npm - Haraka - Versions diffs - 3.0.2 → 3.0.4 - Mend

Haraka 3.0.2 → 3.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (267) hide show

package/.eslintrc.yaml +5 -9
package/.prettierrc.yml +1 -0
package/CONTRIBUTORS.md +11 -0
package/Changes.md +1393 -1211
package/Dockerfile +3 -3
package/Plugins.md +119 -106
package/README.md +7 -16
package/TODO +1 -24
package/bin/haraka +197 -298
package/config/auth_flat_file.ini +2 -0
package/config/auth_vpopmaild.ini +4 -2
package/config/dhparams.pem +8 -0
package/config/mail_from.is_resolvable.ini +4 -2
package/config/me +1 -0
package/config/outbound.ini +0 -2
package/config/plugins +36 -35
package/config/rabbitmq_amqplib.ini +8 -1
package/config/smtp.ini +0 -1
package/config/smtp.json +17 -0
package/config/tls_cert.pem +23 -0
package/config/tls_key.pem +28 -0
package/connection.js +46 -73
package/contrib/bsd-rc.d/haraka +3 -1
package/contrib/plugin2npm.sh +6 -36
package/docs/Connection.md +1 -1
package/docs/CoreConfig.md +2 -2
package/docs/Logging.md +7 -21
package/docs/Outbound.md +104 -210
package/docs/Plugins.md +47 -40
package/docs/Transaction.md +59 -82
package/docs/{plugins → deprecated}/connect.rdns_access.md +1 -1
package/docs/{plugins → deprecated}/mail_from.access.md +1 -1
package/docs/{plugins → deprecated}/rcpt_to.access.md +1 -1
package/docs/plugins/auth/auth_vpopmaild.md +15 -19
package/docs/plugins/auth/flat_file.md +23 -30
package/docs/plugins/queue/rabbitmq_amqplib.md +7 -0
package/docs/plugins/queue/smtp_forward.md +1 -1
package/docs/plugins/queue/smtp_proxy.md +5 -10
package/docs/plugins/relay.md +2 -2
package/docs/plugins/tls.md +29 -9
package/endpoint.js +16 -13
package/haraka.js +10 -14
package/host_pool.js +5 -5
package/line_socket.js +3 -4
package/logger.js +44 -28
package/outbound/client_pool.js +27 -23
package/outbound/config.js +4 -6
package/outbound/fsync_writestream.js +1 -1
package/outbound/hmail.js +180 -220
package/outbound/index.js +86 -99
package/outbound/qfile.js +1 -1
package/outbound/queue.js +55 -43
package/outbound/timer_queue.js +3 -2
package/outbound/tls.js +19 -7
package/package.json +66 -55
package/plugins/.eslintrc.yaml +0 -6
package/plugins/auth/auth_base.js +30 -12
package/plugins/auth/auth_proxy.js +14 -12
package/plugins/auth/auth_vpopmaild.js +30 -20
package/plugins/auth/flat_file.js +17 -12
package/plugins/block_me.js +1 -1
package/plugins/data.signatures.js +2 -4
package/plugins/early_talker.js +2 -1
package/plugins/mail_from.is_resolvable.js +65 -135
package/plugins/queue/deliver.js +4 -5
package/plugins/queue/lmtp.js +11 -14
package/plugins/queue/qmail-queue.js +2 -2
package/plugins/queue/quarantine.js +2 -2
package/plugins/queue/rabbitmq.js +16 -17
package/plugins/queue/rabbitmq_amqplib.js +1 -1
package/plugins/queue/smtp_forward.js +6 -6
package/plugins/queue/smtp_proxy.js +10 -1
package/plugins/queue/test.js +2 -2
package/plugins/rcpt_to.host_list_base.js +5 -5
package/plugins/rcpt_to.in_host_list.js +2 -2
package/plugins/relay.js +6 -7
package/plugins/reseed_rng.js +1 -1
package/plugins/status.js +37 -33
package/plugins/tls.js +2 -2
package/plugins/xclient.js +3 -2
package/plugins.js +51 -54
package/run_tests +3 -30
package/server.js +190 -190
package/smtp_client.js +30 -23
package/{tests → test}/config/plugins +0 -2
package/{tests → test}/config/smtp.ini +1 -1
package/test/config/tls/example.com/_.example.com.key +28 -0
package/test/config/tls/example.com/example.com.crt +25 -0
package/test/connection.js +302 -0
package/test/endpoint.js +94 -0
package/{tests → test}/fixtures/line_socket.js +1 -1
package/{tests → test}/fixtures/util_hmailitem.js +19 -25
