paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Improve SPF checks

master
andryyy 2020-05-25 16:13:51 +02:00
parent 20e289ce35
commit b6933fdb96
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
2 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
data/web/inc/ajax/dns_diagnostics.php
View File

@ -368,7 +368,7 @@ foreach ($records as $record) {
$record[2] == $spf_link) { $record[2] == $spf_link) {
$state = state_nomatch; $state = state_nomatch;
$rslt = get_spf_allowed_hosts($record[0]); $rslt = get_spf_allowed_hosts($record[0]);
if(in_array($ip, $rslt) && in_array($ip6, $rslt)){ if(in_array($ip, $rslt) && in_array(expand_ipv6($ip6), $rslt)){
$state = state_good; $state = state_good;
} }
$state .= '<br />' . $current[$data_field[$current['type']]].state_optional; $state .= '<br />' . $current[$data_field[$current['type']]].state_optional;

14
data/web/inc/spf.inc.php
View File

@ -1,6 +1,12 @@
<?php <?php
error_reporting(0); error_reporting(0);
function expand_ipv6($ip) {
$hex = unpack("H*hex", inet_pton($ip));
$ip = substr(preg_replace("/([A-f0-9]{4})/", "$1:", $hex['hex']), 0, -1);
return $ip;
}
function get_spf_allowed_hosts($check_domain) function get_spf_allowed_hosts($check_domain)
{ {
$hosts = array(); $hosts = array();
@ -33,6 +39,8 @@ function get_spf_allowed_hosts($check_domain)
else else
{ {
unset($cidr); unset($cidr);
// reset domain to check_domain
$domain = $check_domain;
if (strpos($mech, ':') !== FALSE) // handle a domain specification if (strpos($mech, ':') !== FALSE) // handle a domain specification
{ {
$split = explode(':', $mech); $split = explode(':', $mech);
@ -77,7 +85,11 @@ function get_spf_allowed_hosts($check_domain)
} }
} }
} }
foreach ($hosts as &$host) {
if (filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$host = expand_ipv6($host);
}
}
return $hosts; return $hosts;
} }