Haraka 2.8.28 → 3.0.0

package/outbound/mx_lookup.js

@@ -24,7 +24,7 @@ exports.lookup_mx = function lookup_mx (domain, cb) {
 
     // default wrap_mx just returns our object with "priority" and "exchange" keys
     let wrap_mx = a => a;
-    function process_dns (err, addresses) {
+    async function process_dns (err, addresses) {
         if (err) {
             if (err.code === 'ENODATA' || err.code === 'ENOTFOUND') {
                 // Most likely this is a hostname with no MX record
@@ -33,9 +33,12 @@ exports.lookup_mx = function lookup_mx (domain, cb) {
             }
             cb(err);
         }
-        else if (addresses && addresses.length) {
+        else if (addresses?.length) {
             for (let i=0,l=addresses.length; i < l; i++) {
-                if (obc.cfg.local_mx_ok || !net_utils.is_local_ip(addresses[i].exchange)) {
+                if (
+                    obc.cfg.local_mx_ok ||
+                    await net_utils.is_local_host(addresses[i].exchange).catch(() => null) === false
+                ) {
                     const mx = wrap_mx(addresses[i]);
                     mxs.push(mx);
                 }
@@ -49,15 +52,15 @@ exports.lookup_mx = function lookup_mx (domain, cb) {
         return 1;
     }
 
-    net_utils.get_mx(domain, (err, addresses) => {
-        if (process_dns(err, addresses)) return;
+    net_utils.get_mx(domain, async (err, addresses) => {
+        if (await process_dns(err, addresses)) return;
 
         // if MX lookup failed, we lookup an A record. To do that we change
         // wrap_mx() to return same thing as resolveMx() does.
         wrap_mx = a => ({priority:0,exchange:a});
         // IS: IPv6 compatible
-        dns.resolve(domain, (err2, addresses2) => {
-            if (process_dns(err2, addresses2)) return;
+        dns.resolve(domain, async (err2, addresses2) => {
+            if (await process_dns(err2, addresses2)) return;
 
             err2 = new Error("Found nowhere to deliver to");
             err2.code = 'NOMX';

package/outbound/queue.js

@@ -4,7 +4,7 @@ const async       = require('async');
 const fs          = require('fs');
 const path        = require('path');
 
-const Address     = require('address-rfc2821').Address;
+const { Address }     = require('address-rfc2821');
 const config      = require('haraka-config');
 
 const logger      = require('../logger');
@@ -135,26 +135,24 @@ exports._add_file = (file, cb) => {
     const parts = _qfile.parts(file);
 
     if (parts.next_attempt <= self.cur_time) {
-        logger.logdebug("[outbound] File needs processing now");
+        logger.logdebug(`[outbound] File ${file} needs processing now`);
         load_queue.push(file);
     }
     else {
-        logger.logdebug(`[outbound] File needs processing later: ${parts.next_attempt - self.cur_time}ms`);
+        logger.logdebug(`[outbound] File ${file} needs processing later: ${parts.next_attempt - self.cur_time}ms`);
         temp_fail_queue.add(file, parts.next_attempt - self.cur_time, () => { load_queue.push(file);});
     }
 
     cb();
 }
 
-exports.load_queue_files = (pid, input_files, iteratee, callback) => {
+exports.load_queue_files = (pid, input_files, iteratee, callback = function () {}) => {
     const self = exports;
     const searchPid = parseInt(pid);
 
     let stat_renamed = 0;
     let stat_loaded = 0;
 
