self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2025-01-16 02:46:44 +02:00
Code Issues Releases Activity

Ensure that postfix will be able to use the TLSA records

Browse Source 
see https://www.huque.com/dane/testsite/ for the testcases
This commit is contained in:
Florent Daigniere 2021-09-01 09:01:04 +02:00
parent ef5f82362c
commit c1d94bb725
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/admin/mailu/utils.py
View File

@ -44,14 +44,14 @@ resolver = dns.resolver.Resolver()
resolver.use_edns(0, 0, 1500) resolver.use_edns(0, 0, 1500)
resolver.flags = dns.flags.AD | dns.flags.RD resolver.flags = dns.flags.AD | dns.flags.RD
def has_dane_record(domain, timeout=5): def has_dane_record(domain, timeout=10):
try: try:
result = resolver.query(f'_25._tcp.{domain}', dns.rdatatype.TLSA,dns.rdataclass.IN, lifetime=timeout) result = resolver.query(f'_25._tcp.{domain}', dns.rdatatype.TLSA,dns.rdataclass.IN, lifetime=timeout)
if (result.response.flags & dns.flags.AD) == dns.flags.AD: if (result.response.flags & dns.flags.AD) == dns.flags.AD:
for record in result: for record in result:
if isinstance(record, dns.rdtypes.ANY.TLSA.TLSA): if isinstance(record, dns.rdtypes.ANY.TLSA.TLSA):
record.validate() record.validate()
if record.usage in [2,3]: # postfix wants DANE-only if record.usage in [2,3] and record.selector in [0,1] and record.mtype in [0,1,2]:
return True return True
except dns.resolver.NoNameservers: except dns.resolver.NoNameservers:
# If the DNSSEC data is invalid and the DNS resolver is DNSSEC enabled # If the DNSSEC data is invalid and the DNS resolver is DNSSEC enabled