Haraka 3.0.2 → 3.0.4

package/plugins/mail_from.is_resolvable.js

@@ -1,8 +1,7 @@
 'use strict';
 
 // Check MAIL FROM domain is resolvable to an MX
-const dns = require('dns');
-const net = require('net');
+const net = require('node:net');
 
 const net_utils = require('haraka-net-utils');
 
@@ -14,12 +13,17 @@ exports.load_ini = function () {
     this.cfg = this.config.get('mail_from.is_resolvable.ini', {
         booleans: [
             '-main.allow_mx_ip',
-            '+main.reject_no_mx',
+            '+reject.no_mx',
         ],
     }, () => {
         this.load_ini();
     });
 
+    // compat. Sunset 4.0
+    if (this.cfg.main.reject_no_mx) {
+        this.cfg.reject.no_mx = this.cfg.main.reject_no_mx
+    }
+
     if (isNaN(this.cfg.main.timeout)) {
         this.cfg.main.timeout = 29;
     }
@@ -40,163 +44,89 @@ exports.hook_mail = function (next, connection, params) {
     const mail_from = params[0];
     const txn       = connection?.transaction;
     if (!txn) return next();
-    const { results }   = txn;
+    const { results } = txn;
 
-    // Check for MAIL FROM without an @ first - ignore those here
+    // ignore MAIL FROM without an @
     if (!mail_from.host) {
         results.add(plugin, {skip: 'null host'});
         return next();
     }
 
     let called_next  = 0;
-    const domain       = mail_from.host;
-    const c            = plugin.cfg.main;
-    const timeout_id   = setTimeout(() => {
-        // DNS answer didn't return (UDP)
-        connection.loginfo(plugin, `timed out resolving MX for ${domain}`);
+    const domain     = mail_from.host;
+    const timeout_id = setTimeout(() => {
+        connection.logdebug(plugin, `DNS timeout resolving MX for ${domain}`);
         called_next++;
         if (txn) results.add(plugin, {err: `timeout(${domain})`});
         next(DENYSOFT, 'Temporary resolver error (timeout)');
-    }, c.timeout * 1000);
+    }, this.cfg.main.timeout * 1000);
 
     function mxDone (code, reply) {
         if (called_next) return;
         clearTimeout(timeout_id);
         called_next++;
-        next(code, reply);
+        next(...arguments);
     }
 
-    // IS: IPv6 compatible
-    net_utils.get_mx(domain, (err, addresses) => {
-        if (!txn) return;
-        if (err && plugin.mxErr(connection, domain, 'MX', err, mxDone)) return;
+    function mxErr (err) {
+        if (!connection.transaction) return;
+        results.add(plugin, {err: `${domain}:${err.message}`});
+        mxDone(DENYSOFT, `Temp. resolver error (${err.code})`);
+    }
 
-        if (!addresses || !addresses.length) {
-            // Check for implicit MX 0 record
-            return plugin.implicit_mx(connection, domain, mxDone);
-        }
+    connection.logdebug(plugin, `resolving MX for domain ${domain}`)
 
-        // Verify that the MX records resolve to valid addresses
-        let records = {};
-        let pending_queries = 0;
-        function check_results () {
-            if (pending_queries !== 0) return;
-
-            records = Object.keys(records);
-            if (records?.length) {
-                connection.logdebug(plugin, `${domain}: ${records}`);
-                results.add(plugin, {pass: 'has_fwd_dns'});
-                return mxDone();
-            }
-            results.add(plugin, {fail: 'has_fwd_dns'});
-            return mxDone(((c.reject_no_mx) ? DENY : DENYSOFT),
-                'MX without A/AAAA records');
-        }
+    net_utils
+        .get_mx(domain)
+        .then((exchanges) => {
+            if (!txn) return;
 
