From 6b90d568cfe1be8dbf8e4cc04d4fba335550b1fa Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Sat, 29 May 2021 09:28:05 +0200
Subject: [PATCH] bundles/postfix: use `dig` in check_spam_blocklist instead of
 a python library

The library isn't available as a debian package, so we would have to
manually install that every time the python package updates its minor
version number.
---
 bundles/postfix/files/check_spam_blocklist | 22 ++++++++++++----------
 bundles/postfix/items.py                   |  4 ----
 bundles/postfix/metadata.py                |  2 --
 3 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/bundles/postfix/files/check_spam_blocklist b/bundles/postfix/files/check_spam_blocklist
index e8a462c..eb683e4 100644
--- a/bundles/postfix/files/check_spam_blocklist
+++ b/bundles/postfix/files/check_spam_blocklist
@@ -2,10 +2,9 @@
 
 from concurrent.futures import ThreadPoolExecutor, as_completed
 from ipaddress import ip_address, IPv6Address
+from subprocess import check_output
 from sys import argv, exit
 
-from dns.exception import Timeout
-from dns.resolver import Resolver, NoAnswer, NXDOMAIN, NoNameservers
 
 
 BLOCKLISTS = [
@@ -33,10 +32,6 @@ BLOCKLISTS = [
 ]
 
 def check_list(ip_list, blocklist):
-    resolver = Resolver()
-    resolver.timeout = 5
-    resolver.lifetime = 5
-
     dns_name = '{}.{}'.format(
         '.'.join(ip_list),
         blocklist,
@@ -46,7 +41,13 @@ def check_list(ip_list, blocklist):
     msgs = []
 
     try:
-        result = resolver.query(dns_name)
+        result = check_output([
+            'dig',
+            '+tries=2',
+            '+time=5',
+            '+short',
+            dns_name
+        ]).decode().splitlines()
         for item in result:
             msgs.append('{} listed in {} as {}'.format(
                 ip,
@@ -54,10 +55,11 @@ def check_list(ip_list, blocklist):
                 item,
             ))
             returncode = 2
-    except (NoAnswer, NXDOMAIN, NoNameservers, Timeout):
-        # Probably fine
-        pass
     except Exception as e:
+        if e.returncode == 9:
+            # no reply from server
+            pass
+
         return [repr(e)], 3
 
     return msgs, returncode
diff --git a/bundles/postfix/items.py b/bundles/postfix/items.py
index 38bedd0..1ca260b 100644
--- a/bundles/postfix/items.py
+++ b/bundles/postfix/items.py
@@ -23,10 +23,6 @@ for identifier in node.metadata.get('postfix/mynetworks', set()):
 
 my_package = 'pkg_pacman:postfix' if node.has_bundle('pacman') else 'pkg_apt:postfix'
 
-pkg_pip = {
-    'dnsq': {},
-}
-
 files = {
     '/etc/mailname': {
         'content': node.metadata.get('postfix/myhostname', node.metadata['hostname']),
diff --git a/bundles/postfix/metadata.py b/bundles/postfix/metadata.py
index b8294d5..7d2b821 100644
--- a/bundles/postfix/metadata.py
+++ b/bundles/postfix/metadata.py
@@ -141,8 +141,6 @@ def icinga2(metadata):
                 services[f'SPAM BLOCKLIST {ip}'] = {
                     'command_on_monitored_host': f'/usr/local/share/icinga/plugins/check_spam_blocklist {ip}',
                     'vars.sshmon_timeout': 15,
-                    'check_interval': '15m',
-                    'retry_interval': '5m',
                 }
 
     return {