Haraka 3.0.4 → 3.1.0

package/plugins/relay.js

@@ -1,207 +0,0 @@
-// relay
-//
-// documentation via: haraka -h relay
-
-const net = require('node:net');
-
-const ipaddr = require('ipaddr.js');
-
-exports.register = function () {
-
-    this.load_relay_ini();             // plugin.cfg = { }
-
-    if (this.cfg.relay.acl) {
-        this.load_acls();             // plugin.acl_allow = [..]
-        this.register_hook('connect_init', 'acl');
-        this.register_hook('connect', 'pass_relaying');
-    }
-
-    if (this.cfg.relay.force_routing || this.cfg.relay.dest_domains) {
-        this.load_dest_domains();      // plugin.dest.domains = { }
-    }
-
-    if (this.cfg.relay.force_routing) {
-        this.register_hook('get_mx', 'force_routing');
-    }
-
-    if (this.cfg.relay.dest_domains) {
-        this.register_hook('rcpt', 'dest_domains');
-    }
-
-    if (this.cfg.relay.all) {
-        this.register_hook('rcpt', 'all');
-    }
-}
-
-exports.load_relay_ini = function () {
-    this.cfg = this.config.get('relay.ini', {
-        booleans: [
-            '+relay.acl',
-            '+relay.force_routing',
-            '-relay.all',
-            '-relay.dest_domains',
-        ],
-    }, () => {
-        this.load_relay_ini();
-    });
-}
-
-exports.load_dest_domains = function () {
-    this.dest = this.config.get(
-        'relay_dest_domains.ini',
-        'ini',
-        () => { this.load_dest_domains(); }
-    );
-}
-
-exports.load_acls = function () {
-    const file_name = 'relay_acl_allow';
-
-    // load with a self-referential callback
-    this.acl_allow = this.config.get(file_name, 'list', () => {
-        this.load_acls();
-    });
-
-    for (let i=0; i<this.acl_allow.length; i++) {
-        const cidr = this.acl_allow[i].split('/');
-        if (!net.isIP(cidr[0])) {
-            this.logerror(this, `invalid entry in ${file_name}: ${cidr[0]}`);
-        }
-        if (!cidr[1]) {
-            this.logerror(this, `appending missing CIDR suffix in: ${file_name}`);
-            this.acl_allow[i] = `${cidr[0]  }/32`;
-        }
-    }
-}
-
-exports.acl = function (next, connection) {
-    if (!this.cfg.relay.acl) { return next(); }
-
-    connection.logdebug(this, `checking ${connection.remote.ip} in relay_acl_allow`);
-
-    if (!this.is_acl_allowed(connection)) {
-        connection.results.add(this, {skip: 'acl(unlisted)'});
-        return next();
-    }
-
-    connection.results.add(this, {pass: 'acl'});
-    connection.relaying = true;
-    return next(OK);
-}
-
-exports.pass_relaying = (next, connection) => {
-    if (connection.relaying) return next(OK);
-
-    next();
-}
-
-exports.is_acl_allowed = function (connection) {
-    if (!this.acl_allow) { return false; }
-    if (!this.acl_allow.length) { return false; }
-
-    const { ip } = connection.remote;
-
-    for (const item of this.acl_allow) {
-        connection.logdebug(this, `checking if ${ip} is in ${item}`);
-        const cidr = item.split('/');
-        const c_net  = cidr[0];
-        const c_mask = cidr[1] || 32;
-
-        if (!net.isIP(c_net)) continue;  // bad config entry
-        if (net.isIPv4(ip) && net.isIPv6(c_net)) continue;
-        if (net.isIPv6(ip) && net.isIPv4(c_net)) continue;
-
-        if (ipaddr.parse(ip).match(ipaddr.parse(c_net), c_mask)) {
-            connection.logdebug(this, `checking if ${ip} is in ${item}: yes`);
-            return true;
-        }
-    }
-    return false;
-}
-
-exports.dest_domains = function (next, connection, params) {
-    if (!this.cfg.relay.dest_domains) { return next(); }
-    const { relaying, transaction } = connection ?? {}
-    if (!transaction) return next();
-
-    // Skip this if the host is already allowed to relay
-    if (relaying) {
-        transaction.results.add(this, {skip: 'relay_dest_domain(relay)'});
-        return next();
-    }
-
-    if (!this.dest) {
-        transaction.results.add(this, {err: 'relay_dest_domain(no config!)'});
-        return next();
-    }
-
-    if (!this.dest.domains) {
-        transaction.results.add(this, {skip: 'relay_dest_domain(config)'});
-        return next();
-    }
-
-    const dest_domain = params[0].host;
-    connection.logdebug(this, `dest_domain = ${dest_domain}`);
-
-    const dst_cfg = this.dest.domains[dest_domain];
-    if (!dst_cfg) {
-        transaction.results.add(this, {fail: 'relay_dest_domain'});
-        return next(DENY, "You are not allowed to relay");
-    }
-
-    const { action } = JSON.parse(dst_cfg);
-    connection.logdebug(this, `found config for ${dest_domain}: ${action}`);
-
-    switch (action) {
-        case "accept":
-            // why enable relaying here? Returning next(OK) will allow the
-            // address to be considered 'local'. What advantage does relaying
-            // bring?
