#!/bin/sh -e
#
# Produce a list of addresses that should not be delivered to,
# because they are stupid top-level domain wildcard records.
#
# $Cambridge: hermes/conf/exim/sbin/badtlds,v 1.10 2004/05/11 21:15:09 fanf2 Exp $

DATE=`date +%Y%m%d-%H%M%S`
PROBE=ucam-testing-for-broken-wildcard-records-$DATE

# whitespace regex stuff
WS='[	 ]'
NWS='[^	 ]'

FETCH='wget -q -O-'

case "$*" in
-d)	DEBUG=yes
	FETCH='wget -O-'
esac

debug_echo () {
	case $DEBUG in
	yes)	echo "$*" 1>&2
	esac
}

debug_cat () {
	case $DEBUG in
	yes)	tee /dev/stderr
		;;
	*)	cat
		;;
	esac
}

with_regexes () {
	local domain regex
	sed 'h;s/\./[.]/g;G;s/\n/ /' |
	while read regex domain
	do
		$* $domain $regex
	done
}

list_records () {
	debug_echo list_records $*
	local type domain regex
	type=$1 domain=$2 regex=$3
	dig $type $domain 2>/dev/null |
		sed "/^$regex$WS/!d
			/$WS$type$WS/!d
			s/.*$WS\($NWS$NWS*\)\$/\1/" |
		debug_cat
}

check_domain () {
	debug_echo check_domain $*
	local domain regex
	domain=$PROBE.$1.
	regex=$PROBE[.]$2[.]
	list_records A $domain $regex |
		sed "s/.*/&: .$1 wildcard A record/"
	list_records MX $domain $regex |
		with_regexes list_records A |
		sed "s/.*/&: .$1 wildcard MX record/"
}

echo "# auto-generated by $0"
echo "# at $DATE"
echo "#"

# We use root server f (run by the good guys at the ISC) to get a list
# of top-level domains.
#
# We manually exclude the Vatican (VA) from the stupid list because
# their wildcard MXs include real MXs for their subdomains.
#
dig @f.root-servers.net. axfr . |
	sed "/^\([A-Z][A-Z]*\)[.]\{0,1\}$WS.*/!d;s//\1/;/VA/d" |
	sort -u |
	with_regexes check_domain

# A list of 2LDs that should also be checked.
# Some of them need whitelisting for similar reasons to VA.
(
	echo co.br
	echo uk.com
	$FETCH http://spamcheck.freeapp.net/two-level-tlds |
		egrep -v '(telememo[.]au|de|medecin[.]fr|gov[.]gg|nhs[.]uk)$'
) |
	with_regexes check_domain

# done
exit 0