Haraka 3.0.3 → 3.0.5

package/transaction.js

@@ -1,20 +1,16 @@
 'use strict';
 // An SMTP Transaction
 
-// node.js built-in modules
-const util   = require('util');
+const util   = require('node:util');
 
-// haraka npm modules
 const Notes  = require('haraka-notes');
 const utils  = require('haraka-utils');
-
-// Haraka modules
 const message = require('haraka-email-message')
 
 class Transaction {
-    constructor (uuid, cfg) {
+    constructor (uuid, cfg = {}) {
         this.uuid = uuid || utils.uuid();
-        this.cfg = cfg || load_smtp_ini();
+        this.cfg = cfg;
         this.mail_from = null;
         this.rcpt_to = [];
         this.header_lines = [];
@@ -50,14 +46,13 @@ class Transaction {
 
         this.body = new message.Body(this.header);
         this.body.on('mime_boundary', m => this.incr_mime_count());
-        this.attachment_start_hooks.forEach(h => {
-            this.body.on('attachment_start', h);
-        });
 
-        if (this.banner) {
-            this.body.set_banner(this.banner);
+        for (const hook of this.attachment_start_hooks) {
+            this.body.on('attachment_start', hook);
         }
 
+        if (this.banner) this.body.set_banner(this.banner);
+
         for (const o of this.body_filters) {
             this.body.add_filter((ct, enc, buf) => {
                 const re_match = (util.types.isRegExp(o.ct_match) && o.ct_match.test(ct.toLowerCase()));
@@ -147,7 +142,7 @@ class Transaction {
         }
         else if (this.header_pos === 0) {
             // Build up headers
-            if (this.header_lines.length < this.cfg.headers.max_lines) {
+            if (this.header_lines.length < (this.cfg?.headers?.max_lines || 1000)) {
                 if (line[0] === 0x2E) line = line.slice(1); // Strip leading '.'
                 this.header_lines.push(line.toString(this.encoding).replace(/\r\n$/, '\n'));
             }
@@ -255,13 +250,3 @@ exports.Transaction = Transaction;
 exports.createTransaction = (uuid, cfg) => {
     return new Transaction(uuid, cfg);
 }
-
-// sunset after test-fixtures createTransaction() is updated to pass in cfg
-function load_smtp_ini () {
-    const config = require('haraka-config');
-    const cfg = config.get('smtp.ini', { booleans: [ '+headers.add_received' ] });
-    if (!cfg.headers.max_lines) {
-        cfg.headers.max_lines = parseInt(config.get('max_header_lines')) || 1000;
-    }
-    return cfg;
-}

package/CONTRIBUTING.md

@@ -1 +0,0 @@
-See https://github.com/haraka/Haraka/wiki/Contributing

package/bin/dkimverify

@@ -1,40 +0,0 @@
-#!/usr/bin/env node
-
-// DKIM test tool
-
-const nopt = require('nopt');
-const path = require('path');
-const base_path = path.join(__dirname, '..');
-const dkim = require(`${base_path}/dkim`);
-const DKIMVerifyStream = dkim.DKIMVerifyStream;
-
-const parsed = nopt({ 'debug': Boolean, 'time_skew': Number, 'help': Boolean });
-
-function print_usage () {
-    console.log('Usage: dkimverify [--debug] [--time_skew=123] < message');
-    process.exit(1);
-}
-
-if (parsed.help) print_usage()
-
-if (!parsed.debug) {
-    dkim.DKIMObject.prototype.debug = function (str) {}
-    DKIMVerifyStream.prototype.debug = function (str) {}
-}
-
-const opts = {}
-if (parsed.time_skew) opts.allowed_time_skew = parsed.time_skew
-
-const verifier = new DKIMVerifyStream(opts, (err, result, results) => {
-    if (err) console.log(err.message);
-    if (Array.isArray(results)) {
-        results.forEach(function (res) {
-            console.log(`identity="${res.identity}" domain="${res.domain}" result=${res.result} ${(res.error) ? `(${res.error})` : ''}`);
-        });
-    }
-    else {
-        console.log(`Result: ${result}`);
-    }
-});
-
-process.stdin.pipe(verifier);

