Fixing unrelated record handling (#63)

CERT-Polska · May 10, 2024 · cf7088d · cf7088d
1 parent b411551
commit cf7088d
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 19 deletions.
diff --git a/app/src/worker.py b/app/src/worker.py
@@ -51,6 +51,7 @@ def scan_domain_job(
         session.commit()
 
         result = None
+        LOGGER.exception("Error during configuration validation")
         error = translate("An unknown error has occured during configuration validation.", Language(Config.UI.LANGUAGE))
 
     save_check_results(

diff --git a/docs/conf.py b/docs/conf.py
@@ -32,7 +32,7 @@
 author = "CERT Polska"
 
 # The full version, including alpha/beta/rc tags
-release = "1.2.1"
+release = "1.3"
 
 latex_engine = "xelatex"
 

diff --git a/scan/libmailgoose/scan.py b/scan/libmailgoose/scan.py
@@ -338,20 +338,20 @@ def scan_domain(
 
         try:
             dmarc_query = checkdmarc.dmarc.query_dmarc_record(from_domain, nameservers=nameservers, timeout=timeout)
-        except checkdmarc.dmarc.DMARCRecordNotFound as e:
-            if isinstance(e.args[0], checkdmarc.dmarc.UnrelatedTXTRecordFoundAtDMARC):
-                dmarc_warnings.append(
-                    "Unrelated TXT record found in the '_dmarc' subdomain. We recommend removing it, as such unrelated "
-                    "records may cause problems with some DMARC implementations.",
-                )
-                dmarc_query = checkdmarc.dmarc.query_dmarc_record(
-                    domain,
-                    nameservers=nameservers,
-                    timeout=timeout,
-                    ignore_unrelated_records=True,
-                )
-            else:
-                raise e
+        except checkdmarc.dmarc.UnrelatedTXTRecordFoundAtDMARC:
+            dmarc_warnings.append(
+                "Unrelated TXT record found in the '_dmarc' subdomain. We recommend removing it, as such unrelated "
+                "records may cause problems with some DMARC implementations.",
+            )
+            dmarc_query = checkdmarc.dmarc.query_dmarc_record(
+                domain,
+                nameservers=nameservers,
+                timeout=timeout,
+                ignore_unrelated_records=True,
+            )
+
+        except Exception as e:
+            raise e
         domain_result.dmarc.record = dmarc_query["record"]
         if not domain_result.dmarc.record:
             raise checkdmarc.dmarc.DMARCRecordNotFound(None)

diff --git a/scan/requirements.txt b/scan/requirements.txt
@@ -1,6 +1,5 @@
-# This commit hash refers to 5.3.1 release - but the PyPI release is incorrect
-checkdmarc @ git+https://github.com/domainaware/checkdmarc@120ef5a9709fe49c8c452d0b44383b7f7712f066
-checkdmarc==5.3.1
+# Until a fix gets merged, let's refer to CERT PL fork
+checkdmarc@git+https://github.com/CERT-Polska/checkdmarc@correct-exception-unrelated
 dkimpy==1.1.6
 python-multipart==0.0.9
 validators==0.28.1
diff --git a/scan/setup.py b/scan/setup.py
@@ -9,7 +9,7 @@
 
 setup(
     name="libmailgoose",
-    version="1.2.1",
+    version="1.3",
     description="libmailgoose - check the settings needed to protect against e-mail spoofing",
     author="CERT Polska",
     author_email="[email protected]",