Commit 46f3d050 authored by Joshua Tauberer's avatar Joshua Tauberer

add the network checks to whats_next

* zen.spamhaus.org
* dbl.spamhaus.org
* checks if a connection to Google's MTA on port 25 works
parent 91821adf
...@@ -19,6 +19,7 @@ from utils import shell, sort_domains, load_env_vars_from_file ...@@ -19,6 +19,7 @@ from utils import shell, sort_domains, load_env_vars_from_file
def run_checks(env, output): def run_checks(env, output):
env["out"] = output env["out"] = output
run_system_checks(env) run_system_checks(env)
run_network_checks(env)
run_domain_checks(env) run_domain_checks(env)
def run_system_checks(env): def run_system_checks(env):
...@@ -39,6 +40,35 @@ def run_system_checks(env): ...@@ -39,6 +40,35 @@ def run_system_checks(env):
# admin email is automatically directed. # admin email is automatically directed.
check_alias_exists("administrator@" + env['PRIMARY_HOSTNAME'], env) check_alias_exists("administrator@" + env['PRIMARY_HOSTNAME'], env)
def run_network_checks(env):
# Also see setup/network-checks.sh.
env["out"].add_heading("Network")
# Stop if we cannot make an outbound connection on port 25. Many residential
# networks block outbound port 25 to prevent their network from sending spam.
# See if we can reach one of Google's MTAs with a 5-second timeout.
code, ret = shell("check_call", ["/bin/nc", "-z", "-w5", "aspmx.l.google.com", "25"], trap=True)
if ret == 0:
env['out'].print_ok("Outbound mail (SMTP port 25) is not blocked.")
else:
env['out'].print_error("""Outbound mail (SMTP port 25) seems to be blocked by your network. You
will not be able to send any mail. Many residential networks block port 25 to prevent hijacked
machines from being able to send spam. A quick connection test to Google's mail server on port 25
failed.""")
# Stop if the IPv4 address is listed in the ZEN Spamhouse Block List.
# The user might have ended up on an IP address that was previously in use
# by a spammer, or the user may be deploying on a residential network. We
# will not be able to reliably send mail in these cases.
rev_ip4 = ".".join(reversed(env['PUBLIC_IP'].split('.')))
if not query_dns(rev_ip4+'.zen.spamhaus.org', 'A', nxdomain=None):
env['out'].print_ok("IP address is not blacklisted by zen.spamhaus.org.")
else:
env['out'].print_error("""The IP address of this machine %s is listed in the Spamhaus Block List,
which may prevent recipients from receiving your email. See http://www.spamhaus.org/query/ip/%s."""
% (env['PUBLIC_IP'], env['PUBLIC_IP']))
def run_domain_checks(env): def run_domain_checks(env):
# Get the list of domains we handle mail for. # Get the list of domains we handle mail for.
mail_domains = get_mail_domains(env) mail_domains = get_mail_domains(env)
...@@ -215,6 +245,15 @@ def check_mail_domain(domain, env): ...@@ -215,6 +245,15 @@ def check_mail_domain(domain, env):
# Check that the postmaster@ email address exists. # Check that the postmaster@ email address exists.
check_alias_exists("postmaster@" + domain, env) check_alias_exists("postmaster@" + domain, env)
# Stop if the domain is listed in the Spamhaus Domain Block List.
# The user might have chosen a domain that was previously in use by a spammer
# and will not be able to reliably send mail.
if not query_dns(domain+'.dbl.spamhaus.org', "A", nxdomain=None):
env['out'].print_ok("Domain is not blacklisted by dbl.spamhaus.org.")
else:
env['out'].print_error("""This domain is listed in the Spamhaus Domain Block List, which may prevent recipients from receiving your mail.
See http://www.spamhaus.org/dbl/ and http://www.spamhaus.org/query/domain/%s.""" % domain)
def check_web_domain(domain, env): def check_web_domain(domain, env):
# See if the domain's A record resolves to our PUBLIC_IP. This is already checked # See if the domain's A record resolves to our PUBLIC_IP. This is already checked
# for PRIMARY_HOSTNAME, for which it is required for mail specifically. For it and # for PRIMARY_HOSTNAME, for which it is required for mail specifically. For it and
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment