Haraka 2.8.28 → 3.0.0

package/dkim.js

@@ -2,7 +2,7 @@
 
 const crypto = require('crypto');
 const dns    = require('dns');
-const Stream = require('stream').Stream;
+const { Stream } = require('stream');
 const utils  = require('haraka-utils');
 
 //////////////////////
@@ -26,7 +26,7 @@ class Buf {
             if (!buf) buf = Buffer.from('');
             return buf;
         }
-        if (buf && buf.length) {
+        if (buf?.length) {
             this.bar.push(buf);
             this.blen += buf.length;
         }
@@ -73,8 +73,8 @@ class DKIMObject {
         const [ , , dkim_signature] = /^([^:]+):\s*((?:.|[\r\n])*)$/.exec(header);
         const sig = dkim_signature.trim().replace(/\s+/g,'');
         const keys = sig.split(';');
-        for (let k=0; k<keys.length; k++) {
-            const key = keys[k].trim();
+        for (const keyElement of keys) {
+            const key = keyElement.trim();
             if (!key) continue;  // skip empty keys
             const [ , key_name, key_value] = /^([^= ]+)=((?:.|[\r\n])+)$/.exec(key) || [];
             if (key_name) {
@@ -133,8 +133,8 @@ class DKIMObject {
 
         if (this.fields.h) {
             const headers = this.fields.h.split(':');
-            for (let h=0; h<headers.length; h++) {
-                this.signed_headers.push(headers[h].trim().toLowerCase());
+            for (const h of headers) {
+                this.signed_headers.push(h.trim().toLowerCase());
             }
             if (!this.signed_headers.includes('from')) {
                 return this.result('from field not signed', 'invalid');
@@ -247,8 +247,7 @@ class DKIMObject {
         }
 
         // Now we canonicalize the specified headers
-        for (let h=0; h<this.signed_headers.length; h++) {
-            const header = this.signed_headers[h];
+        for (const header of this.signed_headers) {
             this.debug(`${this.identity}: canonicalize header: ${header}`);
             if (this.header_idx[header]) {
                 // RFC 6376 section 5.4.2, read headers from bottom to top
@@ -281,12 +280,10 @@ class DKIMObject {
         our_sig = our_sig.replace(/\r\n$/,'');
         this.verifier.update(our_sig);
 
-        // Do the DNS lookup to retrieve the public key
-        const self = this;
         let timeout = false;
         const timer = setTimeout(() => {
             timeout = true;
-            return self.result('DNS timeout', 'tempfail');
+            return this.result('DNS timeout', 'tempfail');
         }, this.timeout * 1000);
         const lookup = `${this.fields.s}._domainkey.${this.fields.d}`;
         this.debug(`${this.identity}: DNS lookup ${lookup} (timeout= ${this.timeout}s)`);
@@ -298,77 +295,72 @@ class DKIMObject {
                     case dns.NOTFOUND:
                     case dns.NODATA:
                     case dns.NXDOMAIN:
-                        return self.result('no key for signature', 'invalid');
+                        return this.result('no key for signature', 'invalid');
                     default:
-                        self.debug(`${self.identity}: DNS lookup error: ${err.code}`);
-                        return self.result('key unavailable', 'tempfail');
+                        this.debug(`${this.identity}: DNS lookup error: ${err.code}`);
+                        return this.result('key unavailable', 'tempfail');
                 }
             }
-            if (!res) return self.result('no key for signature', 'invalid');
-            for (let r=0; r<res.length; r++) {
-                let record = res[r];
-                // Node 0.11.x compatibility
-                if (Array.isArray(record)) {
-                    record = record.join('');
-                }
+            if (!res) return this.result('no key for signature', 'invalid');
+            for (const record of res) {
                 if (!record.includes('p=')) {
-                    self.debug(`${self.identity}: ignoring TXT record: ${record}`);
+                    this.debug(`${this.identity}: ignoring TXT record: ${record}`);
                     continue;
                 }
-                self.debug(`${self.identity}: got DNS record: ${record}`);
+                this.debug(`${this.identity}: got DNS record: ${record}`);
                 const rec = record.replace(/\r?\n/g, '').replace(/\s+/g,'');
                 const split = rec.split(';');
-                for (let j=0; j<split.length; j++) {
-                    const split2 = split[j].split('=');
-                    if (split2[0]) self.dns_fields[split2[0]] = split2[1];
+                for (const element of split) {
+                    const split2 = element.split('=');
+                    if (split2[0]) this.dns_fields[split2[0]] = split2[1];
                 }
 
