2020-05-09 11:14:29 +00:00
|
|
|
|
// Copyright or © or Copr. happyDNS (2020)
|
|
|
|
|
//
|
|
|
|
|
// contact@happydns.org
|
|
|
|
|
//
|
|
|
|
|
// This software is a computer program whose purpose is to provide a modern
|
|
|
|
|
// interface to interact with DNS systems.
|
|
|
|
|
//
|
|
|
|
|
// This software is governed by the CeCILL license under French law and abiding
|
|
|
|
|
// by the rules of distribution of free software. You can use, modify and/or
|
|
|
|
|
// redistribute the software under the terms of the CeCILL license as
|
|
|
|
|
// circulated by CEA, CNRS and INRIA at the following URL
|
|
|
|
|
// "http://www.cecill.info".
|
|
|
|
|
//
|
|
|
|
|
// As a counterpart to the access to the source code and rights to copy, modify
|
|
|
|
|
// and redistribute granted by the license, users are provided only with a
|
|
|
|
|
// limited warranty and the software's author, the holder of the economic
|
|
|
|
|
// rights, and the successive licensors have only limited liability.
|
|
|
|
|
//
|
|
|
|
|
// In this respect, the user's attention is drawn to the risks associated with
|
|
|
|
|
// loading, using, modifying and/or developing or reproducing the software by
|
|
|
|
|
// the user in light of its specific status of free software, that may mean
|
|
|
|
|
// that it is complicated to manipulate, and that also therefore means that it
|
|
|
|
|
// is reserved for developers and experienced professionals having in-depth
|
|
|
|
|
// computer knowledge. Users are therefore encouraged to load and test the
|
|
|
|
|
// software's suitability as regards their requirements in conditions enabling
|
|
|
|
|
// the security of their systems and/or data to be ensured and, more generally,
|
|
|
|
|
// to use and operate it in the same conditions as regards security.
|
|
|
|
|
//
|
|
|
|
|
// The fact that you are presently reading this means that you have had
|
|
|
|
|
// knowledge of the CeCILL license and that you accept its terms.
|
|
|
|
|
|
|
|
|
|
package svcs
|
|
|
|
|
|
|
|
|
|
import (
|
2020-05-10 09:23:55 +00:00
|
|
|
|
"bytes"
|
|
|
|
|
"fmt"
|
2020-05-09 11:14:29 +00:00
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
|
|
"github.com/miekg/dns"
|
|
|
|
|
|
|
|
|
|
"git.happydns.org/happydns/model"
|
2020-06-25 21:47:50 +00:00
|
|
|
|
"git.happydns.org/happydns/utils"
|
2020-05-09 11:14:29 +00:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type MX struct {
|
|
|
|
|
Target string `json:"target"`
|
|
|
|
|
Preference uint16 `json:"preference,omitempty"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type SPFDirective struct {
|
|
|
|
|
Qualifier byte
|
|
|
|
|
Mechanism string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type SPFModifier struct {
|
|
|
|
|
Name string
|
|
|
|
|
Mechanism string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type SPFExplanation struct {
|
|
|
|
|
DomainSpec string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type SPFRedirect struct {
|
|
|
|
|
DomainSpec string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type SPF struct {
|
|
|
|
|
Content string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (t *SPF) String() string {
|
|
|
|
|
return t.Content
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type DKIM struct {
|
|
|
|
|
Fields []string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (t *DKIM) String() string {