-    callback = callback || function () {};
-
     if (searchPid) {
         logger.loginfo(`[outbound] Grabbing queue files for pid: ${pid}`);
     }
@@ -195,13 +193,11 @@ exports.load_queue_files = (pid, input_files, iteratee, callback) => {
 }
 
 exports.stats = () => {
-    // TODO: output more data here
-    const results = {
+
+    return {
         queue_dir,
         queue_count,
     };
-
-    return results;
 }
 
 exports._list_file = (file, cb) => {
@@ -226,7 +222,7 @@ exports._list_file = (file, cb) => {
                 todo_struct.file = file;
                 todo_struct.full_path = path.join(queue_dir, file);
                 const parts = _qfile.parts(file);
-                todo_struct.pid = (parts && parts.pid) || null;
+                todo_struct.pid = (parts?.pid) || null;
                 cb(null, todo_struct);
             }
         });
@@ -262,7 +258,7 @@ exports.load_pid_queue = pid => {
 }
 
 exports.ensure_queue_dir = () => {
-    // No reason not to do this stuff syncronously -
+    // No reason to do this asynchronously
     // this code is only run at start-up.
     if (fs.existsSync(queue_dir)) return;
 

package/outbound/timer_queue.js

@@ -18,11 +18,9 @@ class TQTimer {
 
 class TimerQueue {
 
-    constructor (interval) {
-        const self = this;
-        interval = interval || 1000;
+    constructor (interval = 1000) {
         this.queue = [];
-        this.interval_timer = setInterval(() => { self.fire(); }, interval);
+        this.interval_timer = setInterval(() => { this.fire(); }, interval);
     }
 
     add (id, ms, cb) {

package/outbound/tls.js

@@ -74,33 +74,32 @@ class OutboundTLS {
 
     // Check for if host is prohibited from TLS negotiation
     check_tls_nogo (host, cb_ok, cb_nogo) {
-        const obtls = this;
-        if (!obtls.cfg.redis.disable_for_failed_hosts) return cb_ok();
+        if (!this.cfg.redis.disable_for_failed_hosts) return cb_ok();
 
         const dbkey = `no_tls|${host}`;
-        obtls.db.get(dbkey, (err, dbr) => {
-            if (err) {
-                obtls.logdebug(obtls, `Redis returned error: ${err}`);
-                return cb_ok();
-            }
-
-            return dbr ? cb_nogo(dbr) : cb_ok();
-        });
+        this.db.get(dbkey)
+            .then(dbr => {
+                dbr ? cb_nogo(dbr) : cb_ok();
+            })
+            .catch(err => {
+                this.logdebug(this, `Redis returned error: ${err}`);
+                cb_ok();
+            })
     }
 
     mark_tls_nogo (host, cb) {
-        const obtls = this;
         const dbkey = `no_tls|${host}`;
-        const expiry = obtls.cfg.redis.disable_expiry || 604800;
+        const expiry = this.cfg.redis.disable_expiry || 604800;
 
-        if (!obtls.cfg.redis.disable_for_failed_hosts) return cb();
+        if (!this.cfg.redis.disable_for_failed_hosts) return cb();
 
-        logger.lognotice(obtls, `TLS connection failed. Marking ${host} as non-TLS for ${expiry} seconds`);
+        logger.lognotice(this, `TLS connection failed. Marking ${host} as non-TLS for ${expiry} seconds`);
 
-        obtls.db.setex(dbkey, expiry, (new Date()).toISOString(), (err, dbr) => {
-            if (err) logger.logerror(obtls, `Redis returned error: ${err}`);
-            cb();
-        });
+        this.db.setex(dbkey, expiry, (new Date()).toISOString())
+            .then(cb)
+            .catch(err => {
+                logger.logerror(this, `Redis returned error: ${err}`);
+            })
     }
 }
 

package/outbound/todo.js

@@ -10,6 +10,7 @@ class TODOItem {
         this.message_stream = transaction.message_stream;
         this.notes = transaction.notes;
         this.uuid = transaction.uuid;
+        this.force_tls = false;
     }
 }
 