package/{tests → test}/host_pool.js +42 -57
package/test/logger.js +258 -0
package/test/outbound/hmail.js +141 -0
package/test/outbound/index.js +220 -0
package/test/outbound/qfile.js +126 -0
package/test/outbound_bounce_net_errors.js +142 -0
package/{tests → test}/outbound_bounce_rfc3464.js +110 -122
package/test/plugins/auth/auth_base.js +484 -0
package/test/plugins/auth/auth_vpopmaild.js +83 -0
package/test/plugins/early_talker.js +104 -0
package/test/plugins/mail_from.is_resolvable.js +35 -0
package/test/plugins/queue/smtp_forward.js +206 -0
package/test/plugins/rcpt_to.host_list_base.js +122 -0
package/test/plugins/rcpt_to.in_host_list.js +193 -0
package/test/plugins/relay.js +303 -0
package/test/plugins/status.js +130 -0
package/test/plugins/tls.js +70 -0
package/test/plugins.js +228 -0
package/{tests → test}/queue/multibyte +0 -0
package/{tests → test}/queue/plain +0 -0
package/test/rfc1869.js +73 -0
package/test/server.js +491 -0
package/test/smtp_client.js +299 -0
package/test/tls_socket.js +273 -0
package/test/transaction.js +270 -0
package/tls_socket.js +202 -252
package/transaction.js +9 -24
package/CONTRIBUTING.md +0 -1
package/bin/dkimverify +0 -40
package/config/access.domains +0 -13
package/config/attachment.ctype.regex +0 -2
package/config/attachment.filename.regex +0 -1
package/config/avg.ini +0 -5
package/config/bounce.ini +0 -15
package/config/data.headers.ini +0 -61
package/config/dkim/dkim_key_gen.sh +0 -78
package/config/dkim_sign.ini +0 -4
package/config/dkim_verify.ini +0 -7
package/config/dnsbl.ini +0 -23
package/config/greylist.ini +0 -43
package/config/helo.checks.ini +0 -52
package/config/lookup_rdns.strict.ini +0 -12
package/config/lookup_rdns.strict.timeout +0 -1
package/config/lookup_rdns.strict.whitelist +0 -1
package/config/lookup_rdns.strict.whitelist_regex +0 -5
package/config/messagesniffer.ini +0 -18
package/config/rcpt_to.blocklist +0 -1
package/config/rdns.allow_regexps +0 -0
package/config/rdns.deny_regexps +0 -0
package/config/spamassassin.ini +0 -56
package/config.js +0 -6
package/dkim.js +0 -614
package/docs/plugins/avg.md +0 -35
package/docs/plugins/bounce.md +0 -69
package/docs/plugins/clamd.md +0 -147
package/docs/plugins/esets.md +0 -8
package/docs/plugins/greylist.md +0 -90
package/docs/plugins/helo.checks.md +0 -135
package/docs/plugins/messagesniffer.md +0 -163
package/docs/plugins/relay_acl.md +0 -29
package/docs/plugins/relay_all.md +0 -15
package/docs/plugins/relay_force_routing.md +0 -33
package/docs/plugins/spamassassin.md +0 -180
package/outbound/mx_lookup.js +0 -70
package/plugins/auth/auth_ldap.js +0 -3
package/plugins/avg.js +0 -162
package/plugins/backscatterer.js +0 -25
package/plugins/bounce.js +0 -381
package/plugins/clamd.js +0 -381
package/plugins/data.headers.js +0 -4
package/plugins/data.uribl.js +0 -4
package/plugins/dkim_sign.js +0 -395
package/plugins/dkim_verify.js +0 -62
package/plugins/dns_list_base.js +0 -221
package/plugins/dnsbl.js +0 -146
package/plugins/dnswl.js +0 -58
package/plugins/esets.js +0 -71
package/plugins/graph.js +0 -5
package/plugins/greylist.js +0 -645
package/plugins/helo.checks.js +0 -533
package/plugins/messagesniffer.js +0 -381
package/plugins/rcpt_to.ldap.js +0 -3
package/plugins/rcpt_to.max_count.js +0 -24
package/plugins/relay_all.js +0 -13
package/plugins/spamassassin.js +0 -384
package/tests/config/dkim/example.com/dns +0 -29
package/tests/config/dkim/example.com/private +0 -6
package/tests/config/dkim/example.com/public +0 -4
package/tests/config/dkim/example.com/selector +0 -1
package/tests/config/dkim.private.key +0 -6
package/tests/config/dkim_sign.ini +0 -4
