Haraka 3.0.2 → 3.0.3

package/Changes.md

@@ -1,6 +1,36 @@
 
 ### Unreleased
 
+### [3.0.3] - 2024-02-07
+
+#### Added
+
+- feat(auth_vpopmaild): when outbound, assure the envelope domain matches AUTH domain #3265
+- docs(outbound): remove example setting outbound_ip #3253
+- doc(Plugins.md): add pi-queue-kafka #3247
+- feat(rabbitmq_amqplib): configurable optional queue arguments #3239
+- feat(clamd): add x-haraka-virus header #3207
+
+#### Fixed
+
+- Fix: add empty string as param to .join() on bounce. #3237
+- Update links in documentation #3234
+- fix(ob/hmail):Add filename to the error for easy debugging
+- fix(ob/queue): Ignore 'error.' prefixed files in the queue because corrupted
+
+#### Changed
+
+- docs(outbound): remove example of outbound_ip #3253
+- transaction: simplify else condition in add_data #3252
+- q/smtp_forward: always register get_mx hook #3204
+- dep(pi-es): bump version to 8.0.2 #3206
+- dep(redis): bump version to 4.6.7 #3193
+- dep(pi-spf): bump version to 1.2.4
+- dep(net-utils): bump version to 1.5.3
+- dep(pi-redis): bump version to 2.0.6
+- dep(tld): bump version to 1.2.0
+- remove defunct config files: lookup_rdns.strict.ini, lookup_rdns.strict.timeout, lookup_rdns.strict.whitelist, lookup_rdns.strict.whitelist_regex, rcpt_to.blocklist, rdns.allow_regexps, rdns.deny_regexps
+
 
 ### [3.0.2] - 2023-06-12
 
@@ -1370,3 +1400,4 @@
 [3.0.0]: https://github.com/haraka/Haraka/releases/tag/3.0.0
 [3.0.1]: https://github.com/haraka/Haraka/releases/tag/3.0.1
 [3.0.2]: https://github.com/haraka/Haraka/releases/tag/3.0.2
+[3.0.3]: https://github.com/haraka/Haraka/releases/tag/3.0.3

package/Dockerfile

@@ -13,7 +13,7 @@
 # DOCKER-VERSION    0.5.3
 
 # See http://phusion.github.io/baseimage-docker/
-FROM phusion/baseimage:master
+FROM phusion/baseimage:focal-1.2.0
 
 MAINTAINER Justin Plock <jplock@gmail.com>
 
@@ -23,8 +23,8 @@ RUN /etc/my_init.d/00_regen_ssh_host_keys.sh
 
 RUN sed 's/main$/main universe/' -i /etc/apt/sources.list
 RUN DEBIAN_FRONTEND=noninteractive apt-get -y -q update
-RUN DEBIAN_FRONTEND=noninteractive apt-get -y -q install python-software-properties g++ make git curl
-RUN curl -sL https://deb.nodesource.com/setup_10.x | setuser root bash -
+RUN DEBIAN_FRONTEND=noninteractive apt-get -y -q install software-properties-common g++ make git curl
+RUN curl -sL https://deb.nodesource.com/setup_18.x | setuser root bash -
 RUN DEBIAN_FRONTEND=noninteractive apt-get -y -q install nodejs && \
     apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 

package/Plugins.md

@@ -3,7 +3,7 @@
 To create your own plugin, see:
 - the [plugin template][template] that includes all the boilerplate
 - the [Write a Plugin][write-plugin] tutorial
-- the [Plugins](plugins-doc) section of [the manual](https://haraka.github.io)
+- the [Plugins][plugins-doc] section of [the manual](https://haraka.github.io)
 
 ## Installing NPM packaged plugins
 
@@ -40,7 +40,6 @@ Create a PR adding yours to this list.
 | [block_me][url-blockme]     | Populate block list via forwarded emails |
 | [bounce][url-bounce]        | Many options for bounce processing |
 | [clamd][url-clamd]          | Anti-Virus scanning with ClamAV |
-| [connect.p0f][url-p0f]      | TCP Fingerprinting |
 | [data.signatures][url-sigs] | Block emails whose bodies match signatures |
 | [uribl][url-uribl]          | Block based on URI blacklists |
 | [dcc][url-dcc]              | Distributed Checksum Clearinghouse |
@@ -70,6 +69,7 @@ Create a PR adding yours to this list.
 | [milter][url-milter]              | milter support |
 | [mongodb][mongo-url]              | Queue emails to MongoDB |
 | [outbound-logger][url-outbound-logger] | JSON logging of outbound email traffic. Logs useful metadata about delivered/bounced emails |
+| [p0f][url-p0f]              | TCP Fingerprinting |
 | [prevent_credential_leaks][url-creds]  | Prevent users from emailing their credentials |
 | [process_title][url-proctitle]    | Populate `ps` output with activity counters |
 | queue/[discard][url-qdisc]        | queues messages to /dev/null |
@@ -82,6 +82,7 @@ Create a PR adding yours to this list.
 | queue/[smtp_bridge][url-qbridge]   | Bridge SMTP sessions to another MTA |
 | queue/[smtp_forward][url-qforward] | Forward emails to another MTA |
 | queue/[smtp_proxy][url-qproxy]     | Proxy SMTP connections to another MTA |
+| [queue-kafka][url-kafka]           | Queue inbound mail to a Kafka topic |
 | [recipient-routes][url-rroutes]    | Route emails based on their recipient(s) |
 | [redis][url-redis]                 | multi-purpose Redis db connection(s) |
 | [rcpt_to.in_host_list][url-rhost]  | Define local email domains in a file |
@@ -109,7 +110,7 @@ Create a PR adding yours to this list.
 