package/package.json

@@ -9,7 +9,7 @@
     "server",
     "email"
   ],
-  "version": "2.8.28",
+  "version": "3.0.0",
   "homepage": "http://haraka.github.io",
   "repository": {
     "type": "git",
@@ -17,64 +17,68 @@
   },
   "main": "haraka.js",
   "engines": {
-    "node": ">=12.22.6"
+    "node": ">=16"
   },
   "dependencies": {
     "address-rfc2821"       : "^2.0.1",
     "address-rfc2822"       : "^2.1.0",
-    "async"                 : "~3.2.1",
+    "async"                 : "^3.2.4",
     "daemon"                : "~1.1.0",
-    "generic-pool"          : "~2.5.4",
-    "iconv"                 : "~3.0.1",
     "ipaddr.js"             : "~2.0.1",
-    "libqp"                 : "^1.1.0",
-    "libmime"               : "^5.0.0",
-    "nopt"                  : "~5.0.0",
+    "node-gyp"              : "^9.3.1",
+    "nopt"                  : "~7.0.0",
     "npid"                  : "~0.4.0",
-    "semver"                : "~7.3.5",
+    "semver"                : "~7.3.8",
     "sprintf-js"            : "~1.1.2",
-    "haraka-config"         : "^1.0.20",
-    "haraka-constants"      : "^1.0.5",
-    "haraka-dsn"            : "^1.0.3",
-    "haraka-net-utils"      : "^1.3.1",
-    "haraka-notes"          : "^1.0.4",
-    "haraka-plugin-redis"   : "^1.0.13",
-    "haraka-results"        : "^2.1.0",
-    "haraka-tld"            : "^1.0.28",
-    "haraka-utils"          : "^1.0.2",
+    "haraka-config"         : "^1.1.0",
+    "haraka-constants"      : "^1.0.6",
+    "haraka-dsn"            : "^1.0.4",
+    "haraka-email-message"  : "^1.2.0",
+    "haraka-message-stream" : "^1.2.0",
+    "haraka-net-utils"      : "^1.5.0",
+    "haraka-notes"          : "^1.0.6",
+    "haraka-plugin-attachment": "^1.0.7",
+    "haraka-plugin-spf"     : "1.1.3",
+    "haraka-plugin-redis"   : "^2.0.5",
+    "haraka-results"        : "^2.2.2",
+    "haraka-tld"            : "^1.1.0",
+    "haraka-utils"          : "^1.0.3",
     "openssl-wrapper"       : "^0.3.4",
     "sockaddr"              : "^1.0.1"
   },
   "optionalDependencies": {
-    "haraka-plugin-access"  : "^1.1.4",
-    "haraka-plugin-asn"     : "^1.0.8",
+    "haraka-plugin-access"  : "^1.1.5",
+    "haraka-plugin-aliases" : "^1.0.1",
+    "haraka-plugin-asn"     : "^2.0.1",
     "haraka-plugin-auth-ldap": "^1.0.2",
     "haraka-plugin-dcc"     : "^1.0.1",
     "haraka-plugin-elasticsearch" : "^1.0.6",
-    "haraka-plugin-fcrdns"  : "^1.0.3",
-    "haraka-plugin-graph"   : "^1.0.3",
-    "haraka-plugin-geoip"   : "^1.0.15",
-    "haraka-plugin-headers" : "^1.0.2",
-    "haraka-plugin-karma"   : "^1.0.13",
-    "haraka-plugin-limit"   : "^1.0.4",
-    "haraka-plugin-p0f"     : "^1.0.5",
-    "haraka-plugin-qmail-deliverable" : "^1.0.5",
+    "haraka-plugin-fcrdns"  : "^1.1.0",
+    "haraka-plugin-graph"   : "^1.0.5",
+    "haraka-plugin-geoip"   : "^1.0.17",
+    "haraka-plugin-headers" : "^1.0.3",
+    "haraka-plugin-karma"   : "^2.1.0",
+    "haraka-plugin-limit"   : "^1.1.0",
+    "haraka-plugin-p0f"     : "^1.0.9",
+    "haraka-plugin-qmail-deliverable" : "^1.1.1",
+    "haraka-plugin-known-senders": "^1.0.8",
     "haraka-plugin-rcpt-ldap": "^1.0.0",
-    "haraka-plugin-recipient-routes" : "^1.0.2",
-    "haraka-plugin-rspamd"  : "^1.1.6",
+    "haraka-plugin-recipient-routes" : "^1.0.4",
+    "haraka-plugin-rspamd"  : "^1.2.0",
     "haraka-plugin-syslog"  : "^1.0.3",
-    "haraka-plugin-watch"   : "^1.0.15",
+    "haraka-plugin-uribl"   : "^1.0.6",
+    "haraka-plugin-watch"   : "^2.0.2",
     "ocsp"                  : "~1.2.0",
-    "redis"                 : "~3.1.2",
+    "redis"                 : "~4.5.1",
     "tmp"                   : "~0.2.1"
   },
   "devDependencies": {
     "nodeunit-x"            : "^0.15.0",
-    "haraka-test-fixtures"  : "^1.0.33",
+    "haraka-test-fixtures"  : "^1.2.1",
     "mock-require"          : "^3.0.3",
-    "eslint"                : "^8.0",
-    "eslint-plugin-haraka"  : "^1.0.14",
-    "nodemailer"            : "6.7.0"
+    "eslint"                : "^8.27.0",
+    "eslint-plugin-haraka"  : "^1.0.15",
+    "nodemailer"            : "^6.7.7"
   },
   "bugs": {
     "mail": "haraka.mail@gmail.com",
@@ -82,15 +86,13 @@
   },
   "bin": {
     "haraka": "./bin/haraka",
-    "spf": "./bin/spf",
     "dkimverify": "./bin/dkimverify",
     "haraka_grep": "./bin/haraka_grep"
   },
   "scripts": {
     "test": "node run_tests",
-    "lint": "npx eslint *.js outbound/*.js plugins/*.js plugins/*/*.js tests/*.js tests/*/*.js tests/*/*/*.js bin/haraka bin/spf bin/dkimverify",
-    "lintfix": "npx eslint --fix *.js outbound/*.js plugins/*.js plugins/*/*.js tests/*.js tests/*/*.js tests/*/*/*.js bin/haraka bin/spf bin/dkimverify",
-    "cover": "NODE_ENV=cov npx nyc --reporter=lcovonly npm run test",
+    "lint": "npx eslint *.js outbound plugins plugins/*/*.js tests tests/*/*.js tests/*/*/*.js bin/haraka bin/dkimverify",
+    "lintfix": "npx eslint --fix *.js outbound plugins plugins/*/*.js tests tests/*/*.js tests/*/*/*.js bin/haraka bin/dkimverify",
     "versions": "npx dependency-version-checker check"
   }
 }

package/plugins/auth/auth_base.js

@@ -27,31 +27,29 @@ exports.hook_capabilities = (next, connection) => {
 exports.get_plain_passwd = (user, connection, cb) => cb()
 
 exports.hook_unrecognized_command = function (next, connection, params) {
-    const plugin = this;
     if (params[0].toUpperCase() === AUTH_COMMAND && params[1]) {
-        return plugin.select_auth_method(next, connection,
-            params.slice(1).join(' '));
+        return this.select_auth_method(next, connection, params.slice(1).join(' '));
     }
-    if (!connection.notes.authenticating) { return next(); }
+    if (!connection.notes.authenticating) return next();
 
     const am = connection.notes.auth_method;
     if (am === AUTH_METHOD_CRAM_MD5 && connection.notes.auth_ticket) {
-        return plugin.auth_cram_md5(next, connection, params);
+        return this.auth_cram_md5(next, connection, params);
     }
     if (am === AUTH_METHOD_LOGIN) {
-        return plugin.auth_login(next, connection, params);
+        return this.auth_login(next, connection, params);
     }
     if (am === AUTH_METHOD_PLAIN) {
-        return plugin.auth_plain(next, connection, params);
+        return this.auth_plain(next, connection, params);
     }
-    return next();
+    next();
 }
 
 exports.check_plain_passwd = function (connection, user, passwd, cb) {
     function callback (plain_pw) {
-        if (plain_pw === null  ) { return cb(false); }
-        if (plain_pw !== passwd) { return cb(false); }
-        return cb(true);
+        if (plain_pw === null  ) return cb(false);
+        if (plain_pw !== passwd) return cb(false);
+        cb(true);
     }
     if (this.get_plain_passwd.length == 2) {
         this.get_plain_passwd(user, callback);
@@ -66,16 +64,13 @@ exports.check_plain_passwd = function (connection, user, passwd, cb) {
 
 exports.check_cram_md5_passwd = function (connection, user, passwd, cb) {
     function callback (plain_pw) {
-        if (plain_pw == null) {
-            return cb(false);
-        }
+        if (plain_pw == null) return cb(false);
 
         const hmac = crypto.createHmac('md5', plain_pw.toString());
         hmac.update(connection.notes.auth_ticket);
 
-        if (hmac.digest('hex') === passwd) {
-            return cb(true);
-        }
+        if (hmac.digest('hex') === passwd) return cb(true);
+
         return cb(false);
     }
     if (this.get_plain_passwd.length == 2) {
@@ -127,9 +122,8 @@ exports.check_user = function (next, connection, credentials, method) {
             return;
         }
 
-        if (!connection.notes.auth_fails) {
-            connection.notes.auth_fails = 0;
-        }
+        if (!connection.notes.auth_fails) connection.notes.auth_fails = 0;
+
         connection.notes.auth_fails++;
         connection.results.add({name: 'auth'}, {
             fail:`${plugin.name}/${method}`,
@@ -150,12 +144,10 @@ exports.check_user = function (next, connection, credentials, method) {
     }
 
     if (method === AUTH_METHOD_PLAIN || method === AUTH_METHOD_LOGIN) {
-        plugin.check_plain_passwd(connection, credentials[0], credentials[1],
-            passwd_ok);
+        plugin.check_plain_passwd(connection, credentials[0], credentials[1], passwd_ok);
     }
     else if (method === AUTH_METHOD_CRAM_MD5) {
-        plugin.check_cram_md5_passwd(connection, credentials[0], credentials[1],
-            passwd_ok);
+        plugin.check_cram_md5_passwd(connection, credentials[0], credentials[1], passwd_ok);
     }
 }
 
@@ -163,28 +155,19 @@ exports.select_auth_method = function (next, connection, method) {
     const split = method.split(/\s+/);
     method = split.shift().toUpperCase();
     if (!connection.notes.allowed_auth_methods) return next();
-    if (!connection.notes.allowed_auth_methods.includes(method)) {
-        return next();
-    }
+    if (!connection.notes.allowed_auth_methods.includes(method)) return next();
 
     if (connection.notes.authenticating) return next(DENYDISCONNECT, 'bad protocol');
 
     connection.notes.authenticating = true;
     connection.notes.auth_method = method;
 
-    if (method === AUTH_METHOD_PLAIN) {
-        return this.auth_plain(next, connection, split);
-    }
-    if (method === AUTH_METHOD_LOGIN) {
-        return this.auth_login(next, connection, split);
-    }
-    if (method === AUTH_METHOD_CRAM_MD5) {
-        return this.auth_cram_md5(next, connection);
-    }
+    if (method === AUTH_METHOD_PLAIN) return this.auth_plain(next, connection, split);
+    if (method === AUTH_METHOD_LOGIN) return this.auth_login(next, connection, split);
+    if (method === AUTH_METHOD_CRAM_MD5) return this.auth_cram_md5(next, connection);
 }
 