package/tests/config/helo.checks.ini +0 -52
package/tests/connection.js +0 -327
package/tests/endpoint.js +0 -128
package/tests/fixtures/vm_harness.js +0 -59
package/tests/logger.js +0 -327
package/tests/outbound/hmail.js +0 -112
package/tests/outbound/index.js +0 -324
package/tests/outbound/qfile.js +0 -67
package/tests/outbound_bounce_net_errors.js +0 -173
package/tests/plugins/auth/auth_base.js +0 -463
package/tests/plugins/auth/auth_vpopmaild.js +0 -91
package/tests/plugins/bounce.js +0 -307
package/tests/plugins/clamd.js +0 -224
package/tests/plugins/deprecated/relay_acl.js +0 -140
package/tests/plugins/deprecated/relay_all.js +0 -59
package/tests/plugins/dkim_sign.js +0 -315
package/tests/plugins/dkim_signer.js +0 -108
package/tests/plugins/dns_list_base.js +0 -259
package/tests/plugins/dnsbl.js +0 -101
package/tests/plugins/early_talker.js +0 -115
package/tests/plugins/greylist.js +0 -58
package/tests/plugins/helo.checks.js +0 -525
package/tests/plugins/mail_from.is_resolvable.js +0 -116
package/tests/plugins/queue/smtp_forward.js +0 -221
package/tests/plugins/rcpt_to.host_list_base.js +0 -132
package/tests/plugins/rcpt_to.in_host_list.js +0 -218
package/tests/plugins/relay.js +0 -339
package/tests/plugins/spamassassin.js +0 -171
package/tests/plugins/status.js +0 -138
package/tests/plugins/tls.js +0 -84
package/tests/plugins.js +0 -247
package/tests/rfc1869.js +0 -61
package/tests/server.js +0 -510
package/tests/smtp_client/auth.js +0 -105
package/tests/smtp_client/basic.js +0 -101
package/tests/smtp_client.js +0 -80
package/tests/tls_socket.js +0 -333
package/tests/transaction.js +0 -284
/package/docs/{plugins → deprecated}/dkim_sign.md +0 -0
/package/docs/{plugins → deprecated}/dkim_verify.md +0 -0
/package/docs/{plugins → deprecated}/dnsbl.md +0 -0
/package/docs/{plugins → deprecated}/dnswl.md +0 -0
/package/docs/{plugins → deprecated}/rcpt_to.routes.md +0 -0
/package/{tests → test}/.eslintrc.yaml +0 -0
/package/{tests → test}/config/auth_flat_file.ini +0 -0
/package/{tests → test}/config/dhparams.pem +0 -0
/package/{tests → test}/config/host_list +0 -0
/package/{tests → test}/config/outbound_tls_cert.pem +0 -0
/package/{tests → test}/config/outbound_tls_key.pem +0 -0
/package/{tests → test}/config/smtp_forward.ini +0 -0
/package/{tests → test}/config/tls/ec.pem +0 -0
/package/{tests → test}/config/tls/haraka.local.pem +0 -0
/package/{tests → test}/config/tls/mismatched.pem +0 -0
/package/{tests → test}/config/tls.ini +0 -0
/package/{tests → test}/config/tls_cert.pem +0 -0
/package/{tests → test}/config/tls_key.pem +0 -0
/package/{tests → test}/fixtures/todo_qfile.txt +0 -0
/package/{tests → test}/installation/config/test-plugin-flat +0 -0
/package/{tests → test}/installation/config/test-plugin.ini +0 -0
/package/{tests → test}/installation/config/tls.ini +0 -0
/package/{tests → test}/installation/node_modules/load_first/index.js +0 -0
/package/{tests → test}/installation/node_modules/load_first/package.json +0 -0
/package/{tests → test}/installation/node_modules/test-plugin/config/test-plugin-flat +0 -0
/package/{tests → test}/installation/node_modules/test-plugin/config/test-plugin.ini +0 -0
/package/{tests → test}/installation/node_modules/test-plugin/package.json +0 -0
/package/{tests → test}/installation/node_modules/test-plugin/test-plugin.js +0 -0
/package/{tests → test}/installation/plugins/base_plugin.js +0 -0
/package/{tests → test}/installation/plugins/folder_plugin/index.js +0 -0
/package/{tests → test}/installation/plugins/folder_plugin/package.json +0 -0
/package/{tests → test}/installation/plugins/inherits.js +0 -0