                 // Validate
-                if (!self.dns_fields.v || self.dns_fields.v !== 'DKIM1') {
-                    return self.result('invalid version', 'invalid');
+                if (!this.dns_fields.v || this.dns_fields.v !== 'DKIM1') {
+                    return this.result('invalid version', 'invalid');
                 }
-                if (self.dns_fields.g) {
-                    if (self.dns_fields.g !== '*') {
-                        let s = self.dns_fields.g;
+                if (this.dns_fields.g) {
+                    if (this.dns_fields.g !== '*') {
+                        let s = this.dns_fields.g;
                         // Escape any special regexp characters
                         s = s.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&");
                         // Make * a non-greedy match against anything except @
                         s = s.replace('\\*','[^@]*?');
                         const reg = new RegExp(`^${s}@`);
-                        self.debug(`${self.identity}: matching ${self.dns_fields.g} against i=${self.fields.i} regexp=${reg.toString()}`);
-                        if (!reg.test(self.fields.i)) {
-                            return self.result('inapplicable key', 'invalid');
+                        this.debug(`${this.identity}: matching ${this.dns_fields.g} against i=${this.fields.i} regexp=${reg.toString()}`);
+                        if (!reg.test(this.fields.i)) {
+                            return this.result('inapplicable key', 'invalid');
                         }
                     }
                 }
                 else {
-                    return self.result('inapplicable key', 'invalid');
+                    return this.result('inapplicable key', 'invalid');
                 }
-                if (self.dns_fields.h) {
-                    const hashes = self.dns_fields.h.split(':');
-                    for (let k=0; k<hashes.length; k++) {
-                        const hash = hashes[k].trim();
-                        if (!self.fields.a.includes(hash)) {
-                            return self.result('inappropriate hash algorithm', 'invalid');
+                if (this.dns_fields.h) {
+                    const hashes = this.dns_fields.h.split(':');
+                    for (const hashElement of hashes) {
+                        const hash = hashElement.trim();
+                        if (!this.fields.a.includes(hash)) {
+                            return this.result('inappropriate hash algorithm', 'invalid');
                         }
                     }
                 }
-                if (self.dns_fields.k) {
-                    if (!self.fields.a.includes(self.dns_fields.k)) {
-                        return self.result('inappropriate key type', 'invalid');
+                if (this.dns_fields.k) {
+                    if (!this.fields.a.includes(this.dns_fields.k)) {
+                        return this.result('inappropriate key type', 'invalid');
                     }
                 }
-                if (self.dns_fields.t) {
-                    const flags = self.dns_fields.t.split(':');
-                    for (let f=0; f<flags.length; f++) {
-                        const flag = flags[f].trim();
+                if (this.dns_fields.t) {
+                    const flags = this.dns_fields.t.split(':');
+                    for (const flagElement of flags) {
+                        const flag = flagElement.trim();
                         if (flag === 'y') {
                             // Test mode
-                            self.test_mode = true;
+                            this.test_mode = true;
                         }
                         else if (flag === 's') {
                             // 'i' and 'd' domain much match exactly
-                            let i = self.fields.i
+                            let { i } = this.fields
                             i = i.substr(i.indexOf('@')+1, i.length)
                             if (i.toLowerCase() !== this.fields.d.toLowerCase()) {
                                 return this.result('i/d selector domain mismatch (t=s)', 'invalid')
@@ -376,26 +368,27 @@ class DKIMObject {
                         }
                     }
                 }
-                if (!self.dns_fields.p) return self.result('key revoked', 'invalid');
+                if (!this.dns_fields.p) return this.result('key revoked', 'invalid');
 
