Haraka 3.0.0 → 3.0.2

package/plugins/queue/smtp_forward.js

@@ -26,10 +26,12 @@ exports.register = function () {
     this.register_hook('queue', 'queue_forward');
 
     if (this.cfg.main.enable_outbound) {
+        // deliver local message via smtp forward when relaying=true
         this.register_hook('queue_outbound', 'queue_forward');
-    }
 
-    this.register_hook('get_mx', 'get_mx'); // for relaying outbound messages
+        // may specify more specific routes for outbound
+        this.register_hook('get_mx', 'get_mx');
+    }
 }
 
 exports.load_smtp_forward_ini = function () {
@@ -75,7 +77,7 @@ exports.is_outbound_enabled = function (dom_cfg) {
     if ('enable_outbound' in dom_cfg) return dom_cfg.enable_outbound; // per-domain flag
 
     return this.cfg.main.enable_outbound; // follow the global configuration
-};
+}
 
 exports.check_sender = function (next, connection, params) {
     const txn = connection?.transaction;
@@ -99,7 +101,7 @@ exports.check_sender = function (next, connection, params) {
     }
 
     txn.results.add(this, {pass: 'mail_from'});
-    return next();
+    next();
 }
 
 exports.set_queue = function (connection, queue_wanted, domain) {
@@ -110,7 +112,6 @@ exports.set_queue = function (connection, queue_wanted, domain) {
     if (!queue_wanted) queue_wanted = dom_cfg.queue || this.cfg.main.queue;
     if (!queue_wanted) return true;
 
-
     let dst_host = dom_cfg.host || this.cfg.main.host;
     if (dst_host) dst_host = `smtp://${dst_host}`;
 
@@ -164,7 +165,7 @@ exports.check_recipient = function (next, connection, params) {
     // the MAIL FROM domain is not local and neither is the RCPT TO
     // Another RCPT plugin may vouch for this recipient.
     txn.results.add(this, {msg: 'rcpt!local'});
-    return next();
+    next();
 }
 
 exports.auth = function (cfg, connection, smtp_client) {
@@ -303,20 +304,24 @@ exports.queue_forward = function (next, connection) {
 
         smtp_client.on('bad_code', (code, msg) => {
             if (dead_sender() || !txn) return;
-            smtp_client.call_next(((code && code[0] === '5') ? DENY : DENYSOFT),
-                msg);
+            smtp_client.call_next(((code && code[0] === '5') ? DENY : DENYSOFT), msg);
             smtp_client.release();
         });
     });
 }
 
 exports.get_mx_next_hop = next_hop => {
-    const dest = url.parse(next_hop);
+    // queue.wants && queue.next_hop are mechanisms for fine-grained MX routing.
+    // Plugins can specify a queue to perform the delivery as well as a route. A
+    // plugin that uses this is qmail-deliverable, which can direct email delivery
+    // via smtp_forward, outbound (SMTP), and outbound (LMTP).
+    const dest = new url.URL(next_hop);
     const mx = {
         priority: 0,
-        port: dest.port || 25,
+        port: dest.port || (dest.protocol === 'lmtp:' ? 24 : 25),
         exchange: dest.hostname,
     }
+    if (dest.protocol === 'lmtp:') mx.using_lmtp = true;
     if (dest.auth) {
         mx.auth_type = 'plain';
         mx.auth_user = dest.auth.split(':')[0];
@@ -327,9 +332,11 @@ exports.get_mx_next_hop = next_hop => {
 
 exports.get_mx = function (next, hmail, domain) {
 
-    // hmail.todo not defined in tests.
-    if (hmail.todo.notes.next_hop) {
-        return next(OK, this.get_mx_next_hop(hmail.todo.notes.next_hop));
+    const qw = hmail.todo.notes.get('queue.wants')
+    if (qw && qw !== 'smtp_forward') return next()
+
+    if (qw === 'smtp_forward' && hmail.todo.notes.get('queue.next_hop')) {
+        return next(OK, this.get_mx_next_hop(hmail.todo.notes.get('queue.next_hop')));
     }
 
     const dom = this.cfg.main.domain_selector === 'mail_from' ? hmail.todo.mail_from.host.toLowerCase() : domain.toLowerCase();
@@ -341,8 +348,7 @@ exports.get_mx = function (next, hmail, domain) {
     }
 
     const mx_opts = [
-        'auth_type', 'auth_user', 'auth_pass', 'bind', 'bind_helo',
-        'using_lmtp'
+        'auth_type', 'auth_user', 'auth_pass', 'bind', 'bind_helo', 'using_lmtp'
     ]
 
     const mx = {
@@ -357,5 +363,5 @@ exports.get_mx = function (next, hmail, domain) {
         mx[o] = this.cfg[dom][o];
     })
 