/package/{tests → test}/installation/plugins/load_first.js +0 -0
/package/{tests → test}/installation/plugins/plugin.js +0 -0
/package/{tests → test}/installation/plugins/tls.js +0 -0
/package/{tests → test}/loud/config/dhparams.pem +0 -0
/package/{tests → test}/loud/config/tls/goobered.pem +0 -0
/package/{tests → test}/loud/config/tls.ini +0 -0
/package/{tests → test}/mail_specimen/base64-root-part.txt +0 -0
/package/{tests → test}/mail_specimen/varied-fold-lengths-preserve-data.txt +0 -0
/package/{tests → test}/queue/1507509981169_1507509981169_0_61403_e0Y0Ym_1_fixed +0 -0
/package/{tests → test}/queue/1507509981169_1507509981169_0_61403_e0Y0Ym_1_haraka +0 -0
/package/{tests → test}/queue/1508269674999_1508269674999_0_34002_socVUF_1_haraka +0 -0
/package/{tests → test}/queue/1508455115683_1508455115683_0_90253_9Q4o4V_1_haraka +0 -0
/package/{tests → test}/queue/zero-length +0 -0
/package/{tests → test}/test-queue/delete-me +0 -0

package/plugins/helo.checks.js DELETED Viewed

@@ -1,533 +0,0 @@
-'use strict';
-// Check various bits of the HELO string
-const tlds      = require('haraka-tld');
-const dns       = require('dns');
-const net_utils = require('haraka-net-utils');
-const utils     = require('haraka-utils');
-const checks = [
-    'match_re',           // List of regexps
-    'bare_ip',            // HELO is bare IP (vs required Address Literal)
-    'dynamic',            // HELO hostname looks dynamic (dsl|dialup|etc...)
-    'big_company',        // Well known HELOs that must match rdns
-    'valid_hostname',     // HELO hostname is a legal DNS name
-    'rdns_match',         // HELO hostname matches rDNS
-    'forward_dns',        // HELO hostname resolves to the connecting IP
-    'host_mismatch',      // hostname differs between invocations
-];
-exports.register = function () {
-    this.load_helo_checks_ini();
-    if (this.cfg.check.proto_mismatch) {
-        // NOTE: these *must* run before init
-        this.register_hook('helo', 'proto_mismatch_smtp');
-        this.register_hook('ehlo', 'proto_mismatch_esmtp');
-    }
-    // Always run init
-    this.register_hook('helo', 'init');
-    this.register_hook('ehlo', 'init');
-    for (const c of checks) {
-        if (!this.cfg.check[c]) continue; // disabled in config
-        this.register_hook('helo', c);
-        this.register_hook('ehlo', c);
-    }
-    // Always emit a log entry
-    this.register_hook('helo', 'emit_log');
-    this.register_hook('ehlo', 'emit_log');
-    // IP literal that doesn't match remote IP
-    this.register_hook('helo', 'literal_mismatch');
-    this.register_hook('ehlo', 'literal_mismatch');
-    this.cfg.check.literal_mismatch = this.cfg.check.literal_mismatch ?? 2;
-    this.cfg.reject.literal_mismatch = this.cfg.reject.literal_mismatch ?? false;
-    if (this.cfg.check.match_re) {
-        const load_re_file = () => {
-            const regex_list = utils.valid_regexes(this.config.get('helo.checks.regexps', 'list', load_re_file));
-            // pre-compile the regexes
-            this.cfg.list_re = new RegExp(`^(${regex_list.join('|')})$`, 'i');
-        };
-        load_re_file();
-    }
-}
-exports.load_helo_checks_ini = function () {
-    const booleans = [
-        '+skip.private_ip',
-        '+skip.whitelist',
-        '+skip.relaying',
-        '+check.proto_mismatch',
-        '-reject.proto_mismatch',
-    ];
-    checks.forEach(c => {
-        booleans.push(`+check.${c}`);
-        booleans.push(`-reject.${c}`);
-    });
-    this.cfg = this.config.get('helo.checks.ini', { booleans },
-        () => {
-            this.load_helo_checks_ini();