                 // crypto.verifier requires the key in PEM format
-                self.public_key = `-----BEGIN PUBLIC KEY-----\r\n${
-                    self.dns_fields.p.replace(/(.{1,76})/g, '$1\r\n')
+                this.public_key = `-----BEGIN PUBLIC KEY-----\r\n${
+
+                    this.dns_fields.p.replace(/(.{1,76})/g, '$1\r\n')
                 }-----END PUBLIC KEY-----\r\n`;
 
                 let verified;
                 try {
-                    verified = self.verifier.verify(self.public_key, self.fields.b, 'base64');
-                    self.debug(`${self.identity}: verified=${verified}`);
+                    verified = this.verifier.verify(this.public_key, this.fields.b, 'base64');
+                    this.debug(`${this.identity}: verified=${verified}`);
                 }
                 catch (e) {
-                    self.debug(`${self.identity}: verification error: ${e.message}`);
-                    return self.result('verification error', 'invalid');
+                    this.debug(`${this.identity}: verification error: ${e.message}`);
+                    return this.result('verification error', 'invalid');
                 }
-                return self.result(null, ((verified) ? 'pass' : 'fail'));
+                return this.result(null, ((verified) ? 'pass' : 'fail'));
             }
             // We didn't find a valid DKIM record for this signature
-            self.result('no key for signature', 'invalid');
+            this.result('no key for signature', 'invalid');
         });
     }
 
@@ -508,9 +501,9 @@ class DKIMVerifyStream extends Stream {
 
                 // Set the overall result based on this precedence order
                 const rr = ['pass','tempfail','fail','invalid','none'];
-                for (let r=0; r<rr.length; r++) {
-                    if (!self.result || (self.result && self.result !== rr[r] && result.result === rr[r])) {
-                        self.result = rr[r];
+                for (const element of rr) {
+                    if (!self.result || (self.result && self.result !== element && result.result === element)) {
+                        self.result = element;
                     }
                 }
             }
@@ -543,14 +536,14 @@ class DKIMVerifyStream extends Stream {
                 if (!this._in_body) {
                     this._in_body = true;
                     // Parse the headers
-                    for (let h=0; h<this.headers.length; h++) {
-                        const match = /^([^: ]+):\s*((:?.|[\r\n])*)/.exec(this.headers[h]);
+                    for (const header of this.headers) {
+                        const match = /^([^: ]+):\s*((:?.|[\r\n])*)/.exec(header);
                         if (!match) continue;
                         const header_name = match[1];
                         if (!header_name) continue;
                         const hn = header_name.toLowerCase();
                         if (!this.header_idx[hn]) this.header_idx[hn] = [];
-                        this.header_idx[hn].push(this.headers[h]);
+                        this.header_idx[hn].push(header);
                     }
                     if (!this.header_idx['dkim-signature']) {
                         this._no_signatures_found = true;
@@ -563,8 +556,8 @@ class DKIMVerifyStream extends Stream {
                         const dkim_headers = this.header_idx['dkim-signature'];
                         this.debug(`Found ${dkim_headers.length} DKIM signatures`);
                         this.pending = dkim_headers.length;
-                        for (let d=0; d<dkim_headers.length; d++) {
-                            this.dkim_objects.push(new DKIMObject(dkim_headers[d], this.header_idx, callback, this.opts));
+                        for (const dkimHeader of dkim_headers) {
+                            this.dkim_objects.push(new DKIMObject(dkimHeader, this.header_idx, callback, this.opts));
                         }
                         if (this.pending === 0) {
                             process.nextTick(() => {
@@ -587,8 +580,8 @@ class DKIMVerifyStream extends Stream {
                 }
             }
             else {
-                for (let e=0; e<this.dkim_objects.length; e++) {
-                    this.dkim_objects[e].add_body_line(line);
+                for (const dkimObject of this.dkim_objects) {
+                    dkimObject.add_body_line(line);
                 }
             }
             if (once) {
@@ -606,13 +599,12 @@ class DKIMVerifyStream extends Stream {
 
