admin/crm_ecosplay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: enrichir le rapport DNS avec colonnes attendu/dig/cloudflare + envoi a monitor@siteconseil.fr

Browse Source 
src/Service/DnsCheckService.php:
- Methode check() enrichie avec 4 nouveaux champs: expected (valeur attendue),
  dig (valeur actuelle trouvee par dig), cloudflare (valeur dans la zone CF),
  cf_status (statut de la colonne CF: ok/error/vide)
- checkSpf(): expected = "include:X dans le SPF", dig = contenu SPF complet
- checkDmarc(): expected = "p=reject ou p=quarantine", dig = contenu DMARC
- checkDkim(): expected = "FQDN CNAME/TXT", dig = cible CNAME ou debut TXT
- checkMx(): expected = MX attendu, dig = liste des MX trouves avec priorite
- checkBounce(): expected = "feedback-smtp.*.amazonses.com", dig = valeur trouvee

src/Command/CheckDnsCommand.php:
- Nouveau champ MONITOR_EMAIL = 'monitor@siteconseil.fr' pour l'envoi du rapport
- loadCloudflareRecords(): charge les records CF une seule fois par domaine
  au debut de l'execution, retourne un array indexe par domaine
- enrichWithCloudflare(): apres chaque check DNS, parcourt les records CF
  pour trouver l'enregistrement correspondant et remplir les colonnes
  cloudflare et cf_status dans chaque check
- checkAwsSes(): utilise DnsCheckService::check() avec expected/dig
  (ex: expected="Success", dig="Absent" pour la verification domaine)
- checkMailcow(): utilise DnsCheckService::check() avec expected/dig
  (ex: expected="Cle Mailcow: abc...", dig="Cle DNS: xyz..." pour DKIM)
- sendReport(): envoie a MONITOR_EMAIL au lieu de l'admin email

templates/emails/dns_report.html.twig:
- Tableau par domaine avec 6 colonnes: Type, Check, Attendu, Dig (actuel),
  Cloudflare, Statut (OK/erreur/warning)
- Colonne Dig coloree en vert/rouge/jaune selon le statut du check
- Colonne Cloudflare coloree selon cf_status
- Colonnes avec word-break: break-all pour les longues valeurs DNS
- Bandeau resume en haut avec compteurs succes/erreurs/warnings
  avec bordures laterales colorees
- Pied de mail: "Rapport par Esy-Infra - Service de monitoring d'infra"

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Serreau Jovann
2026-04-02 21:35:46 +02:00
parent 484c48e331
commit c666e0db65
3 changed files with 258 additions and 231 deletions
Download Patch File Download Diff File Expand all files Collapse all files

295
src/Command/CheckDnsCommand.php
View File

@@ -27,6 +27,8 @@ class CheckDnsCommand extends Command
'esy-web.dev' => 'mail.esy-web.dev',
];
private const MONITOR_EMAIL = 'monitor@siteconseil.fr';
public function __construct(
private DnsCheckService $dnsCheck,
private AwsSesService $awsSes,
@@ -48,25 +50,33 @@ class CheckDnsCommand extends Command
$successes = [];
$domainResults = [];
// Charger les records Cloudflare une seule fois par domaine
$cfRecordsByDomain = $this->loadCloudflareRecords($io);
foreach (self::DOMAINS as $domain) {
$io->section('Domaine : '.$domain);
$checks = [];
$cfRecords = $cfRecordsByDomain[$domain] ?? [];
// DNS dig
// DNS dig + enrichissement Cloudflare
$this->dnsCheck->checkSpf($domain, $checks, $errors, $warnings, $successes);
$this->enrichWithCloudflare($checks, $domain, 'SPF', 'TXT', $cfRecords);
$this->dnsCheck->checkDmarc($domain, $checks, $errors, $successes);
$this->enrichWithCloudflare($checks, '_dmarc.'.$domain, 'DMARC', 'TXT', $cfRecords);
$this->dnsCheck->checkDkim($domain, $checks, $errors, $warnings, $successes);
$this->dnsCheck->checkMx($domain, self::EXPECTED_MX[$domain] ?? '', $checks, $errors, $successes);
$this->enrichWithCloudflare($checks, $domain, 'MX', 'MX', $cfRecords);
$this->dnsCheck->checkBounce($domain, $checks, $errors, $warnings, $successes);
// AWS SES
$this->checkAwsSes($domain, $checks, $errors, $successes, $io);
// Cloudflare
$this->checkCloudflare($domain, $checks, $errors, $warnings, $successes, $io);
$this->checkAwsSes($domain, $checks, $errors, $successes);
// Mailcow
$this->checkMailcow($domain, $checks, $errors, $warnings, $successes, $io);
$this->checkMailcow($domain, $checks, $errors, $warnings, $successes);
// Affichage console
foreach ($checks as $check) {
@@ -75,227 +85,220 @@ class CheckDnsCommand extends Command
'error' => '<fg=red>ERREUR</>',
default => '<fg=yellow>ATTENTION</>',
};
$io->text(" [{$check['type']}] $icon {$check['label']}{$check['detail']}");
$io->text(" [{$check['type']}] $icon {$check['label']}");
}
$domainResults[] = ['domain' => $domain, 'checks' => $checks];
}
$io->newLine();
// Email de rapport
$this->sendReport($errors, $warnings, $successes, $domainResults);
if ([] !== $errors) {
$io->error(\count($errors).' erreur(s) detectee(s). Rapport envoye par email.');
$io->error(\count($errors).' erreur(s). Rapport envoye a '.self::MONITOR_EMAIL);
return Command::FAILURE;
}
if ([] !== $warnings) {
