when checking domain settings, check that dmarc & tls reporting addresses are present if there is a record

2025-07-12 17:04:39 +03:00 · 2023-11-10 20:25:06 +01:00
parent 61bae75228
commit 2073db194b
7 changed files with 82 additions and 26 deletions
--- a/webadmin/admin.go
+++ b/webadmin/admin.go
@ -1118,8 +1118,22 @@ EOF
 				Scheme: "mailto",
 				Opaque: smtp.NewAddress(domConf.DMARC.ParsedLocalpart, domConf.DMARC.DNSDomain).Pack(false),
 			}
+			uristr := uri.String()
 			dmarcr.AggregateReportAddresses = []dmarc.URI{
-				{Address: uri.String(), MaxSize: 10, Unit: "m"},
+				{Address: uristr, MaxSize: 10, Unit: "m"},
+			}
+
+			if record != nil {
+				found := false
+				for _, addr := range record.AggregateReportAddresses {
+					if addr.Address == uristr {
+						found = true
+						break
+					}
+				}
+				if !found {
+					addf(&r.DMARC.Errors, "Configured DMARC reporting address is not present in record.")
+				}
 			}
 		} else {
 			addf(&r.DMARC.Instructions, `Configure a DMARC destination in domain in config file.`)
@ -1153,13 +1167,10 @@ EOF
 				Scheme: "mailto",
 				Opaque: address.Pack(false),
 			}
-			uristr := uri.String()
-			uristr = strings.ReplaceAll(uristr, ",", "%2C")
-			uristr = strings.ReplaceAll(uristr, "!", "%21")
-			uristr = strings.ReplaceAll(uristr, ";", "%3B")
+			rua := tlsrpt.RUA(uri.String())
 			tlsrptr := &tlsrpt.Record{
 				Version: "TLSRPTv1",
-				RUAs:    [][]string{{uristr}},
+				RUAs:    [][]tlsrpt.RUA{{rua}},
 			}
 			instr += fmt.Sprintf(`

@ -1167,6 +1178,23 @@ Ensure a DNS TXT record like the following exists:

 	_smtp._tls TXT %s
 `, mox.TXTStrings(tlsrptr.String()))
+
+			if err == nil {
+				found := false
+			RUA:
+				for _, l := range record.RUAs {
+					for _, e := range l {
+						if e == rua {
+							found = true
+							break RUA
+						}
+					}
+				}
+				if !found {
+					addf(&result.Errors, `Configured reporting address is not present in TLSRPT record.`)
+				}
+			}
+
 		} else if isHost {
 			addf(&result.Errors, `Configure a host TLSRPT localpart in static mox.conf config file.`)
 		} else {
--- a/webadmin/adminapi.json
+++ b/webadmin/adminapi.json
@ -1759,11 +1759,11 @@
 				},
 				{
 					"Name": "RUAs",
-					"Docs": "Aggregate reporting URI, for \"rua=\". \"rua=\" can occur multiple times, each can be a list. Must be URL-encoded strings, with \",\", \"!\" and \";\" encoded.",
+					"Docs": "Aggregate reporting URI, for \"rua=\". \"rua=\" can occur multiple times, each can be a list.",
 					"Typewords": [
 						"[]",
 						"[]",
-						"string"
+						"RUA"
 					]
 				},
 				{
@ -3903,6 +3903,11 @@
 				}
 			]
 		},
+		{
+			"Name": "RUA",
+			"Docs": "RUA is a reporting address with scheme and special characters \",\", \"!\" and\n\";\" not encoded.",
+			"Values": null
+		},
 		{
 			"Name": "Mode",
 			"Docs": "Mode indicates how the policy should be interpreted.",