#!/usr/local/cpanel/3rdparty/bin/perl # cpanel - scripts/enable_spf_dkim_globally Copyright 2022 cPanel, L.L.C. # All rights reserved. # copyright@cpanel.net http://cpanel.net # This code is subject to the cPanel license. Unauthorized copying is prohibited # package scripts::enable_spf_dkim_globally; use strict; use warnings; use Cpanel::SPF (); use Cpanel::DKIM::Transaction (); use Cpanel::Logger (); use Cpanel::Config::Users (); use Cpanel::Config::CpUserGuard (); use Cpanel::Config::LoadCpUserFile (); use Cpanel::DnsUtils::AskDnsAdmin (); use Cpanel::DnsUtils::Fetch (); use Cpanel::PwCache::Build (); use Cpanel::ZoneFile (); use Cpanel::Config::LoadUserDomains (); use Cpanel::ServerTasks (); use Getopt::Long (); my $DOMAINS_TO_RELOAD_EACH_CALL = 2048; my $DKIM_RECORD_NAME_PREFIX = 'default._domainkey.'; my $DKIM_RECORD_NAME_PREFIX_LENGTH = length $DKIM_RECORD_NAME_PREFIX; our $logger; our @USERS = (); sub new { my $pkg = shift; return bless { domains_by_user => scalar Cpanel::Config::LoadUserDomains::loaduserdomains( undef, 0, 1 ), reload_zones => [], }, $pkg; } sub as_script { my $self = shift; $logger //= Cpanel::Logger->new(); my $execute; Getopt::Long::GetOptions( "user=s" => \@USERS, "x" => \$execute, ); if ( not $execute ) { my $msg = qq{To execute, use the -x flag.}; $logger->die($msg); } $self->run(); return 1; } sub run { my $self = shift; my $options_href = shift; # { users => [qw/user1 user2/] } $logger //= Cpanel::Logger->new(); my @users = ( exists $options_href->{user} and @{ $options_href->{user} } ) ? # @{ $options_href->{user} } : # scalar @USERS ? # @USERS : # Cpanel::Config::Users::getcpusers(); # Cpanel::PwCache::Build::init_passwdless_pwcache() if scalar @users > 5; my $domains_by_user = $self->{domains_by_user}; USERS: foreach my $user (@users) { unless ( exists $domains_by_user->{$user} ) { $logger->warn(qq{Invalid user "$user", skipping.}); next USERS; } my $users_domains_ref = $domains_by_user->{$user}; $self->_enable_spf_dkim_cpusers_file($user); my $zone_ref = Cpanel::DnsUtils::Fetch::fetch_zones( 'zones' => $users_domains_ref ); $self->_setup_spf_for_all_users_domains( $user, $zone_ref ); $zone_ref = Cpanel::DnsUtils::Fetch::fetch_zones( 'zones' => $users_domains_ref ); # Need to fetch again in case setup_spf has modified them $self->_setup_dkim_for_users_domains_without_it( $user, $zone_ref ); push @{ $self->{'reload_zones'} }, grep { exists $zone_ref->{$_} } @$users_domains_ref; } $self->_reload_zones(); Cpanel::ServerTasks::queue_task( ['DKIMTasks'], 'refresh_entire_dkim_validity_cache' ); return 1; } sub _setup_spf_for_all_users_domains { my ( $self, $user, $zone_ref ) = @_; my $users_domains_ref = $self->{domains_by_user}->{$user}; # set up SPF on all domains owned by $users my ( $status, $msg ) = Cpanel::SPF::setup_spf( 'user' => $user, 'preserve' => 1, 'skipreload' => 1, 'zone_ref' => $zone_ref ); $logger->warn(qq{Failed to set up SPF for $user: $msg}) unless $status; return $status; } sub _setup_dkim_for_users_domains_without_it { my ( $self, $user, $zone_ref ) = @_; my $users_domains_ref = $self->{domains_by_user}->{$user}; my $seen_dkim_for_domain_hr = _find_domains_that_have_dkim_installed($zone_ref); foreach my $domain (@$users_domains_ref) { if ( $seen_dkim_for_domain_hr->{$domain} ) { $logger->info(qq{"default._domainkey" DKIM TXT record detected for $domain, skipping.}); } } my @domains_to_setup_dkim_on = grep { !$seen_dkim_for_domain_hr->{$_} } @$users_domains_ref; if (@domains_to_setup_dkim_on) { my $dkim = Cpanel::DKIM::Transaction->new(); my @w; my $result = do { local $SIG{'__WARN__'} = sub { push @w, @_ }; $dkim->set_up_user_domains( $user, \@domains_to_setup_dkim_on, $zone_ref, ); }; $dkim->commit(); if ( !$result || !