$io->warning(\count($warnings).' avertissement(s). Rapport envoye par email.');
$io->warning(\count($warnings).' avertissement(s). Rapport envoye a '.self::MONITOR_EMAIL);
return Command::SUCCESS;
}
$io->success('Tous les enregistrements DNS sont OK. Rapport envoye par email.');
$io->success('Tous les DNS sont OK. Rapport envoye a '.self::MONITOR_EMAIL);
return Command::SUCCESS;
}
/**
* @param list<array{type: string, label: string, status: string, detail: string}> $checks
* @return array<string, list<array<string, mixed>>>
*/
private function loadCloudflareRecords(SymfonyStyle $io): array
{
$result = [];
if (!$this->cloudflare->isAvailable()) {
$io->text(' Cloudflare API non disponible, colonnes CF vides.');
return $result;
}
foreach (self::DOMAINS as $domain) {
try {
$zoneId = $this->cloudflare->getZoneId($domain);
if (null !== $zoneId) {
$result[$domain] = $this->cloudflare->getDnsRecords($zoneId);
}
} catch (\Throwable) {
}
}
return $result;
}
/**
* @param list<array> $checks
* @param list<array<string, mixed>> $cfRecords
*/
private function enrichWithCloudflare(array &$checks, string $recordName, string $checkType, string $dnsType, array $cfRecords): void
{
$cfValue = null;
$cfStatus = '';
foreach ($cfRecords as $r) {
if (($r['name'] ?? '') === $recordName && ($r['type'] ?? '') === $dnsType) {
$cfValue = $r['content'] ?? '';
$cfStatus = 'ok';
break;
}
}
if (null === $cfValue) {
$cfValue = 'Non trouve';
$cfStatus = '' === $cfStatus ? '' : 'error';
}
// Enrichir les derniers checks du type correspondant
for ($i = \count($checks) - 1; $i >= 0; --$i) {
if ($checks[$i]['type'] === $checkType && '' === ($checks[$i]['cloudflare'] ?? '')) {
$checks[$i]['cloudflare'] = $cfValue;
$checks[$i]['cf_status'] = $cfStatus;
}
}
}
/**
* @param list<array> $checks
* @param list<string> $errors
* @param list<string> $successes
*/
private function checkAwsSes(string $domain, array &$checks, array &$errors, array &$successes, SymfonyStyle $io): void
private function checkAwsSes(string $domain, array &$checks, array &$errors, array &$successes): void
{
if (!$this->awsSes->isAvailable()) {
$checks[] = ['type' => 'AWS SES', 'label' => 'API', 'status' => 'warning', 'detail' => 'Cles non configurees'];
$checks[] = DnsCheckService::check('AWS SES', 'API', 'warning', 'Cles non configurees', 'Acces API SES', 'N/A');
return;
}
try {
$verif = $this->awsSes->isDomainVerified($domain);
$checks[] = DnsCheckService::check(
'AWS SES', 'Domaine', 'Success' === $verif ? 'ok' : 'error',
$verif ?? 'Non verifie', 'Success', $verif ?? 'Absent'
);
if ('Success' === $verif) {
$successes[] = "[$domain] AWS SES : domaine verifie";
$checks[] = ['type' => 'AWS SES', 'label' => 'Verification domaine', 'status' => 'ok', 'detail' => 'Verifie'];
} elseif ('Pending' === $verif) {
$errors[] = "[$domain] AWS SES : verification en attente";
$checks[] = ['type' => 'AWS SES', 'label' => 'Verification domaine', 'status' => 'warning', 'detail' => 'En attente'];
} else {
$errors[] = "[$domain] AWS SES : domaine non verifie";
$checks[] = ['type' => 'AWS SES', 'label' => 'Verification domaine', 'status' => 'error', 'detail' => 'Non verifie'];
$errors[] = "[$domain] AWS SES : domaine non verifie ($verif)";
}
$dkim = $this->awsSes->getDkimStatus($domain);
if ($dkim['enabled'] && $dkim['verified']) {
$successes[] = "[$domain] AWS SES DKIM : active et verifiee";
$checks[] = ['type' => 'AWS SES', 'label' => 'DKIM SES', 'status' => 'ok', 'detail' => 'Active, verifiee, '.(\count($dkim['tokens'])).' token(s)'];
$dkimOk = $dkim['enabled'] && $dkim['verified'];
$dkimDig = 'Enabled='.($dkim['enabled'] ? 'oui' : 'non').', Verified='.($dkim['verified'] ? 'oui' : 'non');
$checks[] = DnsCheckService::check('AWS SES', 'DKIM', $dkimOk ? 'ok' : 'error', $dkimDig, 'Enabled=oui, Verified=oui', $dkimDig);
if ($dkimOk) {
$successes[] = "[$domain] AWS SES DKIM : OK";
} else {
$errors[] = "[$domain] AWS SES DKIM : non active ou non verifiee";
$checks[] = ['type' => 'AWS SES', 'label' => 'DKIM SES', 'status' => 'error', 'detail' => 'Enabled='.($dkim['enabled'] ? 'oui' : 'non').', Verified='.($dkim['verified'] ? 'oui' : 'non')];
$errors[] = "[$domain] AWS SES DKIM : $dkimDig";
}
$notif = $this->awsSes->getNotificationStatus($domain);
$bounceInfo = $notif['forwarding'] ? 'Forwarding actif' : ($notif['bounce_topic'] ?? 'Non configure');
$checks[] = ['type' => 'AWS SES', 'label' => 'Bounce notifications', 'status' => $notif['forwarding'] || null !== $notif['bounce_topic'] ? 'ok' : 'warning', 'detail' => $bounceInfo];
$bounceOk = $notif['forwarding'] || null !== $notif['bounce_topic'];
$bounceDetail = $notif['forwarding'] ? 'Forwarding actif' : ($notif['bounce_topic'] ?? 'Non configure');
$checks[] = DnsCheckService::check('AWS SES', 'Bounce', $bounceOk ? 'ok' : 'warning', $bounceDetail, 'Forwarding ou SNS topic', $bounceDetail);
