From 726c0931f77db09d7d03c5ca319c70d737e54f1d Mon Sep 17 00:00:00 2001 From: Mechiel Lukkien Date: Sun, 24 Nov 2024 12:32:45 +0100 Subject: [PATCH] admin: in self-check for spf records against our ip's, don't try checking the unspecified addresses (0.0.0.0 and ::), and warn if there are no explicitly configured ips based on question by spectral369 on #mox on matrix --- mox-/admin.go | 3 +++ webadmin/admin.go | 9 +++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/mox-/admin.go b/mox-/admin.go index 06bff0a8b..ac4dc7f55 100644 --- a/mox-/admin.go +++ b/mox-/admin.go @@ -684,6 +684,9 @@ func DomainSPFIPs() (ips []net.IP) { } for _, ipstr := range ipstrs { ip := net.ParseIP(ipstr) + if ip.IsUnspecified() { + continue + } ips = append(ips, ip) } } diff --git a/webadmin/admin.go b/webadmin/admin.go index 8d956988b..3ea74660b 100644 --- a/webadmin/admin.go +++ b/webadmin/admin.go @@ -953,6 +953,8 @@ EOF defer logPanic(ctx) defer wg.Done() + ips := mox.DomainSPFIPs() + // Verify a domain with the configured IPs that do SMTP. verifySPF := func(isHost bool, domain dns.Domain) (string, *SPFRecord, spf.Record) { kind := "domain" @@ -1000,10 +1002,9 @@ EOF } } - for _, ip := range mox.DomainSPFIPs() { + for _, ip := range ips { checkSPFIP(ip) } - if !isHost { spfr.Directives = append(spfr.Directives, spf.Directive{Mechanism: "mx"}) } @@ -1022,6 +1023,10 @@ EOF // todo: possibly check all hosts for MX records? assuming they are also sending mail servers. r.SPF.HostTXT, r.SPF.HostRecord, _ = verifySPF(true, mox.Conf.Static.HostnameDomain) + if len(ips) == 0 { + addf(&r.SPF.Warnings, `No explicitly configured IPs found to check SPF policy against. Consider configuring public IPs instead of unspecified addresses (0.0.0.0 and/or ::) in the "public" listener in mox.conf, or NATIPs in case of NAT.`) + } + dtxt, err := dspfr.Record() if err != nil { addf(&r.SPF.Errors, "Making SPF record for instructions: %s", err)