-        });
-    // backwards compatible with old config file
-    if (this.cfg.check_no_dot !== undefined) {
-        this.cfg.check.valid_hostname = !!this.cfg.check_no_dot;
-    }
-    if (this.cfg.check_dynamic !== undefined) {
-        this.cfg.check.dynamic = !!this.cfg.check_dynamic;
-    }
-    if (this.cfg.check_raw_ip !== undefined) {
-        this.cfg.check.bare_ip = !!this.cfg.check_raw_ip;
-    }
-    // non-default setting, so apply their localized setting
-    if (this.cfg.check.mismatch !== undefined && !this.cfg.check.mismatch) {
-        this.logerror('deprecated setting mismatch renamed to host_mismatch');
-        this.cfg.check.host_mismatch = this.cfg.check.mismatch;
-    }
-    if (this.cfg.reject.mismatch !== undefined && this.cfg.reject.mismatch) {
-        this.logerror('deprecated setting mismatch renamed to host_mismatch');
-        this.cfg.reject.host_mismatch = this.cfg.reject.mismatch;
-    }
-}
-exports.init = function (next, connection, helo) {
-    if (!connection.results.has('helo.checks', 'helo_host', helo)) {
-        connection.results.add(this, {helo_host: helo});
-    }
-    next();
-}
-exports.should_skip = function (connection, test_name) {
-    if (connection.results.has('helo.checks', '_skip_hooks', test_name)) {
-        this.logdebug(connection, `SKIPPING: ${test_name}`);
-        return true;
-    }
-    connection.results.push(this, {_skip_hooks: test_name});
-    if (this.cfg.skip.relaying && connection.relaying) {
-        connection.results.add(this, {skip: `${test_name}(relay)`});
-        return true;
-    }
-    if (this.cfg.skip.private_ip && connection.remote.is_private) {
-        connection.results.add(this, {skip: `${test_name}(private)`});
-        return true;
-    }
-    return false;
-}
-exports.host_mismatch = function (next, connection, helo) {
-    if (this.should_skip(connection, 'host_mismatch')) return next();
-    const prev_helo = connection.results.get('helo.checks').helo_host;
-    if (!prev_helo) {
-        connection.results.add(this, {skip: 'host_mismatch(1st)'});
-        connection.notes.prev_helo = helo;
-        return next();
-    }
-    if (prev_helo === helo) {
-        connection.results.add(this, {pass: 'host_mismatch'});
-        return next();
-    }
-    const msg = `host_mismatch(${prev_helo} / ${helo})`;
-    connection.results.add(this, {fail: msg});
-    if (!this.cfg.reject.host_mismatch) return next();
-    next(DENY, `HELO host ${msg}`);
-}
-exports.valid_hostname = function (next, connection, helo) {
-    if (this.should_skip(connection, 'valid_hostname')) return next();
-    if (net_utils.is_ip_literal(helo)) {
-        connection.results.add(this, {skip: 'valid_hostname(literal)'});
-        return next();
-    }
-    if (!/\./.test(helo)) {
-        connection.results.add(this, {fail: 'valid_hostname(no_dot)'});
-        if (this.cfg.reject.valid_hostname) {
-            return next(DENY, 'HELO host must be a FQDN or address literal (RFC 5321 2.3.5)');
-        }
-        return next();
-    }
-    // this will fail if TLD is invalid or hostname is a public suffix
-    if (!tlds.get_organizational_domain(helo)) {
-        // Check for any excluded TLDs
-        const excludes = this.config.get('helo.checks.allow', 'list');
-        const tld = (helo.split(/\./).reverse())[0].toLowerCase();
-        // Exclude .local, .lan and .corp
-        if (tld === 'local' || tld === 'lan' || tld === 'corp' || excludes.includes(`.${tld}`)) {
-            return next();
-        }
-        connection.results.add(this, {fail: 'valid_hostname'});