} catch (\Throwable $e) {
$errors[] = "[$domain] AWS SES : erreur API - ".$e->getMessage();
$checks[] = ['type' => 'AWS SES', 'label' => 'API', 'status' => 'error', 'detail' => $e->getMessage()];
$errors[] = "[$domain] AWS SES : ".$e->getMessage();
$checks[] = DnsCheckService::check('AWS SES', 'API', 'error', $e->getMessage());
}
}
/**
* @param list<array{type: string, label: string, status: string, detail: string}> $checks
* @param list<array> $checks
* @param list<string> $errors
* @param list<string> $warnings
* @param list<string> $successes
*/
private function checkCloudflare(string $domain, array &$checks, array &$errors, array &$warnings, array &$successes, SymfonyStyle $io): void
{
if (!$this->cloudflare->isAvailable()) {
$checks[] = ['type' => 'Cloudflare', 'label' => 'API', 'status' => 'warning', 'detail' => 'Cle non configuree'];
return;
}
try {
$zoneId = $this->cloudflare->getZoneId($domain);
if (null === $zoneId) {
$errors[] = "[$domain] Cloudflare : zone non trouvee";
$checks[] = ['type' => 'Cloudflare', 'label' => 'Zone', 'status' => 'error', 'detail' => 'Non trouvee'];
return;
}
$successes[] = "[$domain] Cloudflare : zone active ($zoneId)";
$checks[] = ['type' => 'Cloudflare', 'label' => 'Zone', 'status' => 'ok', 'detail' => "ID: $zoneId"];
$records = $this->cloudflare->getDnsRecords($zoneId);
$hasCfSpf = false;
$hasCfDmarc = false;
$hasCfMx = false;
foreach ($records as $r) {
$name = $r['name'] ?? '';
$type = $r['type'] ?? '';
$content = $r['content'] ?? '';
if ('TXT' === $type && $name === $domain && str_starts_with($content, 'v=spf1')) {
$hasCfSpf = true;
}
if ('TXT' === $type && '_dmarc.'.$domain === $name) {
$hasCfDmarc = true;
}
if ('MX' === $type && $name === $domain) {
$hasCfMx = true;
}
}
foreach (['SPF' => $hasCfSpf, 'DMARC' => $hasCfDmarc, 'MX' => $hasCfMx] as $label => $found) {
$checks[] = ['type' => 'Cloudflare', 'label' => "$label dans zone", 'status' => $found ? 'ok' : 'error', 'detail' => $found ? 'Present' : 'Absent'];
if ($found) {
$successes[] = "[$domain] Cloudflare : $label present dans la zone";
} else {
$errors[] = "[$domain] Cloudflare : $label absent de la zone";
}
}
} catch (\Throwable $e) {
$errors[] = "[$domain] Cloudflare : erreur API - ".$e->getMessage();
$checks[] = ['type' => 'Cloudflare', 'label' => 'API', 'status' => 'error', 'detail' => $e->getMessage()];
}
}
/**
* @param list<array{type: string, label: string, status: string, detail: string}> $checks
* @param list<string> $errors
* @param list<string> $warnings
* @param list<string> $successes
*/
private function checkMailcow(string $domain, array &$checks, array &$errors, array &$warnings, array &$successes, SymfonyStyle $io): void
private function checkMailcow(string $domain, array &$checks, array &$errors, array &$warnings, array &$successes): void
{
if (!$this->mailcow->isAvailable()) {
$checks[] = ['type' => 'Mailcow', 'label' => 'API', 'status' => 'warning', 'detail' => 'Cle non configuree ou serveur inaccessible'];
$checks[] = DnsCheckService::check('Mailcow', 'API', 'warning', 'Non disponible', 'Acces API Mailcow', 'N/A');
return;
}
try {
// Verifier si le domaine existe dans Mailcow
$domainInfo = $this->mailcow->getDomainStatus($domain);
if (null === $domainInfo) {
$warnings[] = "[$domain] Mailcow : domaine non configure dans Mailcow";
$checks[] = ['type' => 'Mailcow', 'label' => 'Domaine', 'status' => 'warning', 'detail' => 'Non configure'];
$info = $this->mailcow->getDomainStatus($domain);
if (null === $info) {
$warnings[] = "[$domain] Mailcow : domaine non configure";
$checks[] = DnsCheckService::check('Mailcow', 'Domaine', 'warning', 'Non configure', 'Domaine actif', 'Absent');
return;
}
if ($domainInfo['active']) {
$successes[] = "[$domain] Mailcow : domaine actif, {$domainInfo['mailboxes']} boite(s)";
$checks[] = ['type' => 'Mailcow', 'label' => 'Domaine', 'status' => 'ok', 'detail' => "Actif, {$domainInfo['mailboxes']} boite(s)"];
$checks[] = DnsCheckService::check(
'Mailcow', 'Domaine', $info['active'] ? 'ok' : 'error',
$info['active'] ? "Actif, {$info['mailboxes']} boite(s)" : 'Desactive',
'Actif', $info['active'] ? "Actif ({$info['mailboxes']} boites)" : 'Desactive'
);
if ($info['active']) {
$successes[] = "[$domain] Mailcow : actif, {$info['mailboxes']} boite(s)";
} else {
$errors[] = "[$domain] Mailcow : domaine desactive";
$checks[] = ['type' => 'Mailcow', 'label' => 'Domaine', 'status' => 'error', 'detail' => 'Desactive'];
$errors[] = "[$domain] Mailcow : desactive";
}
// Verifier DKIM dans Mailcow
$dkimKey = $this->mailcow->getDkimKey($domain);
if (null !== $dkimKey && '' !== $dkimKey) {
$successes[] = "[$domain] Mailcow DKIM : cle configuree";
$checks[] = ['type' => 'Mailcow', 'label' => 'DKIM Mailcow', 'status' => 'ok', 'detail' => 'Cle presente'];
