From 2a8bdc8deab60db693fe36aa217dbdc88887e332 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kristia=CC=81n=20Feldsam?= <feldsam@gmail.com>
Date: Tue, 16 Jan 2018 00:06:21 +0100
Subject: [PATCH] DNS Diagnostics - Ehnaced SPF record check
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Kristián Feldsam <feldsam@gmail.com>
---
 data/web/inc/ajax/dns_diagnostics.php | 13 +++++++++----
 data/web/lang/lang.en.php             |  1 +
 2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/data/web/inc/ajax/dns_diagnostics.php b/data/web/inc/ajax/dns_diagnostics.php
index fa3354d5..3735b17c 100644
--- a/data/web/inc/ajax/dns_diagnostics.php
+++ b/data/web/inc/ajax/dns_diagnostics.php
@@ -73,7 +73,7 @@ if (!isset($autodiscover_config['sieve'])) {
 }
 
 // Init records array
-$spf_link = '<a href="http://www.openspf.org/SPF_Record_Syntax" target="_blank">SPF Record Syntax</a>';
+$spf_link = '<a href="http://www.openspf.org/SPF_Record_Syntax" target="_blank">SPF Record Syntax</a><br /><small>'.$lang['diagnostics']['allow'].' '.$ip.'<br />'.$lang['diagnostics']['allow'].' '.$ip6.'</small>';
 $dmarc_link = '<a href="http://www.kitterman.com/dmarc/assistant.html" target="_blank">DMARC Assistant</a>';
 
 $records = array();
@@ -348,9 +348,14 @@ foreach ($records as $record) {
         $state = $current[$data_field[$current['type']]] . state_optional;
     }
     elseif ($current['type'] == 'TXT' &&
-      stripos($current['txt'], 'v=spf' &&
-      $record[2] == $spf_link) === 0) {
-        $state = $current[$data_field[$current['type']]] . state_optional;
+      stripos($current['txt'], 'v=spf') === 0 &&
+      $record[2] == $spf_link) {
+        $state = state_nomatch;
+        $rslt = get_spf_allowed_hosts($record[0]);
+        if(in_array($ip, $rslt) && in_array($ip6, $rslt)){
+            $state = state_good;
+        }
+        $state .= '<br />' . $current[$data_field[$current['type']]].state_optional;
     }
     elseif ($current['type'] == 'TXT' &&
       stripos($current['txt'], 'v=dkim') === 0 &&
diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php
index 7fce2a3b..b23ec4d6 100644
--- a/data/web/lang/lang.en.php
+++ b/data/web/lang/lang.en.php
@@ -556,6 +556,7 @@ $lang['diagnostics']['dns_records_data'] = 'Correct Data';
 $lang['diagnostics']['dns_records_status'] = 'Current State';
 $lang['diagnostics']['optional'] = 'This record is optional.';
 $lang['diagnostics']['cname_from_a'] = 'Value derived from A/AAAA record. This is supported as long as the record points to the correct resource.';
+$lang['diagnostics']['allow'] = 'Allow';
 
 $lang['admin']['relay_from'] = '"From:" address';
 $lang['admin']['api_allow_from'] = "Allow API access from these IPs";
