Module todo: DMARK/DKIM/SPF #706
Replies: 3 comments 3 replies
-
This is now possible thanks to #1532. |
Beta Was this translation helpful? Give feedback.
-
I've got modules mostly ready for these, I'll submit new issues/PR's soon. DMARC = ready |
Beta Was this translation helpful? Give feedback.
-
@joostgrunwald that's precisely what I've got in progress, my DMARC module will emit VULNERABILITY events for non-RFC compliant/invalid polices, e.g. due to typeo etc, as well as policies that are p=none. I can probably add a config option that would, if explicitly configured to do so, emit VULNERABILITY for p=quarantine as well. Can you get more specific about what kind of situations beyond those that you would like to see VULNERABILITY events for? e.g. non-strict alignment etc? Similar thing with DKIM... the module is almost ready for a PR. I've got the module emitting vulns for invalid records, non-RSA keys, invalid RSA pub keys (non-decodable to a usable key), as well as RSA key sizes less than 1024 bits. Anything else that you would want to see? Similar with SPF too... though that module's proving a little more difficult. Again, what would you want to see from analysis of SPF records? |
Beta Was this translation helpful? Give feedback.
-
https://github.com/MattKeeley/Spoofy
Some basic examples, courtesy of chatgpt:
Explanation
SPF Checks:
'all'
should not be configured to allow all hosts (+all
). This is a common misconfiguration that basically nullifies the purpose of having an SPF record.DKIM Checks: The key algorithm (
k=
) should be RSA. If it's not, that's a potential problem as RSA is the recommended signing algorithm.DMARC Checks: A common misconfiguration is having the policy (
p=
) set to'none'
, which means that the DMARC policy will not take any action against emails that fail the DMARC checks.This should give you a starting point to build a more comprehensive tool.
Beta Was this translation helpful? Give feedback.
All reactions