Haraka 3.0.5 → 3.1.0

package/connection.js

@@ -24,33 +24,33 @@ const outbound    = require('./outbound');
 
 const states      = constants.connection.state;
 
-// Load HAProxy hosts into an object for fast lookups
-// as this list is checked on every new connection.
-let haproxy_hosts_ipv4 = [];
-let haproxy_hosts_ipv6 = [];
-function loadHAProxyHosts () {
-    const hosts = config.get('haproxy_hosts', 'list', loadHAProxyHosts);
-    const new_ipv4_hosts = [];
-    const new_ipv6_hosts = [];
-    for (let i=0; i<hosts.length; i++) {
-        const host = hosts[i].split(/\//);
-        if (net.isIPv6(host[0])) {
-            new_ipv6_hosts[i] = [ipaddr.IPv6.parse(host[0]), parseInt(host[1] || 64)];
-        }
-        else {
-            new_ipv4_hosts[i] = [ipaddr.IPv4.parse(host[0]), parseInt(host[1] || 32)];
-        }
+const cfg = config.get('connection.ini', {
+    booleans: [
+        '-main.strict_rfc1869',
+        '+main.smtputf8',
+        '+headers.add_received',
+        '+headers.show_version',
+        '+headers.clean_auth_results',
+    ]
+});
+
+const haproxy_hosts_ipv4 = [];
+const haproxy_hosts_ipv6 = [];
+
+for (const ip of cfg.haproxy.hosts) {
+    if (!ip) continue;
+    if (net.isIPv6(ip.split('/')[0])) {
+        haproxy_hosts_ipv6.push([ipaddr.IPv6.parse(ip.split('/')[0]), parseInt(ip.split('/')[1] || 64)]);
+    }
+    else {
+        haproxy_hosts_ipv4.push([ipaddr.IPv4.parse(ip.split('/')[0]), parseInt(ip.split('/')[1] || 32)]);
     }
-    haproxy_hosts_ipv4 = new_ipv4_hosts;
-    haproxy_hosts_ipv6 = new_ipv6_hosts;
 }
-loadHAProxyHosts();
 
 class Connection {
-    constructor (client, server, cfg) {
+    constructor (client, server, smtp_cfg) {
         this.client = client;
         this.server = server;
-        this.cfg = cfg;
 
         this.local = {
             ip: null,
@@ -97,10 +97,6 @@ class Connection {
         this.transaction = null;
         this.tran_count = 0;
         this.capabilities = null;
-        this.ehlo_hello_message = config.get('ehlo_hello_message') || 'Haraka is at your service.';
-        this.connection_close_message = config.get('connection_close_message') || 'closing connection. Have a jolly good day.';
-        this.banner_includes_uuid = !!config.get('banner_includes_uuid');
-        this.deny_includes_uuid = config.get('deny_includes_uuid') || null;
         this.early_talker = false;
         this.pipelining = false;
         this._relaying = false;
@@ -109,8 +105,6 @@ class Connection {
         this.hooks_to_run = [];
         this.start_time = Date.now();
         this.last_reject = '';
-        this.max_bytes = parseInt(config.get('databytes')) || 0;
-        this.max_mime_parts = parseInt(config.get('max_mime_parts')) || 1000;
         this.totalbytes = 0;
         this.rcpt_count = {
             accept:   0,
@@ -122,13 +116,11 @@ class Connection {
             tempfail: 0,
             reject:   0,
         };
-        this.max_line_length = parseInt(config.get('max_line_length')) || 512;
-        this.max_data_line_length = parseInt(config.get('max_data_line_length')) || 992;
         this.results = new ResultStore(this);
         this.errors = 0;
         this.last_rcpt_msg = null;
         this.hook = null;
-        if (this.cfg.headers.show_version) {
+        if (cfg.headers.show_version) {
             this.local.info += `/${utils.getVersion(__dirname)}`;
         }
         Connection.setupClient(this);
@@ -200,7 +192,6 @@ class Connection {
         });
 