|
|
|
|
|
return strings.Join(t.Fields, "; ")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type DMARC struct {
|
|
|
|
|
Fields []string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (t *DMARC) String() string {
|
|
|
|
|
return strings.Join(t.Fields, ";")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type MTA_STS struct {
|
|
|
|
|
Fields []string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (t *MTA_STS) String() string {
|
|
|
|
|
return strings.Join(t.Fields, ";")
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-10 12:00:58 +00:00
|
|
|
|
type TLS_RPT struct {
|
|
|
|
|
Fields []string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (t *TLS_RPT) String() string {
|
|
|
|
|
return strings.Join(t.Fields, ";")
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-09 11:14:29 +00:00
|
|
|
|
type EMail struct {
|
2020-06-08 12:33:12 +00:00
|
|
|
|
MX []MX `json:"mx,omitempty" happydns:"label=EMail Servers"`
|
|
|
|
|
SPF *SPF `json:"spf,omitempty" happydns:"label=Sender Policy Framework"`
|
|
|
|
|
DKIM map[string]*DKIM `json:"dkim,omitempty" happydns:"label=Domain Keys"`
|
|
|
|
|
DMARC *DMARC `json:"dmarc,omitempty" happydns:"label=DMARC"`
|
|
|
|
|
MTA_STS *MTA_STS `json:"mta_sts,omitempty" happydns:"label=Strict Transport Security"`
|
|
|
|
|
TLS_RPT *TLS_RPT `json:"tls_rpt,omitempty" happydns:"label=TLS Reporting"`
|
2020-05-09 11:14:29 +00:00
|
|
|
|
}
|
|
|
|
|
|
2020-05-10 09:23:55 +00:00
|
|
|
|
func (s *EMail) GetNbResources() int {
|
|
|
|
|
return len(s.MX)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *EMail) GenComment(origin string) string {
|
|
|
|
|
poolMX := map[string]int{}
|
|
|
|
|
|
|
|
|
|
for _, mx := range s.MX {
|
|
|
|
|
labels := dns.SplitDomainName(mx.Target)
|
|
|
|
|
nbLabel := len(labels)
|
|
|
|
|
|
|
|
|
|
var dn string
|
|
|
|
|
if len(labels[nbLabel-2]) < 4 {
|
|
|
|
|
dn = strings.Join(labels[nbLabel-3:], ".") + "."
|
|
|
|
|
} else {
|
|
|
|
|
dn = strings.Join(labels[nbLabel-2:], ".") + "."
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
poolMX[dn] += 1
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var buffer bytes.Buffer
|
|
|
|
|
first := true
|
|
|
|
|
|
|
|
|
|
for dn, nb := range poolMX {
|
|
|
|
|
if !first {
|
|
|
|
|
buffer.WriteString("; ")
|
|
|
|
|
} else {
|
|
|
|
|
first = !first
|
|
|
|
|
}
|
|
|
|
|
buffer.WriteString(strings.TrimSuffix(dn, "."+origin))
|
|
|
|
|
if nb > 1 {
|
|
|
|
|
buffer.WriteString(fmt.Sprintf(" ×%d", nb))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if s.SPF != nil {
|
|
|
|
|
buffer.WriteString(" + SPF")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if s.DKIM != nil {
|
|
|
|
|
buffer.WriteString(" + DKIM")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if s.DMARC != nil {
|
|
|
|
|
buffer.WriteString(" + DMARC")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if s.MTA_STS != nil {
|
|
|
|
|
buffer.WriteString(" + MTA-STS")
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-10 12:00:58 +00:00
|
|
|
|
if s.TLS_RPT != nil {
|
|
|
|
|
buffer.WriteString(" + TLS Reporting")
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-10 09:23:55 +00:00
|
|
|
|
return buffer.String()
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-27 13:14:14 +00:00
|
|
|
|
func (s *EMail) GenRRs(domain string, ttl uint32, origin string) (rrs []dns.RR) {
