Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UnrelatedTXTRecordFoundAtDMARC is actually raised when rua/ruf destination doesn't designate the source domain #141

Merged
merged 4 commits into from
Aug 1, 2024
Merged

UnrelatedTXTRecordFoundAtDMARC is actually raised when rua/ruf destination doesn't designate the source domain #141

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5e0fbe9
UnrelatedTXTRecordFoundAtDMARC contains target info
kazet Jul 31, 2024
2128889
.
kazet Jul 31, 2024
f19aca1
.
kazet Jul 31, 2024
a6e0716
.
kazet Jul 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 10 additions & 13 deletions checkdmarc/dmarc.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -424,7 +424,8 @@ def _query_dmarc_record(domain: str, nameservers: list[str] = None,
raise UnrelatedTXTRecordFoundAtDMARC(
"Unrelated TXT records were discovered. These should be "
"removed, as some receivers may not expect to find "
f"unrelated TXT records at {target}\n\n{ur_str}")
f"unrelated TXT records at {target}\n\n{ur_str}",
data={"target": target})
if len(dmarc_records) == 1:
dmarc_record = dmarc_records[0]

Expand Down Expand Up @@ -663,7 +664,8 @@ def check_wildcard_dmarc_report_authorization(
"Unrelated TXT records were discovered. "
"These should be removed, as some "
"receivers may not expect to find unrelated TXT records "
f"at {wildcard_target}\n\n{ur_str}")
f"at {wildcard_target}\n\n{ur_str}",
data={"target": wildcard_target})

if dmarc_record_count < 1:
return False
Expand All @@ -678,10 +680,11 @@ def verify_dmarc_report_destination(source_domain: str,
nameservers: list[str] = None,
ignore_unrelated_records: bool = False,
resolver: dns.resolver.Resolver = None,
timeout: float = 2.0) -> bool:
timeout: float = 2.0) -> None:
"""
Checks if the report destination accepts reports for the source domain
per RFC 7489, section 7.1
per RFC 7489, section 7.1. Raises
`checkdmarc.dmarc.UnverifiedDMARCURIDestination` if it doesn't accept.

Args:
source_domain (str): The source domain
Expand All @@ -692,10 +695,6 @@ def verify_dmarc_report_destination(source_domain: str,
requests
timeout (float): number of seconds to wait for an answer from DNS

Returns:
bool: Indicates if the report domain accepts reports from the given
domain

Raises:
:exc:`checkdmarc.dmarc.UnverifiedDMARCURIDestination`
:exc:`checkdmarc.dmarc.UnrelatedTXTRecordFound`
Expand All @@ -710,7 +709,7 @@ def verify_dmarc_report_destination(source_domain: str,
nameservers=nameservers,
ignore_unrelated_records=ignore_unrelated_records,
resolver=resolver):
return True
return
target = f"{source_domain}._report._dmarc.{destination_domain}"
message = f"{destination_domain} does not indicate that it accepts " \
f"DMARC reports about {source_domain} - " \
Expand All @@ -736,15 +735,13 @@ def verify_dmarc_report_destination(source_domain: str,
"Unrelated TXT records were discovered. "
"These should be removed, as some "
"receivers may not expect to find unrelated TXT records "
f"at {target}\n\n{ur_str}")
f"at {target}\n\n{ur_str}", data={"target": target})

if dmarc_record_count < 1:
return False
raise UnverifiedDMARCURIDestination(message)
except Exception:
raise UnverifiedDMARCURIDestination(message)

return True


def parse_dmarc_record(
record: str, domain: str, parked: bool = False,
Expand Down
Loading