From 2669babb53d4f7a431373f9df21783ebffe2344c Mon Sep 17 00:00:00 2001
From: missytake <missytake@systemli.org>
Date: Wed, 13 Dec 2023 04:03:26 +0100
Subject: [PATCH] DNS: added checks for PTR records

---
 cmdeploy/src/cmdeploy/cmdeploy.py | 10 ++++++++++
 cmdeploy/src/cmdeploy/dns.py      |  7 +++++++
 2 files changed, 17 insertions(+)

diff --git a/cmdeploy/src/cmdeploy/cmdeploy.py b/cmdeploy/src/cmdeploy/cmdeploy.py
index b6d96ee4..9aafc610 100644
--- a/cmdeploy/src/cmdeploy/cmdeploy.py
+++ b/cmdeploy/src/cmdeploy/cmdeploy.py
@@ -106,6 +106,7 @@ def dns_cmd(args, out):
     template = importlib.resources.files(__package__).joinpath("chatmail.zone.f")
     ssh = f"ssh root@{args.config.mail_domain}"
     get_ipv6 = "ip a | grep inet6 | grep 'scope global' | sed -e 's#/64 scope global##' | sed -e 's#inet6##'"
+    get_ipv4 = "ip a | grep 'inet ' | grep 'scope global' | grep -oE '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}' | head -1"
     dns = DNS()
 
     def read_dkim_entries(entry):
@@ -121,6 +122,15 @@ def dns_cmd(args, out):
     acme_account_url = out.shell_output(f"{ssh} -- acmetool account-url")
     dkim_entry = read_dkim_entries(out.shell_output(f"{ssh} -- opendkim-genzone -F"))
     ipv6 = out.shell_output(f"{ssh} -- {get_ipv6}").strip()
+    ipv4 = out.shell_output(f"{ssh} -- {get_ipv4}").strip()
+
+    print()
+    if not dns.check_ptr_record(ipv4, args.config.mail_domain):
+        print(f"You should add a PTR/reverse DNS entry for {ipv4}, with the value: {args.config.mail_domain}.")
+        print("You can do so at your hosting provider (maybe this isn't your DNS provider).\n")
+    if not dns.check_ptr_record(ipv6, args.config.mail_domain):
+        print(f"You should add a PTR/reverse DNS entry for {ipv6}, with the value: {args.config.mail_domain}.")
+        print("You can do so at your hosting provider (maybe this isn't your DNS provider).\n")
 
     to_print = []
     with open(template, "r") as f:
diff --git a/cmdeploy/src/cmdeploy/dns.py b/cmdeploy/src/cmdeploy/dns.py
index 617c16d6..e01ded67 100644
--- a/cmdeploy/src/cmdeploy/dns.py
+++ b/cmdeploy/src/cmdeploy/dns.py
@@ -1,4 +1,5 @@
 import requests
+from ipaddress import ip_address
 
 url = "https://dns.nextdns.io/dns-query"
 dns_types = {
@@ -9,6 +10,7 @@ dns_types = {
     "SRV": 33,
     "CAA": 257,
     "TXT": 16,
+    "PTR": 12,
 }
 
 
@@ -59,3 +61,8 @@ class DNS:
                 if not result:
                     result = self.get("AAAA", domain)
         return result
+
+    def check_ptr_record(self, ip: str, mail_domain) -> str:
+        """Check the PTR record for an IPv4 or IPv6 address."""
+        result = self.get("PTR", ip_address(ip).reverse_pointer)
+        return result[:-1] == mail_domain