Remove SPF and DMARC checks

master
Michael Kuron 2017-07-10 21:41:45 +02:00
parent 14d2b3d763
commit 98be90c494
1 changed files with 13 additions and 44 deletions

View File

@ -2,28 +2,10 @@
require_once 'inc/prerequisites.inc.php'; require_once 'inc/prerequisites.inc.php';
require_once 'inc/spf.inc.php'; require_once 'inc/spf.inc.php';
function in_net($addr, $net) { define('state_good', "✓");
$net = explode('/', $net); define('state_missing', "✗");
if (count($net) > 1) { define('state_nomatch', "?");
$mask = $net[1]; define('state_optional', "(optional)");
}
$net = inet_pton($net[0]);
$addr = inet_pton($addr);
$length = strlen($net); // 4 for IPv4, 16 for IPv6
if (strlen($net) != strlen($addr)) {
return false;
}
if (!isset($mask)) {
$mask = $length * 8;
}
$addr_bin = '';
$net_bin = '';
for ($i = 0; $i < $length; ++$i) {
$addr_bin .= str_pad(decbin(ord(substr($addr, $i, $i+1))), 8, '0', STR_PAD_LEFT);
$net_bin .= str_pad(decbin(ord(substr($net, $i, $i+1))), 8, '0', STR_PAD_LEFT);
}
return substr($addr_bin, 0, $mask) == substr($net_bin, 0, $mask);
}
if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin") { if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin") {
require_once("inc/header.inc.php"); require_once("inc/header.inc.php");
@ -96,8 +78,8 @@ foreach ($domains as $domain) {
$records[] = array('autodiscover.' . $domain, 'CNAME', $mailcow_hostname); $records[] = array('autodiscover.' . $domain, 'CNAME', $mailcow_hostname);
$records[] = array('_autodiscover._tcp.' . $domain, 'SRV', $mailcow_hostname . ' ' . $https_port); $records[] = array('_autodiscover._tcp.' . $domain, 'SRV', $mailcow_hostname . ' ' . $https_port);
$records[] = array('autoconfig.' . $domain, 'CNAME', $mailcow_hostname); $records[] = array('autoconfig.' . $domain, 'CNAME', $mailcow_hostname);
$records[] = array($domain, 'TXT', 'v=spf1 mx -all'); $records[] = array($domain, 'TXT', '<a href="http://www.openspf.org/SPF_Record_Syntax" target="_blank">SPF Record Syntax</a>', state_optional);
$records[] = array('_dmarc.' . $domain, 'TXT', 'v=DMARC1; p=reject', 'v=DMARC1; p='); $records[] = array('_dmarc.' . $domain, 'TXT', '<a href="http://www.kitterman.com/dmarc/assistant.html" target="_blank">DMARC Assistant</a>', state_optional);
if (!empty($dkim = dkim('details', $domain))) { if (!empty($dkim = dkim('details', $domain))) {
$records[] = array($dkim['dkim_selector'] . '._domainkey.' . $domain, 'TXT', $dkim['dkim_txt']); $records[] = array($dkim['dkim_selector'] . '._domainkey.' . $domain, 'TXT', $dkim['dkim_txt']);
@ -136,10 +118,6 @@ foreach ($domains as $domain) {
} }
} }
define('state_good', "&#10003;");
define('state_missing', "&#x2717;");
define('state_nomatch', "?");
$record_types = array( $record_types = array(
'A' => DNS_A, 'A' => DNS_A,
'AAAA' => DNS_AAAA, 'AAAA' => DNS_AAAA,
@ -224,23 +202,10 @@ foreach ($records as $record)
} }
elseif ($current['type'] == 'TXT' && strpos($record[0], '_dmarc.') === 0) { elseif ($current['type'] == 'TXT' && strpos($record[0], '_dmarc.') === 0) {
$state = state_nomatch; $state = state_optional . '<br />' . $current[$data_field[$current['type']]];
if (strpos($current[$data_field[$current['type']]], $record[3]) === 0)
$state = state_good . ' (' . current[$data_field[$current['type']]] . ')';
} }
else if ($current['type'] == 'TXT' && strpos($current['txt'], 'v=spf1') === 0) { else if ($current['type'] == 'TXT' && strpos($current['txt'], 'v=spf1') === 0) {
$allowed = get_spf_allowed_hosts($record[0]); $state = state_optional . '<br />' . $current[$data_field[$current['type']]];
$spf_ok = FALSE;
$spf_ok6 = FALSE;
foreach ($allowed as $net)
{
if (in_net($ip, $net))
$spf_ok = TRUE;
if (in_net($ip6, $net))
$spf_ok6 = TRUE;
}
if ($spf_ok && (empty($ip6) || $spf_ok6))
$state = state_good . ' (' . $current[$data_field[$current['type']]] . ')';
} }
else if ($current['type'] != 'TXT' && isset($data_field[$current['type']]) && $state != state_good) { else if ($current['type'] != 'TXT' && isset($data_field[$current['type']]) && $state != state_good) {
$state = state_nomatch; $state = state_nomatch;
@ -249,6 +214,10 @@ foreach ($records as $record)
} }
} }
if (isset($record[3]) && $record[3] == state_optional && ($state == state_missing || $state == state_nomatch)) {
$state = state_optional;
}
if ($state == state_nomatch) { if ($state == state_nomatch) {
$state = array(); $state = array();
foreach ($currents as $current) { foreach ($currents as $current) {