 exports.auth_plain = function (next, connection, params) {
-    const plugin = this;
     // one parameter given on line, either:
     //    AUTH PLAIN <param> or
     //    AUTH PLAIN\n
@@ -193,36 +176,32 @@ exports.auth_plain = function (next, connection, params) {
     if (params[0]) {
         const credentials = utils.unbase64(params[0]).split(/\0/);
         credentials.shift();  // Discard authid
-        return plugin.check_user(next, connection, credentials, AUTH_METHOD_PLAIN);
+        this.check_user(next, connection, credentials, AUTH_METHOD_PLAIN);
+        return
     }
-    else {
-        if (connection.notes.auth_plain_asked_login) {
-            return next(DENYDISCONNECT, 'bad protocol');
-        }
-        else {
-            connection.respond(334, ' ', () => {
-                connection.notes.auth_plain_asked_login = true;
-                return next(OK);
-            });
-            return;
-        }
+
+    if (connection.notes.auth_plain_asked_login) {
+        return next(DENYDISCONNECT, 'bad protocol');
     }
+
+    connection.respond(334, ' ', () => {
+        connection.notes.auth_plain_asked_login = true;
+        next(OK);
+    });
 }
 
 exports.auth_login = function (next, connection, params) {
-    const plugin = this;
     if ((!connection.notes.auth_login_asked_login && params[0]) ||
         ( connection.notes.auth_login_asked_login &&
          !connection.notes.auth_login_userlogin)) {
-        if (!params[0]){
-            return next(DENYDISCONNECT, 'bad protocol');
-        }
+
+        if (!params[0]) return next(DENYDISCONNECT, 'bad protocol');
 
         const login = utils.unbase64(params[0]);
         connection.respond(334, LOGIN_STRING2, () => {
             connection.notes.auth_login_userlogin = login;
             connection.notes.auth_login_asked_login = true;
-            return next(OK);
+            next(OK);
         });
         return;
     }
@@ -236,30 +215,27 @@ exports.auth_login = function (next, connection, params) {
         connection.notes.auth_login_userlogin = null;
         connection.notes.auth_login_asked_login = false;
 
-        return plugin.check_user(next, connection, credentials,
-            AUTH_METHOD_LOGIN);
+        return this.check_user(next, connection, credentials, AUTH_METHOD_LOGIN);
     }
 
     connection.respond(334, LOGIN_STRING1, () => {
         connection.notes.auth_login_asked_login = true;
-        return next(OK);
+        next(OK);
     });
 }
 
 exports.auth_cram_md5 = function (next, connection, params) {
-    const plugin = this;
     if (params) {
         const credentials = utils.unbase64(params[0]).split(' ');
-        return plugin.check_user(next, connection, credentials,
-            AUTH_METHOD_CRAM_MD5);
+        return this.check_user(next, connection, credentials, AUTH_METHOD_CRAM_MD5);
     }
 
-    const ticket = `<${plugin.hexi(Math.floor(Math.random() * 1000000))}. ${plugin.hexi(Date.now())}@${connection.local.host}>`;
+    const ticket = `<${this.hexi(Math.floor(Math.random() * 1000000))}. ${this.hexi(Date.now())}@${connection.local.host}>`;
 
-    connection.loginfo(plugin, `ticket: ${ticket}`);
+    connection.loginfo(this, `ticket: ${ticket}`);
     connection.respond(334, utils.base64(ticket), () => {
         connection.notes.auth_ticket = ticket;
-        return next(OK);
+        next(OK);
     });
 }
 

package/plugins/auth/auth_bridge.js

@@ -6,14 +6,13 @@ exports.register = function () {
 }
 
 exports.load_flat_ini = function () {
-    const plugin = this;
-    plugin.cfg = plugin.config.get('smtp_bridge.ini', () => {
-        plugin.load_flat_ini();
+    this.cfg = this.config.get('smtp_bridge.ini', () => {
+        this.load_flat_ini();
     });
 }
 