 [template]: https://github.com/haraka/haraka-plugin-template
 [write-plugin]: https://github.com/haraka/Haraka/wiki/Write-a-Plugin
-[plugins-doc]: https://haraka.github.io/manual/Plugins.html
+[plugins-doc]: https://haraka.github.io/core/Plugins
 [url-access]: https://github.com/haraka/haraka-plugin-access
 [url-acc-files]: https://github.com/acharkizakaria/haraka-plugin-accounting-files/blob/master/README.md
 [url-action-mailbox]: https://guides.rubyonrails.org/action_mailbox_basics.html
@@ -192,4 +193,4 @@ Create a PR adding yours to this list.
 [url-xclient]: https://github.com/haraka/Haraka/blob/master/docs/plugins/xclient.md
 [mongo-url]: https://github.com/Helpmonks/haraka-plugin-mongodb
 [url-outbound-logger]: https://github.com/mr-karan/haraka-plugin-outbound-logger
-
+[url-kafka]: https://github.com/benjamonnguyen/haraka-plugin-queue-kafka

package/README.md

@@ -140,10 +140,10 @@ SpamAssassin and a hacker on [Qpsmtpd][13].
 [6]: https://github.com/haraka/Haraka/blob/master/docs/plugins/dkim_sign.md
 [7]: https://en.wikipedia.org/wiki/Mail_delivery_agent
 [8]: mailto:haraka-sub@harakamail.com
-[9]: https://haraka.github.io/manual/plugins/spamassassin.html
-[10]: https://haraka.github.io/manual/plugins/helo.checks.html
-[11]: https://haraka.github.io/manual/plugins/dnsbl.html
-[12]: https://github.com/haraka/Haraka/tree/master/plugins
+[9]:  https://haraka.github.io/plugins/spamassassin
+[10]: https://haraka.github.io/plugins/helo.checks
+[11]: https://haraka.github.io/plugins/dnsbl
+[12]: https://github.com/haraka/Haraka/blob/master/Plugins.md
 [13]: https://github.com/smtpd/qpsmtpd/
 [15]: https://github.com/haraka/Haraka/issues
 [16]: https://github.com/haraka/Haraka/blob/master/LICENSE

package/TODO

@@ -1,8 +1,6 @@
 - Milter support
 - Ability to modify the body of email
     - Done for banners. Modifying the rest, not so much.
-- Plugins to copy from Qpsmtpd:
-  - dspam
 
 Outbound improvements
  - Provide better command line tools for manipulating/inspecting the queue
@@ -16,29 +14,8 @@ Plugin behavior changes
    only when requested, with a sunset date.
  - data.uribl; expand short URLs before lookups, add support for uri-a (sbl.spamhaus.org), uri-ns, uri-ns-a lookup types.
 
-
-Remove the following deprecated plugins
- - rdns.regexp
- - data.nomsgid         (subsumed into data.headers.js)
- - data.noreceived               ""
- - data.rfc5322_header_checks    ""
- - daemonize
- - mail_from.nobounces  (subsumed into bounce.js)
- - mail_from.blocklist
- - rcpt_to.blocklist
- - lookup_rdns_strict
- - mail_from.access     (replaced by access.js)
- - rcpt_to.access                 ""
- - connect.rdns_access            ""
- - relay_acl            (replaced by relay.js)
- - relay_all                      ""
- - relay_force_routing            ""
-
-Move the following plugins:
- - test_queue   -> queue/test_queue
-
 Built-in HTTP server
-- uses the same TLS/SSL certs as smtpd
+- use the same TLS/SSL certs as smtpd
 - auth against SMTP-AUTH provider
 
 Update tests to detect HARAKA_NETWORK_TESTS and skip network tests unless it's set

package/config/access.domains

@@ -10,4 +10,4 @@
 # aol.com
 # !friend@aol.com
 #
-# See full docs for details:  http://haraka.github.io/manual/plugins/access.html
+# See full docs for details:  http://haraka.github.io/plugins/access

package/config/auth_flat_file.ini

@@ -1,5 +1,6 @@
 [core]
 methods=CRAM-MD5
+; constrain_sender=true
 
 [users]
 ; matt=test

package/config/auth_vpopmaild.ini

@@ -1,7 +1,9 @@
+[main]
 host=127.0.0.6
 port=89
-;sysadmin=postmaster@example.com:sekret
+; sysadmin=postmaster@example.com:sekret
+; constrain_sender=true
 
 [example.com]
 host=127.0.0.10
-;sysadmin=postmaster@example.com:sekret
+; sysadmin=postmaster@example.com:sekret

package/config/helo.checks.ini

@@ -1,6 +1,6 @@
 ; disable checks or reject for each test if you are worried about strictness
 
-;dns_timeout=30
+;dns_timeout=28
 
 [check]
 ; match_re=true

package/config/rabbitmq_amqplib.ini

@@ -9,4 +9,11 @@ queueName = emails
 deliveryMode = 2
 confirm = true
 durable = true
-autoDelete = false
+autoDelete = false
+
+; Optional queue arguments
+; [queue_args]
+; x-dead-letter-exchange =
+; x-dead-letter-routing-key = emails_dlq
+; x-overflow = reject-publish
+; x-queue-type = quorum

package/docs/Connection.md

@@ -63,5 +63,5 @@ For low level use.  This value is set when the remote host drops the connection.
 
 * connection.results
 
-Store results of processing in a structured format. See [docs/Results](http://haraka.github.io/manual/Results.html)
+Store results of processing in a structured format. See [haraka-results](https://github.com/haraka/haraka-results)
 

package/docs/Outbound.md

@@ -38,9 +38,9 @@ of CPUs that you have.
 
 Default: true. Switch to false to disable TLS for outbound mail.
 
-This uses the same `tls_key.pem` and `tls_cert.pem` files that the `tls`
-plugin uses, along with other values in `tls.ini`. See the [tls plugin
-docs](http://haraka.github.io/manual/plugins/tls.html) for information on generating those files.
+This uses the same `tls_key.pem` and `tls_cert.pem` files that the `TLS`
+plugin uses, along with other values in `tls.ini`. See the [TLS plugin
+docs](http://haraka.github.io/plugins/tls) for information on generating those files.
 
 Within `tls.ini` you can specify global options for the values `ciphers`, `minVersion`, `requestCert` and `rejectUnauthorized`, alternatively you can provide separate values by putting them under a key: `[outbound]`, such as:
 
@@ -117,7 +117,7 @@ you may be interested in are:
 * domain - the domain this mail is going to (see `always_split` above)
 * notes - the original transaction.notes for this mail, also contains the
   following useful keys:
-** outbound_ip - the IP address to bind to (note do not set this manually,
+** outbound_ip - the IP address to bind to (do not set manually,
   use the `get_mx` hook)
 ** outbound_helo - the EHLO domain to use (again, do not set manually)
 * queue_time - the epoch milliseconds time when this mail was queued
@@ -240,19 +240,10 @@ different IP addresses based on sender, domain or some other identifier.
 To do this, the IP address that you want to use *must* be bound to an 
 interface (or alias) on the local system.
 
-As described above the outbound IP can be set using the `bind` parameter
+As described above, the outbound IP can be set using the `bind` parameter
 and also the outbound helo for the IP can be set using the `bind_ehlo` 
-parameter returned by the `get_mx` hook or during the reception of the message 
-you can set a transaction note in a plugin to tell Haraka which outbound IP 
-address you would like it to use when it tries to deliver the message:
+parameter returned by the `get_mx` hook.
 
