DMARC: some explanations, better display.

This commit is contained in:
Philippe PITTOLI 2024-04-13 15:31:28 +02:00
parent e3bbe9ad33
commit 338b3c0811
3 changed files with 78 additions and 9 deletions

View File

@ -540,25 +540,33 @@ render state
state._currentRR.name state._currentRR.name
display_domain_side display_domain_side
, Bulma.box_input "ttlDMARC" "TTL" "600" (updateForm Field_TTL) (show state._currentRR.ttl) , Bulma.box_input "ttlDMARC" "TTL" "600" (updateForm Field_TTL) (show state._currentRR.ttl)
, Bulma.hr , Bulma.hr
, Bulma.div_content [Bulma.explanation Explanations.dmarc_policy]
, Bulma.selection_field "idDMARCPolicy" "Policy" DMARC_policy (map show DMARC.policies) (show state.dmarc.p) , Bulma.selection_field "idDMARCPolicy" "Policy" DMARC_policy (map show DMARC.policies) (show state.dmarc.p)
, Bulma.div_content [Bulma.explanation Explanations.dmarc_sp_policy]
, Bulma.selection_field "idDMARCPolicy_sp" "Policy for subdomains" DMARC_sp_policy , Bulma.selection_field "idDMARCPolicy_sp" "Policy for subdomains" DMARC_sp_policy
(["do not provide policy advice"] <> map show DMARC.policies) (maybe "-" show state.dmarc.sp) (["do not provide policy advice"] <> map show DMARC.policies) (maybe "-" show state.dmarc.sp)
, Bulma.hr , Bulma.hr
, Bulma.div_content [Bulma.explanation Explanations.dmarc_adkim]
, Bulma.selection_field "idDMARCadkim" "Consistency Policy for DKIM" DMARC_adkim DMARC.consistency_policies_txt_dkim (maybe "-" show state.dmarc.adkim) , Bulma.selection_field "idDMARCadkim" "Consistency Policy for DKIM" DMARC_adkim DMARC.consistency_policies_txt_dkim (maybe "-" show state.dmarc.adkim)
, Bulma.div_content [Bulma.explanation Explanations.dmarc_aspf]
, Bulma.selection_field "idDMARCaspf" "Consistency Policy for SPF" DMARC_aspf DMARC.consistency_policies_txt_spf (maybe "-" show state.dmarc.aspf) , Bulma.selection_field "idDMARCaspf" "Consistency Policy for SPF" DMARC_aspf DMARC.consistency_policies_txt_spf (maybe "-" show state.dmarc.aspf)
, Bulma.hr , Bulma.hr
, Bulma.box_input "idDMARCpct" "% of dropped emails" "100" DMARC_pct (maybe "100" show state.dmarc.pct) , Bulma.box_input "idDMARCpct" "% of dropped emails" "100" DMARC_pct (maybe "100" show state.dmarc.pct)
, Bulma.hr , Bulma.hr
, Bulma.selection_field "idDMARCfo" "When to send a report" DMARC_fo DMARC.report_occasions_txt (maybe "-" show state.dmarc.fo) , Bulma.selection_field "idDMARCfo" "When to send a report" DMARC_fo DMARC.report_occasions_txt (maybe "-" show state.dmarc.fo)
, Bulma.hr , Bulma.hr
, maybe (Bulma.p "no rua") (display_dmarc_mail_addresses DMARC_remove_rua) current_ruas , maybe (Bulma.p "There is no address to send aggragated reports to.") (display_dmarc_mail_addresses DMARC_remove_rua) current_ruas
, maybe (Bulma.p "no ruf") (display_dmarc_mail_addresses DMARC_remove_ruf) current_rufs , maybe (Bulma.p "There is no address to send detailed reports to.") (display_dmarc_mail_addresses DMARC_remove_ruf) current_rufs
, Bulma.box_input "idDMARCmail" "Address to contact" "" DMARC_mail state.dmarc_mail , Bulma.box_input "idDMARCmail" "Address to contact" "admin@example.com" DMARC_mail state.dmarc_mail
, Bulma.box_input "idDMARCmaillimit" "Report size limit (in KB)" "" DMARC_mail_limit (maybe "0" show state.dmarc_mail_limit) , Bulma.box_input "idDMARCmaillimit" "Report size limit (in KB)" "2000" DMARC_mail_limit (maybe "0" show state.dmarc_mail_limit)
, Bulma.level [ Bulma.btn "New address for aggregated report" DMARC_rua_Add , Bulma.level [ Bulma.btn "New address for aggregated report" DMARC_rua_Add
, Bulma.btn "New address for specific report" DMARC_ruf_Add , Bulma.btn "New address for specific report" DMARC_ruf_Add
] ] []
] ]
current_ruas = case state._currentRR.dmarc of current_ruas = case state._currentRR.dmarc of