     end (buf) {
         this.handle_buf(((buf) ? buf : null));
-        for (let d=0; d<this.dkim_objects.length; d++) {
-            this.dkim_objects[d].end();
+        for (const dkimObject of this.dkim_objects) {
+            dkimObject.end();
         }
         if (this.pending === 0 && this._no_signatures_found === false) {
-            const self = this;
             process.nextTick(() => {
-                self.cb(null, self.result, self.results);
+                this.cb(null, this.result, this.results);
             });
         }
     }

package/docs/Body.md

@@ -1,22 +1 @@
-Body Object
-===========
-
-The Body object gives you access to the textual body parts of an email.
-
-API
----
-
-* body.bodytext
-
-A String containing the body text. Note that HTML parts will have tags in-tact.
-
-* body.header
-
-The header of this MIME part. See the `Header Object` for details of the API.
-
-* body.children
-
-Any child MIME parts. For example a multipart/alternative mail will have a
-main body part with just the MIME preamble in (which is usually either empty,
-or reads something like "This is a multipart MIME message"), and two
-children, one text/plain and one text/html.
+moved to [Body](https://github.com/haraka/email-message#body)

package/docs/CoreConfig.md

@@ -26,7 +26,7 @@ The list of plugins to load
   * listen\_host, port - the host and port to listen on (default: ::0 and 25)
   * listen - (default: [::0]:25) Comma separated IP:Port addresses to listen on
   * inactivity\_time - how long to let clients idle in seconds (default: 300)
-  * nodes - specifies how many processes to fork. The string "cpus" will fork as many children as there are CPUs (default: 0, which disables cluster mode)
+  * nodes - specifies how many processes to fork. The string "cpus" will fork as many children as there are CPUs (default: 1, which enables cluster mode with a single process)
   * user - optionally a user to drop privileges to. Can be a string or UID.
   * group - optionally a group to drop privileges to. Can be a string or GID.
   * ignore\_bad\_plugins - If a plugin fails to compile by default Haraka will stop at load time.
@@ -136,4 +136,4 @@ The list of plugins to load
 
 * connection\_close\_message
   
-  Defaults to `closing connection. Have a jolly good day.` can be overrridden with custom text
+  Defaults to `closing connection. Have a jolly good day.` can be overrridden with custom text

package/docs/Header.md

@@ -1,47 +1 @@
-Header Object
-=============
-
-The Header object gives programmatic access to email headers. It is primarily
-used from `transaction.header` but also each MIME part of the `Body` will
-also have its own header object.
-
-API
----
-
-* header.get(key)
-
-Returns the header with the name `key`. If there are multiple headers with
-the given name (as is usually the case with "Received" for example) they will
-be concatenated together with "\n".
-
-* header.get\_all(key)
-
-Returns the headers with the name `key` as an array. Multi-valued headers
-will have multiple entries in the array.
-
-* header.get\_decoded(key)
-
-Works like `get(key)`, only it gives you headers decoded from any MIME encoding
-they may have used.
-
-* header.remove(key)
-
-Removes all headers with the given name. DO NOT USE. This is transparent to
-the transaction and it will not see the header(s) you removed. Instead use
-`transaction.remove_header(key)` which will also correct the data part of
-the email.
-
-* header.add(key, value)
-
-Adds a header with the given name and value. DO NOT USE. This is transparent
-to the transaction and it will not see the header you added. Instead use
-`transaction.add_header(key, value)` which will add the header to the data
-part of the email.
-
-* header.lines()
-
-Returns the entire header as a list of lines.
-
-* header.toString()
-
-Returns the entire header as a string.
+moved to [Header](https://github.com/haraka/email-message#header)

package/docs/Outbound.md

@@ -40,12 +40,9 @@ Default: true. Switch to false to disable TLS for outbound mail.
 