-`````
-connection.transaction.notes.outbound_ip = '1.2.3.4';
-connection.transaction.notes.outbound_helo = 'mail-2.example.com';
-`````
-
-Note: if the `get_mx` hook returns a `bind` and `bind_helo` parameter, then
-this will be used in preference to the transaction note.
 
 AUTH
 ----

package/docs/Plugins.md

@@ -20,7 +20,6 @@ Display the help text for a plugin by running:
 ## Overview
 
 
-
 ## Anatomy of a Plugin
 
 Plugins in Haraka are JS files in the `plugins` directory (legacy) and npm
@@ -42,37 +41,43 @@ There are two ways for plugins to register hooks. Both examples register a funct
 
 1. The `register_hook` function in register():
 
-    exports.register = function() {
-        this.register_hook('rcpt', 'my_rcpt_validate');
-    };
+```js
+exports.register = function () {
+    this.register_hook('rcpt', 'my_rcpt_validate')
+};
 
-    exports.my_rcpt_validate = function (next, connection, params) {
-        // do processing
-        next();
-    };
+exports.my_rcpt_validate = function (next, connection, params) {
+    // do processing
+    next()
+};
+```
 
 2. The hook_[$name] syntax:
 
-    exports.hook_rcpt = function (next, connection, params) {
-        // do processing
-        next();
-    };
+```js
+exports.hook_rcpt = function (next, connection, params) {
+    // do processing
+    next()
+}
+```
 
 The register_hook function within `register()` offers a few advantages:
 
-    1. register a hook multiple times (see below)
-    2. a unique function name in stack traces
-    3. [a better function name](https://google.com/search?q=programming%20good%20function%20names)
-    4. hooks can be registered conditionally (ie, based on a config setting)
+1. register a hook multiple times (see below)
+2. a unique function name in stack traces
+3. [a better function name](https://google.com/search?q=programming%20good%20function%20names)
+4. hooks can be registered conditionally (ie, based on a config setting)
 
 ### Register a Hook Multiple Times
 
 To register the same hook more than once, call `register_hook()` multiple times with the same hook name:
 
-    exports.register = function() {
-        this.register_hook('queue', 'try_queue_my_way');
-        this.register_hook('queue', 'try_queue_highway');
-    };
+```js
+exports.register = function () {
+    this.register_hook('queue', 'try_queue_my_way')
+    this.register_hook('queue', 'try_queue_highway')
+};
+```
 
 When `try_queue_my_way()` calls `next()`, the next function registered on hook *queue* will be called, in this case, `try_queue_highway()`.
 
@@ -81,17 +86,18 @@ When `try_queue_my_way()` calls `next()`, the next function registered on hook *
 When a single function runs on multiple hooks, the function can check the
 *hook* property of the *connection* or *hmail* argument to determine which hook it is running on:
 
-    exports.register = function() {
-        this.register_hook('rcpt',    'my_rcpt');
-        this.register_hook('rcpt_ok', 'my_rcpt');
-    };
-     
-    exports.my_rcpt = function (next, connection, params) {
-        var hook_name = connection.hook; // rcpt or rcpt_ok
-        // email address is in params[0]
-        // do processing
-    }
-
+```js
+exports.register = function () {
+    this.register_hook('rcpt',    'my_rcpt')
+    this.register_hook('rcpt_ok', 'my_rcpt')
+};
+ 
+exports.my_rcpt = function (next, connection, params) {
+    const hook_name = connection.hook; // rcpt or rcpt_ok
+    // email address is in params[0]
+    // do processing
+}
+```
 
 ### Next()
 
@@ -252,12 +258,11 @@ This is important as some plugins might rely on `results` or `notes` that have b
 
 If you are writing a complex plugin, you may have to split it into multiple plugins to run in a specific order e.g. you want hook_deny to run last after all other plugins and hook_lookup_rdns to run first, then you can explicitly register your hooks and provide a `priority` value which is an integer between -100 (highest priority) to 100 (lowest priority) which defaults to 0 (zero) if not supplied.  You can apply a priority to your hook in the following way:
 
-````
-exports.register = function() {
-    var plugin = this;
-    plugin.register_hook('connect',  'hook_connect', -100);
+```js
+exports.register = function () {
+    this.register_hook('connect',  'hook_connect', -100);
 }
-````
+```
 
 This would ensure that your hook_connect function will run before any other
 plugins registered on the `connect` hook, regardless of the order it was
@@ -370,9 +375,11 @@ to remote servers. See [Issue 2024](https://github.com/haraka/Haraka/issues/2024
 
 e.g.
 
-    exports.shutdown = function () {
-        clearInterval(this._interval);
-    }
+```js
+exports.shutdown = function () {
+    clearInterval(this._interval);
+}
+```
 
 If you don't implement this in your plugin and have a connection open or a
 timer running then Haraka will take 30 seconds to shut down and have to

package/docs/Transaction.md

@@ -160,6 +160,6 @@ body in the same encoding.
 
 * transaction.results
 
-Store results of processing in a structured format. See [docs/Results](http://haraka.github.io/manual/Results.html)
+Store results of processing in a structured format. See [haraka-results](https://github.com/haraka/haraka-results)
 
 [1]: `Address` objects are address-rfc2821 objects. See https://github.com/haraka/node-address-rfc2821

package/docs/{plugins → deprecated}/connect.rdns_access.md

@@ -1,6 +1,6 @@
 ## DEPRECATION NOTICE
 
-See the [access](http://haraka.github.io/manual/plugins/access.html) plugin
+See [haraka-plugin-access](https://github.com/haraka/haraka-plugin-access)
 for upgrade instructions.
 
 

package/docs/{plugins → deprecated}/mail_from.access.md

@@ -1,6 +1,6 @@
 ## DEPRECATION NOTICE
 
-See the [access](http://haraka.github.io/manual/plugins/access.html) plugin
+See [haraka-plugin-access](https://github.com/haraka/haraka-plugin-access)
 for upgrade instructions.
 
 

package/docs/{plugins → deprecated}/rcpt_to.access.md

@@ -1,6 +1,6 @@
 ## DEPRECATION NOTICE
 
-See the [access](http://haraka.github.io/manual/plugins/access.html) plugin
+See [haraka-plugin-access](https://github.com/haraka/haraka-plugin-access)
 for upgrade instructions.
 
