Skip to content

Commit bde8b10

Browse files
author
Florian Schaal
committed
DMARC requieres SPF and DKIM (this breaks the current draft but DMARC is useless if you use spf OR dkim)
1 parent 7002a56 commit bde8b10

File tree

1 file changed

+8
-36
lines changed

1 file changed

+8
-36
lines changed

interface/web/dns/dns_dmarc_edit.php

Lines changed: 8 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -225,56 +225,28 @@ function onSubmit() {
225225
} // end if user is not admin
226226

227227
$domain_name = rtrim($soa['origin'], '.');
228-
// DMARC requieres at lest a spf OR dkim-record
229-
// abort if more than 1 active spf-records (backward-compatibility)
230-
$sql = "SELECT * FROM dns_rr WHERE name = ? AND type='TXT' AND data like 'v=spf1%' AND active='Y'";
231-
$temp = $app->db->queryAllRecords($sql, $domain_name.'.');
232-
if (is_array($temp[1])) {
233-
if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
234-
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_more_spf_txt'].$email;
235-
}
236-
237-
$sql = "SELECT * FROM dns_rr WHERE name LIKE ? AND type='TXT' AND active = 'Y' AND (data LIKE 'v=DKIM1;%' OR data LIKE 'v=spf1%')";
238-
$temp = $app->db->queryAllRecords($sql, '%._domainkey.'.$domain_name.'.');
239-
if (empty($temp)) {
240-
if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
241-
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_no_dkim_spf_txt'].$email;
242-
}
243-
unset($temp);
244-
//TODO: should DMARC requiere DKIM and SPF to be valid? This breaks draft-kucherawy-dmarc-base-07 but makes much more sense
245-
/*
246228
// DMARC requieres at least one active dkim-record...
247229
$sql = "SELECT * FROM dns_rr WHERE name LIKE ? AND type='TXT' AND data like 'v=DKIM1;%' AND active='Y'";
248-
$temp = $app->db->queryOneRecord($sql, '%._domainkey.'.$domain_name.'.');
230+
$temp = $app->db->queryAllRecords($sql, '%._domainkey.$domain_name'.'.');
249231
if (!is_array($temp)) {
250232
if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
251233
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_no_dkim_txt'].$email;
252234
}
253-
unset($temp);
254235

255-
// ... and dkim-signed mails to allow "policy != none"
256-
$sql = "SELECT * FROM mail_domain WHERE domain = '".$app->db->quote($domain_name)."'";
257-
$temp = $app->db->queryOneRecord($sql);
258-
if ($temp['dkim'] != 'y' && $this->dataRecord['dmarc_policy'] != 'none') {
259-
if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
260-
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_policy_error_txt'].$email;
261-
}
262-
unset($temp);
263-
264-
// DMARC requieres an active spf-record
265-
$sql = "SELECT * FROM dns_rr WHERE name = ? AND type='TXT' AND data like 'v=spf1%' AND active='Y'";
236+
// ... and an active spf-record (this breaks the current draft but DMARC is useless if you use DKIM or SPF
237+
$sql = "SELECT * FROM dns_rr WHERE name LIKE ? AND type='TXT' AND (data LIKE 'v=spf1;%' AND active = 'y')";
266238
$temp = $app->db->queryAllRecords($sql, $domain_name.'.');
267239
// abort if more than 1 active spf-records (backward-compatibility)
268240
if (is_array($temp[1])) {
269241
if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
270-
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_more_spf_txt'].$email;
242+
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_more_spf_txt'];
271243
}
272244
if (empty($temp)) {
273245
if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
274-
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_no_spf_txt'].$email;
246+
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_no_spf_txt'];
275247
}
276248
unset($temp);
277-
*/
249+
278250
//validate dmarc_pct
279251
$this->dataRecord['dmarc_pct'] = $app->functions->intval($this->dataRecord['dmarc_pct']);
280252
if ($this->dataRecord['dmarc_pct'] < 0) $this->dataRecord['dmarc_pct'] = 0;
@@ -289,7 +261,7 @@ function onSubmit() {
289261
foreach ($dmarc_rua as $rec) {
290262
if (!filter_var($rec, FILTER_VALIDATE_EMAIL)) {
291263
if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
292-
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_invalid_email_txt'].$dmarc_rua;
264+
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_invalid_email_txt'].': '.$dmarc_rua;
293265
} else {
294266
$temp .= 'mailto:'.$rec.',';
295267
}
@@ -305,7 +277,7 @@ function onSubmit() {
305277
foreach ($dmarc_ruf as $rec) {
306278
if (!filter_var($rec, FILTER_VALIDATE_EMAIL)) {
307279
if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
308-
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_invalid_email_txt'].$dmarc_rua;
280+
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_invalid_email_txt'].': '.$dmarc_rua;
309281
} else {
310282
$temp .= 'mailto:'.$rec.',';
311283
}

0 commit comments

Comments
 (0)