 This uses the same `tls_key.pem` and `tls_cert.pem` files that the `tls`
 plugin uses, along with other values in `tls.ini`. See the [tls plugin
-docs](http://haraka.github.io/manual/plugins/tls.html) for information on generating those
-files.
+docs](http://haraka.github.io/manual/plugins/tls.html) for information on generating those files.
 
-Within `tls.ini` you can specify global options for the values `ciphers`, `minVersion`,
-`requestCert` and `rejectUnauthorized`, alternatively you can provide
-separate values by putting them under a key: `[outbound]`, such as:
+Within `tls.ini` you can specify global options for the values `ciphers`, `minVersion`, `requestCert` and `rejectUnauthorized`, alternatively you can provide separate values by putting them under a key: `[outbound]`, such as:
 
 ```
 [outbound]
@@ -74,27 +71,6 @@ string is attached as a `Received` header to all outbound mail just before it is
 
 Timeout for connecting to remote servers. Default: 30s
 
-* `pool_timeout`
-
-Outbound mail uses "pooled" connections. An unused pool connection will send
-a QUIT after this time. Default: 50s
-
-Pooled connections means that a mail to a particular IP address will hold that
-connection open and use it the next time it is requested. This helps with
-large scale outbound mail. If you don't send lots of mail it is advised to
-lower the `pool_timeout` value since it may upset receiving mail servers.
-
-Setting this value to `0` will effectively disable the use of pools. You may
-wish to set this if you have a `get_mx` hook that picks outbound servers on
-a per-email basis (rather than per-domain).
-
-* `pool_concurrency_max`
-
-Set this to `0` to completely disable the pooling code.
-
-This value determines how many concurrent connections can be made to a single
-IP address (destination) in the pool. Default: 10 connections.
-
 * `local_mx_ok`
 
 Default: false. By default, outbound to a local IP is disabled, to avoid creating 
@@ -105,13 +81,9 @@ This could be useful if you want to deliver mail to localhost on another port.
 
 Set this to specify the delay intervals to use between trying to re-send an email
 that has a temporary failure condition.  The setting is a comma separated list of
-time spans and multipliers.  The time span is a number followed by `s`, `m`, `h`, or `d`
-to represent seconds, minutes, hours, and days, respectively.  The multiplier is an
-asterisk followed by an integer representing the number of times to repeat the interval.
+time spans and multipliers.  The time span is a number followed by `s`, `m`, `h`, or `d` to represent seconds, minutes, hours, and days, respectively.  The multiplier is an asterisk followed by an integer representing the number of times to repeat the interval.
 For example, the entry `1m, 5m*2, 1h*3` results in an array of delay times of
-`[60,300,300,3600,3600,3600]` in seconds.  The email will be bounced when the array
-runs out of intervals (the 7th failure in this case).  Set this to `none` to bounce the
-email on the first temporary failure.
+`[60,300,300,3600,3600,3600]` in seconds.  The email will be bounced when the array runs out of intervals (the 7th failure in this case).  Set this to `none` to bounce the email on the first temporary failure.
 
 ### outbound.bounce\_message
 
@@ -150,6 +122,8 @@ you may be interested in are:
 ** outbound_helo - the EHLO domain to use (again, do not set manually)
 * queue_time - the epoch milliseconds time when this mail was queued
 * uuid - the original transaction.uuid
+* force_tls - if true, this mail will be sent over TLS or defer
+
 
 Outbound Mail Hooks
 -------------------
@@ -268,7 +242,7 @@ interface (or alias) on the local system.
 
 As described above the outbound IP can be set using the `bind` parameter
 and also the outbound helo for the IP can be set using the `bind_ehlo` 