 

package/docs/plugins/auth/auth_vpopmaild.md

@@ -1,26 +1,20 @@
-auth/auth\_vpopmaild
-===============
+# auth/auth\_vpopmaild
 
-The `auth/vpopmaild` plugin allows you to authenticate against a vpopmaild
-daemon.
+The `auth/vpopmaild` plugin allows SMTP users to authenticate against a vpopmaild daemon.
 
 ## Configuration
 
-Configuration is stored in `config/auth_vpopmaild.ini` and uses INI
-style formatting.
+The configuration file is stored in `config/auth_vpopmaild.ini`.
 
-There are three configuration settings:
+### settings
 
 * host: The host/IP that vpopmaild is listening on (default: localhost).
 
 * port: The TCP port that vpopmaild is listening on (default: 89).
 
-* sysadmin: A colon separated username:password of a vpopmail user with
-    SYSADMIN privileges (see vpopmail/bin/vmoduser -S). This is **only**
-    necessary to support CRAM-MD5 which requires access to the clear text
-    password. On new installs, it's best not to use CRAM-MD5, as it requires
-    storing clear text passwords. Legacy clients with MUAs configured
-    to authenticate with CRAM-MD5 will need this enabled.
+* sysadmin: A colon separated username:password of a vpopmail user with SYSADMIN privileges (see vpopmail/bin/vmoduser -S). This is **only** necessary to support CRAM-MD5 which requires access to the clear text password. On new installs, it's best not to use CRAM-MD5, as it requires storing clear text passwords. Legacy clients with MUAs configured to authenticate with CRAM-MD5 will need this enabled.
+
+* constrain_sender: (default: true). For outbound messages (due to successful AUTH), constrain the envelope sender (MAIL FROM) to the same domain as the authenticated user. This setting, combined with `rate_rcpt_sender` in the [limit](https://github.com/haraka/haraka-plugin-limit) plugin can dramatically reduce the amount of backscatter and spam sent when an email account is compromised.
 
 
 ### Per-domain Configuration
@@ -29,10 +23,12 @@ Additionally, domains can each have their own configuration for connecting
 to vpopmaild. The defaults are the same, so only the differences needs to
 be declared. Example:
 
-    [example.com]
-    host=192.168.0.1
-    port=999
+```ini
+[example.com]
+host=192.168.0.1
+port=999
 
-    [example2.com]
-    host=192.168.0.2
-    sysadmin=postmaster@example2.com:sekret
+[example2.com]
+host=192.168.0.2
+sysadmin=postmaster@example2.com:sekret
+```

package/docs/plugins/auth/flat_file.md

@@ -1,47 +1,40 @@
-auth/flat\_file
-==============
+# auth/flat\_file
 
-The `auth/flat_file` plugin allows you to create a file containing username
-and password combinations, and have relaying users authenticate from that
-file.
+The `auth/flat_file` plugin allows you to create a file containing username and password combinations, and have relaying users authenticate from that file.
 
-Note that passwords are stored in clear-text, so this may not be a great idea
-for large scale systems. However the plugin would be a good start for someone
-looking to implement authentication using some other form of auth.
+Note that passwords are stored in clear-text, so this may not be a great idea for large scale systems. However the plugin would be a good start for someone looking to implement authentication using some other form of auth.
 
-**Security** - it is recommended to switch to [auth-encfile][url-authencflat]
-to protect your user credentials.
+**Security** - it is recommended to switch to [auth-encfile][url-authencflat] to protect your user credentials.
 
-**IMPORANT NOTE** - this plugin requires that STARTTLS be used via the tls plugin 
-before it will advertise AUTH capabilities by the EHLO command.  This is to 
-improve security out-of-the-box.   Localhost and any IP in RFC1918 ranges 
-are automatically exempt from this rule.
+**IMPORANT NOTE** - this plugin requires that STARTTLS be used via the tls plugin before it will advertise AUTH capabilities by the EHLO command.  Localhost and IPs in RFC1918 ranges 
+are exempt from this rule.
 
-Configuration
--------------
+## Configuration
 
-Configuration is stored in `config/auth_flat_file.ini` and uses the INI
-style formatting. 
+Configuration is stored in `config/auth_flat_file.ini`.
 
-Authentication methods are listed in the `[core]` section under `methods`
-parameter. Lists of authentification methods are comma separated. Currently
-supported methods are: `CRAM-MD5`, `PLAIN` and `LOGIN`. The `PLAIN` 
-and `LOGIN` methods are not secure. That is why TLS is required before AUTH is
-offered.
+* [core]methods
 
-Example:
+Authentication methods are listed in the `[core]methods` parameter. Authentification methods are comma separated. Currently supported methods are: `CRAM-MD5`, `PLAIN` and `LOGIN`. The `PLAIN` and `LOGIN` methods are insecure and require TLS to be enabled.
+
+* [core]constrain_sender: (default: true). For outbound messages (due to successful AUTH), constrain the envelope sender (MAIL FROM) to the same domain as the authenticated user. This setting, combined with `rate_rcpt_sender` in the [limit](https://github.com/haraka/haraka-plugin-limit) plugin can dramatically reduce the amount of backscatter and spam sent when an email account is compromised.
 
-    [core]
-    methods=PLAIN,LOGIN,CRAM-MD5
+Example:
 
+```ini
+[core]
+methods=PLAIN,LOGIN,CRAM-MD5
+constrain_sender=true
+```
 
 Users are stored in the `[users]` section.
 
 Example:
 
-    [users]
-    user1=password1
-    user@domain.com=password2
-
+```ini
+[users]
+user1=password1
+user@domain.com=password2
+```
 
 [url-authencflat]: https://github.com/AuspeXeu/haraka-plugin-auth-enc-file

package/docs/plugins/queue/rabbitmq_amqplib.md

@@ -36,5 +36,12 @@ Configuration
 		durable = true
 		autoDelete = false
 
+        ; Optional queue arguments
+		; More information about x-arguments can be found at https://www.rabbitmq.com/queues.html#optional-arguments
+        [queue_args]
+        x-dead-letter-exchange =
+        x-dead-letter-routing-key = emails_dlq
+        x-overflow = reject-publish
+        x-queue-type = quorum
     
  More information about RabbitMQ can be found at https://www.rabbitmq.com/

package/docs/plugins/queue/smtp_forward.md

@@ -100,4 +100,4 @@ enable\_outbound can be set or unset on a per-domain level to enable or disable
 