-    return next(OK, mx);
+    next(OK, mx);
 }

package/plugins/tls.js

@@ -75,7 +75,7 @@ exports.set_notls = function (connection) {
 
     this.lognotice(connection, `STARTTLS failed. Marking ${connection.remote.ip} as non-TLS host for ${expiry} seconds`);
 
-    server.notes.redis.setex(`no_tls|${connection.remote.ip}`, expiry, (new Date()).toISOString());
+    server.notes.redis.setEx(`no_tls|${connection.remote.ip}`, expiry, (new Date()).toISOString());
 }
 
 exports.upgrade_connection = function (next, connection, params) {

package/smtp_client.js

@@ -168,10 +168,10 @@ class SMTPClient extends events.EventEmitter {
                 // error is e.g. "Error: connect ECONNREFUSED"
                 const errMsg = `${client.uuid}: [${client.host}:${client.port}] SMTP connection ${msg} ${error}`;
 
+                /* eslint-disable no-fallthrough */
                 switch (client.state) {
                     case STATE.ACTIVE:
                         client.emit('error', errMsg);
-                    // eslint-disable no-fallthrough
                     case STATE.IDLE:
                     case STATE.RELEASED:
                         client.destroy();

package/tests/config/helo.checks.ini

@@ -0,0 +1,52 @@
+; disable checks or reject for each test if you are worried about strictness
+
+;dns_timeout=30
+
+[check]
+match_re=true
+bare_ip=true
+dynamic=true
+big_company=true
+; literal_mismatch:  1 = exact IP match, 2 = IP/24 match, 3 = /24 or RFC1918
+literal_mismatch=2
+valid_hostname=true
+forward_dns=true
+rdns_match=true
+; host_mismatch:  hostname differs between EHLO invocations
+host_mismatch=true
+proto_mismatch: host sent EHLO but then tries to sent HELO or vice-versa
+proto_mismatch=true
+
+[reject]
+host_mismatch=true
+proto_mismatch=true
+rdns_match=true
+dynamic=true
+bare_ip=true
+literal_mismatch=true
+valid_hostname=true
+forward_dns=true
+big_company=true
+
+[skip]
+private_ip=true
+relaying=true
+whitelist=true
+
+[bigco]
+msn.com=msn.com
+hotmail.com=hotmail.com
+yahoo.com=yahoo.com,yahoo.co.jp
+yahoo.co.jp=yahoo.com,yahoo.co.jp
+yahoo.co.uk=yahoo.co.uk
+excite.com=excite.com,excitenetwork.com
+mailexcite.com=excite.com,excitenetwork.com
+yahoo.co.jp=yahoo.com,yahoo.co.jp
+mailexcite.com=excite.com,excitenetwork.com
+aol.com=aol.com
+compuserve.com=compuserve.com,adelphia.net
+nortelnetworks.com=nortelnetworks.com,nortel.com
+earthlink.net=earthlink.net
+earthling.net=earthling.net
+google.com=google.com
+gmail.com=google.com,gmail.com

