bundles/postfix: use dig in check_spam_blocklist instead of a python library

The library isn't available as a debian package, so we would have to manually install that every time the python package updates its minor version number.
2021-05-29 09:28:05 +02:00 · 2021-05-29 09:28:05 +02:00 · 6b90d568cf
parent d756e3daf8
commit 6b90d568cf
3 changed files with 12 additions and 16 deletions
--- a/bundles/postfix/files/check_spam_blocklist
+++ b/bundles/postfix/files/check_spam_blocklist
@ -2,10 +2,9 @@

 from concurrent.futures import ThreadPoolExecutor, as_completed
 from ipaddress import ip_address, IPv6Address
+from subprocess import check_output
 from sys import argv, exit

-from dns.exception import Timeout
-from dns.resolver import Resolver, NoAnswer, NXDOMAIN, NoNameservers


 BLOCKLISTS = [
@ -33,10 +32,6 @@ BLOCKLISTS = [
 ]

 def check_list(ip_list, blocklist):
-    resolver = Resolver()
-    resolver.timeout = 5
-    resolver.lifetime = 5
-
    dns_name = '{}.{}'.format(
        '.'.join(ip_list),
        blocklist,
@ -46,7 +41,13 @@ def check_list(ip_list, blocklist):
    msgs = []

    try:
-        result = resolver.query(dns_name)
+        result = check_output([
+            'dig',
+            '+tries=2',
+            '+time=5',
+            '+short',
+            dns_name
+        ]).decode().splitlines()
        for item in result:
            msgs.append('{} listed in {} as {}'.format(
                ip,
@ -54,10 +55,11 @@ def check_list(ip_list, blocklist):
                item,
            ))
            returncode = 2
-    except (NoAnswer, NXDOMAIN, NoNameservers, Timeout):
-        # Probably fine
-        pass
    except Exception as e:
+        if e.returncode == 9:
+            # no reply from server
+            pass
+
        return [repr(e)], 3

    return msgs, returncode
--- a/bundles/postfix/items.py
+++ b/bundles/postfix/items.py
@ -23,10 +23,6 @@ for identifier in node.metadata.get('postfix/mynetworks', set()):

 my_package = 'pkg_pacman:postfix' if node.has_bundle('pacman') else 'pkg_apt:postfix'

-pkg_pip = {
-    'dnsq': {},
-}
-
 files = {
    '/etc/mailname': {
        'content': node.metadata.get('postfix/myhostname', node.metadata['hostname']),
--- a/bundles/postfix/metadata.py
+++ b/bundles/postfix/metadata.py
@ -141,8 +141,6 @@ def icinga2(metadata):
                services[f'SPAM BLOCKLIST {ip}'] = {
                    'command_on_monitored_host': f'/usr/local/share/icinga/plugins/check_spam_blocklist {ip}',
                    'vars.sshmon_timeout': 15,
-                    'check_interval': '15m',
-                    'retry_interval': '5m',
                }

    return {