_domain_checks_on_domain(domain, rounded_time, env, dns_domains, dns_zone
if domain in dns_domains: if domain in dns_domains:
check_dns_zone_suggestions(domain, env, output, dns_zonefiles, domains_with_a_records) check_dns_zone_suggestions(domain, env, output, dns_zonefiles, domains_with_a_records)
check_spf_domain(domain, domain in mail_domains, env, output)
return (domain, output) return (domain, output)
def check_primary_hostname_dns(domain, env, output, dns_domains, dns_zonefiles): def check_primary_hostname_dns(domain, env, output, dns_domains, dns_zonefiles):
@ -404,6 +406,10 @@ def check_primary_hostname_dns(domain, env, output, dns_domains, dns_zonefiles):
output.print_error("""Your box's reverse DNS is currently %s (IPv4) and %s (IPv6), but it should be %s. Your ISP or cloud provider will have instructions output.print_error("""Your box's reverse DNS is currently %s (IPv4) and %s (IPv6), but it should be %s. Your ISP or cloud provider will have instructions
on setting up reverse DNS for your box.""" % (existing_rdns_v4, existing_rdns_v6, domain) ) on setting up reverse DNS for your box.""" % (existing_rdns_v4, existing_rdns_v6, domain) )
# Check the SPF records.
for ns in ['ns1', 'ns2']:
check_spf_domain(ns + '.' + domain, False, env, output)
# Check the TLSA record. # Check the TLSA record.
tlsa_qname = "_25._tcp." + domain tlsa_qname = "_25._tcp." + domain
tlsa25 = query_dns(tlsa_qname, "TLSA", nxdomain=None) tlsa25 = query_dns(tlsa_qname, "TLSA", nxdomain=None)
@ -646,6 +652,16 @@ def check_web_domain(domain, rounded_time, ssl_certificates, env, output):
# website for also needs a signed certificate. # website for also needs a signed certificate.
check_ssl_cert(domain, rounded_time, ssl_certificates, env, output) check_ssl_cert(domain, rounded_time, ssl_certificates, env, output)
def check_spf_domain(domain, deliverable, env, output):
# Ensure the SPF record for this domain either allows or prevents email
expected = "\"v=spf1 %s-all\"" % ('mx ' if deliverable else '')
action = 'allow' if deliverable else 'prevent'
values = query_dns(domain, "TXT").split('; ')
if expected in values:
output.print_ok("Domain's SPF record %ss mail delivery. [%s%s]" % (action, domain, expected))
else:
output.print_error("This domain should %s mail delivery by setting a TXT record: %s%s" % (action, domain, expected))
def query_dns(qname, rtype, nxdomain='[Not Set]', at=None): def query_dns(qname, rtype, nxdomain='[Not Set]', at=None):
# Make the qname absolute by appending a period. Without this, dns.resolver.query # Make the qname absolute by appending a period. Without this, dns.resolver.query
# will fall back a failed lookup to a second query with this machine's hostname # will fall back a failed lookup to a second query with this machine's hostname