|
2020-05-09 11:14:29 +00:00
|
|
|
|
if len(s.MX) > 0 {
|
|
|
|
|
for _, mx := range s.MX {
|
|
|
|
|
rrs = append(rrs, &dns.MX{
|
|
|
|
|
Hdr: dns.RR_Header{
|
|
|
|
|
Name: domain,
|
|
|
|
|
Rrtype: dns.TypeMX,
|
|
|
|
|
Class: dns.ClassINET,
|
|
|
|
|
Ttl: ttl,
|
|
|
|
|
},
|
2020-06-27 17:25:45 +00:00
|
|
|
|
Mx: utils.DomainFQDN(mx.Target, origin),
|
2020-05-09 11:14:29 +00:00
|
|
|
|
Preference: mx.Preference,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if s.SPF != nil {
|
|
|
|
|
rrs = append(rrs, &dns.TXT{
|
|
|
|
|
Hdr: dns.RR_Header{
|
|
|
|
|
Name: domain,
|
|
|
|
|
Rrtype: dns.TypeTXT,
|
|
|
|
|
Class: dns.ClassINET,
|
|
|
|
|
Ttl: ttl,
|
|
|
|
|
},
|
2020-06-25 21:47:50 +00:00
|
|
|
|
Txt: utils.SplitN("v=spf1 "+s.SPF.String(), 255),
|
2020-05-09 11:14:29 +00:00
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for selector, d := range s.DKIM {
|
|
|
|
|
rrs = append(rrs, &dns.TXT{
|
|
|
|
|
Hdr: dns.RR_Header{
|
|
|
|
|
Name: selector + "._domainkey." + domain,
|
|
|
|
|
Rrtype: dns.TypeTXT,
|
|
|
|
|
Class: dns.ClassINET,
|
|
|
|
|
Ttl: ttl,
|
|
|
|
|
},
|
2020-06-25 21:47:50 +00:00
|
|
|
|
Txt: utils.SplitN(d.String(), 255),
|
2020-05-09 11:14:29 +00:00
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if s.DMARC != nil {
|
|
|
|
|
rrs = append(rrs, &dns.TXT{
|
|
|
|
|
Hdr: dns.RR_Header{
|
|
|
|
|
Name: "_dmarc." + domain,
|
|
|
|
|
Rrtype: dns.TypeTXT,
|
|
|
|
|
Class: dns.ClassINET,
|
|
|
|
|
Ttl: ttl,
|
|
|
|
|
},
|
2020-06-25 21:47:50 +00:00
|
|
|
|
Txt: utils.SplitN(s.DMARC.String(), 255),
|
2020-05-09 11:14:29 +00:00
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if s.MTA_STS != nil {
|
|
|
|
|
rrs = append(rrs, &dns.TXT{
|
|
|
|
|
Hdr: dns.RR_Header{
|
|
|
|
|
Name: "_mta-sts." + domain,
|
|
|
|
|
Rrtype: dns.TypeTXT,
|
|
|
|
|
Class: dns.ClassINET,
|
|
|
|
|
Ttl: ttl,
|
|
|
|
|
},
|
2020-06-25 21:47:50 +00:00
|
|
|
|
Txt: utils.SplitN(s.MTA_STS.String(), 255),
|
2020-05-09 11:14:29 +00:00
|
|
|
|
})
|
|
|
|
|
}
|
2020-05-10 12:00:58 +00:00
|
|
|
|
|
|
|
|
|
if s.TLS_RPT != nil {
|
|
|
|
|
rrs = append(rrs, &dns.TXT{
|
|
|
|
|
Hdr: dns.RR_Header{
|
|
|
|
|
Name: "_smtp._tls." + domain,
|
|
|
|
|
Rrtype: dns.TypeTXT,
|
|
|
|
|
Class: dns.ClassINET,
|
|
|
|
|
Ttl: ttl,
|
|
|
|
|
},
|
2020-06-25 21:47:50 +00:00
|
|
|
|
Txt: utils.SplitN(s.TLS_RPT.String(), 255),
|
2020-05-10 12:00:58 +00:00
|
|
|
|
})
|
|
|
|
|
}
|
2020-05-09 11:14:29 +00:00
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func email_analyze(a *Analyzer) (err error) {
|
|
|
|
|
services := map[string]*EMail{}
|
|
|
|
|
|
|
|
|
|
// Handle only MX records
|
|
|
|
|
for _, record := range a.searchRR(AnalyzerRecordFilter{Type: dns.TypeMX}) {
|
|
|
|
|
if mx, ok := record.(*dns.MX); ok {
|
|
|
|
|
dn := mx.Header().Name
|
|
|
|
|
|
|
|
|
|
if _, ok := services[dn]; !ok {
|
|
|
|
|
services[dn] = &EMail{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
services[dn].MX = append(
|
|
|
|
|
services[dn].MX,
|
|
|
|
|
MX{
|
|
|
|
|
Target: mx.Mx,
|
|
|
|
|
Preference: mx.Preference,
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
err = a.useRR(
|
|
|
|
|
record,
|
|
|
|
|
dn,
|
|
|
|
|
services[dn],
|
|
|
|
|
)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for domain, service := range services {
|
|
|
|
|
// Is there SPF record?