View File

@ -1,5 +1,6 @@
module App.Text.Explanations where module App.Text.Explanations where
import Halogen.HTML as HH import Halogen.HTML as HH
import Halogen.HTML.Properties as HP
import Bulma as Bulma import Bulma as Bulma
expl' :: forall w i. String -> HH.HTML w i expl' :: forall w i. String -> HH.HTML w i
@ -166,6 +167,66 @@ dmarc_introduction =
""" """
] ]
dmarc_policy :: forall w i. Array (HH.HTML w i)
dmarc_policy =
[ Bulma.p """
DMARC record allows to tell receivers what to do with a non-conforming message;
a message that wasn't properly secured with SPF and DKIM.
"""
, Bulma.p """
This message can either be accepted ("None") or rejected, or even quarantined, meaning to be considered as suspicious.
This can take different forms, such as being flagged, marked as spam or have a high "spam score", it's up to the receiver.
"""
]
dmarc_sp_policy :: forall w i. Array (HH.HTML w i)
dmarc_sp_policy =
[ Bulma.p """
Same as the previous entry, but for sub-domains.
"""
]
dmarc_adkim :: forall w i. Array (HH.HTML w i)
dmarc_adkim =
[ Bulma.p """
Consistency policy for DKIM. Tell what should be considered acceptable.
"""
, Bulma.p """
This is about the relation between the email "From:" field and the domain field of the DKIM signature ("d:").
"""
, Bulma.p """
The policy can be either strict (both should be identical) or relaxed (both in the same Organizational Domain).
"""
]
dmarc_aspf :: forall w i. Array (HH.HTML w i)
dmarc_aspf =
[ Bulma.p """
Consistency policy for SPF. Tell what should be considered acceptable.
"""
, Bulma.p """
First, SPF should produce a passing result.
Then, the "From:" and the "MailFrom:" fields of the received email are checked.
"""
, Bulma.p """
In strict mode, both fields should be identical.
In relaxed mode, they can be different, but in the same Organizational Domain.
"""
, Bulma.p """
From RFC7489: For example, if a message passes an SPF check with an
RFC5321.MailFrom domain of "cbg.bounces.example.com", and the address
portion of the RFC5322.From field contains "payments@example.com",
the Authenticated RFC5321.MailFrom domain identifier and the
RFC5322.From domain are considered to be "in alignment" in relaxed
mode, but not in strict mode.
"""
, HH.p_
[ HH.text "See "
, HH.a [HP.href "https://publicsuffix.org/"] [ HH.text "publicsuffix.org" ]
, HH.text " for a list of organizational domains."
]
]
dkim_default_algorithms :: forall w i. Array (HH.HTML w i) dkim_default_algorithms :: forall w i. Array (HH.HTML w i)
dkim_default_algorithms = dkim_default_algorithms =

View File

@ -168,15 +168,15 @@ consistency_policies = [Strict, Relaxed]
consistency_policies_txt_spf :: Array String consistency_policies_txt_spf :: Array String
consistency_policies_txt_spf consistency_policies_txt_spf
= [ "Do not provide policy advice" = [ "Do not provide policy advice"
, "Strict: \"From:\" and SPF domain must be identical" , "Strict: identical domains"
, "Relaxed: \"From:\" and SPF domain must be in the same organizational domain" , "Relaxed: same organizational domain"
] ]
consistency_policies_txt_dkim :: Array String consistency_policies_txt_dkim :: Array String
consistency_policies_txt_dkim consistency_policies_txt_dkim
= [ "Do not provide policy advice" = [ "Do not provide policy advice"
, "Strict: \"From:\" and DKIM domain (\"d:\") must be identical" , "Strict: same domain"
, "Relaxed: \"From:\" and DKIM domain (\"d:\") must be in the same organizational domain" , "Relaxed: same organizational domain"
] ]