         const ha_list = net.isIPv6(self.remote.ip) ? haproxy_hosts_ipv6 : haproxy_hosts_ipv4;
-
         if (ha_list.some((element, index, array) => {
             return ipaddr.parse(self.remote.ip).match(element[0], element[1]);
         })) {
@@ -220,7 +211,7 @@ class Connection {
         this.set('hello', 'host', undefined);
         this.set('tls',   'enabled', true);
         for (const t of ['cipher','verified','verifyError','peerCertificate']) {
-            if (obj[t] === undefined) return;
+            if (obj[t] === undefined) continue;
             this.set('tls', t, obj[t]);
         }
         // prior to 2017-07, authorized and verified were both used. Verified
@@ -401,10 +392,10 @@ class Connection {
 
         let maxlength;
         if (this.state === states.PAUSE_DATA || this.state === states.DATA) {
-            maxlength = this.max_data_line_length;
+            maxlength = cfg.max.data_line_length;
         }
         else {
-            maxlength = this.max_line_length;
+            maxlength = cfg.max.line_length;
         }
 
         let offset;
@@ -535,10 +526,10 @@ class Connection {
 
         if (code >= 400) {
             this.last_reject = `${code} ${messages.join(' ')}`;
-            if (this.deny_includes_uuid) {
+            if (cfg.uuid.deny_chars) {
                 uuid = (this.transaction || this).uuid;
-                if (this.deny_includes_uuid > 1) {
-                    uuid = uuid.substr(0, this.deny_includes_uuid);
+                if (cfg.uuid.deny_chars > 1) {
+                    uuid = uuid.substr(0, cfg.uuid.deny_chars);
                 }
             }
         }
@@ -649,7 +640,7 @@ class Connection {
     }
     init_transaction (cb) {
         this.reset_transaction(() => {
-            this.transaction = trans.createTransaction(this.tran_uuid(), this.cfg);
+            this.transaction = trans.createTransaction(this.tran_uuid(), cfg);
             // Catch any errors from the message_stream
             this.transaction.message_stream.on('error', (err) => {
                 this.logcrit(`message_stream error: ${err.message}`);
@@ -792,19 +783,20 @@ class Connection {
                 });
                 break;
             default: {
-                let greeting = config.get('smtpgreeting', 'list');
-                if (greeting.length) {
+                let greeting;
+                if (cfg.message.greeting?.length) {
                     // RFC5321 section 4.2
                     // Hostname/domain should appear after the 220
+                    greeting = [...cfg.message.greeting];
                     greeting[0] = `${this.local.host} ESMTP ${greeting[0]}`;
-                    if (this.banner_includes_uuid) {
-                        greeting[0] += ` (${this.uuid})`;
+                    if (cfg.uuid.banner_chars) {
+                        greeting[0] += ` (${this.uuid.substr(0, cfg.uuid.banner_chars)})`;
                     }
                 }
                 else {
                     greeting = `${this.local.host} ESMTP ${this.local.info} ready`;
-                    if (this.banner_includes_uuid) {
-                        greeting += ` (${this.uuid})`;
+                    if (cfg.uuid.banner_chars) {
+                        greeting += ` (${this.uuid.substr(0, cfg.uuid.banner_chars)})`;
                     }
                 }
                 this.respond(220, msg || greeting);
@@ -850,7 +842,7 @@ class Connection {
             default:
                 // RFC5321 section 4.1.1.1
                 // Hostname/domain should appear after 250
-                this.respond(250, `${this.local.host} Hello ${this.get_remote('host')}, ${this.ehlo_hello_message}`);
+                this.respond(250, `${this.local.host} Hello ${this.get_remote('host')}, ${cfg.message.helo}`);
         }
     }
     ehlo_respond (retval, msg) {
@@ -883,16 +875,14 @@ class Connection {
                 // Hostname/domain should appear after 250
 
                 const response = [
-                    `${this.local.host} Hello ${this.get_remote('host')}, ${this.ehlo_hello_message}`,
+                    `${this.local.host} Hello ${this.get_remote('host')}, ${cfg.message.helo}`,
                     "PIPELINING",
                     "8BITMIME",
                 ];
 