-        addresses.forEach(addr => {
-            // Handle MX records that are IP addresses
-            // This is invalid - but a lot of MTAs allow it.
-            if (net_utils.get_ipany_re('^\\[','\\]$','').test(addr.exchange)) {
-                connection.logwarn(plugin, `${domain}: invalid MX ${addr.exchange}`);
-                if (c.allow_mx_ip) {
-                    records[addr.exchange] = 1;
-                }
-                return;
+            connection.logdebug(plugin, `${domain}: MX => ${JSON.stringify(exchanges)}`)
+
+            if (!exchanges || !exchanges.length) {
+                results.add(this, {fail: 'has_fwd_dns'});
+                return mxDone(
+                    ((this.cfg.reject.no_mx) ? DENY : DENYSOFT),
+                    'No MX for your FROM address'
+                );
             }
-            pending_queries++;
-            net_utils.get_ips_by_host(addr.exchange, (err2, addresses2) => {
-                pending_queries--;
-                if (!txn) return;
-                if (err2 && err2.length === 2) {
-                    results.add(plugin, {msg: err2[0].message});
-                    connection.logdebug(plugin, `${domain}: MX ${addr.priority} ${addr.exchange} => ${err2[0].message}`);
-                    check_results();
-                    return;
-                }
-                connection.logdebug(plugin, `${domain}: MX ${addr.priority} ${addr.exchange} => ${addresses2}`);
-                for (const element of addresses2) {
-                    // Ignore anything obviously bogus
-                    if (net.isIPv4(element)){
-                        if (plugin.re_bogus_ip.test(element)) {
-                            connection.logdebug(plugin, `${addr.exchange}: discarding ${element}`);
-                            continue;
-                        }
+
+            if (this.cfg.main.allow_mx_ip) {
+                for (const mx of exchanges) {
+                    if (net.isIPv4(mx.exchange) && !this.re_bogus_ip.test(mx.exchange)) {
+                        txn.results.add(this, {pass: 'implicit_mx', emit: true});
+                        return mxDone()
                     }
-                    if (net.isIPv6(element)){
-                        if (net_utils.ipv6_bogus(element)) {
-                            connection.logdebug(plugin, `${addr.exchange}: discarding ${element}`);
-                            continue;
-                        }
+                    if (net.isIPv6(mx.exchange) && !net_utils.ipv6_bogus(mx.exchange)) {
+                        txn.results.add(this, {pass: 'implicit_mx', emit: true});
+                        return mxDone()
                     }
-                    records[element] = 1;
-                }
-                check_results();
-            });
-        });
-        // In case we don't run any queries
-        check_results();
-    });
-}
-
-exports.mxErr = function (connection, domain, type, err, mxDone) {
-
-    const txn = connection?.transaction;
-    if (!txn) return;
-
-    txn.results.add(this, {msg: `${domain}:${type}:${err.message}`});
-    connection.logdebug(this, `${domain}:${type} => ${err.message}`);
-    switch (err.code) {
-        case dns.NXDOMAIN:
-        case dns.NOTFOUND:
-        case dns.NODATA:
-            // Ignore
-            break;
-        default:
-            mxDone(DENYSOFT, `Temp. resolver error (${err.code})`);
-            return true;
-    }
-    return false;
-}
-
-// IS: IPv6 compatible
-exports.implicit_mx = function (connection, domain, mxDone) {
-    const txn = connection?.transaction;
-    if (!txn) return;
-
-    net_utils.get_ips_by_host(domain, (err, addresses) => {
-        if (!txn) return;
-        if (!addresses || !addresses.length) {
-            txn.results.add(this, {fail: 'has_fwd_dns'});
-            return mxDone(((this.cfg.main.reject_no_mx) ? DENY : DENYSOFT),
-                'No MX for your FROM address');
-        }
-
-        connection.logdebug(this, `${domain}: A/AAAA => ${addresses}`);
-        let records = {};
-        for (const addr of addresses) {
-            // Ignore anything obviously bogus
-            if (net.isIPv4(addr)) {
-                if (this.re_bogus_ip.test(addr)) {
-                    connection.logdebug(this, `${domain}: discarding ${addr}`);
-                    continue;
-                }
-            }
-            if (net.isIPv6(addr)) {
-                if (net_utils.ipv6_bogus(addr)) {
-                    connection.logdebug(this, `${domain}: discarding ${addr}`);
-                    continue;
                 }
             }
-            records[addr] = true;
-        }
 