-        if (this.cfg.reject.valid_hostname) {
-            return next(DENY, "HELO host name invalid");
-        }
-        return next();
-    }
-    connection.results.add(this, {pass: 'valid_hostname'});
-    next();
-}
-exports.match_re = function (next, connection, helo) {
-    if (this.should_skip(connection, 'match_re')) return next();
-    if (this.cfg.list_re?.test(helo)) {
-        connection.results.add(this, {fail: 'match_re'});
-        if (this.cfg.reject.match_re) {
-            return next(DENY, "That HELO not allowed here");
-        }
-        return next();
-    }
-    connection.results.add(this, {pass: 'match_re'});
-    next();
-}
-exports.rdns_match = function (next, connection, helo) {
-    if (this.should_skip(connection, 'rdns_match')) return next();
-    if (!helo) {
-        connection.results.add(this, {fail: 'rdns_match(empty)'});
-        return next();
-    }
-    if (net_utils.is_ip_literal(helo)) {
-        connection.results.add(this, {fail: 'rdns_match(literal)'});
-        return next();
-    }
-    const r_host = connection.remote.host;
-    if (r_host && helo === r_host) {
-        connection.results.add(this, {pass: 'rdns_match'});
-        return next();
-    }
-    if (tlds.get_organizational_domain(r_host) ===
-        tlds.get_organizational_domain(helo)) {
-        connection.results.add(this, {pass: 'rdns_match(org_dom)'});
-        return next();
-    }
-    connection.results.add(this, {fail: 'rdns_match'});
-    if (this.cfg.reject.rdns_match) {
-        return next(DENY, 'HELO host does not match rDNS');
-    }
-    next();
-}
-exports.bare_ip = function (next, connection, helo) {
-    if (this.should_skip(connection, 'bare_ip')) return next();
-    // RFC 2821, 4.1.1.1  Address literals must be in brackets
-    // RAW IPs must be formatted: "[1.2.3.4]" not "1.2.3.4" in HELO
-    if (net_utils.get_ipany_re('^(?:IPv6:)?','$','').test(helo)) {
-        connection.results.add(this, {fail: 'bare_ip(invalid literal)'});
-        if (this.cfg.reject.bare_ip) {
-            return next(DENY, "Invalid address format in HELO");
-        }
-        return next();
-    }
-    connection.results.add(this, {pass: 'bare_ip'});
-    next();
-}
-exports.dynamic = function (next, connection, helo) {
-    if (this.should_skip(connection, 'dynamic')) return next();
-    // Skip if no dots or an IP literal or address
-    if (!/\./.test(helo)) {
-        connection.results.add(this, {skip: 'dynamic(no dots)'});
-        return next();
-    }
-    if (net_utils.get_ipany_re('^\\[?(?:IPv6:)?','\\]?$','').test(helo)) {
-        connection.results.add(this, {skip: 'dynamic(literal)'});
-        return next();
-    }
-    if (net_utils.is_ip_in_str(connection.remote.ip, helo)) {
-        connection.results.add(this, {fail: 'dynamic'});
-        if (this.cfg.reject.dynamic) {
-            return next(DENY, 'HELO is dynamic');
-        }
-        return next();
-    }
-    connection.results.add(this, {pass: 'dynamic'});
-    next();
-}
-exports.big_company = function (next, connection, helo) {
-    if (this.should_skip(connection, 'big_company')) return next();
-    if (net_utils.is_ip_literal(helo)) {
-        connection.results.add(this, {skip: 'big_co(literal)'});
-        return next();
-    }
-    if (!this.cfg.bigco) {
-        connection.results.add(this, {err: 'big_co(config missing)'});
-        return next();
-    }
-    if (!this.cfg.bigco[helo]) {
-        connection.results.add(this, {pass: 'big_co(not)'});
-        return next();
-    }
-    const rdns = connection.remote.host;
-    if (!rdns || rdns === 'Unknown' || rdns === 'DNSERROR') {