package/config/access.domains

@@ -1,13 +0,0 @@
-# Basic whitelist/blacklist mechanism for domains and e-mail addresses
-# add a single domain or e-mail per line
-# default behavior for entries is to DENY or blacklist
-# reverse behavior by prepending an exclamation point !
-# foo.com    <-- denied
-# !foo.com   <-- allowed
-#
-# More complex/granular behaviors are possible, e.g.
-# To block everything claiming to be from aol.com, but still allow a single aol address:
-# aol.com
-# !friend@aol.com
-#
-# See full docs for details:  http://haraka.github.io/plugins/access

package/config/attachment.ctype.regex

@@ -1,2 +0,0 @@
-executable
-partial

package/config/attachment.filename.regex

@@ -1 +0,0 @@
-\.(?:ade|adp|bat|chm|cmd|com|cpl|dll|exe|hta|ins|isp|jar|js|jse|lib|lnk|mde|msc|msp|mst|pif|scr|sct|shb|sys|vb|vbe|vbs|vxd|wsc|wsf|wsh)$

package/config/avg.ini

@@ -1,5 +0,0 @@
-;host=
-;port=54322
-;tmpdir=/tmp
-;connect_timeout=10
-;session_timeout=30

package/config/bounce.ini

@@ -1,15 +0,0 @@
-; config/bounce_bad_rcpt: addresses that should never get bounces
-
-
-[check]
-single_recipient=true
-empty_return_path=true
-bad_rcpt=true
-
-; reject all bounce messages (generally a bad idea)
-reject_all=false
-
-
-[reject]
-single_recipient=true
-empty_return_path=true

package/config/data.headers.ini

@@ -1,61 +0,0 @@
-; configuration for data.headers plugin
-
-; Requiring a date header will cause the loss of valid mail. The JavaMail
-; sender used by some banks, photo processing services, health insurance
-; companies, bounce senders, and others send messages without a Date header.
-;
-; If you can afford to reject some valid mail, please do enforce this, and
-; encourage mailers toward RFC adherence. Otherwise, do not require Date.
-
-; Headers that MUST be present (RFC 5322)
-; required=From,Date   ; <-- RFC 5322 compliant
-required=From,Date
-
-; Received
-; If you have no outbound, add 'Received' to the required list for an
-; aggressive anti-spam measure. It works because all real mail relays will
-; add a `Received` header. It may false positive on some bulk mail that
-; uses a custom tool to send, but this appears to be fairly rare.
-
-; If the date header is present, and future and/or past days are
-; defined, it will be validated. 0 = disabled
-date_future_days=2
-date_past_days=15
-
-
-; Headers that MUST be unique if present (RFC 5322)
-; singular=Date,From,Sender,Reply-To,To,Cc,Bcc,Message-Id,In-Reply-To,References,Subject (RFC 5322)
-singular=Date,From,Sender,Reply-To,To,Cc,Bcc,Message-Id,In-Reply-To,References,Subject
-
-; enable/disable the various header checks
-[check]
-; duplicate_singular=true
-; missing_required=true
-; invalid_return_path=true
-; invalid_date=true
-; user_agent=true
-; direct_to_mx=true
-; from_match=true
-; mailing_list=true
-; delivered_to=true
-
-
-[reject]
-; reject switches for each header check
-; default are shown. Rejecting based on any of these
-; criteria will result in the loss of valid mail.
-;
-; duplicate_singular=false
-; missing_required=false
-; invalid_return_path=false
-; invalid_date=false
-
-; arriving messages should not have Delivered-To set to the RCPT TO address.
-; delivered_to=true
-
-; these 4 do not have reject support, and likely shouldn't.
-; user_agent=false
-; direct_to_mx=false
-; from_match=false
-; mailing_list=false
-