-                if (this.cfg.main.smtputf8) {
-                    response.push("SMTPUTF8");
-                }
+                if (cfg.main.smtputf8) response.push("SMTPUTF8");
 
-                response.push(`SIZE ${this.max_bytes}`);
+                response.push(`SIZE ${cfg.max.bytes}`);
 
                 this.capabilities = response;
 
@@ -905,7 +895,7 @@ class Connection {
         this.respond(250, this.capabilities);
     }
     quit_respond (retval, msg) {
-        this.respond(221, msg || `${this.local.host} ${this.connection_close_message}`, () => {
+        this.respond(221, msg || `${this.local.host} ${cfg.message.close}`, () => {
             this.disconnect();
         });
     }
@@ -1314,7 +1304,7 @@ class Connection {
 
         let results;
         try {
-            results = rfc1869.parse('mail', line, this.cfg.main.strict_rfc1869 && !this.relaying);
+            results = rfc1869.parse('mail', line, (!this.relaying && cfg.main.strict_rfc1869));
         }
         catch (err) {
             this.errors++;
@@ -1356,7 +1346,7 @@ class Connection {
 
         // Handle SIZE extension
         if (params?.SIZE && params.SIZE > 0) {
-            if (this.max_bytes > 0 && params.SIZE > this.max_bytes) {
+            if (cfg.max.bytes > 0 && params.SIZE > cfg.max.bytes) {
                 return this.respond(550, 'Message too big!');
             }
         }
@@ -1378,7 +1368,7 @@ class Connection {
 
         let results;
         try {
-            results = rfc1869.parse('rcpt', line, this.cfg.main.strict_rfc1869 && !this.relaying);
+            results = rfc1869.parse('rcpt', line, cfg.main.strict_rfc1869 && !this.relaying);
         }
         catch (err) {
             this.errors++;
@@ -1512,7 +1502,7 @@ class Connection {
             return this.respond(503, "RCPT required first");
         }
 
-        if (this.cfg.headers.add_received) {
+        if (cfg.headers.add_received) {
             this.accumulate_data(`Received: ${this.received_line()}\r\n`);
         }
         plugins.run_hooks('data', this);
@@ -1577,11 +1567,11 @@ class Connection {
         }
 
         // Stop accumulating data as we're going to reject at dot.
-        if (this.max_bytes && this.transaction.data_bytes > this.max_bytes) {
+        if (cfg.max.bytes && this.transaction.data_bytes > cfg.max.bytes) {
             return;
         }
 
-        if (this.transaction.mime_part_count >= this.max_mime_parts) {
+        if (this.transaction.mime_part_count >= cfg.max.mime_parts) {
             this.logcrit("Possible DoS attempt - too many MIME parts");
             this.respond(554, "Transaction failed due to too many MIME parts", () => {
                 this.disconnect();
@@ -1596,13 +1586,13 @@ class Connection {
         this.totalbytes += this.transaction.data_bytes;
 
         // Check message size limit
-        if (this.max_bytes && this.transaction.data_bytes > this.max_bytes) {
-            this.lognotice(`Incoming message exceeded databytes size of ${this.max_bytes}`);
+        if (cfg.max.bytes && this.transaction.data_bytes > cfg.max.bytes) {
+            this.lognotice(`Incoming message exceeded max size of ${cfg.max.bytes}`);
             return plugins.run_hooks('max_data_exceeded', this);
         }
 
         // Check max received headers count
-        if (this.transaction.header.get_all('received').length > this.cfg.headers.max_received) {
+        if (this.transaction.header.get_all('received').length > cfg.headers.max_received) {
             this.logerror("Incoming message had too many Received headers");
             this.respond(550, "Too many received headers - possible mail loop", () => {
                 this.reset_transaction();
@@ -1611,11 +1601,11 @@ class Connection {
         }
 
