Commit cbc7e280 authored by Joshua Tauberer's avatar Joshua Tauberer

set the SPF record after custom DNS records so that the SPF record doesn't...

set the SPF record after custom DNS records so that the SPF record doesn't prevent all custom TXT records from coming in
parent f4fa9c93
...@@ -183,10 +183,6 @@ def build_zone(domain, all_domains, additional_records, env, is_zone=True): ...@@ -183,10 +183,6 @@ def build_zone(domain, all_domains, additional_records, env, is_zone=True):
# The MX record says where email for the domain should be delivered: Here! # The MX record says where email for the domain should be delivered: Here!
records.append((None, "MX", "10 %s." % env["PRIMARY_HOSTNAME"], "Required. Specifies the hostname (and priority) of the machine that handles @%s mail." % domain)) records.append((None, "MX", "10 %s." % env["PRIMARY_HOSTNAME"], "Required. Specifies the hostname (and priority) of the machine that handles @%s mail." % domain))
# SPF record: Permit the box ('mx', see above) to send mail on behalf of
# the domain, and no one else.
records.append((None, "TXT", 'v=spf1 mx -all', "Recommended. Specifies that only the box is permitted to send @%s mail." % domain))
# Add DNS records for any subdomains of this domain. We should not have a zone for # Add DNS records for any subdomains of this domain. We should not have a zone for
# both a domain and one of its subdomains. # both a domain and one of its subdomains.
subdomains = [d for d in all_domains if d.endswith("." + domain)] subdomains = [d for d in all_domains if d.endswith("." + domain)]
...@@ -207,6 +203,7 @@ def build_zone(domain, all_domains, additional_records, env, is_zone=True): ...@@ -207,6 +203,7 @@ def build_zone(domain, all_domains, additional_records, env, is_zone=True):
return False return False
# The user may set other records that don't conflict with our settings. # The user may set other records that don't conflict with our settings.
# Don't put any TXT records above this line, or it'll prevent any custom TXT records.
for qname, rtype, value in get_custom_records(domain, additional_records, env): for qname, rtype, value in get_custom_records(domain, additional_records, env):
if has_rec(qname, rtype): continue if has_rec(qname, rtype): continue
records.append((qname, rtype, value, "(Set by user.)")) records.append((qname, rtype, value, "(Set by user.)"))
...@@ -229,6 +226,10 @@ def build_zone(domain, all_domains, additional_records, env, is_zone=True): ...@@ -229,6 +226,10 @@ def build_zone(domain, all_domains, additional_records, env, is_zone=True):
if not has_rec(qname, rtype) and not has_rec(qname, "CNAME") and not has_rec(qname, "A"): if not has_rec(qname, rtype) and not has_rec(qname, "CNAME") and not has_rec(qname, "A"):
records.append((qname, rtype, value, explanation)) records.append((qname, rtype, value, explanation))
# SPF record: Permit the box ('mx', see above) to send mail on behalf of
# the domain, and no one else.
records.append((None, "TXT", 'v=spf1 mx -all', "Recommended. Specifies that only the box is permitted to send @%s mail." % domain))
# Append the DKIM TXT record to the zone as generated by OpenDKIM. # Append the DKIM TXT record to the zone as generated by OpenDKIM.
opendkim_record_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim/mail.txt') opendkim_record_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim/mail.txt')
with open(opendkim_record_file) as orf: with open(opendkim_record_file) as orf:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment