From d7244ed920a4807970794dc902a1b5cf9d00c351 Mon Sep 17 00:00:00 2001 From: Sudheesh Singanamalla Date: Fri, 19 Aug 2022 18:23:42 +0100 Subject: [PATCH] Fixes #2149 Append ; in policy strings for DMARC settings (#2151) Signed-off-by: Sudheesh Singanamalla --- management/dns_update.py | 4 ++-- tests/test_dns.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/management/dns_update.py b/management/dns_update.py index fde9b146..a3f376c8 100755 --- a/management/dns_update.py +++ b/management/dns_update.py @@ -298,7 +298,7 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True) # Append a DMARC record. # Skip if the user has set a DMARC record already. if not has_rec("_dmarc", "TXT", prefix="v=DMARC1; "): - records.append(("_dmarc", "TXT", 'v=DMARC1; p=quarantine', "Recommended. Specifies that mail that does not originate from the box but claims to be from @%s or which does not have a valid DKIM signature is suspect and should be quarantined by the recipient's mail system." % domain)) + records.append(("_dmarc", "TXT", 'v=DMARC1; p=quarantine;', "Recommended. Specifies that mail that does not originate from the box but claims to be from @%s or which does not have a valid DKIM signature is suspect and should be quarantined by the recipient's mail system." % domain)) if domain_properties[domain]["user"]: # Add CardDAV/CalDAV SRV records on the non-primary hostname that points to the primary hostname @@ -363,7 +363,7 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True) if not has_rec(qname, "TXT", prefix="v=spf1 "): records.append((qname, "TXT", 'v=spf1 -all', "Recommended. Prevents use of this domain name for outbound mail by specifying that no servers are valid sources for mail from @%s. If you do send email from this domain name you should either override this record such that the SPF rule does allow the originating server, or, take the recommended approach and have the box handle mail for this domain (simply add any receiving alias at this domain name to make this machine treat the domain name as one of its mail domains)." % d)) if not has_rec("_dmarc" + ("."+qname if qname else ""), "TXT", prefix="v=DMARC1; "): - records.append(("_dmarc" + ("."+qname if qname else ""), "TXT", 'v=DMARC1; p=reject', "Recommended. Prevents use of this domain name for outbound mail by specifying that the SPF rule should be honoured for mail from @%s." % d)) + records.append(("_dmarc" + ("."+qname if qname else ""), "TXT", 'v=DMARC1; p=reject;', "Recommended. Prevents use of this domain name for outbound mail by specifying that the SPF rule should be honoured for mail from @%s." % d)) # And with a null MX record (https://explained-from-first-principles.com/email/#null-mx-record) if not has_rec(qname, "MX"): diff --git a/tests/test_dns.py b/tests/test_dns.py index c5fe8051..e734e3ce 100755 --- a/tests/test_dns.py +++ b/tests/test_dns.py @@ -30,7 +30,7 @@ def test(server, description): (hostname, "TXT", "\"v=spf1 mx -all\""), ("mail._domainkey." + hostname, "TXT", "\"v=DKIM1; k=rsa; s=email; \" \"p=__KEY__\""), #("_adsp._domainkey." + hostname, "TXT", "\"dkim=all\""), - ("_dmarc." + hostname, "TXT", "\"v=DMARC1; p=quarantine\""), + ("_dmarc." + hostname, "TXT", "\"v=DMARC1; p=quarantine;\""), ] return test2(tests, server, description)