// Comparer avec le DNS
$dnsDkim = $this->getDkimFromDns($domain);
if (null !== $dnsDkim) {
if (str_contains($dnsDkim, substr($dkimKey, 0, 40))) {
$successes[] = "[$domain] Mailcow DKIM : correspond au DNS";
$checks[] = ['type' => 'Mailcow', 'label' => 'DKIM DNS vs Mailcow', 'status' => 'ok', 'detail' => 'Les cles correspondent'];
} else {
$errors[] = "[$domain] Mailcow DKIM : la cle DNS ne correspond pas a Mailcow";
$checks[] = ['type' => 'Mailcow', 'label' => 'DKIM DNS vs Mailcow', 'status' => 'error', 'detail' => 'Les cles ne correspondent pas'];
}
$match = null !== $dnsDkim && str_contains($dnsDkim, substr($dkimKey, 0, 40));
$checks[] = DnsCheckService::check(
'Mailcow', 'DKIM', $match ? 'ok' : 'error',
$match ? 'Cles correspondent' : 'Cles differentes',
'Cle Mailcow: '.substr($dkimKey, 0, 30).'...',
null !== $dnsDkim ? substr($dnsDkim, 0, 30).'...' : 'Absent du DNS'
);
if ($match) {
$successes[] = "[$domain] Mailcow DKIM : correspond au DNS";
} else {
$warnings[] = "[$domain] Mailcow DKIM : cle Mailcow presente mais aucun DKIM dans le DNS";
$checks[] = ['type' => 'Mailcow', 'label' => 'DKIM DNS vs Mailcow', 'status' => 'warning', 'detail' => 'DKIM absent du DNS'];
$errors[] = "[$domain] Mailcow DKIM : ne correspond pas au DNS";
}
} else {
$errors[] = "[$domain] Mailcow DKIM : aucune cle configuree";
$checks[] = ['type' => 'Mailcow', 'label' => 'DKIM Mailcow', 'status' => 'error', 'detail' => 'Aucune cle'];
$errors[] = "[$domain] Mailcow DKIM : pas de cle";
$checks[] = DnsCheckService::check('Mailcow', 'DKIM', 'error', 'Aucune cle', 'Cle DKIM configuree', 'Absente');
}
// Verifier la configuration DNS attendue par Mailcow
$expectedRecords = $this->mailcow->getExpectedDnsRecords($domain);
foreach ($expectedRecords as $expected) {
$found = $this->checkDnsRecordExists($expected['type'], $expected['name'], $expected['content']);
$isOptional = str_contains($expected['name'], 'autodiscover') || str_contains($expected['name'], 'autoconfig') || 'SRV' === $expected['type'] || str_contains($expected['name'], '_mta-sts');
$label = $expected['type'].' '.$expected['name'];
$checks[] = DnsCheckService::check(
'Mailcow DNS', $label, $found ? 'ok' : ($isOptional ? 'warning' : 'error'),
$found ? 'Present' : ($isOptional ? 'Absent (optionnel)' : 'Absent'),
$expected['content'], $found ? 'Trouve' : 'Non trouve'
);
if ($found) {
$successes[] = "[$domain] Mailcow DNS : $label present";
$checks[] = ['type' => 'Mailcow DNS', 'label' => $label, 'status' => 'ok', 'detail' => $expected['content']];
$successes[] = "[$domain] Mailcow DNS : $label OK";
} elseif ($isOptional) {
$warnings[] = "[$domain] Mailcow DNS : $label absent (optionnel)";
} else {
// autodiscover/autoconfig/SRV/_mta-sts sont optionnels
$isOptional = str_contains($expected['name'], 'autodiscover') || str_contains($expected['name'], 'autoconfig') || 'SRV' === $expected['type'] || str_contains($expected['name'], '_mta-sts');
if ($isOptional) {
$warnings[] = "[$domain] Mailcow DNS : $label absent (optionnel)";
$checks[] = ['type' => 'Mailcow DNS', 'label' => $label, 'status' => 'warning', 'detail' => 'Absent (optionnel)'];
} else {
$errors[] = "[$domain] Mailcow DNS : $label absent";
$checks[] = ['type' => 'Mailcow DNS', 'label' => $label, 'status' => 'error', 'detail' => 'Absent - attendu: '.$expected['content']];
}
$errors[] = "[$domain] Mailcow DNS : $label absent";
}
}
} catch (\Throwable $e) {
$errors[] = "[$domain] Mailcow : erreur API - ".$e->getMessage();
$checks[] = ['type' => 'Mailcow', 'label' => 'API', 'status' => 'error', 'detail' => $e->getMessage()];
$errors[] = "[$domain] Mailcow : ".$e->getMessage();
$checks[] = DnsCheckService::check('Mailcow', 'API', 'error', $e->getMessage());
}
}
private function getDkimFromDns(string $domain): ?string
{
$selectors = ['dkim', 'default', 'mail', 'k1'];
foreach ($selectors as $selector) {
foreach (['dkim', 'default', 'mail', 'k1'] as $selector) {
$records = dns_get_record($selector.'._domainkey.'.$domain, \DNS_TXT) ?: [];
foreach ($records as $r) {
$txt = $r['txt'] ?? '';
@@ -319,11 +322,10 @@ class CheckDnsCommand extends Command
};
}
private function checkMxExists(string $name, string $expectedTarget): bool
private function checkMxExists(string $name, string $target): bool
{
$records = dns_get_record($name, \DNS_MX) ?: [];
foreach ($records as $mx) {
if (str_contains(rtrim($mx['target'] ?? '', '.'), $expectedTarget)) {
foreach (dns_get_record($name, \DNS_MX) ?: [] as $mx) {
if (str_contains(rtrim($mx['target'] ?? '', '.'), $target)) {
return true;
}
}
@@ -331,11 +333,10 @@ class CheckDnsCommand extends Command
return false;
}
private function checkTxtContains(string $name, string $expectedStart): bool
private function checkTxtContains(string $name, string $start): bool
{
$records = dns_get_record($name, \DNS_TXT) ?: [];
foreach ($records as $r) {
if (str_starts_with($r['txt'] ?? '', $expectedStart)) {
foreach (dns_get_record($name, \DNS_TXT) ?: [] as $r) {
if (str_starts_with($r['txt'] ?? '', $start)) {
return true;
}
}
@@ -354,7 +355,7 @@ class CheckDnsCommand extends Command
* @param list<string> $errors
* @param list<string> $warnings
* @param list<string> $successes
* @param list<array{domain: string, checks: list<array{type: string, label: string, status: string, detail: string}>}> $domainResults
* @param list<array{domain: string, checks: list<array>}> $domainResults
*/
private function sendReport(array $errors, array $warnings, array $successes, array $domainResults): void
{
@@ -387,7 +388,7 @@ class CheckDnsCommand extends Command
]);
$this->mailer->sendEmail(
$this->mailer->getAdminEmail(),
self::MONITOR_EMAIL,
$subject,
$html,
null,

66
src/Service/DnsCheckService.php
View File

@@ -9,15 +9,24 @@ class DnsCheckService
private const DKIM_SELECTORS = ['ses1', 'ses2', 'ses3', 'default', 'mail', 'k1', 'google', 'selector1', 'selector2', 'dkim'];
/**
* @return array{type: string, label: string, status: string, detail: string}
* @return array{type: string, label: string, status: string, detail: string, expected: string, dig: string, cloudflare: string, cf_status: string}
*/
private static function check(string $type, string $label, string $status, string $detail): array
public static function check(string $type, string $label, string $status, string $detail, string $expected = '', string $dig = '', string $cloudflare = '', string $cfStatus = ''): array
{
return ['type' => $type, 'label' => $label, 'status' => $status, 'detail' => $detail];
return [
'type' => $type,
'label' => $label,
'status' => $status,
'detail' => $detail,
'expected' => $expected,
'dig' => $dig,
'cloudflare' => $cloudflare,
'cf_status' => $cfStatus,
];
}
/**
* @param list<array{type: string, label: string, status: string, detail: string}> $checks
* @param list<array> $checks
* @param list<string> $errors
* @param list<string> $warnings
* @param list<string> $successes
@@ -36,18 +45,19 @@ class DnsCheckService
if (null === $spf) {
$errors[] = "[$domain] SPF : absent";
$checks[] = self::check('SPF', 'Enregistrement SPF', 'error', 'Absent');
$checks[] = self::check('SPF', 'Enregistrement SPF', 'error', 'Absent', 'v=spf1 include:amazonses.com include:mail.esy-web.dev -all', 'Non trouve');
return;
}
foreach (self::EXPECTED_SPF_INCLUDES as $include) {
$expected = "include:$include dans le SPF";
if (!str_contains($spf, 'include:'.$include)) {
$errors[] = "[$domain] SPF : include:$include manquant";
$checks[] = self::check('SPF', "include:$include", 'error', 'Manquant');
$checks[] = self::check('SPF', "include:$include", 'error', 'Manquant', $expected, $spf);
} else {
$successes[] = "[$domain] SPF : include:$include present";
$checks[] = self::check('SPF', "include:$include", 'ok', $spf);
$checks[] = self::check('SPF', "include:$include", 'ok', 'Present', $expected, $spf);
}
}
@@ -57,7 +67,7 @@ class DnsCheckService
}
/**
* @param list<array{type: string, label: string, status: string, detail: string}> $checks
* @param list<array> $checks
* @param list<string> $errors
* @param list<string> $successes
*/
@@ -75,7 +85,7 @@ class DnsCheckService
if (null === $dmarc) {
$errors[] = "[$domain] DMARC : absent";
$checks[] = self::check('DMARC', 'Enregistrement DMARC', 'error', 'Absent');
$checks[] = self::check('DMARC', 'Enregistrement DMARC', 'error', 'Absent', 'v=DMARC1; p=reject; ...', 'Non trouve sur _dmarc.'.$domain);
return;
}
@@ -90,19 +100,19 @@ class DnsCheckService
}
$successes[] = "[$domain] DMARC : politique p=$policy";
$checks[] = self::check('DMARC', 'Politique', 'none' === $policy ? 'warning' : 'ok', "p=$policy");
$checks[] = self::check('DMARC', 'Politique', 'none' === $policy ? 'warning' : 'ok', "p=$policy", 'p=reject ou p=quarantine', $dmarc);
if (str_contains($dmarc, 'rua=')) {
$successes[] = "[$domain] DMARC : rapport rua configure";
$checks[] = self::check('DMARC', 'Rapports (rua)', 'ok', 'Configure');
$checks[] = self::check('DMARC', 'Rapports (rua)', 'ok', 'Configure', 'rua=mailto:...', 'Present dans '.$dmarc);
} else {
$errors[] = "[$domain] DMARC : rua manquant";
$checks[] = self::check('DMARC', 'Rapports (rua)', 'error', 'Absent');
$checks[] = self::check('DMARC', 'Rapports (rua)', 'error', 'Absent', 'rua=mailto:...', 'Absent du DMARC');
}
}
/**
* @param list<array{type: string, label: string, status: string, detail: string}> $checks
* @param list<array> $checks
* @param list<string> $errors
* @param list<string> $warnings
* @param list<string> $successes
@@ -112,28 +122,29 @@ class DnsCheckService
$found = 0;
foreach (self::DKIM_SELECTORS as $selector) {
