new: [google-gmail-sending-ips] Add generator and update to latest version

generate_all.sh

@@ -31,6 +31,7 @@ python3 generate-vpn.py
 python3 generate-wikimedia.py
 python3 genetate-second-level-tlds.py
 python3 generate-google-gcp.py
+python3 generate-google-gmail-sending-ips.py
 popd
 
 ./jq_all_the_things.sh

lists/google-gmail-sending-ips/list.json

@@ -1,11 +1,18 @@
 {
-  "description": "List of known gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en)",
+  "description": "List of known Gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en)",
   "list": [
     "108.177.8.0/21",
+    "108.177.96.0/19",
+    "130.211.0.0/22",
     "172.217.0.0/19",
+    "172.217.128.0/19",
+    "172.217.160.0/20",
+    "172.217.192.0/19",
+    "172.217.32.0/20",
+    "172.253.112.0/20",
+    "172.253.56.0/21",
     "173.194.0.0/16",
     "2001:4860:4000::/36",
-    "207.126.144.0/20",
     "209.85.128.0/17",
     "216.239.32.0/19",
     "216.58.192.0/19",
@@ -14,7 +21,8 @@
     "2800:3f0:4000::/36",
     "2a00:1450:4000::/36",
     "2c0f:fb50:4000::/36",
-    "64.18.0.0/20",
+    "35.190.247.0/24",
+    "35.191.0.0/16",
     "64.233.160.0/19",
     "66.102.0.0/20",
     "66.249.80.0/20",
@@ -22,11 +30,11 @@
     "74.125.0.0/16"
   ],
   "matching_attributes": [
-    "ip-dst",
     "ip-src",
+    "ip-dst",
     "domain|ip"
   ],
-  "name": "List of known gmail sending IP ranges",
+  "name": "List of known Gmail sending IP ranges",
   "type": "cidr",
-  "version": 20190809
+  "version": 20210610
 }

tools/generate-google-gmail-sending-ips.py

@@ -0,0 +1,48 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+from ipaddress import ip_network, IPv4Network, IPv6Network
+from dns.resolver import Resolver
+from typing import List, Union
+from generator import get_version, write_to_file
+
+
+class Spf:
+    def _parse_spf(self, spf: str) -> dict:
+        output = {"include": [], "ranges": []}
+        for part in spf.split(" "):
+            if part.startswith("include:"):
+                output["include"].append(part.split(":", 1)[1])
+            elif part.startswith("ip4:") or part.startswith("ip6:"):
+                output["ranges"].append(ip_network(part.split(":", 1)[1]))
+        return output
+
+    def _query_spf(self, resolver: Resolver, domain: str) -> List[Union[IPv4Network, IPv6Network]]:
+        ranges = []
+        for rdata in resolver.query(domain, "TXT"):
+            parsed = self._parse_spf(rdata.to_text())
+            ranges += parsed["ranges"]
+
+            for include in parsed["include"]:
+                ranges += self._query_spf(resolver, include)
+
+        return ranges
+
+    def get_list(self, domain: str) -> List[Union[IPv4Network, IPv6Network]]:
+        resolver = Resolver()
+        return self._query_spf(resolver, domain)
+
+
+if __name__ == '__main__':
+    spf = Spf()
+    print()
+
+    warninglist = {
+        'name': "List of known Gmail sending IP ranges",
+        'version': get_version(),
+        'description': "List of known Gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en)",
+        'matching_attributes': ["ip-src", "ip-dst", "domain|ip"],
+        'type': 'cidr',
+        'list': [str(range) for range in spf.get_list("_spf.google.com")],
+    }
+
+    write_to_file(warninglist, "google-gmail-sending-ips")