-            connection.relaying = true;
-            transaction.results.add(this, {pass: 'relay_dest_domain'});
-            return next(OK);
-        case "continue":
-            // why oh why? Only reason I can think of is to enable outbound.
-            connection.relaying = true;
-            transaction.results.add(this, {pass: 'relay_dest_domain'});
-            return next(CONT);  // same as next()
-        case "deny":
-            transaction.results.add(this, {fail: 'relay_dest_domain'});
-            return next(DENY, "You are not allowed to relay");
-    }
-
-    transaction.results.add(this, {fail: 'relay_dest_domain'});
-    next(DENY, "Mail for that recipient is not accepted here.");
-}
-
-exports.force_routing = function (next, hmail, domain) {
-    if (!this.cfg.relay.force_routing) { return next(); }
-    if (!this.dest) { return next(); }
-    if (!this.dest.domains) { return next(); }
-    let route = this.dest.domains[domain];
-
-    if (!route) {
-        route = this.dest.domains.any;
-        if (!route) {
-            this.logdebug(this, `using normal MX lookup for: ${domain}`);
-            return next();
-        }
-    }
-
-    const { nexthop } = JSON.parse(route);
-    if (!nexthop) {
-        this.logdebug(this, `using normal MX lookup for: ${domain}`);
-        return next();
-    }
-
-    this.logdebug(this, `using ${nexthop} for: ${domain}`);
-    next(OK, nexthop);
-}
-
-exports.all = function (next, connection, params) {
-    if (!this.cfg.relay.all) { return next(); }
-
-    connection.loginfo(this, `confirming recipient ${params[0]}`);
-    connection.relaying = true;
-    next(OK);
-}

package/test/plugins/early_talker.js

@@ -1,104 +0,0 @@
-'use strict';
-const assert = require('node:assert')
-
-const fixtures     = require('haraka-test-fixtures');
-
-const _set_up = (done) => {
-    this.plugin = new fixtures.plugin('early_talker');
-    this.plugin.cfg = { main: { reject: true } };
-
-    this.connection = fixtures.connection.createConnection();
-    done();
-}
-
-describe('early_talker', () => {
-    beforeEach(_set_up)
-
-    it('no config', (done) => {
-        this.plugin.early_talker((rc, msg) => {
-            assert.equal(rc, undefined);
-            assert.equal(msg, undefined);
-            done();
-        }, this.connection);
-    })
-
-    it('relaying', (done) => {
-        this.plugin.pause = 1;
-        this.connection.relaying = true;
-        this.plugin.early_talker((rc, msg) => {
-            assert.equal(rc, undefined);
-            assert.equal(msg, undefined);
-            done();
-        }, this.connection);
-    })
-
-    it('is an early talker', (done) => {
-        const before = Date.now();
-        this.plugin.pause = 1001;
-        this.connection.early_talker = true;
-        this.plugin.early_talker((rc, msg) => {
-            assert.ok(Date.now() >= before + 1000);
-            assert.equal(rc, DENYDISCONNECT);
-            assert.equal(msg, 'You talk too soon');
-            done();
-        }, this.connection);
-    })
-
-    it('is an early talker, reject=false', (done) => {
-        const before = Date.now();
-        this.plugin.pause = 1001;
-        this.plugin.cfg.main.reject = false;
-        this.connection.early_talker = true;
-        this.plugin.early_talker((rc, msg) => {
-            assert.ok(Date.now() >= before + 1000);
-            assert.equal(undefined, rc);
-            assert.equal(undefined, msg);
-            assert.ok(this.connection.results.has('early_talker', 'fail', 'early'));
-            done();
-        }, this.connection);
-    })
-
-    it('relay whitelisted ip', (done) => {
-        this.plugin.pause = 1000;
-        this.plugin.whitelist = this.plugin.load_ip_list(['127.0.0.1']);
-        this.connection.remote.ip = '127.0.0.1';
-        this.connection.early_talker = true;
-        this.plugin.early_talker((rc, msg) => {
-            assert.equal(undefined, rc);
-            assert.equal(undefined, msg);
-            assert.ok(this.connection.results.has('early_talker', 'skip', 'whitelist'));
-            done();
-        }, this.connection);
-    })
-
-    it('relay whitelisted subnet', (done) => {
-        this.plugin.pause = 1000;
-        this.plugin.whitelist = this.plugin.load_ip_list(['127.0.0.0/16']);
-        this.connection.remote.ip = '127.0.0.88';
-        this.connection.early_talker = true;
-        this.plugin.early_talker((rc, msg) => {
-            assert.equal(undefined, rc);