$cname = $this->getCnameRecord($selector.'._domainkey.'.$domain);
$txt = $this->getDkimTxtRecord($selector.'._domainkey.'.$domain);
$fqdn = $selector.'._domainkey.'.$domain;
$cname = $this->getCnameRecord($fqdn);
$txt = $this->getDkimTxtRecord($fqdn);
if (null !== $cname) {
$checks[] = self::check('DKIM', "Selecteur $selector", 'ok', "CNAME$cname");
$checks[] = self::check('DKIM', "Selecteur $selector", 'ok', 'CNAME', $fqdn.' CNAME', $cname);
++$found;
} elseif (null !== $txt) {
$checks[] = self::check('DKIM', "Selecteur $selector", 'ok', 'TXT present');
$checks[] = self::check('DKIM', "Selecteur $selector", 'ok', 'TXT', $fqdn.' TXT v=DKIM1', substr($txt, 0, 60).'...');
++$found;
}
}
if (0 === $found) {
$warnings[] = "[$domain] DKIM : aucun selecteur trouve";
$checks[] = self::check('DKIM', 'DKIM', 'warning', 'Aucun selecteur trouve');
$checks[] = self::check('DKIM', 'DKIM', 'warning', 'Aucun selecteur', 'Au moins 1 selecteur DKIM', 'Aucun trouve');
} else {
$successes[] = "[$domain] DKIM : $found selecteur(s) trouve(s)";
}
}
/**
* @param list<array{type: string, label: string, status: string, detail: string}> $checks
* @param list<array> $checks
* @param list<string> $errors
* @param list<string> $successes
*/
@@ -143,19 +154,23 @@ class DnsCheckService
if ([] === $mxRecords) {
$errors[] = "[$domain] MX : absent";
$checks[] = self::check('MX', 'Enregistrement MX', 'error', 'Absent');
$checks[] = self::check('MX', 'Enregistrement MX', 'error', 'Absent', $expectedMx, 'Aucun MX trouve');
return;
}
$found = false;
$digValues = [];
foreach ($mxRecords as $mx) {
$target = rtrim($mx['target'] ?? '', '.');
$digValues[] = $target.' (pri: '.($mx['pri'] ?? '?').')';
if (str_contains($target, $expectedMx)) {
$found = true;
}
$checks[] = self::check('MX', $target, $found ? 'ok' : 'warning', 'Priorite: '.($mx['pri'] ?? '?'));
}
$digStr = implode(', ', $digValues);
$checks[] = self::check('MX', $domain, $found ? 'ok' : 'error', $found ? 'Present' : 'Absent', $expectedMx, $digStr);
if ($found) {
$successes[] = "[$domain] MX : $expectedMx present";
@@ -165,7 +180,7 @@ class DnsCheckService
}
/**
* @param list<array{type: string, label: string, status: string, detail: string}> $checks
* @param list<array> $checks
* @param list<string> $errors
* @param list<string> $warnings
* @param list<string> $successes
@@ -173,20 +188,21 @@ class DnsCheckService
public function checkBounce(string $domain, array &$checks, array &$errors, array &$warnings, array &$successes): void
{
$bounceDomain = 'bounce.'.$domain;
$expected = 'feedback-smtp.*.amazonses.com';
$mxRecords = dns_get_record($bounceDomain, \DNS_MX) ?: [];
if ([] !== $mxRecords) {
$target = rtrim($mxRecords[0]['target'] ?? '', '.');
$successes[] = "[$domain] Bounce MX : $target";
$checks[] = self::check('Bounce', 'MX bounce.'.$domain, 'ok', $target);
$checks[] = self::check('Bounce', 'MX '.$bounceDomain, 'ok', $target, $expected, $target);
} else {
$cname = $this->getCnameRecord($bounceDomain);
if (null !== $cname) {
$successes[] = "[$domain] Bounce CNAME : $cname";
$checks[] = self::check('Bounce', 'CNAME bounce.'.$domain, 'ok', $cname);
$checks[] = self::check('Bounce', 'CNAME '.$bounceDomain, 'ok', $cname, $expected, $cname);
} else {
$warnings[] = "[$domain] Bounce : aucun enregistrement sur $bounceDomain";
$checks[] = self::check('Bounce', 'bounce.'.$domain, 'warning', 'Aucun MX/CNAME');
$checks[] = self::check('Bounce', $bounceDomain, 'warning', 'Aucun', $expected, 'Non trouve');
}
}
}

128
templates/emails/dns_report.html.twig
View File

@@ -18,73 +18,52 @@
{{ date|date('d/m/Y H:i:s') }} &#8226; Domaines : <strong>{{ domains|join(', ') }}</strong>
</p>
{# ─── Succes ─── #}
{% if successes|length > 0 %}
<h2 style="font-size: 14px; font-weight: 700; color: #16a34a; margin-top: 16px; margin-right: 0; margin-bottom: 8px; margin-left: 0;">
Verifications reussies ({{ successes|length }})
</h2>
<table role="presentation" width="100%" cellpadding="0" cellspacing="0" border="0" style="border: 1px solid #e5e5e5; margin-top: 0; margin-right: 0; margin-bottom: 16px; margin-left: 0;">
{% for success in successes %}
<tr>
<td style="padding-top: 6px; padding-bottom: 6px; padding-left: 12px; padding-right: 12px; font-size: 12px; mso-line-height-rule: exactly; line-height: 18px; background-color: {{ loop.index is odd ? '#ffffff' : '#f9fafb' }}; border-bottom: 1px solid #eeeeee; color: #16a34a;">
&#10003; {{ success }}
</td>
</tr>
{% endfor %}
</table>
{% endif %}
{# ─── Resume ─── #}
<table role="presentation" width="100%" cellpadding="0" cellspacing="0" border="0" style="margin-top: 0; margin-right: 0; margin-bottom: 16px; margin-left: 0;">
<tr>
<td style="padding-top: 8px; padding-bottom: 8px; padding-left: 12px; padding-right: 12px; background-color: #f0fdf4; border-left: 3px solid #16a34a; font-size: 12px; font-weight: 700; color: #16a34a;">