         // Warn if we hit the maximum parsed header lines limit
-        if (this.transaction.header_lines.length >= this.cfg.headers.max_lines) {
-            this.logwarn(`Incoming message reached maximum parsing limit of ${this.cfg.headers.max_lines} header lines`);
+        if (this.transaction.header_lines.length >= cfg.headers.max_lines) {
+            this.logwarn(`Incoming message reached maximum parsing limit of ${cfg.headers.max_lines} header lines`);
         }
 
-        if (this.cfg.headers.clean_auth_results) {
+        if (cfg.headers.clean_auth_results) {
             this.auth_results_clean();   // rename old A-R headers
         }
         const ar_field = this.auth_results();  // assemble new one

package/docs/CoreConfig.md

@@ -11,10 +11,6 @@ If either of these files exist then they are loaded first.
 This file is designed to use the JSON/YAML file overrides documented in
 [haraka-config](https://github.com/haraka/haraka-config) to optionally provide the entire configuration in a single file.
 
-* databytes
-
-Contains the maximum SIZE of an email that Haraka will receive.
-
 * plugins
 
 The list of plugins to load
@@ -40,35 +36,29 @@ The list of plugins to load
     specify -1 to disable spooling completely or 0 to force all messages to be spooled to disk.
   * graceful\_shutdown - (default: false) enable this to wait for sockets on shutdown instead of closing them quickly
   * force_shutdown_timeout - (default: 30) number of seconds to wait for a graceful shutdown
-  * smtputf8 - (default: true) advertise support for SMTPUTF8
-  * strict\_rfc1869 - (default: false) Requires senders to conform to RFC 1869 and RFC 821 when sending the MAIL FROM and RCPT TO commands. In particular,
-  the inclusion of spurious spaces or missing angle brackets will be rejected.
 
 * me
 
   A name to use for this server. Used in received lines and elsewhere. Setup
   by default to be your hostname.
 
-* deny\_includes\_uuid
-
-  Each connection and mail in Haraka includes a UUID which is also in most log
-  messages. If you put a `1` in this file then every denied mail (either via
-  DENY/5xx or DENYSOFT/4xx return codes) will include the uuid at the start
-  of each line of the deny message in brackets, making it easy to track
-  problems back to the logs.
-
-  Because UUIDs are long, if you put a number greater than 1 in the config
-  file, it will be truncated to that length. We recommend a 6 as a good
-  balance of finding in the logs and not making lines too long.
-
-* banner\_includes\_uuid
-
-  This will add the full UUID to the first line of the SMTP greeting banner.
+* connection.ini
 
-* early\_talker\_delay
+  See inline comments in connection.ini for the following settings:
 
-  If clients talk early we *punish* them with a delay of this many milliseconds
-  default: 1000.
+  * haproxy.hosts\_ipv4
+  * haproxy.hosts\_ipv6
+  * headers.\*
+  * max.bytes
+  * max.line\_length
+  * max.data\_line\_length
+  * max.mime\_parts
+  * message.greeting
+  * message.close
+  * smtputf8
+  * strict\_rfc1869
+  * uuid.deny\_chars
+  * uuid.banner\_bytes
 
 * plugin\_timeout
 
@@ -81,59 +71,8 @@ The list of plugins to load
   If the plugin is in a sub-directory of plugins, then you must create this file
   in the equivalent path e.g. the queue/smtp_forward would need a timeout file in `config/queue/smtp_forward.timeout`
 