 # Split host forward routing
 
-When an incoming email transaction has multiple recipients with different forward routes,  recipients to subsequent forward routes are deferred. Example: an incoming email transaction has recipients user@example1.com, user@example2.com, and user@example3.com. The first two recipients will be accepted (they share the same forward destination) and the latter will be deferred. It will arrive in a future delivery attempt by the remote.
+When an incoming email transaction has multiple recipients with different forward routes, recipients to subsequent forward routes are deferred. Example: an incoming email transaction has recipients user@example1.com, user@example2.com, and user@example3.com. The first two recipients will be accepted (they share the same forward destination) and the latter will be deferred. It will arrive in a future delivery attempt by the remote.

package/docs/plugins/relay.md

@@ -8,7 +8,7 @@ This **relay** plugin provides Haraka with options for managing relay permission
 
 ## Authentication
 
-One way to enable relaying is [authentication](http://haraka.github.io/manual.html) via the auth plugins. Successful authentication enables relaying during _that_ SMTP connection. To securely offer SMTP AUTH, the [tls](http://haraka.github.io/manual/plugins/tls.html) plugin and at least one auth plugin must be enabled and properly configured. When that requirement is met, the AUTH SMTP extension will be advertised to SMTP clients.
+One way to enable relaying is authentication via the [auth plugins](http://haraka.github.io/plugins). Successful authentication enables relaying during _that_ SMTP connection. To securely offer SMTP AUTH, the [tls](http://haraka.github.io/plugins/tls) plugin and at least one auth plugin must be enabled and properly configured. When that requirement is met, the AUTH SMTP extension will be advertised to SMTP clients.
 
     % nc mail.example.com 587
     220 mail.example.com ESMTP Haraka 2.4.0 ready
@@ -118,7 +118,7 @@ Example:
     [domains]
     test.com = { "action": "accept" }
 
-I think of *accept* as the equivalent of qmail's *rcpthosts*, or a misplaced Haraka `rcpt_to.*` plugin. The *accept* mechanism is another way to tell Haraka that a particular domain is one we accept mail for. The difference between this and the [rcpt_to.in_host_list](http://haraka.github.io/manual/plugins/rcpt_to.in_host_list.html) plugin is that this one also enables relaying.
+Think of *accept* as the equivalent of qmail's *rcpthosts*, or a misplaced Haraka `rcpt_to.*` plugin. The *accept* mechanism is another way to tell Haraka that a particular domain is one we accept mail for. The difference between this and the [rcpt_to.in_host_list](http://haraka.github.io/plugins/rcpt_to.in_host_list) plugin is that this one also enables relaying.
 
     * continue (mails are subject to further checks)
 

package/outbound/hmail.js

@@ -103,7 +103,7 @@ class HMailItem extends events.EventEmitter {
 
             this._stream_bytes_from(this.path, {start: 4, end: todo_len + 3}, (err2, todo_bytes) => {
                 if (todo_bytes.length !== todo_len) {
-                    const wrongLength = `Didn't find right amount of data in todo!: ${err2}`;
+                    const wrongLength = `Didn't find right amount of data in todo!: ${err2} ${this.path}`;
                     this.logcrit(wrongLength);
                     fs.rename(this.path, path.join(queue_dir, `error.${this.filename}`), (err3) => {
                         if (err3) {
@@ -1062,7 +1062,7 @@ class HMailItem extends events.EventEmitter {
             "\r": '#10',
             "\n": '#13'
         };
-        const escape_pattern = new RegExp(`[${Object.keys(escaped_chars).join()}]`, 'g');
+        const escape_pattern = new RegExp(`[${Object.keys(escaped_chars).join('')}]`, 'g');
 
         bounce_msg_html_.forEach(line => {
             line = line.replace(/\{(\w+)\}/g, (i, word) => {

package/outbound/queue.js

@@ -103,6 +103,11 @@ exports.read_parts = file => {
         return false;
     }
 
+    if (file.startsWith('error.')) {
+        logger.logwarn(`[outbound] 'Skipping' error file in queue folder: ${file}`);
+        return false;
+    }
+
     const parts = _qfile.parts(file);
     if (!parts) {
         logger.logerror(`[outbound] Unrecognized file in queue folder: ${file}`);

package/package.json

@@ -9,7 +9,7 @@
     "server",
     "email"
   ],
-  "version": "3.0.2",
+  "version": "3.0.3",
   "homepage": "http://haraka.github.io",
   "repository": {
     "type": "git",
@@ -20,28 +20,28 @@
     "node": ">=16"
   },
   "dependencies": {
-    "address-rfc2821": "^2.0.1",
+    "address-rfc2821": "^2.1.1",
     "address-rfc2822": "^2.1.0",
-    "async": "^3.2.4",
+    "async": "^3.2.5",
     "daemon": "~1.1.0",
     "ipaddr.js": "~2.1.0",
-    "node-gyp": "^9.4.0",
+    "node-gyp": "^10.0.1",
     "nopt": "~7.2.0",
     "npid": "~0.4.0",
-    "semver": "~7.5.2",
-    "sprintf-js": "~1.1.2",
+    "semver": "~7.6.0",
+    "sprintf-js": "~1.1.3",
     "haraka-config": "^1.1.0",
     "haraka-constants": "^1.0.6",
     "haraka-dsn": "^1.0.4",
     "haraka-email-message": "^1.2.0",
     "haraka-message-stream": "^1.2.0",
-    "haraka-net-utils": "^1.5.0",
+    "haraka-net-utils": "^1.5.3",
     "haraka-notes": "^1.0.6",
     "haraka-plugin-attachment": "^1.0.7",
-    "haraka-plugin-spf": "1.2.0",
-    "haraka-plugin-redis": "^2.0.5",
+    "haraka-plugin-spf": "1.2.4",
+    "haraka-plugin-redis": "^2.0.6",
     "haraka-results": "^2.2.3",
-    "haraka-tld": "^1.1.1",
+    "haraka-tld": "^1.2.0",
     "haraka-utils": "^1.0.3",
     "openssl-wrapper": "^0.3.4",
     "sockaddr": "^1.0.1"
@@ -49,36 +49,36 @@
   "optionalDependencies": {
     "haraka-plugin-access": "^1.1.5",
     "haraka-plugin-aliases": "^1.0.1",
-    "haraka-plugin-asn": "^2.0.1",
-    "haraka-plugin-auth-ldap": "^1.0.2",
-    "haraka-plugin-dcc": "^1.0.1",
-    "haraka-plugin-elasticsearch": "^1.0.6",
+    "haraka-plugin-asn": "^2.0.2",
+    "haraka-plugin-auth-ldap": "^1.1.0",
+    "haraka-plugin-dcc": "^1.0.2",
+    "haraka-plugin-elasticsearch": "^8.0.2",
     "haraka-plugin-fcrdns": "^1.1.0",
     "haraka-plugin-graph": "^1.0.5",
     "haraka-plugin-geoip": "^1.0.17",
     "haraka-plugin-headers": "^1.0.3",
-    "haraka-plugin-karma": "^2.1.0",
-    "haraka-plugin-limit": "^1.1.0",
+    "haraka-plugin-karma": "^2.1.2",
+    "haraka-plugin-limit": "^1.1.1",
     "haraka-plugin-p0f": "^1.0.9",
     "haraka-plugin-qmail-deliverable": "^1.2.1",
-    "haraka-plugin-known-senders": "^1.0.8",
-    "haraka-plugin-rcpt-ldap": "^1.0.0",
-    "haraka-plugin-recipient-routes": "^1.0.4",
-    "haraka-plugin-rspamd": "^1.2.0",
-    "haraka-plugin-syslog": "^1.0.3",
-    "haraka-plugin-uribl": "^1.0.6",
+    "haraka-plugin-known-senders": "^1.0.9",
+    "haraka-plugin-rcpt-ldap": "^1.1.0",
+    "haraka-plugin-recipient-routes": "^1.2.0",
+    "haraka-plugin-rspamd": "^1.3.1",
+    "haraka-plugin-syslog": "^1.0.5",
+    "haraka-plugin-uribl": "^1.0.8",
     "haraka-plugin-watch": "^2.0.2",
     "ocsp": "~1.2.0",
-    "redis": "^4.5.1",
+    "redis": "~4.6.11",
     "tmp": "~0.2.1"
   },
   "devDependencies": {
     "nodeunit-x": "^0.16.0",
-    "haraka-test-fixtures": "^1.3.0",
+    "haraka-test-fixtures": "^1.3.3",
     "mock-require": "^3.0.3",
-    "eslint": "^8.42.0",
+    "eslint": "^8.56.0",
     "eslint-plugin-haraka": "^1.0.15",
-    "nodemailer": "^6.9.3"
+    "nodemailer": "^6.9.9"
   },
   "bugs": {
     "mail": "haraka.mail@gmail.com",