-        records = Object.keys(records);
-        if (records?.length) {
-            txn.results.add(this, {pass: 'implicit_mx'});
-            return mxDone();
-        }
+            // filter out the implicit MX and resolve the MX hostnames
+            net_utils
+                .resolve_mx_hosts(exchanges.filter(a => !net.isIP(a.exchange)))
+                .then(resolved => {
+                    connection.logdebug(plugin, `resolved MX => ${JSON.stringify(resolved)}`);
 
-        txn.results.add(this, {fail: `implicit_mx(${domain})`});
-        return mxDone();
-    });
+                    for (const mx of resolved) {
+                        if (net.isIPv4(mx.exchange) && !this.re_bogus_ip.test(mx.exchange)) {
+                            txn.results.add(this, {pass: 'has_fwd_dns', emit: true});
+                            return mxDone()
+                        }
+                        if (net.isIPv6(mx.exchange) && !net_utils.ipv6_bogus(mx.exchange)) {
+                            txn.results.add(this, {pass: 'has_fwd_dns', emit: true});
+                            return mxDone()
+                        }
+                    }
+
+                    mxDone(
+                        ((this.cfg.main.reject_no_mx) ? DENY : DENYSOFT),
+                        'No valid MX for your FROM address'
+                    );
+                })
+                .catch(mxErr)
+        })
+        .catch(mxErr)
 }

package/plugins/queue/deliver.js

@@ -1,13 +1,12 @@
-// This plugin is now entirely redundant. The core will queue outbound mails
+// This plugin is entirely redundant. The core will queue outbound mails
 // automatically just like this. It is kept here for backwards compatibility
 // purposes only.
 
 const outbound = require('./outbound');
 
 exports.hook_queue_outbound = (next, connection) => {
-    if (!connection?.relaying) {
-        return next(); // we're not relaying so don't deliver outbound
-    }
+    // if not relaying, don't deliver outbound
+    if (!connection?.relaying) return next();
 
-    outbound.send_email(connection?.transaction, next);
+    outbound.send_trans_email(connection?.transaction, next);
 }

package/plugins/queue/lmtp.js

@@ -19,29 +19,26 @@ exports.hook_get_mx = function (next, hmail, domain) {
 
     if (!hmail.todo.notes.using_lmtp) return next();
 
-    const mx = { using_lmtp: true, priority: 0, exchange: '127.0.0.1' };
-
     const section = this.cfg[domain] || this.cfg.main;
-    if (section.path) {
-        Object.assign(mx, { path: section.path });
-        return next(OK, mx);
-    }
 
-    Object.assign(mx, {
-        exchange: section.host || '127.0.0.1',
-        port: section.port || 24,
-    });
+    const mx = {
+        using_lmtp: true,
+        priority: 0,
+        exchange: section.host ?? '127.0.0.1',
+        port: section.port ?? 24,
+    };
+
+    if (section.path) mx.path = section.path;
 
-    return next(OK, mx);
+    next(OK, mx);
 }
 
 exports.hook_queue = (next, connection) => {
     const txn = connection?.transaction;
     if (!txn) return next();
 
-    const q_wants = txn.notes.get('queue.wants');
-    if (q_wants && q_wants !== 'lmtp') return next();
+    if (txn.notes.get('queue.wants') !== 'lmtp') return next();
 
     txn.notes.using_lmtp = true;
-    outbound.send_email(txn, next);
+    outbound.send_trans_email(txn, next);
 }

package/plugins/queue/qmail-queue.js

@@ -1,7 +1,7 @@
 // Queue to qmail-queue
 
-const childproc = require('child_process');
-const fs        = require('fs');
+const childproc = require('node:child_process');
+const fs        = require('node:fs');
 
 exports.register = function () {
 

package/plugins/queue/quarantine.js

@@ -1,7 +1,7 @@
 // quarantine
 
-const fs   = require('fs');
-const path = require('path');
+const fs   = require('node:fs');
+const path = require('node:path');
 
 exports.register = function () {
 

package/plugins/queue/rabbitmq.js

@@ -1,5 +1,4 @@
 const amqp = require('amqp');
-const logger = require('./logger');
 
 let rabbitqueue;
 let exchangeName;
@@ -12,41 +11,41 @@ exports.exchangeMapping = {}
 
 //This method registers the hook and try to initialize the connection to rabbitmq server for later use.
 exports.register = function () {
-    logger.logdebug("About to connect and initialize queue object");
+    this.logdebug("About to connect and initialize queue object");
     this.init_rabbitmq_server();
-    logger.logdebug(`Finished initiating : ${exports.exchangeMapping[exchangeName + queueName]}`);
+    this.logdebug(`Finished initiating : ${exports.exchangeMapping[exchangeName + queueName]}`);
 }
 
 
 //Actual magic of publishing message to rabbit when email comes happen here.
-exports.hook_queue = (next, connection) => {
+exports.hook_queue = function (next, connection) {
     if (!connection?.transaction) return next();
 
     //Calling the get_data method and when it gets the data on callback, publish the message to queue with routing key.
     connection.transaction.message_stream.get_data(buffere => {
         const exchangeData = exports.exchangeMapping[exchangeName + queueName]
-        logger.logdebug(`Sending the data: ${ queueName} Routing : ${exchangeData} exchange :${connExchange_}`);
+        this.logdebug(`Sending the data: ${ queueName} Routing : ${exchangeData} exchange :${connExchange_}`);
         if (connExchange_ && routing_) {
             //This is publish function of rabbitmq amqp library, currently direct queue is configured and routing is fixed.
             //Needs to be changed.
             connExchange_.publish(routing_, buffere,{deliveryMode}, error => {
                 if (error) {
                     //There was some error while sending the email to queue.
-                    logger.logdebug("queueFailure: #{JSON.stringify(error)}");
+                    this.logdebug("queueFailure: #{JSON.stringify(error)}");
                     exports.init_rabbitmq_server();
-                    return next();
+                    next();
                 }
                 else {
                     //Queueing was successful, send ok as reply
-                    logger.logdebug( "queueSuccess");
-                    return next(OK,"Successfully Queued! in rabbitmq");
+                    this.logdebug( "queueSuccess");
+                    next(OK,"Successfully Queued! in rabbitmq");
                 }
             });
         }
         else {
             //Seems like connExchange is not defined , lets create one for next call
             exports.init_rabbitmq_server();
-            return next();
+            next();
         }
     });
 }
@@ -88,18 +87,18 @@ exports.init_rabbitmq_server = function () {
 
 
     //Create connection to the rabbitmq server
-    logger.logdebug("About to Create connection with server");
+    this.logdebug("About to Create connection with server");
     rabbitqueue = amqp.createConnection(options);
 
 
     //Declaring listerner on error on connection.
     rabbitqueue.on('error', error => {
-        logger.logdebug(`There was some error on the connection : ${error}`);
+        this.logerror(`There was some error on the connection : ${error}`);
     });
 
     //Declaring listerner on close on connection.
     rabbitqueue.on('close', close => {
-        logger.logdebug(` Connection  is beingclosed : ${close}`);
+        this.logdebug(` Connection  is being closed : ${close}`);
     });
 
 
@@ -111,16 +110,16 @@ exports.init_rabbitmq_server = function () {
      */
 
     rabbitqueue.on('ready', () => {
-        logger.logdebug("Connection is ready, will try making exchange");
+        this.logdebug("Connection is ready, will try making exchange");
         // Now connection is ready will try to open exchange with config data.
         rabbitqueue.exchange(exchangeName, {  type: exchangeType,  confirm,  durable }, connExchange => {
 
 
-            logger.logdebug(`connExchange with server ${connExchange} autoDelete : ${autoDelete}`);
+            this.logdebug(`connExchange with server ${connExchange} autoDelete : ${autoDelete}`);
 
             //Exchange is now open, will try to open queue.
             return rabbitqueue.queue(queueName,{autoDelete, durable }, connQueue => {
-                logger.logdebug(`connQueue with server ${connQueue}`);
+                this.logdebug(`connQueue with server ${connQueue}`);
 
                 //Creating the Routing key to bind the queue and exchange.
                 const routing = `${queueName}Routing`;
@@ -142,7 +141,7 @@ exports.init_rabbitmq_server = function () {
                     routing : routing_,
                     queueName
                 });
-                logger.logdebug(`exchange: ${exchangeName}, queue: ${queueName}  exchange : ${connExchange_} queue : ${connQueue_}` );
+                this.logdebug(`exchange: ${exchangeName}, queue: ${queueName}  exchange : ${connExchange_} queue : ${connQueue_}` );
             });
         });
     });

package/plugins/queue/rabbitmq_amqplib.js

@@ -58,7 +58,7 @@ exports.init_amqp_connection = function () {
                     return conn.close();
                 }
                 ch.assertQueue(queueName,
-                    {durable, autoDelete},
+                    {durable, autoDelete, arguments: this.config.get("rabbitmq.ini").queue_args},
                     (err4, ok2) => {
                         if (err4) {
                             this.logerror(`Error asserting rabbitmq queue: ${err4}`);

package/plugins/queue/smtp_forward.js

@@ -4,7 +4,7 @@
 // and passes back any errors seen on the ongoing server to the
 // originating server.
 
-const url = require('url');
+const url = require('node:url');
 
 const smtp_client_mod = require('./smtp_client');
 
@@ -28,10 +28,10 @@ exports.register = function () {
     if (this.cfg.main.enable_outbound) {
         // deliver local message via smtp forward when relaying=true
         this.register_hook('queue_outbound', 'queue_forward');
-
-        // may specify more specific routes for outbound
-        this.register_hook('get_mx', 'get_mx');
     }
+
+    // may specify more specific [per-domain] outbound routes
+    this.register_hook('get_mx', 'get_mx');
 }
 
 exports.load_smtp_forward_ini = function () {
@@ -230,6 +230,7 @@ exports.forward_enabled = function (conn, dom_cfg) {
 
 exports.queue_forward = function (next, connection) {
     const plugin = this;
+    if (connection.remote.closed) return
     const txn = connection?.transaction;
 
     const cfg = plugin.get_config(connection);
@@ -247,8 +248,7 @@ exports.queue_forward = function (next, connection) {
         );
 
         function get_rs () {
-            if (txn) return txn.results;
-            return connection.results;
+            return connection?.transaction?.results ? connection.transaction.results : connection.results
         }
 
         function dead_sender () {

package/plugins/queue/smtp_proxy.js

@@ -79,6 +79,10 @@ exports.hook_mail = function (next, connection, params) {
 exports.hook_rcpt_ok = (next, connection, recipient) => {
     const { smtp_client } = connection.notes;
     if (!smtp_client) return next();
+    if (smtp_client.is_dead_sender(this, connection)) {
+        delete connection.notes.smtp_client;
+        return;
+    }
     smtp_client.next = next;
     smtp_client.send_command('RCPT', `TO:${recipient.format(!smtp_client.smtp_utf8)}`);
 }
@@ -86,6 +90,11 @@ exports.hook_rcpt_ok = (next, connection, recipient) => {
 exports.hook_data = (next, connection) => {
     const { smtp_client } = connection.notes;
     if (!smtp_client) return next();
+
+    if (smtp_client.is_dead_sender(this, connection)) {
+        delete connection.notes.smtp_client;
+        return;
+    }
     smtp_client.next = next;
     smtp_client.send_command("DATA");
 }
@@ -96,11 +105,11 @@ exports.hook_queue = function (next, connection) {
     const { smtp_client } = connection.notes;
     if (!smtp_client) return next();
 
-    smtp_client.next = next;
     if (smtp_client.is_dead_sender(this, connection)) {
         delete connection.notes.smtp_client;
         return;
     }
+    smtp_client.next = next;
     smtp_client.start_data(connection.transaction.message_stream);
 }
 

package/plugins/queue/test.js

@@ -1,5 +1,5 @@
-const fs = require('fs');
-const os = require('os');
+const fs = require('node:fs');
+const os = require('node:os');
 
 const tempDir = os.tmpdir();
 

package/plugins/rcpt_to.host_list_base.js

@@ -40,7 +40,7 @@ exports.hook_mail = function (next, connection, params) {
 
     const anti_spoof = this.config.get('host_list.anti_spoof') || false;
 
-    if (this.in_host_list(domain) || this.in_host_regex(domain)) {
+    if (this.in_host_list(domain, connection) || this.in_host_regex(domain, connection)) {
         if (anti_spoof && !connection.relaying) {
             txn.results.add(this, {fail: 'mail_from.anti_spoof'});
             return next(DENY, `Mail from domain '${domain}' is not allowed from your host`);
@@ -54,16 +54,16 @@ exports.hook_mail = function (next, connection, params) {
     return next();
 }
 
-exports.in_host_list = function (domain) {
-    this.logdebug(`checking ${domain} in config/host_list`);
+exports.in_host_list = function (domain, connection) {
+    this.logdebug(connection, `checking ${domain} in config/host_list`);
     return !!(this.host_list[domain]);
 }
 
-exports.in_host_regex = function (domain) {
+exports.in_host_regex = function (domain, connection) {
     if (!this.host_list_regex) return false;
     if (!this.host_list_regex.length) return false;
 
-    this.logdebug(`checking ${domain} against config/host_list_regex `);
+    this.logdebug(connection, `checking ${domain} against config/host_list_regex `);
 
     return !!(this.hl_re.test(domain));
 }

package/plugins/rcpt_to.in_host_list.js

@@ -32,12 +32,12 @@ exports.hook_rcpt = function (next, connection, params) {
 
     const domain = rcpt.host.toLowerCase();
 
-    if (this.in_host_list(domain)) {
+    if (this.in_host_list(domain, connection)) {
         txn.results.add(this, {pass: 'rcpt_to'});
         return next(OK);
     }
 
-    if (this.in_host_regex(domain)) {
+    if (this.in_host_regex(domain, connection)) {
         txn.results.add(this, {pass: 'rcpt_to'});
         return next(OK);
     }

package/plugins/relay.js

@@ -2,8 +2,9 @@
 //
 // documentation via: haraka -h relay
 
+const net = require('node:net');
+
 const ipaddr = require('ipaddr.js');
-const net    = require('net');
 
 exports.register = function () {
 
@@ -89,11 +90,9 @@ exports.acl = function (next, connection) {
 }
 
 exports.pass_relaying = (next, connection) => {
-    if (connection.relaying) {
-        return next(OK);
-    }
+    if (connection.relaying) return next(OK);
 
-    return next();
+    next();
 }
 
 exports.is_acl_allowed = function (connection) {
@@ -172,7 +171,7 @@ exports.dest_domains = function (next, connection, params) {
     }
 
     transaction.results.add(this, {fail: 'relay_dest_domain'});
-    return next(DENY, "Mail for that recipient is not accepted here.");
+    next(DENY, "Mail for that recipient is not accepted here.");
 }
 
 exports.force_routing = function (next, hmail, domain) {
@@ -196,7 +195,7 @@ exports.force_routing = function (next, hmail, domain) {
     }
 
     this.logdebug(this, `using ${nexthop} for: ${domain}`);
-    return next(OK, nexthop);
+    next(OK, nexthop);
 }
 
 exports.all = function (next, connection, params) {

package/plugins/reseed_rng.js

@@ -1,4 +1,4 @@
-const crypto = require('crypto');
+const crypto = require('node:crypto');
 
 exports.hook_init_child = function (next) {
     Math.seedrandom(crypto.randomBytes(256).toString('hex'));