maester365
MS.EXO.4.1 false matches for domain names
Hello @soulemike
The current regex in test Test-MtCisaDmarcRecordExist.ps1
$matchDomain = "(?:^|\.)(?'second'\w+.\w+$)"
has incorrect matches if the domain name has a dash (-) and a three-letter tld in it. For example, for domain 'test-domain.com' it matches and capture group 'second' is '.com', which obviously leads to errors in dmarc check.
If I understand this correctly it tries to get the top-level domain if a second-level domain is provided: test.domain.com -> domain.com.
Given there is an abundance of tlds available it is almost impossible to have a correct regex for all scenarios -> https://stackoverflow.com/a/21173813
Wouldn't it be better just to remove the regex and test dmarc records as is? In my example the two second-level domains are [tenantname].onmicrosoft.com and [tenantname].mail.onmicrosoft.com which both end up as skipped with dmarc check without regex.
Environment
Maester-Version: 1.1.2 PS-Version: 7.5.1
Kind regards Christian
Regarding the bug with hyphen matching, we can work around that issue with a pattern like
(?:^|\.)(?'second'[a-zA-Z0-9_-]+\.\w+$)
This regex should work, I tested with my various domains including tenant.onmicrosoft.com and tenant.mail.onmicrosoft.com
Good catch and suggested resolution. I was trying to find something definitive on it, but with the expansion of TLDs I think technically there are some that may use _- as well. An unlikely issue, but more just a note for future reference. Nice work!
See this page from DMARCLY about how DMARC lookups work. The catch is having to derive the organization domain name from the public suffix list (PSL). Can Master download and cache the PSL list from Mozilla?
Great catch. This may fix an issue that I've noticed as well.
It shouldn't be hard to have a workflow keep a copy of the PSL updated or even cached in the repository.
