byterazor/qpsmtpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

dmarc: weed out SPF records from initial search

Browse Source 
use a variable instead of array to count list (not using RR address after all)
This commit is contained in:
Matt Simerson 2013-04-21 12:17:49 -04:00
parent 1f2a5c27ed
commit 25171ec371
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
plugins/dmarc
View File

@ -195,7 +195,6 @@ sub discover_policy {
return; return;
} }
@matches = $self->fetch_dmarc_record($org_dom); @matches = $self->fetch_dmarc_record($org_dom);
if (0 == scalar @matches) { if (0 == scalar @matches) {
$self->log(LOGINFO, "skip, no policy for $from_host"); $self->log(LOGINFO, "skip, no policy for $from_host");
return; return;
@ -308,8 +307,8 @@ sub exists_in_dns {
# I chose to query the name and match NS,MX,A,or AAAA records. Since it gets # I chose to query the name and match NS,MX,A,or AAAA records. Since it gets
# repeated for the for the Organizational Name, if it fails, there's no # repeated for the for the Organizational Name, if it fails, there's no
# delegation from the TLD. # delegation from the TLD.
my $res = $self->init_resolver(); my $res = $self->init_resolver(8);
my $query = $res->send($domain) or do { my $query = $res->query($domain, 'NS') or do {
if ($res->errorstring eq 'NXDOMAIN') { if ($res->errorstring eq 'NXDOMAIN') {
$self->log(LOGDEBUG, "fail, non-existent domain: $domain"); $self->log(LOGDEBUG, "fail, non-existent domain: $domain");
return; return;
@ -317,15 +316,15 @@ sub exists_in_dns {
$self->log(LOGINFO, "error, looking up $domain: " . $res->errorstring); $self->log(LOGINFO, "error, looking up $domain: " . $res->errorstring);
return; return;
}; };
my @matches; my $matches = 0;
for my $rr ($query->answer) { for my $rr ($query->answer) {
next if $rr->type !~ /(?:NS|MX|A|AAAA)/; next if $rr->type !~ /(?:NS|MX|A|AAAA)/;
push @matches, $rr->nsdname; $matches++;
} }
if (0 == scalar @matches) { if (0 == $matches) {
$self->log(LOGDEBUG, "fail, no records for $domain"); $self->log(LOGDEBUG, "fail, no records for $domain");
} }
return @matches; return $matches;
} }
sub fetch_dmarc_record { sub fetch_dmarc_record {
@ -344,6 +343,7 @@ sub fetch_dmarc_record {
# 2. Records that do not start with a "v=" tag that identifies the # 2. Records that do not start with a "v=" tag that identifies the
# current version of DMARC are discarded. # current version of DMARC are discarded.
next if 'v=' ne substr($rr->txtdata, 0, 2); next if 'v=' ne substr($rr->txtdata, 0, 2);
next if 'v=spf' eq substr($rr->txtdata, 0, 5); # commonly found
$self->log(LOGINFO, $rr->txtdata); $self->log(LOGINFO, $rr->txtdata);
push @matches, join('', $rr->txtdata); push @matches, join('', $rr->txtdata);
} }