&#10003; {{ successes|length }} verification(s) OK
</td>
</tr>
{% if errors|length > 0 %}
<tr>
<td style="padding-top: 8px; padding-bottom: 8px; padding-left: 12px; padding-right: 12px; background-color: #fef2f2; border-left: 3px solid #dc2626; font-size: 12px; font-weight: 700; color: #dc2626;">
&#10007; {{ errors|length }} erreur(s)
</td>
</tr>
{% endif %}
{% if warnings|length > 0 %}
<tr>
<td style="padding-top: 8px; padding-bottom: 8px; padding-left: 12px; padding-right: 12px; background-color: #fffbeb; border-left: 3px solid #f59e0b; font-size: 12px; font-weight: 700; color: #f59e0b;">
&#9888; {{ warnings|length }} avertissement(s)
</td>
</tr>
{% endif %}
</table>
{# ─── Erreurs ─── #}
{% if errors|length > 0 %}
<h2 style="font-size: 14px; font-weight: 700; color: #dc2626; margin-top: 16px; margin-right: 0; margin-bottom: 8px; margin-left: 0;">
Erreurs ({{ errors|length }})
</h2>
<table role="presentation" width="100%" cellpadding="0" cellspacing="0" border="0" style="border: 1px solid #fca5a5; margin-top: 0; margin-right: 0; margin-bottom: 16px; margin-left: 0;">
{% for error in errors %}
<tr>
<td style="padding-top: 6px; padding-bottom: 6px; padding-left: 12px; padding-right: 12px; font-size: 12px; mso-line-height-rule: exactly; line-height: 18px; background-color: #fef2f2; color: #991b1b; border-bottom: 1px solid #fca5a5;">
&#10007; {{ error }}
</td>
</tr>
{% endfor %}
</table>
{% endif %}
{# ─── Avertissements ─── #}
{% if warnings|length > 0 %}
<h2 style="font-size: 14px; font-weight: 700; color: #f59e0b; margin-top: 16px; margin-right: 0; margin-bottom: 8px; margin-left: 0;">
Avertissements ({{ warnings|length }})
</h2>
<table role="presentation" width="100%" cellpadding="0" cellspacing="0" border="0" style="border: 1px solid #fde68a; margin-top: 0; margin-right: 0; margin-bottom: 16px; margin-left: 0;">
{% for warning in warnings %}
<tr>
<td style="padding-top: 6px; padding-bottom: 6px; padding-left: 12px; padding-right: 12px; font-size: 12px; mso-line-height-rule: exactly; line-height: 18px; background-color: #fffbeb; color: #92400e; border-bottom: 1px solid #fde68a;">
&#9888; {{ warning }}
</td>
</tr>
{% endfor %}
</table>
{% endif %}
{# ─── Detail par domaine ─── #}
{# ─── Detail par domaine avec valeurs attendue / dig / cloudflare ─── #}
{% for domainData in domainResults %}
<h2 style="font-size: 14px; font-weight: 700; margin-top: 20px; margin-right: 0; margin-bottom: 8px; margin-left: 0;">
<h2 style="font-size: 16px; font-weight: 700; margin-top: 24px; margin-right: 0; margin-bottom: 8px; margin-left: 0; border-bottom: 2px solid #fabf04; padding-bottom: 4px;">
{{ domainData.domain }}
</h2>
<table role="presentation" width="100%" cellpadding="0" cellspacing="0" border="0" style="border: 1px solid #e5e5e5; margin-top: 0; margin-right: 0; margin-bottom: 16px; margin-left: 0;">
<tr>
<td style="background-color: #111827; color: #ffffff; padding-top: 8px; padding-bottom: 8px; padding-left: 12px; padding-right: 12px; font-size: 11px; font-weight: 700; text-transform: uppercase; letter-spacing: 0.5px; width: 80px;">Type</td>
<td style="background-color: #111827; color: #ffffff; padding-top: 8px; padding-bottom: 8px; padding-left: 12px; padding-right: 12px; font-size: 11px; font-weight: 700; text-transform: uppercase; letter-spacing: 0.5px;">Verification</td>
<td style="background-color: #111827; color: #ffffff; padding-top: 8px; padding-bottom: 8px; padding-left: 12px; padding-right: 12px; font-size: 11px; font-weight: 700; text-transform: uppercase; letter-spacing: 0.5px; text-align: center; width: 60px;">Statut</td>
<td style="background-color: #111827; color: #ffffff; padding-top: 8px; padding-bottom: 8px; padding-left: 8px; padding-right: 8px; font-size: 9px; font-weight: 700; text-transform: uppercase; letter-spacing: 0.5px; width: 60px;">Type</td>
<td style="background-color: #111827; color: #ffffff; padding-top: 8px; padding-bottom: 8px; padding-left: 8px; padding-right: 8px; font-size: 9px; font-weight: 700; text-transform: uppercase; letter-spacing: 0.5px;">Check</td>
<td style="background-color: #111827; color: #ffffff; padding-top: 8px; padding-bottom: 8px; padding-left: 8px; padding-right: 8px; font-size: 9px; font-weight: 700; text-transform: uppercase; letter-spacing: 0.5px;">Attendu</td>
<td style="background-color: #111827; color: #ffffff; padding-top: 8px; padding-bottom: 8px; padding-left: 8px; padding-right: 8px; font-size: 9px; font-weight: 700; text-transform: uppercase; letter-spacing: 0.5px;">Dig (actuel)</td>
<td style="background-color: #111827; color: #ffffff; padding-top: 8px; padding-bottom: 8px; padding-left: 8px; padding-right: 8px; font-size: 9px; font-weight: 700; text-transform: uppercase; letter-spacing: 0.5px;">Cloudflare</td>