package/plugins/auth/auth_base.js

@@ -5,7 +5,10 @@
 // Note: You can disable setting `connection.notes.auth_passwd` by `plugin.blankout_password = true`
 
 const crypto = require('crypto');
-const utils = require('haraka-utils');
+
+const tlds   = require('haraka-tld')
+const utils  = require('haraka-utils');
+
 const AUTH_COMMAND = 'AUTH';
 const AUTH_METHOD_CRAM_MD5 = 'CRAM-MD5';
 const AUTH_METHOD_PLAIN = 'PLAIN';
@@ -15,7 +18,7 @@ const LOGIN_STRING2 = 'UGFzc3dvcmQ6'; //Password: base64 coded
 
 exports.hook_capabilities = (next, connection) => {
     // Don't offer AUTH capabilities unless session is encrypted
-    if (!connection.tls.enabled) { return next(); }
+    if (!connection.tls.enabled) return next();
 
     const methods = [ 'PLAIN', 'LOGIN', 'CRAM-MD5' ];
     connection.capabilities.push(`AUTH ${methods.join(' ')}`);
@@ -47,9 +50,7 @@ exports.hook_unrecognized_command = function (next, connection, params) {
 
 exports.check_plain_passwd = function (connection, user, passwd, cb) {
     function callback (plain_pw) {
-        if (plain_pw === null  ) return cb(false);
-        if (plain_pw !== passwd) return cb(false);
-        cb(true);
+        cb(plain_pw === null ? false : plain_pw === passwd);
     }
     if (this.get_plain_passwd.length == 2) {
         this.get_plain_passwd(user, callback);
@@ -71,7 +72,7 @@ exports.check_cram_md5_passwd = function (connection, user, passwd, cb) {
 
         if (hmac.digest('hex') === passwd) return cb(true);
 
-        return cb(false);
+        cb(false);
     }
     if (this.get_plain_passwd.length == 2) {
         this.get_plain_passwd(user, callback);
@@ -117,7 +118,7 @@ exports.check_user = function (next, connection, credentials, method) {
                 connection.auth_results(`auth=pass (${method.toLowerCase()})`);
                 connection.notes.auth_user = credentials[0];
                 if (!plugin.blankout_password) connection.notes.auth_passwd = credentials[1];
-                return next(OK);
+                next(OK);
             });
             return;
         }
@@ -125,9 +126,7 @@ exports.check_user = function (next, connection, credentials, method) {
         if (!connection.notes.auth_fails) connection.notes.auth_fails = 0;
 
         connection.notes.auth_fails++;
-        connection.results.add({name: 'auth'}, {
-            fail:`${plugin.name}/${method}`,
-        });
+        connection.results.add({name: 'auth'}, { fail:`${plugin.name}/${method}` });
 
         let delay = Math.pow(2, connection.notes.auth_fails - 1);
         if (plugin.timeout && delay >= plugin.timeout) {
@@ -230,7 +229,7 @@ exports.auth_cram_md5 = function (next, connection, params) {
         return this.check_user(next, connection, credentials, AUTH_METHOD_CRAM_MD5);
     }
 
-    const ticket = `<${this.hexi(Math.floor(Math.random() * 1000000))}. ${this.hexi(Date.now())}@${connection.local.host}>`;
+    const ticket = `<${this.hexi(Math.floor(Math.random() * 1000000))}.${this.hexi(Date.now())}@${connection.local.host}>`;
 
     connection.loginfo(this, `ticket: ${ticket}`);
     connection.respond(334, utils.base64(ticket), () => {
@@ -240,3 +239,20 @@ exports.auth_cram_md5 = function (next, connection, params) {
 }
 
 exports.hexi = number => String(Math.abs(parseInt(number)).toString(16))
+
+exports.constrain_sender = function (next, connection, params) {
+    const au = connection.results.get('auth')?.user
+    if (!au) return next()
+
+    const ad = /@/.test(au) ? au.split('@').pop() : au
+    const ed = params[0].host
+
+    if (!ad || !ed) return next()
+
+    const auth_od = tlds.get_organizational_domain(ad)
+    const envelope_od = tlds.get_organizational_domain(ed)
+
+    if (auth_od === envelope_od) return next()
+
+    next(DENY, `Envelope domain '${envelope_od}' doesn't match AUTH domain '${auth_od}'`)
+}

package/plugins/auth/auth_vpopmaild.js

@@ -4,25 +4,36 @@ const net    = require('net');
 
 exports.register = function () {
     this.inherits('auth/auth_base');
-    this.load_vpop_ini();
+    this.blankout_password=true
+
+    this.load_vpopmaild_ini();
+
+    if (this.cfg.main.constrain_sender) {
+        this.register_hook('mail', 'constrain_sender')
+    }
 }
 