-parameter returned my the `get_mx` hook or during the reception of the message 
+parameter returned by the `get_mx` hook or during the reception of the message 
 you can set a transaction note in a plugin to tell Haraka which outbound IP 
 address you would like it to use when it tries to deliver the message:
 
@@ -301,9 +275,7 @@ The contents of the bounce message are configured by a file called
 contains several template entries wrapped in curly brackets. These will be
 populated as follows:
 
-Optional: Possibility to add HTML code (with optional image) to the bounce message is possible 
-by adding the files `config/outbound.bounce_message_html`. An image can be attached 
-to the mail by using `config/outbound.bounce_message_image`.
+Optional: Possibility to add HTML code (with optional image) to the bounce message is possible by adding the files `config/outbound.bounce_message_html`. An image can be attached to the mail by using `config/outbound.bounce_message_image`.
 
 * pid - the current process id
 * date - the current date when the bounce occurred

package/endpoint.js

@@ -41,7 +41,7 @@ class Endpoint {
     toString () {
         if (this.mode) return `${this.path}:${this.mode}`;
         if (this.path) return this.path;
-        if (this.host.indexOf(':') >= 0) return `[${this.host}]:${this.port}`;
+        if (this.host.includes(':')) return `[${this.host}]:${this.port}`;
         return `${this.host}:${this.port}`;
     }
 

package/haraka.js

@@ -54,7 +54,7 @@ signals.forEach((sig) => {
 
         logger.lognotice(`${sig} received`);
         logger.dump_and_exit(() => {
-            if (server.cluster && server.cluster.isMaster) {
+            if (server.cluster?.isMaster) {
                 server.performShutdown();
             }
             else if (!server.cluster) {

package/host_pool.js

@@ -28,7 +28,6 @@ class HostPool {
     // takes a comma/space-separated list of ip:ports
     //  1.1.1.1:22,  3.3.3.3:44
     constructor (hostports_str, retry_secs) {
-        const self = this;
         const hosts = (hostports_str || '')
             .trim()
             .split(/[\s,]+/)
@@ -42,11 +41,11 @@ class HostPool {
                     port: splithost[1]
                 };
             });
-        self.hostports_str = hostports_str;
-        self.hosts = utils.shuffle(hosts);
-        self.dead_hosts = {};  // hostport => true/false
-        self.last_i = 0;  // the last one we checked
-        self.retry_secs = retry_secs || 10;
+        this.hostports_str = hostports_str;
+        this.hosts = utils.shuffle(hosts);
+        this.dead_hosts = {};  // hostport => true/false
+        this.last_i = 0;  // the last one we checked
+        this.retry_secs = retry_secs || 10;
     }
 
     /* failed
@@ -91,14 +90,12 @@ class HostPool {
     probe_dead_host (
         host, port, cb_if_still_dead, cb_if_alive
     ){
-
-        const self = this;
         logger.loginfo(`probing dead host ${host}:${port}`);
 
         const connect_timeout_ms = 200; // keep it snappy
         let s;
         try {
-            s = self.get_socket();
+            s = this.get_socket();
             s.setTimeout(connect_timeout_ms, () => {
                 // nobody home, it's still dead
                 s.destroy();
@@ -127,8 +124,7 @@ class HostPool {
      * so we can override in unit test
      */
     get_socket () {
-        const s = new net.Socket();
-        return s;
+        return new net.Socket();
     }
 
     /* get_host
@@ -151,7 +147,7 @@ class HostPool {
         for (let i = 0; i < this.hosts.length; ++i){
             let j = i + first_i;
             if (j >= this.hosts.length) {
-                j = j - this.hosts.length;
+                j -= this.hosts.length;
             }
             host = this.hosts[j];
             const key = `${host.host}:${host.port}`;