-            assert.equal(undefined, msg);
-            assert.ok(this.connection.results.has('early_talker', 'skip', 'whitelist'));
-            done();
-        }, this.connection);
-    })
-
-    it('relay good senders', (done) => {
-        this.plugin.pause = 1000;
-        this.connection.results.add('karma', {good: 10});
-        this.connection.early_talker = true;
-        this.plugin.early_talker((rc, msg) => {
-            assert.equal(undefined, rc);
-            assert.equal(undefined, msg);
-            assert.ok(this.connection.results.has('early_talker', 'skip', '+karma'));
-            done();
-        }, this.connection);
-    })
-
-    it('test loading ip list', () => {
-        const whitelist = this.plugin.load_ip_list(['123.123.123.123', '127.0.0.0/16']);
-        assert.equal(whitelist[0][1], 32);
-        assert.equal(whitelist[1][1], 16);
-    })
-})

package/test/plugins/mail_from.is_resolvable.js

@@ -1,35 +0,0 @@
-'use strict';
-const assert = require('node:assert')
-const dns = require('node:dns');
-
-const fixtures  = require('haraka-test-fixtures');
-const Address   = require('address-rfc2821').Address
-
-const _set_up = (done) => {
-
-    this.plugin = new fixtures.plugin('mail_from.is_resolvable');
-    this.plugin.register();
-
-    this.connection = fixtures.connection.createConnection();
-    this.connection.init_transaction()
-
-    done();
-}
-
-describe('mail_from.is_resolvable', () => {
-    beforeEach(_set_up)
-
-    describe('hook_mail', () => {
-        it('any.com, no err code', (done) => {
-            const txn = this.connection.transaction;
-            this.plugin.hook_mail((code, msg) => {
-                // console.log()
-                assert.deepEqual(txn.results.get('mail_from.is_resolvable').pass, ['has_fwd_dns']);
-                done();
-            },
-            this.connection, 
-            [new Address('<test@any.com>')]
-            )
-        })
-    })
-})

package/test/plugins/relay.js

@@ -1,303 +0,0 @@
-'use strict';
-const assert = require('node:assert')
-
-const fixtures = require('haraka-test-fixtures');
-
-const _set_up = (done) => {
-    this.plugin = new fixtures.plugin('relay');
-    this.plugin.cfg = {};
-    this.connection = fixtures.connection.createConnection();
-    done();
-}
-
-describe('relay', () => {
-    describe('plugin', () => {
-        beforeEach(_set_up)
-
-        it('should have register function', () => {
-            assert.ok(this.plugin);
-            assert.equal('function', typeof this.plugin.register);
-        })
-
-        it('register function should call register_hook()', () => {
-            this.plugin.register();
-            assert.ok(this.plugin.register_hook.called);
-        })
-    })
-
-    describe('load_config_files', () => {
-        beforeEach(_set_up)
-
-        it('relay.ini', () => {
-            this.plugin.load_relay_ini();
-            assert.ok(typeof this.plugin.cfg === 'object');
-            assert.ok(this.plugin.cfg);
-            assert.ok(this.plugin.cfg.relay);
-        })
-
-        it('relay_dest_domains.ini', () => {
-            this.plugin.load_dest_domains();
-            assert.ok(typeof this.plugin.dest === 'object');
-        })
-    })
-
-    describe('is_acl_allowed', () => {
-        beforeEach(_set_up)
-
-        it('bare IP', () => {
-            this.plugin.acl_allow=['127.0.0.6'];
-            this.connection.remote.ip='127.0.0.6';
-            assert.equal(true, this.plugin.is_acl_allowed(this.connection));
-            this.connection.remote.ip='127.0.0.5';
-            assert.equal(false, this.plugin.is_acl_allowed(this.connection));
-            this.connection.remote.ip='127.0.1.5';
-            assert.equal(false, this.plugin.is_acl_allowed(this.connection));
-        })
-
-        it('netmask', () => {
-            this.plugin.acl_allow=['127.0.0.6/24'];
-            this.connection.remote.ip='127.0.0.6';
-            assert.equal(true, this.plugin.is_acl_allowed(this.connection));
-            this.connection.remote.ip='127.0.0.5';
-            assert.equal(true, this.plugin.is_acl_allowed(this.connection));
-            this.connection.remote.ip='127.0.1.5';
-            assert.equal(false, this.plugin.is_acl_allowed(this.connection));
-        })
-
-        it('mixed (ipv4 & ipv6 (Issue #428))', () => {
-            this.connection.remote.ip='2607:f060:b008:feed::2';
-            assert.equal(false, this.plugin.is_acl_allowed(this.connection));
-
