Be more flexible about SPF record: just 'a mx -all' is enough, no need to specify IP. (also fix TXT record validation in diagnosis)

2024-09-03 20:06:10 +02:00 · 2020-04-16 23:59:42 +02:00 · 2020-04-16 23:59:42 +02:00 · 4306db7cf1
commit 4306db7cf1
parent dd7b42d3e8
2 changed files with 7 additions and 10 deletions
--- a/data/hooks/diagnosis/12-dnsrecords.py
+++ b/data/hooks/diagnosis/12-dnsrecords.py
@ -127,8 +127,12 @@ class DNSRecordsDiagnoser(Diagnoser):
            # Split expected/current
            #  from  "v=DKIM1; k=rsa; p=hugekey;"
            #  to a set like {'v=DKIM1', 'k=rsa', 'p=...'}
-            expected = set(r["value"].strip(' "').strip(";").replace(" ", "").split())
-            current = set(r["current"].strip(' "').strip(";").replace(" ", "").split())
+            expected = set(r["value"].strip(';" ').replace(";", " ").split())
+            current = set(r["current"].strip(';" ').replace(";", " ").split())
+
+            # For SPF, ignore parts starting by ip4: or ip6:
+            if r["name"] == "@":
+                current = {part for part in current if not part.startswith("ip4:") and not part.startswith("ip6:")}
            return expected == current
        elif r["type"] ==  "MX":
            # For MX, we want to ignore the priority
--- a/src/yunohost/domain.py
+++ b/src/yunohost/domain.py
@ -455,16 +455,9 @@ def _build_dns_conf(domain, ttl=3600, include_empty_AAAA_if_no_ipv6=False):
    # Email #
    #########

-    spf_record = '"v=spf1 a mx'
-    if ipv4:
-        spf_record += ' ip4:{ip4}'.format(ip4=ipv4)
-    if ipv6:
-        spf_record += ' ip6:{ip6}'.format(ip6=ipv6)
-    spf_record += ' -all"'
-
    mail = [
        ["@", ttl, "MX", "10 %s." % domain],
-        ["@", ttl, "TXT", spf_record],
+        ["@", ttl, "TXT", "v=spf1 a mx -all"],
    ]

    # DKIM/DMARC record