package/tests/plugins/dns_list_base.js

@@ -69,7 +69,7 @@ exports.multi = {
     setUp : _set_up,
     'Spamcop' (test) {
         test.expect(4);
-        function cb (err, zone, a, pending) {
+        this.plugin.multi('127.0.0.2', 'bl.spamcop.net', (err, zone, a, pending) => {
             test.equal(null, err);
             if (pending) {
                 test.ok((Array.isArray(a) && a.length > 0));
@@ -78,12 +78,11 @@ exports.multi = {
             else {
                 test.done();
             }
-        }
-        this.plugin.multi('127.0.0.2', 'bl.spamcop.net', cb);
+        })
     },
     'CBL' (test) {
         test.expect(4);
-        function cb (err, zone, a, pending) {
+        this.plugin.multi('127.0.0.2', 'xbl.spamhaus.org', (err, zone, a, pending) => {
             test.equal(null, err);
             if (pending) {
                 test.ok((Array.isArray(a) && a.length > 0));
@@ -92,12 +91,12 @@ exports.multi = {
             else {
                 test.done();
             }
-        }
-        this.plugin.multi('127.0.0.2', 'xbl.spamhaus.org', cb);
+        })
     },
     'Spamcop + CBL' (test) {
         test.expect(12);
-        function cb (err, zone, a, pending) {
+        const dnsbls = ['bl.spamcop.net','xbl.spamhaus.org'];
+        this.plugin.multi('127.0.0.2', dnsbls, (err, zone, a, pending) => {
             test.equal(null, err);
             if (pending) {
                 test.ok(zone);
@@ -110,15 +109,20 @@ exports.multi = {
                 test.equal(false, pending);
                 test.done();
             }
-        }
-        const dnsbls = ['bl.spamcop.net','xbl.spamhaus.org'];
-        this.plugin.multi('127.0.0.2', dnsbls, cb);
+        })
     },
     'Spamcop + CBL + negative result' (test) {
         test.expect(12);
-        function cb (err, zone, a, pending) {
+        const dnsbls = [ 'bl.spamcop.net','xbl.spamhaus.org' ];
+        this.plugin.multi('127.0.0.1', dnsbls, (err, zone, a, pending) => {
             test.equal(null, err);
-            test.equal(null, a);
+            if (a && a[0] && a[0] === '127.255.255.254') {
+                test.deepEqual(['127.255.255.254'], a)
+                console.warn(`ERROR: DNSBLs don't work with PUBLIC DNS!`)
+            }
+            else {
+                test.equal(null, a)
+            }
             if (pending) {
                 test.equal(true, pending);
                 test.ok(zone);
@@ -128,14 +132,19 @@ exports.multi = {
                 test.equal(null, zone);
                 test.done();
             }
-        }
-        const dnsbls = ['bl.spamcop.net','xbl.spamhaus.org'];
-        this.plugin.multi('127.0.0.1', dnsbls, cb);
+        })
     },
     'IPv6 addresses supported' (test) {
         test.expect(12);
-        function cb (err, zone, a, pending) {
-            test.equal(null, a);
+        const dnsbls = ['bl.spamcop.net','xbl.spamhaus.org'];
+        this.plugin.multi('::1', dnsbls, (err, zone, a, pending) => {
+            if (a && a[0] && a[0] === '127.255.255.254') {
+                test.deepEqual(['127.255.255.254'], a)
+                console.warn(`ERROR: DNSBLs don't work with PUBLIC DNS!`)
+            }
+            else {
+                test.equal(null, a);
+            }
             if (pending) {
                 test.deepEqual(null, err);
                 test.equal(true, pending);
@@ -147,9 +156,7 @@ exports.multi = {
                 test.equal(null, zone);
                 test.done();
             }
-        }
-        const dnsbls = ['bl.spamcop.net','xbl.spamhaus.org'];
-        this.plugin.multi('::1', dnsbls, cb);
+        })
     }
 }
 
@@ -157,25 +164,28 @@ exports.first = {
     setUp : _set_up,
     'positive result' (test) {
         test.expect(3);
-        function cb (err, zone, a) {
+        const dnsbls = [ 'xbl.spamhaus.org', 'bl.spamcop.net' ];
+        this.plugin.first('127.0.0.2', dnsbls, (err, zone, a) => {
             test.equal(null, err);
             test.ok(zone);
             test.ok((Array.isArray(a) && a.length > 0));
             test.done();
-        }
-        const dnsbls = [ 'xbl.spamhaus.org', 'bl.spamcop.net' ];
-        this.plugin.first('127.0.0.2', dnsbls , cb);
+        })
     },
     'negative result' (test) {
-        test.expect(3);
-        function cb (err, zone, a) {
+        test.expect(2);
+        const dnsbls = [ 'xbl.spamhaus.org', 'bl.spamcop.net' ];
+        this.plugin.first('127.0.0.1', dnsbls, (err, zone, a) => {
             test.equal(null, err);
-            test.equal(null, zone);
-            test.equal(null, a);
+            if (a && a[0] && a[0] === '127.255.255.254') {
+                test.deepEqual(['127.255.255.254'], a)
+                console.warn(`ERROR: DNSBLs don't work with PUBLIC DNS!`)
+            }
+            else {
+                test.equal(null, a);
+            }
             test.done();
-        }
-        const dnsbls = [ 'xbl.spamhaus.org', 'bl.spamcop.net' ];
-        this.plugin.first('127.0.0.1', dnsbls, cb);
+        })
     },
     'each_cb' (test) {
         test.expect(7);