package/config/dkim/dkim_key_gen.sh

@@ -1,78 +0,0 @@
-#!/bin/sh
-
-DOMAIN="$1"
-SMTPD="$2"
-
-usage()
-{
-    echo "   usage: ${0} <example.com> [haraka username]" 2>&1
-    echo 2>&1
-    exit 1
-}
-
-if [ -z "$DOMAIN" ]; then
-    usage
-fi
-
-if [ -z "$SMTPD" ]; then
-    SMTPD="www"
-fi
-
-# Create a directory for each DKIM signing domain
-mkdir -p "$DOMAIN"
-cd "$DOMAIN" || exit
-
-# The selector can be any value that is a valid DNS label
-# Create in the common format: mmmYYYY (apr2014)
-date '+%h%Y' | tr '[:upper:]' '[:lower:]' > selector
-
-# Generate private and public keys
-#           - Key length considerations -
-# The minimum recommended key length for short duration keys (ones that
-# will be replaced within a few months) is 1024. If you are unlikely to
-# rotate your keys frequently, choose 2048, at the expense of more CPU.
-openssl genrsa -out private 2048
-chmod 0400 private
-openssl rsa -in private -out public -pubout
-
-DNS_NAME="$(tr -d '\n' < selector)._domainkey"
-DNS_ADDRESS="v=DKIM1;p=$(grep -v '^-' public | tr -d '\n')"
-
-# Fold width is arbitrary, any value between 80 and 255 is reasonable
-BIND_SPLIT_ADDRESS="$(echo "$DNS_ADDRESS" | fold -w 110 | sed -e 's/^/	"/g; s/$/"/g')"
-
-# Make it really easy to publish the public key in DNS
-# by creating a file named 'dns', with instructions
-cat > dns <<EO_DKIM_DNS
-
-Add this TXT record to the ${DOMAIN} DNS zone.
-
-${DNS_NAME}    IN   TXT   ${DNS_ADDRESS}
-
-
-BIND zone file formatted:
-
-${DNS_NAME}    IN   TXT (
-${BIND_SPLIT_ADDRESS}
-        )
-
-Tell the world that the ONLY mail servers that send mail from this domain are DKIM signed and/or bear our MX and A records.
-
-With SPF:
-
-        SPF "v=spf1 mx a -all"
-        TXT "v=spf1 mx a -all"
-
-With DMARC:
-
-_dmarc  TXT "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback@${DOMAIN}; ruf=mailto:dmarc-feedback@${DOMAIN}; pct=100"
-
-For more information about DKIM and SPF policy,
-the documentation within each plugin contains a longer discussion and links to more detailed information:
-
-   haraka -h dkim_sign
-   haraka -h spf
-
-EO_DKIM_DNS
-
-cd ..

package/config/dkim_sign.ini

@@ -1,4 +0,0 @@
-disabled = true
-selector = mail
-domain = example.com
-headers_to_sign = From, Sender, Reply-To, Subject, Date, Message-ID, To, Cc, MIME-Version

package/config/dkim_verify.ini

@@ -1,7 +0,0 @@
-
-; Recommended (but not default) values presented below.
-
-; in secs
-;allowed_time_skew = 60
-;
-;sigerror_log_level = info

package/config/dnsbl.ini

@@ -1,23 +0,0 @@
-
-; reject: (default: true)
-;      denies connections from IPs on any active DNSBL
-reject=true
-
-; periodically check each DNSBL, disabling ones that fail checks
-periodic_checks = 30
-
-; search: Default (first)
-;     first: consider first DNSBL response conclusive. End processing.
-;     all:   process all DNSBL results
-search=first
-
-; enable_stats (Default: false)
-;   stores stats in a Redis DB (see plugins/dns_list_base)
-;enable_stats=true
-
-; stats_redis_host (Default: localhost)
-
-
-; zones: a comma separated list of DNSBL zones
-;        or list DNSBL zones in config/dnsbl.zones
-zones=zen.spamhaus.org

package/config/greylist.ini

@@ -1,43 +0,0 @@
-; Config for greylisting plugin
-
-; greylisting action text
-text = Greylisted. Please come back later.
-
-[redis]
-host = 127.0.0.1
-; port = 6379
-db = 11
-
-[skip]
-; skip for DNSWL hosts having high reputation
-dnswlorg = true
-mailspikewl = true
-
-[period]
-# transition path: first_connect --> black (defer) --> grey(allow) --> white (allow) --> expired
-
-# 14 minutes
-black = 850
-# 25 hours
-grey = 90000
-# 35 days
-white = 3024000
-
-[envelope_whitelist]
-# Envelope emails or domains, one per line
-
-
-[ip_whitelist]
-# IP or Subnet, one per line
-
-
-[recipient_whitelist]
-# Recipient emails or domains, one per line
-
-
-[special_dynamic_domains]
-# Put domains that should be always treated as dynamic here.
-# Pattern is matched at the end of rdns
-
-# SiteGround VPS service
-sgvps.net