$result->was_any_success() ) { $logger->warn(qq{Failed to set up DKIM for $user: @w}); } return $result->was_any_success(); } return; } sub _enable_spf_dkim_cpusers_file { my ( $self, $user ) = @_; my $cpuser_data = Cpanel::Config::LoadCpUserFile::loadcpuserfile($user); if ( !$cpuser_data->{'HASSPF'} || !$cpuser_data->{'HASDKIM'} ) { # check each domain to make sure that we don't overwrite SPF my $lock = Cpanel::Config::CpUserGuard->new($user); $lock->{data}{HASSPF} = 1; $lock->{data}{HASDKIM} = 1; $lock->save; } return 1; } sub _reload_zones { my ($self) = @_; while ( @{ $self->{'reload_zones'} } ) { Cpanel::DnsUtils::AskDnsAdmin::askdnsadmin( 'RELOADZONES', 0, join( ',', splice( @{ $self->{'reload_zones'} }, 0, $DOMAINS_TO_RELOAD_EACH_CALL ) ) ); } return 1; } sub _find_domains_that_have_dkim_installed { my ($zone_ref) = @_; my %seen_dkim_for_domain; foreach my $zone ( keys %$zone_ref ) { my $dkim_records_ar = _get_dkim_records_from_zone_ref( $zone, $zone_ref->{$zone} ); foreach my $record (@$dkim_records_ar) { my $record_name_without_prefix = substr( $record->{'name'}, $DKIM_RECORD_NAME_PREFIX_LENGTH ); my $domain = _convert_zone_name_to_domain( $record_name_without_prefix, $zone ); $seen_dkim_for_domain{$domain} = 1; } } return \%seen_dkim_for_domain; } sub _get_dkim_records_from_zone_ref { my ( $zone, $zone_contents_ar ) = @_; my $zone_obj = Cpanel::ZoneFile->new( 'domain' => $zone, 'text' => $zone_contents_ar ); return [ grep { index( $_->{'name'}, $DKIM_RECORD_NAME_PREFIX ) == 0 } $zone_obj->find_records( { 'type' => 'TXT' } ) ]; } sub _convert_zone_name_to_domain { my ( $zone_name_record, $zone ) = @_; # If the name does not end with a . we must append .$zone if ( substr( $zone_name_record, -1 ) eq '.' ) { return substr( $zone_name_record, 0, -1 ); # strip tailing . } return $zone_name_record . '.' . $zone; } if ( not caller() ) { my $enable = scripts::enable_spf_dkim_globally->new(); $enable->as_script; exit 0; } 1; __END__ =head1 NAME /scripts/enable_spf_dkim_globally =head1 USAGE AS A SCRIPT /scripts/enable_spf_dkim_globally -x [--user=] [--user=] ... [--user=] =head2 AS A LIBRARY This script is internally written as a modulino, which means it can be C'd: use strict; require q{/scripts/enable_spf_dkim_globally}; my $enable = scripts::enable_spf_dkim_globally->new(); $enable->run(); # globally enable, iterate over domains from all users $enable->run( { user => [qw/username1 username2/] }); # globally enable, iterate over domains from list of specified users =head1 DESCRIPTION This script enables C and C system-wide, and it adds respective C entries for all domains if none exist. If a C record is detected for a domain, it remains untouched. If a C record exists, it is updated. The scope of the domains that are affected with new C/C or updated C records may be limited by using the C<--user> flag to specify one or more users from whom the list of domains to affect is generated. =head1 REQUIRED COMMAND LINE ARGUMENTS =over 4 =item -x Use this option to actually run the script, otherwise it will warn and return without doing anything. =back =head1 COMMAND LINE OPTIONS =over 4 =item --user C Specify a user or list of users for whom all domains are enabled rather than all user accounts on the system. Specify more than one user by using one C<--user> per username. For example, /scripts/enable_spf_dkim_globally -x --user="username1" --user="username2" If no users are specified, all domains for all user accounts on the system are enabled. =back =head1 DIAGNOSTICS None =head1 EXIT STATUS Exit status is 0 (success) unless an unexpected error occurs. =head1 DEPENDENCIES None =head1 INCOMPATIBILITIES None =head1 BUGS AND LIMITATIONS None =head1 LICENSE AND COPYRIGHT Copyright 2022 cPanel, L.L.C.