Add MX record check on noreply domain

catalyst · Jan 14, 2024 · 2b11fb5 · 2b11fb5
1 parent 22c0410
commit 2b11fb5
Show file tree

Hide file tree

Showing 4 changed files with 111 additions and 0 deletions.
diff --git a/classes/check/dnsmx.php b/classes/check/dnsmx.php
@@ -0,0 +1,91 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+/**
+ * DNS Email MX record check.
+ *
+ * @package    tool_emailutils
+ * @author     Brendan Heywood <[email protected]>
+ * @copyright  Catalyst IT 2024
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ *
+ */
+
+namespace tool_emailutils\check;
+use core\check\check;
+use core\check\result;
+use tool_emailutils\dns_util;
+
+/**
+ * DNS Email MX record check.
+ *
+ * @package    tool_emailutils
+ * @author     Brendan Heywood <[email protected]>
+ * @copyright  Catalyst IT 2024
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class dnsmx extends check {
+
+    /**
+     * A link to a place to action this
+     *
+     * @return \action_link|null
+     */
+    public function get_action_link(): ?\action_link {
+        return new \action_link(
+            new \moodle_url('/admin/tool/emailutils/dkim.php'),
+            get_string('dkimmanager', 'tool_emailutils'));
+    }
+
+    /**
+     * Get Result.
+     *
+     * @return result
+     */
+    public function get_result() : result {
+        global $DB, $CFG;
+
+        $url = new \moodle_url($CFG->wwwroot);
+        $domain = $url->get_host();
+
+        $details = '';
+        $status = result::INFO;
+        $summary = '';
+
+        $dns = new dns_util();
+
+        $noreply = $dns->get_noreply();
+        $details .= "<p>No reply email: <code>$noreply</code></p>";
+
+        $noreplydomain = $dns->get_noreply_domain();
+        $details .= "<p>Looking for MX in domain: <code>$noreplydomain</code></p>";
+
+        $mxdomains = $dns->get_mx_record($noreplydomain);
+
+        if (empty($mxdomains)) {
+            $details .= "<p>MX record is missing</p>";
+            $status = result::ERROR;
+            $summary = "MX DNS record missing";
+        } else {
+            $allmxdomains = join('<br>', array_map(fn($x) => $x['target'] . ' (' . $x['pri'] . ')', $mxdomains));
+            $details .= "<p>MX record found on domain <code>$noreplydomain</code> pointing to<br><code>$allmxdomains</code></p>";
+            $status = result::OK;
+            $summary = "MX record points to " . $mxdomains[0]['target'];
+        }
+
+        return new result($status, $summary, $details);
+    }
+
+}
diff --git a/classes/dns_util.php b/classes/dns_util.php
@@ -162,5 +162,23 @@ public function get_dmarc_dns_record() {
         return ['', ''];
     }
 
+    /**
+     * Get MX record contents
+     * @return string txt record
+     */
+    public function get_mx_record($domain) {
+
+        $records = @dns_get_record($domain, DNS_MX);
+        if (empty($records)) {
+            return;
+        }
+        usort($records, function($a, $b) {
+            if ($a['pri'] == $b['pri']) {
+                return $a['target'] <=> $b['target'];
+            }
+            return $a['pri'] <=> $b['pri'];
+        });
+        return $records;
+    }
 }
 
diff --git a/lang/en/tool_emailutils.php b/lang/en/tool_emailutils.php
@@ -45,6 +45,7 @@
 <li>Also confirm the DKIM headers validate using a 3rd party tool, such as those provided by Gmail and most email clients
 </ol>
 ';
+$string['checkdnsmx'] = 'DNS Email MX check';
 $string['dnssettings'] = 'SPF / DKIM / DMARC DNS settings';
 $string['dnsspfinclude'] = 'SPF include';
 $string['dnsspfinclude_help'] = '<p>This is an SPF include domain which is expected to be present in the record. For example if this was set to <code>spf.acme.org</code> then the SPF security check would pass if the SPF record was <code>v=spf1 include:spf.acme.org -all</code>.</p>

diff --git a/lib.php b/lib.php
@@ -45,6 +45,7 @@ function tool_emailutils_security_checks() {
         new \tool_emailutils\check\dnsspf(),
         new \tool_emailutils\check\dnsdkim(),
         new \tool_emailutils\check\dnsdmarc(),
+        new \tool_emailutils\check\dnsmx(),
     ];
 }