-        connection.results.add(this, {fail: 'big_co(rDNS)'});
-        if (this.cfg.reject.big_company) {
-            return next(DENY, "Big company w/o rDNS? Unlikely.");
-        }
-        return next();
-    }
-    const allowed_rdns = this.cfg.bigco[helo].split(/,/);
-    for (const allow of allowed_rdns) {
-        const re = new RegExp(`${allow.replace(/\./g, '\\.')}$`);
-        if (re.test(rdns)) {
-            connection.results.add(this, {pass: 'big_co'});
-            return next();
-        }
-    }
-    connection.results.add(this, {fail: 'big_co'});
-    if (this.cfg.reject.big_company) {
-        return next(DENY, "You are not who you say you are");
-    }
-    next();
-}
-exports.literal_mismatch = function (next, connection, helo) {
-    if (this.should_skip(connection, 'literal_mismatch')) return next();
-    const literal = net_utils.get_ipany_re('^\\[(?:IPv6:)?','\\]$','').exec(helo);
-    if (!literal) {
-        connection.results.add(this, {pass: 'literal_mismatch'});
-        return next();
-    }
-    const lmm_mode = parseInt(this.cfg.check.literal_mismatch, 10);
-    const helo_ip = literal[1];
-    if (lmm_mode > 2 && net_utils.is_private_ip(helo_ip)) {
-        connection.results.add(this, {pass: 'literal_mismatch(private)'});
-        return next();
-    }
-    if (lmm_mode > 1) {
-        if (net_utils.same_ipv4_network(connection.remote.ip, [helo_ip])) {
-            connection.results.add(this, {pass: 'literal_mismatch'});
-            return next();
-        }
-        connection.results.add(this, {fail: 'literal_mismatch'});
-        if (this.cfg.reject.literal_mismatch) {
-            return next(DENY, 'HELO IP literal not in the same /24 as your IP address');
-        }
-        return next();
-    }
-    if (helo_ip === connection.remote.ip) {
-        connection.results.add(this, {pass: 'literal_mismatch'});
-        return next();
-    }
-    connection.results.add(this, {fail: 'literal_mismatch'});
-    if (this.cfg.reject.literal_mismatch) {
-        return next(DENY, 'HELO IP literal does not match your IP address');
-    }
-    next();
-}
-exports.forward_dns = function (next, connection, helo) {
-    if (this.should_skip(connection, 'forward_dns')) return next();
-    if (!this.cfg.check.valid_hostname) {
-        connection.results.add(this, {err: 'forward_dns(valid_hostname disabled)'});
-        return next();
-    }
-    if (net_utils.is_ip_literal(helo)) {
-        connection.results.add(this, {skip: 'forward_dns(literal)'});
-        return next();
-    }
-    if (!connection.results.has('helo.checks', 'pass', /^valid_hostname/)) {
-        connection.results.add(this, {fail: 'forward_dns(invalid_hostname)'});
-        if (this.cfg.reject.forward_dns) {
-            return next(DENY, "Invalid HELO host cannot achieve forward DNS match");
-        }
-        return next();
-    }
-    this.get_a_records(helo)
-        .then(ips => {
-            if (!ips) {
-                connection.results.add(this, {err: 'forward_dns, no ips!'});
-                return next();
-            }
-            connection.results.add(this, {ips});
-            if (ips.includes(connection.remote.ip)) {
-                connection.results.add(this, {pass: 'forward_dns'});
-                return next();
-            }
-            // some valid hosts (facebook.com, hotmail.com) use a generic HELO
-            // hostname that resolves but doesn't contain the IP that is
-            // connecting. If their rDNS passed, and their HELO hostname is in
-            // the same domain, consider it close enough.