package/config/helo.checks.ini

@@ -1,52 +0,0 @@
-; disable checks or reject for each test if you are worried about strictness
-
-;dns_timeout=28
-
-[check]
-; match_re=true
-; bare_ip=true
-; dynamic=true
-; big_company=true
-; literal_mismatch:  1 = exact IP match, 2 = IP/24 match, 3 = /24 or RFC1918
-; literal_mismatch=2
-; valid_hostname=true
-; forward_dns=true
-; rdns_match=true
-; host_mismatch:  hostname differs between EHLO invocations
-; host_mismatch=true
-; proto_mismatch: host sent EHLO but then tries to sent HELO or vice-versa
-; proto_mismatch=true
-
-[reject]
-; host_mismatch=true
-; proto_mismatch=false
-; rdns_match=false
-; dynamic=false
-; bare_ip=false
-; literal_mismatch=false
-; valid_hostname=false
-; forward_dns=false
-; big_company=true
-
-[skip]
-; private_ip=true
-; relaying=true
-; whitelist=true  ; TODO
-
-[bigco]
-msn.com=msn.com
-hotmail.com=hotmail.com
-yahoo.com=yahoo.com,yahoo.co.jp
-yahoo.co.jp=yahoo.com,yahoo.co.jp
-yahoo.co.uk=yahoo.co.uk
-excite.com=excite.com,excitenetwork.com
-mailexcite.com=excite.com,excitenetwork.com
-yahoo.co.jp=yahoo.com,yahoo.co.jp
-mailexcite.com=excite.com,excitenetwork.com
-aol.com=aol.com
-compuserve.com=compuserve.com,adelphia.net
-nortelnetworks.com=nortelnetworks.com,nortel.com
-earthlink.net=earthlink.net
-earthling.net=earthling.net
-google.com=google.com
-gmail.com=google.com,gmail.com

package/config/messagesniffer.ini

@@ -1,18 +0,0 @@
-;port=9001
-;tmpdir=/tmp
-;gbudb_report_deny=true
-;tag_string=[SPAM]
-
-;[gbudb]
-;white=accept
-;caution=allow
-;black=allow
-;truncate=reject
-
-;[message]
-;white=allow
-;local_white=accept
-;caution=allow
-;black=allow
-;truncate=reject
-;nonzero=reject

package/config/spamassassin.ini

@@ -1,56 +0,0 @@
-; How does Haraka connect to the SpamAssassin spamd daemon?
-; TCP/IP: 127.0.0.1:783
-; socket: /var/run/spamd/spamd.sock
-spamd_socket=127.0.0.1:783
-
-; the username we tell spamd the message is to (default: default)
-;spamd_user=first-recipient (see docs)
-;spamd_user=
-
-; messages larger than this are not scored by SA
-max_size=500000
-
-; Munge the subject of messages with a score higher than..
-; munge_subject_threshold=5
-subject_prefix=*** SPAM ***
-
-; what to do with incoming messages with X-Spam-* headers
-; options are: rename, drop, keep
-old_headers_action=rename
-
-; use the SpamAssassin 3.0+ syntax in X-Spam-Status header
-; modern: No, score=0.8 required=8.0 tests=...
-; legacy: No, hits=0.8 required=8.0 tests=...
-modern_status_syntax=1
-
-; Reject all messages with more than this many hits
-; reject_threshold=10
-
-; when a connection has relay privileges, the rejection limit
-; relay_reject_threshold=7
-
-; How long should we wait for SpamAssassin to answer the socket
-; in seconds (default: 30)
-;connect_timeout=
-
-; How long should we wait for a result from SpamAssassin
-; in seconds (default: 300)
-;results_timeout=
-
-; Merge SpamAssassin's headers into the message
-;add_headers=true
-
-; the header that is sent to spamc
-;spamc_auth_header = X-Haraka-Relay
-
-[check]
-;authenticated=true
-;private_ip=true
-;local_ip=true
-;relay=true
-
-[defer]
-; Set to true to return DENYSOFT on errors, connection timeouts, or scanning timeouts
-;error=false
-;connect_timeout=false
-;scan_timeout=false