diff --git a/data/web/inc/ajax/dns_diagnostics.php b/data/web/inc/ajax/dns_diagnostics.php index d6c989b3..f15f8eb4 100644 --- a/data/web/inc/ajax/dns_diagnostics.php +++ b/data/web/inc/ajax/dns_diagnostics.php @@ -7,7 +7,7 @@ define('state_missing', '2"); -if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin") { +if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "admin"|| $_SESSION['mailcow_cc_role'] == "domainadmin")) { $domains = mailbox('get', 'domains'); foreach(mailbox('get', 'domains') as $dn) { @@ -73,108 +73,120 @@ if (!isset($autodiscover_config['sieve'])) { } // Init records array -$spf_link = 'SPF Record Syntax'; +$spf_link = 'SPF Record Syntax
+ ' . sprintf($lang['diagnostics']['allow'], $ip) . '
' . sprintf($lang['diagnostics']['allow'], $ip6) . ''; $dmarc_link = 'DMARC Assistant'; $records = array(); -$records[] = array( - $mailcow_hostname, - 'A', - $ip -); -$records[] = array( - $ptr, - 'PTR', - $mailcow_hostname -); -if (!empty($ip6)) { +if ($_SESSION['mailcow_cc_role'] == "admin") { $records[] = array( $mailcow_hostname, - 'AAAA', - $ip6 + 'A', + $ip ); $records[] = array( - $ptr6, + $ptr, 'PTR', $mailcow_hostname ); + if (!empty($ip6)) { + $records[] = array( + $mailcow_hostname, + 'AAAA', + $ip6 + ); + $records[] = array( + $ptr6, + 'PTR', + $mailcow_hostname + ); + } + $records[] = array( + '_25._tcp.'.$autodiscover_config['smtp']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['smtp']['server'], 25, 1) + ); + $records[] = array( + '_'.$https_port. + '._tcp.'.$mailcow_hostname, + 'TLSA', + generate_tlsa_digest($mailcow_hostname, $https_port) + ); + $records[] = array( + '_'.$autodiscover_config['pop3']['tlsport']. + '._tcp.'.$autodiscover_config['pop3']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['tlsport'], 1) + ); + $records[] = array( + '_'.$autodiscover_config['imap']['tlsport']. + '._tcp.'.$autodiscover_config['imap']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['tlsport'], 1) + ); + $records[] = array( + '_'.$autodiscover_config['smtp']['port']. + '._tcp.'.$autodiscover_config['smtp']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['port']) + ); + $records[] = array( + '_'.$autodiscover_config['smtp']['tlsport']. + '._tcp.'.$autodiscover_config['smtp']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['tlsport'], 1) + ); + $records[] = array( + '_'.$autodiscover_config['imap']['port']. + '._tcp.'.$autodiscover_config['imap']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['port']) + ); + $records[] = array( + '_'.$autodiscover_config['pop3']['port']. + '._tcp.'.$autodiscover_config['pop3']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['port']) + ); + $records[] = array( + '_'.$autodiscover_config['sieve']['port']. + '._tcp.'.$autodiscover_config['sieve']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['sieve']['server'], $autodiscover_config['sieve']['port'], 1) + ); } $records[] = array( - '_25._tcp.' . $autodiscover_config['smtp']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['smtp']['server'], 25, 1) + $domain, + 'MX', + $mailcow_hostname ); $records[] = array( - '_' . $https_port . '._tcp.' . $mailcow_hostname, - 'TLSA', - generate_tlsa_digest($mailcow_hostname, $https_port) + 'autodiscover.'.$domain, + 'CNAME', + $mailcow_hostname ); $records[] = array( - '_' . $autodiscover_config['pop3']['tlsport'] . '._tcp.' . $autodiscover_config['pop3']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['tlsport'], 1) + '_autodiscover._tcp.'.$domain, + 'SRV', + $mailcow_hostname. + ' '.$https_port ); $records[] = array( - '_' . $autodiscover_config['imap']['tlsport'] . '._tcp.' . $autodiscover_config['imap']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['tlsport'], 1) + 'autoconfig.'.$domain, + 'CNAME', + $mailcow_hostname ); $records[] = array( - '_' . $autodiscover_config['smtp']['port'] . '._tcp.' . $autodiscover_config['smtp']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['port']) + $domain, + 'TXT', + $spf_link, + state_optional ); $records[] = array( - '_' . $autodiscover_config['smtp']['tlsport'] . '._tcp.' . $autodiscover_config['smtp']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['tlsport'], 1) -); -$records[] = array( - '_' . $autodiscover_config['imap']['port'] . '._tcp.' . $autodiscover_config['imap']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['port']) -); -$records[] = array( - '_' . $autodiscover_config['pop3']['port'] . '._tcp.' . $autodiscover_config['pop3']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['port']) -); -$records[] = array( - '_' . $autodiscover_config['sieve']['port'] . '._tcp.' . $autodiscover_config['sieve']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['sieve']['server'], $autodiscover_config['sieve']['port'], 1) -); -$records[] = array( - $domain, - 'MX', - $mailcow_hostname -); -$records[] = array( - 'autodiscover.' . $domain, - 'CNAME', - $mailcow_hostname -); -$records[] = array( - '_autodiscover._tcp.' . $domain, - 'SRV', - $mailcow_hostname . ' ' . $https_port -); -$records[] = array( - 'autoconfig.' . $domain, - 'CNAME', - $mailcow_hostname -); -$records[] = array( - $domain, - 'TXT', - $spf_link, - state_optional -); -$records[] = array( - '_dmarc.' . $domain, - 'TXT', - $dmarc_link, - state_optional + '_dmarc.'.$domain, + 'TXT', + $dmarc_link, + state_optional ); if (!empty($dkim = dkim('details', $domain))) { @@ -345,9 +357,14 @@ foreach ($records as $record) { $state = $current[$data_field[$current['type']]] . state_optional; } elseif ($current['type'] == 'TXT' && - stripos($current['txt'], 'v=spf' && - $record[2] == $spf_link) === 0) { - $state = $current[$data_field[$current['type']]] . state_optional; + stripos($current['txt'], 'v=spf') === 0 && + $record[2] == $spf_link) { + $state = state_nomatch; + $rslt = get_spf_allowed_hosts($record[0]); + if(in_array($ip, $rslt) && in_array($ip6, $rslt)){ + $state = state_good; + } + $state .= '
' . $current[$data_field[$current['type']]].state_optional; } elseif ($current['type'] == 'TXT' && stripos($current['txt'], 'v=dkim') === 0 && diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php index 93f73e60..34ae81e6 100644 --- a/data/web/lang/lang.en.php +++ b/data/web/lang/lang.en.php @@ -556,6 +556,7 @@ $lang['diagnostics']['dns_records_data'] = 'Correct Data'; $lang['diagnostics']['dns_records_status'] = 'Current State'; $lang['diagnostics']['optional'] = 'This record is optional.'; $lang['diagnostics']['cname_from_a'] = 'Value derived from A/AAAA record. This is supported as long as the record points to the correct resource.'; +$lang['diagnostics']['allow'] = 'Allow %s'; $lang['admin']['relay_from'] = '"From:" address'; $lang['admin']['api_allow_from'] = "Allow API access from these IPs";