-            if (connection.results.has('helo.checks', 'pass', /^rdns_match/)) {
-                const helo_od = tlds.get_organizational_domain(helo);
-                const rdns_od = tlds.get_organizational_domain(connection.remote.host);
-                if (helo_od && helo_od === rdns_od) {
-                    connection.results.add(this, {pass: 'forward_dns(domain)'});
-                    return next();
-                }
-                connection.results.add(this, {msg: `od miss: ${helo_od}, ${rdns_od}`});
-            }
-            connection.results.add(this, {fail: 'forward_dns(no IP match)'});
-            if (this.cfg.reject.forward_dns) {
-                return next(DENY, "HELO host has no forward DNS match");
-            }
-            next();
-        })
-        .catch(err => {
-            if (err.code === dns.NOTFOUND || err.code === dns.NODATA || err.code === dns.SERVFAIL) {
-                connection.results.add(this, {fail: `forward_dns(${err.code})`});
-                return next();
-            }
-            if (err.code === dns.TIMEOUT && this.cfg.reject.forward_dns) {
-                connection.results.add(this, {fail: `forward_dns(${err.code})`});
-                return next(DENYSOFT, "DNS timeout resolving your HELO hostname");
-            }
-            connection.results.add(this, {err: `forward_dns(${err})`, emit_log_level: 'warn'});
-            next();
-        })
-}
-exports.proto_mismatch = function (next, connection, helo, proto) {
-    if (this.should_skip(connection, 'proto_mismatch')) return next();
-    const r = connection.results.get('helo.checks');
-    if (!r || (r && !r.helo_host)) return next();
-    if ((connection.esmtp && proto === 'smtp') ||
-        (!connection.esmtp && proto === 'esmtp')) {
-        connection.results.add(this, {fail: `proto_mismatch(${proto})`});
-        if (this.cfg.reject.proto_mismatch) {
-            return next(DENY, `${proto === 'smtp' ? 'HELO' : 'EHLO'} protocol mismatch`);
-        }
-    }
-    next();
-}
-exports.proto_mismatch_smtp = function (next, connection, helo) {
-    this.proto_mismatch(next, connection, helo, 'smtp');
-}
-exports.proto_mismatch_esmtp = function (next, connection, helo) {
-    this.proto_mismatch(next, connection, helo, 'esmtp');
-}
-exports.emit_log = function (next, connection, helo) {
-    // Spits out an INFO log entry. Default looks like this:
-    // [helo.checks] helo_host: [182.212.17.35], fail:big_co(rDNS) rdns_match(literal), pass:valid_hostname, match_re, bare_ip, literal_mismatch, mismatch, skip:dynamic(literal), valid_hostname(literal)
-    //
-    // Although sometimes useful, that's a bit verbose. I find that I'm rarely
-    // interested in the passes, the helo_host is already logged elsewhere,
-    // and so I set this in config/results.ini:
-    //
-    // [helo.checks]
-    // order=fail,pass,msg,err,skip
-    // hide=helo_host,multi,pass
-    //
-    // Thus set, my log entries look like this:
-    //
-    // [UUID] [helo.checks] fail:rdns_match
-    // [UUID] [helo.checks]
-    // [UUID] [helo.checks] fail:dynamic
-    connection.loginfo(this, connection.results.collate(this));
-    next();
-}
-exports.get_a_records = async function (host) {
-    if (!/\./.test(host)) {
-        // a single label is not a host name
-        const e = new Error("invalid hostname");
-        e.code = dns.NOTFOUND;
-        throw e;
-    }
-    // Set-up timer
-    let timed_out = false;
-    const timer = setTimeout(() => {
-        timed_out = true;
-        const err = new Error(`timeout resolving: ${host}`);
-        err.code = dns.TIMEOUT;
-        this.logerror(err);
-        throw err;
-    }, (this.cfg.main.dns_timeout || 30) * 1000);
-    // fully qualify, to ignore any search options in /etc/resolv.conf
-    if (!/\.$/.test(host)) host = `${host}.`;
-    // do the queries
-    let ips
-    let err = '';
-    try {
-        ips = await net_utils.get_ips_by_host(host)
-    }
-    catch (errs) {
-        for (const error of errs) {
-            switch (error.code) {
-                case dns.NODATA:
-                case dns.NOTFOUND:
-                case dns.SERVFAIL:
-                    continue;
-                default:
-                    err = `${err}, ${error.message}`;
-            }
-        }
-    }
-    // results is now equals to: {queryA: 1, queryAAAA: 2}
-    if (timed_out) return;
-    if (timer) clearTimeout(timer);
-    if (!ips.length && err) throw err
-    // this.logdebug(this, host + ' => ' + ips);
-    // return the DNS results
-    return ips;
-};