88 lines
3.0 KiB
Bash
Executable File
88 lines
3.0 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# vdns-stack
|
|
# https://git.stack-source.com/msb/vdns-stack
|
|
# Copyright (c) 2024 Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
# load include file
|
|
source $(dirname $0)/vdns.sh
|
|
|
|
help()
|
|
{
|
|
echo "Audit Vmail domains for DMARC records."
|
|
echo ""
|
|
echo "usage: $thisfilename [-d <domain>] [-h]"
|
|
echo ""
|
|
echo " -h Print this help."
|
|
echo " -d <domain> Optional, domain to audit."
|
|
echo " If domain not specified all Vmail domains on this server will be audited."
|
|
}
|
|
|
|
vdns:getoptions "$@"
|
|
|
|
# check for zone (domain)
|
|
if [[ -n $zone ]]; then
|
|
vmaildomains=($(/usr/local/bin/vmail-domains-get.sh -d $zone -c -t|cut -d , -f 1))
|
|
else
|
|
vmaildomains=($(/usr/local/bin/vmail-domains-get.sh -c -t|cut -d , -f 1|tr '\n' ' '))
|
|
fi
|
|
|
|
if [[ ${#vmaildomains[@]} > 0 ]]; then
|
|
for domain in "${vmaildomains[@]}"; do
|
|
|
|
# get nameservers for domain
|
|
nameservers=(`/usr/bin/dig $domain ns +short`)
|
|
# check number of nameservers returned
|
|
if [[ ${#nameservers[@]} = 0 ]]; then
|
|
# domain returns zero nameservers (either unregistered, or registered but no NS entries configured in DNS)
|
|
echo ERROR: no nameservers found for $domain
|
|
elif [[ ${#nameservers[@]} -gt 0 ]]; then
|
|
usesours=FALSE
|
|
if [[ " ${nameservers[*]} " =~ " $zone_default_ns. " ]]; then
|
|
usesours=TRUE
|
|
fi
|
|
if [[ $usesours = TRUE ]]; then
|
|
|
|
# domain uses our nameservers, check for SPF records
|
|
dmarcrecord=`/usr/bin/dig _dmarc.$domain txt +short @$zone_default_ns|grep -i v=DMARC1|wc -l`
|
|
|
|
if [[ $dmarcrecord = 0 ]]; then
|
|
# no dmarc, add one
|
|
txtrecordcount=(`/usr/bin/dig _dmarc.$domain txt +short @$zone_default_ns|wc -l`)
|
|
# echo "$domain txtrecordcount = $txtrecordcount"
|
|
if [[ $txtrecordcount -gt 0 ]]; then
|
|
echo WARNING: _dmarc.$domain has existing TXT records. Manually add \"v=DMARC1; p=none;\" to DNS.
|
|
else
|
|
zone_exists=$(/usr/local/bin/vdns-zone-ext.sh -z $domain)
|
|
if [[ $zone_exists = "true" ]]; then
|
|
echo vdns-rr-rep.sh -z $domain -n _dmarc.$domain -t TXT -r '"v=DMARC1; p=none;"'
|
|
else
|
|
echo NOTICE: $domain uses our nameservers, but is not tied to this server. Manually add TXT record '"v=DMARC1; p=none;"' for _dmarc.$domain to DNS.
|
|
fi
|
|
fi
|
|
elif [[ $dmarcrecord = 1 ]]; then
|
|
echo SUCCESS: $domain has existing DMARC record
|
|
else
|
|
#unexpected result
|
|
echo ERROR: unexpected DMARC lookup count for $domain = $dmarcrecord
|
|
fi
|
|
else
|
|
# domain uses our nameservers
|
|
echo NOTICE: $domain does not use our nameservers, not checking DMARC
|
|
fi
|
|
else
|
|
# error getting nameservers
|
|
echo ERROR: unexpected nameserver count for $domain
|
|
fi
|
|
|
|
done
|
|
|
|
else
|
|
if [[ -n $zone ]]; then
|
|
echo "Vmail domain $zone not found."
|
|
else
|
|
echo "No Vmail domains found."
|
|
fi
|
|
fi
|