-            this.plugin.acl_allow=['2607:f060:b008:feed::2/64'];
-            this.connection.remote.ip='2607:f060:b008:feed::2';
-            assert.equal(true, this.plugin.is_acl_allowed(this.connection));
-
-            this.plugin.acl_allow=['127.0.0.6/24'];
-            this.connection.remote.ip='2607:f060:b008:feed::2';
-            assert.equal(false, this.plugin.is_acl_allowed(this.connection));
-        })
-    })
-
-    describe('acl', () => {
-        beforeEach((done) => {
-            this.plugin = new fixtures.plugin('relay');
-            this.plugin.cfg = { relay: { dest_domains: true } };
-            this.connection = fixtures.connection.createConnection();
-            done();
-        })
-
-        it('relay.acl=false', (done) => {
-            this.plugin.cfg.relay.acl=false;
-            this.plugin.acl(() => {}, this.connection);
-            this.plugin.pass_relaying((rc) => {
-                assert.equal(undefined, rc);
-                done();
-            }, this.connection);
-        })
-
-        it('relay.acl=true, miss', (done) => {
-            this.plugin.cfg.relay.acl=true;
-            this.plugin.acl(() => {}, this.connection);
-            this.plugin.pass_relaying((rc) => {
-                assert.equal(undefined, rc);
-                assert.equal(false, this.connection.relaying);
-                done();
-            }, this.connection);
-        })
-
-        it('relay.acl=true, hit', (done) => {
-            this.plugin.cfg.relay.acl=true;
-            this.connection.remote.ip='1.1.1.1';
-            this.plugin.acl_allow=['1.1.1.1/32'];
-            this.plugin.acl(() => {}, this.connection);
-            this.plugin.pass_relaying((rc) => {
-                assert.equal(OK, rc);
-                assert.equal(true, this.connection.relaying);
-                done();
-            }, this.connection);
-        })
-
-        it('relay.acl=true, hit, missing mask', (done) => {
-            this.plugin.cfg.relay.acl=true;
-            this.connection.remote.ip='1.1.1.1';
-            this.plugin.acl_allow=['1.1.1.1'];
-            this.plugin.acl(() => {}, this.connection);
-            this.plugin.pass_relaying((rc) => {
-                assert.equal(OK, rc);
-                assert.equal(true, this.connection.relaying);
-                done();
-            }, this.connection);
-        })
-
-        it('relay.acl=true, hit, net', (done) => {
-            this.plugin.cfg.relay.acl=true;
-            this.connection.remote.ip='1.1.1.1';
-            this.plugin.acl_allow=['1.1.1.1/24'];
-            this.plugin.acl(() => {}, this.connection);
-            this.plugin.pass_relaying((rc) => {
-                assert.equal(OK, rc);
-                assert.equal(true, this.connection.relaying);
-                done();
-            }, this.connection);
-        })
-    })
-
-    describe('dest_domains', () => {
-        beforeEach((done) => {
-            this.plugin = new fixtures.plugin('relay');
-            this.plugin.cfg = { relay: { dest_domains: true } };
-
-            this.connection = fixtures.connection.createConnection();
-            this.connection.init_transaction();
-
-            done();
-        })
-
-        it('relay.dest_domains=false', (done) => {
-            this.plugin.cfg.relay.dest_domains=false;
-            this.plugin.dest_domains((rc) => {
-                assert.equal(undefined, rc);
-                done();
-            }, this.connection, [{host:'foo'}]);
-        })
-
-        it('relaying', (done) => {
-            this.connection.relaying=true;
-            this.plugin.dest_domains((rc) => {
-                assert.equal(undefined, rc);
-                assert.equal(1, this.connection.transaction.results.get('relay').skip.length);
-                done();
-            }, this.connection, [{host:'foo'}]);
-        })
-
-        it('no config', (done) => {
-            this.plugin.dest_domains((rc) => {
-                assert.equal(undefined, rc);
-                assert.equal(1, this.connection.transaction.results.get('relay').err.length);
-                done();
-            }, this.connection, [{host:'foo'}]);
-        })
-
-        it('action=undef', (done) => {
-            this.plugin.dest = { domains: { foo: '{"action":"dunno"}' } };
-            this.plugin.dest_domains((rc) => {
-                assert.equal(DENY, rc);
-                assert.equal(1, this.connection.transaction.results.get('relay').fail.length);
-                done();
-            }, this.connection, [{host:'foo'}]);