-exports.load_vpop_ini = function () {
-    this.cfg = this.config.get('auth_vpopmaild.ini', () => {
-        this.load_vpop_ini();
+exports.load_vpopmaild_ini = function () {
+    this.cfg = this.config.get('auth_vpopmaild.ini', {
+        booleans: [
+            '+main.constrain_sender',
+        ]
+    },
+    () => {
+        this.load_vpopmaild_ini();
     });
 }
 
 exports.hook_capabilities = function (next, connection) {
-    if (!connection.tls.enabled) { return next(); }
+    if (!connection.tls.enabled) return next();
 
     const methods = [ 'PLAIN', 'LOGIN' ];
-    if (this.cfg.main.sysadmin) { methods.push('CRAM-MD5'); }
+    if (this.cfg.main.sysadmin) methods.push('CRAM-MD5');
 
     connection.capabilities.push(`AUTH ${methods.join(' ')}`);
     connection.notes.allowed_auth_methods = methods;
 
-    return next();
+    next();
 }
 
 exports.check_plain_passwd = function (connection, user, passwd, cb) {
@@ -49,11 +60,12 @@ exports.check_plain_passwd = function (connection, user, passwd, cb) {
             }
             socket.end();             // disconnect
         }
-    });
+    })
+
     socket.on('end', () => {
         connection.loginfo(this, `AUTH user="${user}" success=${auth_success}`);
-        return cb(auth_success);
-    });
+        cb(auth_success);
+    })
 }
 
 exports.get_sock_opts = function (user) {
@@ -66,13 +78,11 @@ exports.get_sock_opts = function (user) {
 
     const domain = (user.split('@'))[1];
     let sect = this.cfg.main;
-    if (domain && this.cfg[domain]) {
-        sect = this.cfg[domain];
-    }
+    if (domain && this.cfg[domain]) sect = this.cfg[domain];
 
-    if (sect.port)     { this.sock_opts.port     = sect.port;     }
-    if (sect.host)     { this.sock_opts.host     = sect.host;     }
-    if (sect.sysadmin) { this.sock_opts.sysadmin = sect.sysadmin; }
+    if (sect.port)     this.sock_opts.port     = sect.port;
+    if (sect.host)     this.sock_opts.host     = sect.host;
+    if (sect.sysadmin) this.sock_opts.sysadmin = sect.sysadmin;
 
     this.logdebug(`sock: ${this.sock_opts.host}:${this.sock_opts.port}`);
     return this.sock_opts;
@@ -89,14 +99,14 @@ exports.get_vpopmaild_socket = function (user) {
     socket.on('timeout', () => {
         this.logerror("vpopmaild connection timed out");
         socket.end();
-    });
+    })
     socket.on('error', err => {
         this.logerror(`vpopmaild connection failed: ${err}`);
         socket.end();
-    });
+    })
     socket.on('connect', () => {
         this.logdebug('vpopmail connected');
-    });
+    })
     return socket;
 }
 

package/plugins/auth/flat_file.js

@@ -3,26 +3,32 @@
 exports.register = function () {
     this.inherits('auth/auth_base');
     this.load_flat_ini();
+
+    if (this.cfg.core.constrain_sender) {
+        this.register_hook('mail', 'constrain_sender')
+    }
 }
 
 exports.load_flat_ini = function () {
-    this.cfg = this.config.get('auth_flat_file.ini', () => {
+    this.cfg = this.config.get('auth_flat_file.ini', {
+        booleans: [
+            '+core.constrain_sender',
+        ]
+    },
+    () => {
         this.load_flat_ini();
     });
+
+    if (this.cfg.users === undefined) this.cfg.users = {}
 }
 
 exports.hook_capabilities = function (next, connection) {
-    // don't allow AUTH unless private IP or encrypted
     if (!connection.remote.is_private && !connection.tls.enabled) {
-        connection.logdebug(this,
-            "Auth disabled for insecure public connection");
+        connection.logdebug(this, "Auth disabled for insecure public connection");
         return next();
     }
 
-    let methods = null;
-    if (this.cfg.core?.methods ) {
-        methods = this.cfg.core.methods.split(',');
-    }
+    const methods = this.cfg.core?.methods ? this.cfg.core.methods.split(',') : null
     if (methods && methods.length > 0) {
         connection.capabilities.push(`AUTH ${methods.join(' ')}`);
         connection.notes.allowed_auth_methods = methods;
@@ -31,8 +37,7 @@ exports.hook_capabilities = function (next, connection) {
 }
 
 exports.get_plain_passwd = function (user, connection, cb) {
-    if (this.cfg.users[user]) {
-        return cb(this.cfg.users[user].toString());
-    }
-    return cb();
+    if (this.cfg.users[user]) return cb(this.cfg.users[user].toString());
+
+    cb();
 }

package/plugins/clamd.js

@@ -269,6 +269,7 @@ exports.hook_data_post = function (next, connection) {
                 if (virus && plugin.rejectRE &&       // enabled
                     plugin.allRE.test(virus) &&       // has a reject option
                     !plugin.rejectRE.test(virus)) {   // reject=false set
+                    txn.add_header('X-Haraka-Virus', virus);
                     return next();
                 }
                 if (!plugin.cfg.reject.virus) { return next(); }

package/plugins/helo.checks.js

@@ -499,7 +499,7 @@ exports.get_a_records = async function (host) {
         err.code = dns.TIMEOUT;
         this.logerror(err);
         throw err;
-    }, (this.cfg.main.dns_timeout || 30) * 1000);
+    }, (this.cfg.main.dns_timeout || 28) * 1000);
 
     // fully qualify, to ignore any search options in /etc/resolv.conf
     if (!/\.$/.test(host)) host = `${host}.`;

package/plugins/queue/rabbitmq_amqplib.js

@@ -58,7 +58,7 @@ exports.init_amqp_connection = function () {
                     return conn.close();
                 }
                 ch.assertQueue(queueName,
-                    {durable, autoDelete},
+                    {durable, autoDelete, arguments: this.config.get("rabbitmq.ini").queue_args},
                     (err4, ok2) => {
                         if (err4) {
                             this.logerror(`Error asserting rabbitmq queue: ${err4}`);

package/plugins/queue/smtp_forward.js

@@ -28,10 +28,10 @@ exports.register = function () {
     if (this.cfg.main.enable_outbound) {
         // deliver local message via smtp forward when relaying=true
         this.register_hook('queue_outbound', 'queue_forward');
-
-        // may specify more specific routes for outbound
-        this.register_hook('get_mx', 'get_mx');
     }
+
+    // may specify more specific [per-domain] outbound routes
+    this.register_hook('get_mx', 'get_mx');
 }
 
 exports.load_smtp_forward_ini = function () {

package/plugins.js

@@ -363,6 +363,7 @@ plugins.deprecated = {
     'rcpt_to.qmail_deliverable' : 'qmail-deliverable',
     'rdns.regexp'         : 'access',
     'relay_acl'           : 'relay',
+    'relay_all'           : 'relay',
     'relay_force_routing' : 'relay',
 }
 

package/transaction.js

@@ -152,7 +152,7 @@ class Transaction {
                 this.header_lines.push(line.toString(this.encoding).replace(/\r\n$/, '\n'));
             }
         }
-        else if (this.header_pos && this.parse_body) {
+        else if (this.parse_body) {
             let new_line = line;
             if (new_line[0] === 0x2E) new_line = new_line.slice(1); // Strip leading "."
 

package/config/lookup_rdns.strict.ini

@@ -1,12 +0,0 @@
-[general]
-nomatch=Please setup matching DNS and rDNS records.
-timeout=60
-timeout_msg=DNS check timed out.
-
-[forward]
-nxdomain=Please setup a forward DNS record.
-dnserror=Please setup matching DNS and rDNS records.
-
-[reverse]
-nxdomain=Please setup a reverse DNS record.
-dnserror=Please setup matching DNS and rDNS records.

package/config/lookup_rdns.strict.timeout

@@ -1 +0,0 @@
-0

package/config/lookup_rdns.strict.whitelist

@@ -1 +0,0 @@
-# Hostnames and IPs are matched exactly as written on each line.

package/config/lookup_rdns.strict.whitelist_regex

@@ -1,5 +0,0 @@
-# Does the same thing as the whitelist file, but each line is a regex.
-# Each line is also anchored for you, meaning '^' + regex + '$' is added for
-# you.  If you need to get around this restriction, you may use a '.*' at
-# either the start or the end of your regex.  This should help prevent people
-# from writing overly permissive rules on accident.

package/config/rcpt_to.blocklist

@@ -1 +0,0 @@
-# This is a blocklist for the rcpt_to line. One address per line.

package/config.js

@@ -1,6 +0,0 @@
-'use strict'
-
-module.exports = require('haraka-config')
-
-// use emit is the same way util.deprecate does it, so follow that style
-process.emit('warning', 'Loading config via require("./config") is deprecated, please use: require("haraka-config") instead.')

package/docs/plugins/relay_acl.md

@@ -1,29 +0,0 @@
-relay\_acl
-========
-
-This plugin makes it possible to relay outbound mails using IP based ACLs
-and relay inbound mails using destination domains.
-
-Configuration
--------------
-
-* `config/relay_acl_allow`
-    Allowed IP ranges in CIDR notation, one per line.
-    IPs listed in here will be allowed to send mails without any furthur
-    checks.
-
-* `config/relay_dest_domains.ini`
-    Allowed destination domains. The format is in ini file, the domain
-    is the key and the value is in JSON, all under the [domains] section.
-    Currently supported field is "action": where the value can be
-    "accept" (accept the mail without further checks), "continue" (mails
-    are still subjected to further checks) or "deny" (reject the mails).
-
-    An example:
-
-    [domains]  
-    test.com = { "action": "continue" }
-
-    Please note that this config/relay\_dest\_domains.ini is shared with
-    plugins/relay\_force\_routing.js, which uses additional fields.
-

package/docs/plugins/relay_all.md

@@ -1,15 +0,0 @@
-relay\_all
-=========
-
-This plugin is useful in spamtraps to accept mail to any host, and to allow
-any user from anywhere to send email.
-
-Do NOT use this plugin on a real mail server, unless you really know what
-you are doing. If you use this plugin with anything that relays mail (such
-as forwarding to a real mail server, or the `deliver` plugin), your mail
-server is now an open relay.
-
-This is BAD. Hence the big letters. In short: DO NOT USE THIS PLUGIN.
-
-It is useful for testing, hence why it is here. Also I work with spamtraps
-a lot, so it is useful there.

package/docs/plugins/relay_force_routing.md

@@ -1,33 +0,0 @@
-relay\_force\_routing.js
-========
-
-This plugin allows you to force the next hop for the configured domains.
-It works a lot like the transport map of Postfix.
-
-Configuration
--------------
-
-* `config/relay_dest_domains.ini`
-    This config file is shared with relay\_acl.js, for the basics see the
-    documentation provided by plugins/relay\_acl.js.
-
-    relay\_force\_routing.js adds the field "nexthop": in the JSON value
-    of the domain. The value of "nexthop": can be hostname or IP optionally
-    follow by :port.
-
-    Example:
-
-    [domains]  
-    test.com = { "action": "continue", "nexthop": "127.0.0.1:2525" }
-
-    You can also define a default relay using the "any" domain, which will be
-    used if the message's destination domain doesn't match any of the domains
-    already defined.
-
-    Example:
-```
-    [domains]  
-    test.com = { "action": "continue", "nexthop": "127.0.0.1:2525" }
-    my.test.com = { "action": "continue", "nexthop": "127.0.0.1:2527" }
-    any = { "action": "continue", "nexthop": "10.10.10.1:2525"}
-```

package/plugins/data.headers.js

@@ -1,4 +0,0 @@
-
-exports.register = function () {
-    this.logerror(this, "data.headers is deprecated, remove it from config/plugins. See 'haraka -h headers'");
-}

package/plugins/relay_all.js

@@ -1,13 +0,0 @@
-// Just relay everything - could be useful for a spamtrap
-
-exports.register = function () {
-    this.logerror(this, "deprecated. see 'haraka -h relay'");
-    this.register_hook('rcpt', 'confirm_all');
-}
-
-exports.confirm_all = function (next, connection, params) {
-    const recipient = params.shift();
-    connection.loginfo(this, `confirming recipient ${recipient}`);
-    connection.relaying = true;
-    next(OK);
-}