-* smtpgreeting
-
-  The greeting line used when a client connects. This can be multiple lines
-  if required (this may cause some connecting machines to fail - though
-  usually only spam-bots).
-
-* max\_received\_count
-
-  The maximum number of "Received" headers allowed in an email. This is a
-  simple protection against mail loops. Defaults to 100.
-
-* max\_line\_length
-
-  The maximum length of lines in SMTP session commands (e.g. RCPT, HELO etc).
-  Defaults to 512 (bytes) which is mandated by RFC 5321 §4.5.3.1.4. Clients
-  exceeding this limit will be immediately disconnected with a "521 Command
-  line too long" error.
-
-* max\_data\_line\_length
-
-  The maximum length of lines in the DATA section of emails. Defaults to 992
-  (bytes) which is the limit set by Sendmail. When this limit is exceeded the
-  three bytes "\r\n " (0x0d 0x0a 0x20) are inserted into the stream to "fix"
-  it. This has the potential to "break" some email, but makes it more likely
-  to be accepted by upstream/downstream services, and is the same behaviour
-  as Sendmail. Also when the data line length limit is exceeded
-  `transaction.notes.data_line_length_exceeded` is set to `true`.
-
-* outbound.concurrency\_max
-
-  Maximum concurrency to use when delivering mails outbound. Defaults to 100.
-
-* outbound.disabled
-
-  Put a `1` in this file to temporarily disable outbound delivery. Useful 
-  while figuring out network issues or testing.
+* outbound.ini
 
 * outbound.bounce\_message
 
-  The bounce message if delivery of the message fails. The default is normally fine. Bounce messages contain a number of template
-  replacement values which are best discovered by looking at the source code.
-
-* haproxy\_hosts
-
-  A list of HAProxy hosts that Haraka should enable the PROXY protocol from.
-  See [HAProxy.md](HAProxy.md)
-
-* max_mime_parts
-
-  Defaults to 1000. There's a potential denial of service in large numbers of
-  MIME parts in carefully crafted emails. If this limit is too low for some
-  reason you can increase it by setting a value in this file.
-
-* connection\_close\_message
-  
-  Defaults to `closing connection. Have a jolly good day.` can be overrridden with custom text
+  The bounce message if delivery of the message fails. The default is normally fine. Bounce messages contain a number of template replacement values which are best discovered by looking at the source code.

package/docs/HAProxy.md

@@ -1,34 +1,20 @@
-HAProxy PROXY protocol extension support
-========================================
+# HAProxy PROXY protocol extension support
 
-Haraka natively supports the PROXY protocol [1].
+Haraka supports PROXY protocol [1].
 
-This allows an upstream proxy to pass IP address and port of the client which
-Haraka will use instead of the socket IP address (which is of the proxy).
-This allows DNSBLs and access control lists to operate on the proxied address.
+This allows an upstream proxy to pass the IP address and port of the remote client. Haraka will use the remote IP instead of the socket IP address (which is the proxy). This allows DNSBLs and access control lists to use the correct source address.
 
-Support is disabled by default and if HAProxy or other attempts to send a
-PROXY command then Haraka will return a DENYSOFTDISCONNECT error.
-DENYSOFT is used to prevent configuration errors from rejecting valid mail.
+Support is disabled by default. Attempts to send a PROXY command will return a DENYSOFTDISCONNECT error. DENYSOFT is used to prevent configuration errors from rejecting valid mail.
 
-To enable support for PROXY you must create a `haproxy_hosts` configuration
-file which should contain a list of IP addresses of the HAProxy hosts
-that should be allowed to send the PROXY command. A range of IP
-addresses can be specified by it's CIDR network address.
+To enable support for PROXY you must populate connection.ini[haproxy]hosts[] with the IP addresses of the HAProxy hosts that MUST send the PROXY command. Ranges can be specified with CIDR notation.
 
-When a host connects to Haraka that matches an IP address present in the
-`haproxy_hosts` file - a banner is not sent, instead Haraka waits for the
-PROXY command to be sent before proceeding.  The connection will timeout
-with `421 PROXY timed out` if the command is not sent within 30 seconds.
+When a proxy host connects to Haraka, a banner is not sent. Instead Haraka awaits the PROXY command. The connection will timeout with `421 PROXY timed out` if the command is not sent within 30 seconds.
 