|
|
|
|
|
for _, record := range a.searchRR(AnalyzerRecordFilter{Type: dns.TypeTXT, Domain: domain, Contains: "v=spf1"}) {
|
|
|
|
|
if service.SPF == nil {
|
|
|
|
|
service.SPF = &SPF{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if txt, ok := record.(*dns.TXT); ok {
|
|
|
|
|
service.SPF.Content += strings.TrimSpace(strings.Join(txt.Txt, "")) + " "
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = a.useRR(record, domain, service)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
service.DKIM = map[string]*DKIM{}
|
|
|
|
|
// Is there DKIM record?
|
|
|
|
|
for _, record := range a.searchRR(AnalyzerRecordFilter{Type: dns.TypeTXT, SubdomainsOf: "_domainkey." + domain}) {
|
|
|
|
|
selector := strings.TrimSuffix(record.Header().Name, "._domainkey."+domain)
|
|
|
|
|
|
|
|
|
|
if _, ok := service.DKIM[selector]; !ok {
|
|
|
|
|
service.DKIM[selector] = &DKIM{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if txt, ok := record.(*dns.TXT); ok {
|
|
|
|
|
service.DKIM[selector].Fields = append(service.DKIM[selector].Fields, strings.Split(strings.Join(txt.Txt, ""), ";")...)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = a.useRR(record, domain, service)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Is there DMARC record?
|
|
|
|
|
for _, record := range a.searchRR(AnalyzerRecordFilter{Type: dns.TypeTXT, Domain: "_dmarc." + domain}) {
|
|
|
|
|
if service.DMARC == nil {
|
|
|
|
|
service.DMARC = &DMARC{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if txt, ok := record.(*dns.TXT); ok {
|
|
|
|
|
service.DMARC.Fields = append(service.DMARC.Fields, strings.Split(strings.Join(txt.Txt, ""), ";")...)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = a.useRR(record, domain, service)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Is there MTA-STS record?
|
|
|
|
|
for _, record := range a.searchRR(AnalyzerRecordFilter{Type: dns.TypeTXT, Domain: "_mta-sts." + domain}) {
|
|
|
|
|
if service.MTA_STS == nil {
|
|
|
|
|
service.MTA_STS = &MTA_STS{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if txt, ok := record.(*dns.TXT); ok {
|
|
|
|
|
service.MTA_STS.Fields = append(service.MTA_STS.Fields, strings.Split(strings.Join(txt.Txt, ""), ";")...)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = a.useRR(record, domain, service)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-05-10 12:00:58 +00:00
|
|
|
|
|
|
|
|
|
// Is there MTA-STS record?
|
|
|
|
|
for _, record := range a.searchRR(AnalyzerRecordFilter{Type: dns.TypeTXT, Domain: "_smtp._tls." + domain}) {
|
|
|
|
|
if service.TLS_RPT == nil {
|
|
|
|
|
service.TLS_RPT = &TLS_RPT{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if txt, ok := record.(*dns.TXT); ok {
|
|
|
|
|
service.TLS_RPT.Fields = append(service.TLS_RPT.Fields, strings.Split(strings.Join(txt.Txt, ""), ";")...)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = a.useRR(record, domain, service)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-05-09 11:14:29 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
|
RegisterService(
|
|
|
|
|
func() happydns.Service {
|
|
|
|
|
return &EMail{}
|
|
|
|
|
},
|
|
|
|
|
email_analyze,
|
|
|
|
|
ServiceInfos{
|
|
|
|
|
Name: "E-Mail",
|
|
|
|
|
Description: "",
|
|
|
|
|
Categories: []string{
|
|
|
|
|
"email",
|
|
|
|
|
},
|
2020-06-07 23:23:09 +00:00
|
|
|
|
Tabs: true,
|
2020-05-09 11:14:29 +00:00
|
|
|
|
},
|
2020-05-10 22:13:16 +00:00
|
|
|
|
1,
|
2020-05-09 11:14:29 +00:00
|
|
|
|
)
|
|
|
|
|
}
|