<td style="background-color: #111827; color: #ffffff; padding-top: 8px; padding-bottom: 8px; padding-left: 8px; padding-right: 8px; font-size: 9px; font-weight: 700; text-transform: uppercase; letter-spacing: 0.5px; text-align: center; width: 30px;">OK</td>
</tr>
{% for check in domainData.checks %}
<tr>
<td style="padding-top: 6px; padding-bottom: 6px; padding-left: 12px; padding-right: 12px; font-size: 11px; font-weight: 700; border-bottom: 1px solid #eeeeee; color: #666666;">{{ check.type }}</td>
<td style="padding-top: 6px; padding-bottom: 6px; padding-left: 12px; padding-right: 12px; font-size: 11px; border-bottom: 1px solid #eeeeee;">
<strong>{{ check.label }}</strong>
{% if check.detail %}<br><span style="color: #888888; font-size: 10px;">{{ check.detail }}</span>{% endif %}
</td>
<td style="padding-top: 6px; padding-bottom: 6px; padding-left: 12px; padding-right: 12px; font-size: 12px; text-align: center; border-bottom: 1px solid #eeeeee; font-weight: 700; color: {{ check.status == 'ok' ? '#16a34a' : (check.status == 'error' ? '#dc2626' : '#f59e0b') }};">
<td style="padding-top: 5px; padding-bottom: 5px; padding-left: 8px; padding-right: 8px; font-size: 9px; font-weight: 700; border-bottom: 1px solid #eeeeee; color: #666666; vertical-align: top;">{{ check.type }}</td>
<td style="padding-top: 5px; padding-bottom: 5px; padding-left: 8px; padding-right: 8px; font-size: 9px; font-weight: 700; border-bottom: 1px solid #eeeeee; vertical-align: top;">{{ check.label }}</td>
<td style="padding-top: 5px; padding-bottom: 5px; padding-left: 8px; padding-right: 8px; font-size: 9px; border-bottom: 1px solid #eeeeee; color: #444444; vertical-align: top; word-break: break-all;">{{ check.expected|default('—') }}</td>
<td style="padding-top: 5px; padding-bottom: 5px; padding-left: 8px; padding-right: 8px; font-size: 9px; border-bottom: 1px solid #eeeeee; color: {{ check.status == 'ok' ? '#16a34a' : (check.status == 'error' ? '#dc2626' : '#92400e') }}; vertical-align: top; word-break: break-all;">{{ check.dig|default('—') }}</td>
<td style="padding-top: 5px; padding-bottom: 5px; padding-left: 8px; padding-right: 8px; font-size: 9px; border-bottom: 1px solid #eeeeee; color: {{ check.cf_status|default('') == 'ok' ? '#16a34a' : (check.cf_status|default('') == 'error' ? '#dc2626' : '#888888') }}; vertical-align: top; word-break: break-all;">{{ check.cloudflare|default('—') }}</td>
<td style="padding-top: 5px; padding-bottom: 5px; padding-left: 8px; padding-right: 8px; font-size: 12px; text-align: center; border-bottom: 1px solid #eeeeee; font-weight: 700; color: {{ check.status == 'ok' ? '#16a34a' : (check.status == 'error' ? '#dc2626' : '#f59e0b') }}; vertical-align: top;">
{{ check.status == 'ok' ? '&#10003;' : (check.status == 'error' ? '&#10007;' : '&#9888;') }}
</td>
</tr>
@@ -92,8 +71,39 @@
</table>
{% endfor %}
{# ─── Erreurs detaillees ─── #}
{% if errors|length > 0 %}
<h2 style="font-size: 14px; font-weight: 700; color: #dc2626; margin-top: 16px; margin-right: 0; margin-bottom: 8px; margin-left: 0;">
Erreurs a corriger ({{ errors|length }})
</h2>
<table role="presentation" width="100%" cellpadding="0" cellspacing="0" border="0" style="border: 1px solid #fca5a5; margin-top: 0; margin-right: 0; margin-bottom: 16px; margin-left: 0;">
{% for error in errors %}
<tr>
<td style="padding-top: 6px; padding-bottom: 6px; padding-left: 12px; padding-right: 12px; font-size: 11px; mso-line-height-rule: exactly; line-height: 16px; background-color: #fef2f2; color: #991b1b; border-bottom: 1px solid #fca5a5;">
&#10007; {{ error }}
</td>
</tr>
{% endfor %}
</table>
{% endif %}
{% if warnings|length > 0 %}
<h2 style="font-size: 14px; font-weight: 700; color: #f59e0b; margin-top: 16px; margin-right: 0; margin-bottom: 8px; margin-left: 0;">
Avertissements ({{ warnings|length }})
</h2>
<table role="presentation" width="100%" cellpadding="0" cellspacing="0" border="0" style="border: 1px solid #fde68a; margin-top: 0; margin-right: 0; margin-bottom: 16px; margin-left: 0;">
{% for warning in warnings %}
<tr>
<td style="padding-top: 6px; padding-bottom: 6px; padding-left: 12px; padding-right: 12px; font-size: 11px; mso-line-height-rule: exactly; line-height: 16px; background-color: #fffbeb; color: #92400e; border-bottom: 1px solid #fde68a;">
&#9888; {{ warning }}
</td>
</tr>
{% endfor %}
</table>
{% endif %}
<p style="font-size: 11px; color: #888888; mso-line-height-rule: exactly; line-height: 16px; margin-top: 16px; margin-right: 0; margin-bottom: 0; margin-left: 0;">
Rapport genere par la commande <strong>app:dns:check</strong>. Verifiez la configuration dans Cloudflare et AWS SES si necessaire.
Rapport par <strong>Esy-Infra</strong> - Service de monitoring d'infra
</p>
{% endblock %}