Last active
July 11, 2021 05:08
-
-
Save andr1an/8a312c2b3c4b94ec2c683a6cc67d8a9a to your computer and use it in GitHub Desktop.
Checks SPF records for recursion level
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Checks SPF records for recursion level | |
# (see https://tools.ietf.org/html/rfc7208#section-4.6.4) | |
# | |
check_domain="${1:?Specify a domain to check!}" | |
check_record() { | |
local domain="$1" | |
((i++)) | |
echo | |
echo "== DNS loookup: $i :: $domain ==" | |
records=$(dig "$domain" -t TXT \ | |
| grep -i 'v=spf1' \ | |
| grep -oE '(exists|include|redirect|ip[46])[:=][-_.%\{\}A-Za-z0-9]+') | |
if [[ -z "$records" ]]; then | |
echo "No SPF records found:" | |
dig "$domain" -t TXT | grep -v '^;' | |
return 1 | |
fi | |
echo "Got records:" | |
echo "$records" | |
local includes=$(grep -E 'include|redirect' <<<"$records") | |
if [[ -z "$includes" ]]; then | |
echo "No includes!" | |
return 0 | |
fi | |
echo "Got includes:" | |
echo "$includes" | |
local includes_to_check=$(echo "$includes" | cut -d: -f2 | cut -d= -f2) | |
for include_domain in $includes_to_check; do | |
check_record "${include_domain##*:}" | |
done | |
# For safety | |
(( i > 50 )) && exit 1 | |
} | |
echo "==== Checking SPF recursion level for $check_domain ====" | |
i=0 | |
check_record "$check_domain" | |
echo | |
if (( i > 10 )); then | |
echo -e "==== \e[1;31mWARNING! Too many lookups: $i\e[0m ====" | |
else | |
echo -e "==== \e[1;32mOK: $i lookups\e[0m ====" | |
fi | |
# vim:ts=2:sw=2:et:sta:si |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment