Haraka 3.0.2 → 3.0.4

package/docs/plugins/spamassassin.md

@@ -1,180 +0,0 @@
-spamassassin
-============
-
-This plugin implements the spamd protocol and will send messages to
-spamd for scoring.
-
-Configuration
--------------
-
-spamassassin.ini
-
-- spamd\_socket = \[host:port | /path/to/socket\]  *optional*
-
-    Default: localhost:783
-
-    Host or path to socket where spamd is running.
-
-- spamd\_user = \[user\]   *optional*
-
-    Default: default
-
-    Username to pass to spamd.  This is useful when you are running
-    spamd with virtual users.
-
-    You can also pass this value in dynamically by setting:
-
-    1. `connection.transaction.notes.spamd_user` in another plugin.
-
-    2. The special username: _first-recipient_. The first envelope recipient
-       will be used as the username.
-
-    3. the special username _all-recipients_ may eventually be supported. See
-       the get_spamd_username function in the plugin.
-
-- max\_size = N  *optional*
-
-    Default: 500000
-
-    Maximum size of messages (in bytes) to send to spamd.
-    Messages over this size will be skipped.
-
-- reject\_threshold = N   *optional*
-
-    Default: none (do not reject any mail)
-
-    SpamAssassin score at which the mail should be rejected.
-
-- relay\_reject\_threshold = N  *optional*
-
-    Default: none
-
-    As above, except this threshold only applies to connections
-    that are relays (e.g. AUTH) where connection.relaying = true.
-    This is used to set a *lower* thresold at which to reject mail
-    from these hosts to prevent sending outbound spam.
-
-    If this is not set, then the `reject_thresold` value is used.
-
-- munge\_subject\_threshold = N  *optional*
-
-    Default: none (do not munge the subject)
-
-    Score at which the subject should be munged (prefixed).
-
-- subject\_prefix = \[prefix\]   *optional*
-
-    Default: *** SPAM ***
-
-    Prefix to use when munging the subject.
-
-- old\_headers\_action = \[rename | drop | keep\]   *optional*
-
-    Default: rename
-
-    If old X-Spam-\* headers are in the email, what do we do with them?
-
-    `rename` them to X-Old-Spam-\*.
-
-    `drop` will delete them.
-
-    `keep` will keep them (new X-Spam-\* headers appear lower down in
-    the headers then).
-
-- connect\_timeout = N  *optional*
-
-    Default: 30
-
-    Time in seconds to wait for a connection to spamd
-
-- results\_timeout = N  *optional*
-
-    Default: 300
-
-    Time in seconds to wait for results from spamd
-
-
-[check]
-=======
-
-The optional check section can allow skipping SpamAssassin check for remote connection
-meeting following criteria.
-
-- authenticated
-
-    Default: true
-
-    If true, messages from authenticated users will be scored.
-
-- private\_ip
-
-    Default: true
-
-    If true, messages from private IPs will be scored.
-
-- local\_ip
-
-    Default: true
-
-    If true, messages from localhost will be scored.
-
-- relay
-
-    Default: true
-
-    If true, messages that are to be relayed will be scored.
-
-[defer]
-=======
-
-The optional defer section can allow returning a DENYSOFT status back to the
-client.  Setting these to true will force the client to retry later in cases where
-spamassassin is not responding properly.  If set to false, then the errors
-will be ignored and message processing will continue.
-
-- error
-
-    Default: false
-
-    If true, return DENYSOFT on socket errors
-
-- connect\_timeout
-
-    Default: false
-
-    If true, return DENYSOFT on socket connection timeouts
-
-- scan\_timeout
-
-    Default: false
-
-    If true, return DENYSOFT on scan timeouts
-
-Extras
-======
-
-A SpamAssassin plugin can be found in the `contrib` directory.
-The `Haraka.\[pm|cf\]` files should be placed in the SpamAssassin local
-site rules directory (/etc/mail/spamassassin on Linux), spamd should be
-restarted and the plugin will make spamd output the Haraka UUID as part
-of its log output to aid debugging when searching the mail logs.
-
-
-Changes
---------------
-
-This plugin now passes the X-Spam-\* headers generated by SA through
-unaltered. You can control the presence and appearance of X-Spam-\*
-headers by editing your SpamAssassin config.
-
-The default headers added by SpamAssassin are:
-
-    add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_
-    add_header spam Flag _YESNOCAPS_
-    add_header all Level _STARS(\*)_
-    add_header all Status "_YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_"
-
-Other headers options you might find interesting or useful are:
-
-    add_header all DCC _DCCB_: _DCCR_
-    add_header all Tests _TESTS_

package/outbound/mx_lookup.js

@@ -1,70 +0,0 @@
-"use strict";
-
-const dns         = require('dns');
-const net_utils   = require('haraka-net-utils')
-
-const obc         = require('./config');
-
-exports.lookup_mx = function lookup_mx (domain, cb) {
-    const mxs = [];
-
-    // Possible DNS errors
-    // NODATA
-    // FORMERR
-    // BADRESP
-    // NOTFOUND
-    // BADNAME
-    // TIMEOUT
-    // CONNREFUSED
-    // NOMEM
-    // DESTRUCTION
-    // NOTIMP
-    // EREFUSED
-    // SERVFAIL
-
-    // default wrap_mx just returns our object with "priority" and "exchange" keys
-    let wrap_mx = a => a;
-    async function process_dns (err, addresses) {
-        if (err) {
-            if (err.code === 'ENODATA' || err.code === 'ENOTFOUND') {
-                // Most likely this is a hostname with no MX record
-                // Drop through and we'll get the A record instead.
-                return 0;
-            }
-            cb(err);
-        }
-        else if (addresses?.length) {
-            for (let i=0,l=addresses.length; i < l; i++) {
-                if (
-                    obc.cfg.local_mx_ok ||
-                    await net_utils.is_local_host(addresses[i].exchange).catch(() => null) === false
-                ) {
-                    const mx = wrap_mx(addresses[i]);
-                    mxs.push(mx);
-                }
-            }
-            cb(null, mxs);
-        }
-        else {
-            // return zero if we need to keep trying next option
-            return 0;
-        }
-        return 1;
-    }
-
-    net_utils.get_mx(domain, async (err, addresses) => {
-        if (await process_dns(err, addresses)) return;
-
-        // if MX lookup failed, we lookup an A record. To do that we change
-        // wrap_mx() to return same thing as resolveMx() does.
-        wrap_mx = a => ({priority:0,exchange:a});
-        // IS: IPv6 compatible
-        dns.resolve(domain, async (err2, addresses2) => {
-            if (await process_dns(err2, addresses2)) return;
-
-            err2 = new Error("Found nowhere to deliver to");
-            err2.code = 'NOMX';
-            cb(err2);
-        });
-    });
-}

package/plugins/auth/auth_ldap.js

@@ -1,3 +0,0 @@
-exports.register = function () {
-    this.logerror('This plugin has moved. See https://github.com/haraka/haraka-plugin-auth-ldap');
-}

package/plugins/avg.js

@@ -1,162 +0,0 @@
-// avg - AVG virus scanner
-'use strict';
-
-// TODO: use pooled connections
-
-const fs   = require('fs');
-const path = require('path');
-
-const sock = require('./line_socket');
-
-const smtp_regexp = /^(\d{3})([ -])(.*)/;
-
-exports.register = function () {
-
-    this.load_avg_ini();
-}
-
-exports.load_avg_ini = function () {
-
-    this.cfg = this.config.get('avg.ini', {
-        booleans: [
-            '+defer.timeout',
-            '+defer.error',
-        ],
-    }, () => {
-        this.load_avg_ini();
-    });
-}
-
-exports.get_tmp_file = function (transaction) {
-    const tmpdir  = this.cfg.main.tmpdir || '/tmp';
-    return path.join(tmpdir, `${transaction.uuid}.tmp`);
-}
-
-exports.hook_data_post = function (next, connection) {
-    if (!connection?.transaction) return next()
-
-    const plugin = this;
-    const tmpfile = plugin.get_tmp_file(connection.transaction);
-    const ws      = fs.createWriteStream(tmpfile);
-
-    ws.once('error', err => {
-        connection.results.add(plugin, {
-            err: `Error writing temporary file: ${err.message}`
-        });
-        if (!plugin.cfg.defer.error) return next();
-        return next(DENYSOFT, 'Virus scanner error (AVG)');
-    });
-
-    ws.once('close', () => {
-        const start_time = Date.now();
-        const socket = new sock.Socket();
-        socket.setTimeout((plugin.cfg.main.connect_timeout || 10) * 1000);
-        let connected = false;
-        let command = 'connect';
-        let response = [];
-
-        function do_next (code, msg) {
-            fs.unlink(tmpfile, () => {});
-            return next(code, msg);
-        }
-
-        socket.send_command = function (cmd, data) {
-            const line = cmd + (data ? (` ${data}`) : '');
-            connection.logprotocol(plugin, `> ${line}`);
-            this.write(`${line}\r\n`);
-            command = cmd.toLowerCase();
-            response = [];
-        };
-
-        socket.on('timeout', () => {
-            const msg = `${connected ? 'connection' : 'session'   } timed out`;
-            connection.results.add(plugin, { err: msg });
-            if (!plugin.cfg.defer.timeout) return do_next();
-            return do_next(DENYSOFT, 'Virus scanner timeout (AVG)');
-        });
-
-        socket.on('error', err => {
-            connection.results.add(plugin, { err: err.message });
-            if (!plugin.cfg.defer.error) return do_next();
-            return do_next(DENYSOFT, 'Virus scanner error (AVG)');
-        });
-
-        socket.on('connect', function () {
-            connected = true;
-            this.setTimeout((plugin.cfg.main.session_timeout || 30) * 1000);
-        });
-
-        socket.on('line', line => {
-            const matches = smtp_regexp.exec(line);
-            connection.logprotocol(plugin, `< ${line}`);
-            if (!matches) {
-                connection.results.add(plugin,
-                    { err: `Unrecognized response: ${line}` });
-                socket.end();
-                if (!plugin.cfg.defer.error) return do_next();
-                return do_next(DENYSOFT, 'Virus scanner error (AVG)');
-            }
-
-            const code = matches[1];
-            const cont = matches[2];
-            const rest = matches[3];
-            response.push(rest);
-            if (cont !== ' ') return;
-
-            switch (command) {
-                case 'connect':
-                    if (code !== '220') {
-                        // Error
-                        connection.results.add(plugin, {
-                            err: `Unrecognized response: ${line}`,
-                        });
-                        if (!plugin.cfg.defer.timeout) return do_next();
-                        return do_next(DENYSOFT, 'Virus scanner error (AVG)');
-                    }
-                    else {
-                        socket.send_command('SCAN', tmpfile);
-                    }
-                    break;
-                case 'scan': {
-                    const elapsed = Date.now() - start_time;
-                    connection.loginfo(plugin, {
-                        time: `${elapsed}ms`,
-                        code,
-                        response: `"${response.join(' ')}"`
-                    })
-                    // Check code
-                    switch (code) {
-                        case '200':  // 200 ok
-                            // Message did not contain a virus
-                            connection.results.add(plugin, { pass: 'clean' });
-                            socket.send_command('QUIT');
-                            return do_next();
-                        case '403':
-                            // File 'eicar.com', 'Virus identified EICAR_Test'
-                            connection.results.add(plugin, {
-                                fail: response.join(' ')
-                            });
-                            socket.send_command('QUIT');
-                            return do_next(DENY, response.join(' '));
-                        default:
-                            // Any other result is an error
-                            connection.results.add(plugin, {
-                                err: `Bad response: ${response.join(' ')}`
-                            });
-                    }
-                    socket.send_command('QUIT');
-                    if (!plugin.cfg.defer.error) return do_next();
-                    return do_next(DENYSOFT, 'Virus scanner error (AVG)');
-                }
-                case 'quit':
-                    socket.end();
-                    break;
-                default:
-                    throw new Error(`Unknown command: ${command}`);
-            }
-        });
-        socket.connect((plugin.cfg.main.port || 54322), plugin.cfg.main.host);
-    });
-
-    connection.transaction.message_stream.pipe(ws, { line_endings: '\r\n' });
-}

package/plugins/backscatterer.js

@@ -1,25 +0,0 @@
-// backscatterer plugin
-
-exports.register = function () {
-    this.inherits('dns_list_base');
-}
-
-exports.hook_mail = function (next, connection, params) {
-    const user = ((params[0]?.user) ?
-        params[0].user.toLowerCase() : null);
-    if (!(!user || user === 'postmaster')) return next();
-    // Check remote IP on ips.backscatterer.org
-    const plugin = this;
-
-    function resultCb (err, zone, a) {
-        if (err) {
-            connection.logerror(plugin, err);
-            return next();
-        }
-        if (!a) return next();
-        const msg = `Host ${connection.remote.host} [${connection.remote.ip}] is blacklisted by ${zone}`;
-        return next(DENY, msg);
-    }
-
-    this.first(connection.remote.ip, [ 'ips.backscatterer.org' ], resultCb);
-}