 exports.check_plain_passwd = function (connection, user, passwd, cb) {
-    let host = this.cfg.main.host;
+    let { host } = this.cfg.main;
     if (this.cfg.main.port) {
         host = `${host}:${this.cfg.main.port}`;
     }

package/plugins/auth/auth_proxy.js

@@ -1,18 +1,18 @@
 // Proxy AUTH requests selectively by domain
+
 const sock  = require('./line_socket');
 const utils = require('haraka-utils');
-const smtp_regexp = /^([0-9]{3})([ -])(.*)/;
+
+const smtp_regexp = /^(\d{3})([ -])(.*)/;
 
 exports.register = function () {
-    const plugin = this;
-    plugin.inherits('auth/auth_base');
-    plugin.load_tls_ini();
+    this.inherits('auth/auth_base');
+    this.load_tls_ini();
 }
 
 exports.load_tls_ini = function () {
-    const plugin = this;
-    plugin.tls_cfg = plugin.config.get('tls.ini', () => {
-        plugin.load_tls_ini();
+    this.tls_cfg = this.config.get('tls.ini', () => {
+        this.load_tls_ini();
     });
 }
 
@@ -27,8 +27,8 @@ exports.hook_capabilities = (next, connection) => {
 }
 
 exports.check_plain_passwd = function (connection, user, passwd, cb) {
-    let domain;
-    if ((domain = /@([^@]+)$/.exec(user))) {
+    let domain = /@([^@]+)$/.exec(user);
+    if (domain) {
         domain = domain[1].toLowerCase();
     }
     else {
@@ -84,7 +84,6 @@ exports.try_auth_proxy = function (connection, hosts, user, passwd, cb) {
     socket.on('error', err => {
         connection.logerror(self, `connection failed to host ${host}: ${err}`);
         socket.end();
-        return;
     });
     socket.send_command = function (cmd, data) {
         let line = cmd + (data ? (` ${data}`) : '');
@@ -117,7 +116,7 @@ exports.try_auth_proxy = function (connection, hosts, user, passwd, cb) {
 
         connection.logdebug(self, `command state: ${command}`);
         if (command === 'ehlo') {
-            if (code[0] === '5') {
+            if (code.startsWith('5')) {
                 // EHLO command rejected; abort
                 socket.send_command('QUIT');
                 return;
@@ -131,6 +130,7 @@ exports.try_auth_proxy = function (connection, hosts, user, passwd, cb) {
                     cert = self.config.get(self.tls_cfg.main.cert || 'tls_cert.pem', 'binary');
                     if (key && cert) {
                         this.on('secure', () => {
+                            if (secure) return;
                             secure = true;
                             socket.send_command('EHLO', connection.local.host);
                         });
@@ -163,21 +163,21 @@ exports.try_auth_proxy = function (connection, hosts, user, passwd, cb) {
         }
         if (command === 'auth') {
             // Handle LOGIN
-            if (code[0] === '3' && response[0] === 'VXNlcm5hbWU6') {
+            if (code.startsWith('3') && response[0] === 'VXNlcm5hbWU6') {
                 // Write to the socket directly to keep the state at 'auth'
                 this.write(`${utils.base64(user)}\r\n`);
                 response = [];
                 return;
             }
-            else if (code[0] === '3' && response[0] === 'UGFzc3dvcmQ6') {
+            else if (code.startsWith('3') && response[0] === 'UGFzc3dvcmQ6') {
                 this.write(`${utils.base64(passwd)}\r\n`);
                 response = [];
                 return;
             }
-            if (code[0] === '5') {
+            if (code.startsWith('5')) {
                 // Initial attempt failed; strip domain and retry.
-                let u;
-                if ((u = /^([^@]+)@.+$/.exec(user))) {
+                const u = /^([^@]+)@.+$/.exec(user)
+                if (u) {
                     user = u[1];
                     if (methods.includes('PLAIN')) {
                         socket.send_command('AUTH', `PLAIN ${utils.base64(`\0${user}\0${passwd}`)}`);