Nautilus/DMARC-Sentinel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DKIM should never be inferred from reports

Browse Source
This commit is contained in:
Beda Schmid
2026-05-20 14:12:57 -03:00
parent c91c3f1023
commit c68ccc8065
4 changed files with 9 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test_dns_policy.py
+4 -7
View File
@@ -20,21 +20,21 @@ def test_parse_spf_record_extracts_includes_and_all_mechanism():
assert parsed.all_mechanism == "-all"
def test_collect_domain_dns_policy_uses_observed_dkim_selectors():
def test_collect_domain_dns_policy_queries_only_domain_dns_records():
txt_records = {
"_dmarc.example.com": ["v=DMARC1; p=reject; pct=100"],
"example.com": ["v=spf1 include:_spf.example.net -all"],
"s1._domainkey.mail.example.net": ["v=DKIM1; k=rsa; p=abc"],
}
queried = []
def txt_lookup(name: str) -> list[str]:
queried.append(name)
if name not in txt_records:
raise RuntimeError("not found")
return txt_records[name]
policy = collect_domain_dns_policy(
"example.com",
selectors=[("s1", "mail.example.net")],
txt_lookup=txt_lookup,
mx_lookup=lambda name: ["10 mail.example.com"],
)
@@ -42,8 +42,5 @@ def test_collect_domain_dns_policy_uses_observed_dkim_selectors():
assert policy.dmarc.p == "reject"
assert policy.spf.all_mechanism == "-all"
assert policy.mx_records == ["10 mail.example.com"]
assert policy.dkim[0].selector == "s1"
assert policy.dkim[0].domain == "mail.example.net"
assert policy.dkim[0].query_name == "s1._domainkey.mail.example.net"
assert policy.dkim[0].record == "v=DKIM1; k=rsa; p=abc"
assert queried == ["_dmarc.example.com", "example.com"]
assert policy.errors == []