#!/bin/bash
#
# vdns-stack
# https://git.stack-source.com/msb/vdns-stack
# Copyright (c) 2024 Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

# load include file
source $(dirname $0)/vdns.sh

help()
{
  echo "Audit Vmail domains for DMARC records."
  echo ""
  echo "usage: $thisfilename [-d <domain>] [-h]"
  echo ""
  echo "  -h            Print this help."
  echo "  -d <domain>   Optional, domain to audit."
  echo "                If domain not specified all Vmail domains on this server will be audited."
}

vdns:getoptions "$@"

# check for zone (domain)
if [[ -n $zone ]]; then
  vmaildomains=($(/usr/local/bin/vmail-domains-get.sh -d $zone -c -t|cut -d , -f 1))
else
  vmaildomains=($(/usr/local/bin/vmail-domains-get.sh -c -t|cut -d , -f 1|tr '\n' ' '))
fi

if [[ ${#vmaildomains[@]} > 0 ]]; then
  for domain in "${vmaildomains[@]}"; do

    # get nameservers for domain
    nameservers=(`/usr/bin/dig $domain ns +short`)
    # check number of nameservers returned
    if [[ ${#nameservers[@]} = 0 ]]; then
      # domain returns zero nameservers (either unregistered, or registered but no NS entries configured in DNS)
      echo ERROR: no nameservers found for $domain
    elif [[ ${#nameservers[@]} -gt 0 ]]; then
      usesours=FALSE
      if [[ " ${nameservers[*]} " =~ " $zone_default_ns. " ]]; then
        usesours=TRUE
      fi
      if [[ $usesours = TRUE ]]; then

        # domain uses our nameservers, check for SPF records
        dmarcrecord=`/usr/bin/dig _dmarc.$domain txt +short @$zone_default_ns|grep -i v=DMARC1|wc -l`

        if [[ $dmarcrecord = 0 ]]; then
          # no dmarc, add one
          txtrecordcount=(`/usr/bin/dig _dmarc.$domain txt +short @$zone_default_ns|wc -l`)
  #         echo "$domain txtrecordcount = $txtrecordcount"
          if [[ $txtrecordcount -gt 0 ]]; then
            echo WARNING: _dmarc.$domain has existing TXT records. Manually add \"v=DMARC1; p=none;\" to DNS.
          else
            zone_exists=$(/usr/local/bin/vdns-zone-ext.sh -z $domain)
            if [[ $zone_exists = "true" ]]; then
              echo vdns-rr-rep.sh -z $domain -n _dmarc.$domain -t TXT -r '"v=DMARC1; p=none;"'
            else
              echo NOTICE: $domain uses our nameservers, but is not tied to this server. Manually add TXT record '"v=DMARC1; p=none;"' for _dmarc.$domain to DNS.
            fi
          fi
        elif [[ $dmarcrecord = 1 ]]; then
          echo SUCCESS: $domain has existing DMARC record
        else
          #unexpected result
          echo ERROR: unexpected DMARC lookup count for $domain = $dmarcrecord
        fi
      else
        # domain uses our nameservers
        echo NOTICE: $domain does not use our nameservers, not checking DMARC
      fi
    else
      # error getting nameservers
      echo ERROR: unexpected nameserver count for $domain
    fi

  done

else
  if [[ -n $zone ]]; then
    echo "Vmail domain $zone not found."
  else
    echo "No Vmail domains found."
  fi
fi