-        })
-
-        it('action=deny', (done) => {
-            this.plugin.dest = { domains: { foo: '{"action":"deny"}' } };
-            this.plugin.dest_domains((rc) => {
-                assert.equal(DENY, rc);
-                assert.equal(1, this.connection.transaction.results.get('relay').fail.length);
-                done();
-            }, this.connection, [{host:'foo'}]);
-        })
-
-        it('action=continue', (done) => {
-            this.plugin.dest = { domains: { foo: '{"action":"continue"}' } };
-            this.plugin.dest_domains((rc) => {
-                assert.equal(CONT, rc);
-                assert.equal(1, this.connection.transaction.results.get('relay').pass.length);
-                done();
-            }, this.connection, [{host:'foo'}]);
-        })
-
-        it('action=accept', (done) => {
-            this.plugin.dest = { domains: { foo: '{"action":"continue"}' } };
-            this.plugin.dest_domains((rc) => {
-                assert.equal(CONT, rc);
-                assert.equal(1, this.connection.transaction.results.get('relay').pass.length);
-                done();
-            }, this.connection, [{host:'foo'}]);
-        })
-    })
-
-    describe('force_routing', () => {
-        beforeEach((done) => {
-            this.plugin = new fixtures.plugin('relay');
-            this.plugin.cfg = { relay: { force_routing: true } };
-            this.plugin.dest = {};
-
-            this.connection = fixtures.connection.createConnection();
-            this.connection.init_transaction()
-
-            done();
-        })
-
-        it('relay.force_routing=false', (done) => {
-            this.plugin.cfg.relay.force_routing=false;
-            this.plugin.force_routing((rc) => {
-                assert.equal(undefined, rc);
-                done();
-            }, this.connection, 'foo');
-        })
-
-        it('dest_domains empty', (done) => {
-            this.plugin.force_routing((rc) => {
-                assert.equal(undefined, rc);
-                done();
-            }, this.connection, 'foo');
-        })
-
-        it('dest_domains, no route', (done) => {
-            this.plugin.dest = { domains: { foo: '{"action":"blah blah"}' } };
-            this.plugin.force_routing((rc, nexthop) => {
-                assert.equal(undefined, rc);
-                assert.equal(undefined, nexthop);
-                done();
-            }, this.connection, 'foo');
-        })
-
-        it('dest_domains, route', (done) => {
-            this.plugin.dest = { domains: { foo: '{"action":"blah blah","nexthop":"other-server"}' } };
-            this.plugin.force_routing((rc, nexthop) => {
-                assert.equal(OK, rc);
-                assert.equal('other-server', nexthop);
-                done();
-            }, this.connection, 'foo');
-        })
-
-        it('dest-domains, any', (done) => {
-            this.plugin.dest = { domains: { foo: '{"action":"blah blah","nexthop":"other-server"}',
-                any: '{"action":"blah blah","nexthop":"any-server"}'} };
-            this.plugin.force_routing((rc, nexthop) => {
-                assert.equal(OK, rc);
-                assert.equal('any-server', nexthop);
-                done();
-            }, this.connection, 'not');
-        })
-    })
-
-    describe('all', () => {
-        beforeEach(_set_up)
-
-        it('register_hook() should register available function', () => {
-            assert.ok(this.plugin.all);
-            assert.equal('function', typeof this.plugin.all);
-            this.plugin.register();
-            this.plugin.cfg.relay.all = true;
-            this.plugin.register_hook('rcpt', 'all');  // register() doesn't b/c config is disabled
-            // console.log(this.plugin.register_hook.args);
-            assert.equal(this.plugin.register_hook.args[3][1], 'all');
-        })
-
-        it('all hook always returns OK', (done) => {
-            this.plugin.cfg.relay = { all: true };
-            this.plugin.all((action) => {
-                assert.equal(action, OK);
-                done();
-            }, this.connection, ['foo@bar.com']);
-        })
-
-        it('all hook always sets connection.relaying to 1', (done) => {
-            this.plugin.cfg.relay = { all: true };
-            this.plugin.all((action) => {
-                assert.equal(this.connection.relaying, 1);
-                done();
-            }, this.connection, ['foo@bar.com']);
-        })
-    })
-})