-NOTE: because Haraka does not send a banner when a listed HAProxy host
-connects you must set check-send-proxy to ensure that the service checks
-send a PROXY command before they run.
+NOTE: because Haraka does not send a banner when a listed HAProxy host connects you must set check-send-proxy to ensure that the service checks send a PROXY command before they run.
 
 [1] http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
 
-HAProxy supports the PROXY protocol in version 1.5 or later however there
-are patches available to add support for 1.4.
+HAProxy supports the PROXY protocol in version 1.5 or later.
 
 Here is an example listener section for haproxy.cfg:
 
@@ -45,13 +31,9 @@ listen smtp :25
         server smtp5 ip.of.haraka.server5:25 check-send-proxy check inter 10s send-proxy
 ```
 
-The important part is `send-proxy` which causes HAProxy to send the PROXY
-extension on connection.
+The important part is `send-proxy` which causes HAProxy to send the PROXY extension on connection.
 
-When using `option smtpchk` you will see CONNRESET errors reported in the Haraka logs as
-smtpchk drops the connection before the HELO response is still being written.
-You can use the `option tcp-check` instead to provide a better service check by having
-the check wait for the banner, send QUIT and then check the response:
+When using `option smtpchk` you will see CONNRESET errors reported in the Haraka logs as smtpchk drops the connection before the HELO response is still being written. You can use the `option tcp-check` instead to provide a better service check by having the check wait for the banner, send QUIT and then check the response:
 
 ```
         option tcp-check

package/docs/Outbound.md

@@ -51,8 +51,7 @@ Default: false. By default, outbound to a local IP is disabled, to avoid creatin
 
 * `temp_fail_intervals`
 
-Set this to specify the delay intervals to use between trying to re-send an email that has a temporary failure condition.  The setting is a comma separated list of time spans and multipliers.  The time span is a number followed by `s`, `m`, `h`, or `d` to represent seconds, minutes, hours, and days, respectively.  The multiplier is an asterisk followed by an integer representing the number of times to repeat the interval. For example, the entry `1m, 5m*2, 1h*3` results in an array of delay times of
-`[60,300,300,3600,3600,3600]` in seconds.  The email will be bounced when the array runs out of intervals (the 7th failure in this case).  Set this to `none` to bounce the email on the first temporary failure.
+Set this to specify the delay intervals to use between trying to re-send an email that has a temporary failure condition. The setting is a comma separated list of time spans and multipliers. The time span is a number followed by `s`, `m`, `h`, or `d` to represent seconds, minutes, hours, and days, respectively. The multiplier is an asterisk followed by an integer representing the number of times to repeat the interval. For example, the entry `1m, 5m*2, 1h*3` results in an array of delay times of `[60,300,300,3600,3600,3600]` in seconds. The email will be bounced when the array runs out of intervals (the 7th failure in this case). Set this to `none` to bounce the email on the first temporary failure.
 
 ### outbound.bounce\_message
 
@@ -137,11 +136,11 @@ Parameters: `next, hmail, params`
 Params is a list of: `[host, ip, response, delay, port, mode, ok_recips, secured]`
 
 When mails are successfully delivered to the remote end then the `delivered` hook is called. The return codes from this hook have no effect, so it is only useful for logging the fact that a successful delivery occurred.
- 
+
 * `host` - Hostname of the MX that the message was delivered to,
 * `ip` - IP address of the host that the message was delivered to,
 * `response` - Variable contains the SMTP response text returned by the host that received the message and will typically contain the remote queue ID and
-* `delay` - Time taken between the queue file being created and the  message being delivered.
+* `delay` - Time taken between the queue file being created and the message being delivered.
 * `port` - Port number that the message was delivered to.
 * `mode` - Shows whether SMTP or LMTP was used to deliver the mail.
 * `ok_recips` - an `Address`<sup>[1](#fn1)</sup> array containing all of the recipients that were successfully delivered to.
@@ -149,7 +148,7 @@ When mails are successfully delivered to the remote end then the `delivered` hoo
 
 ## Outbound IP address
 
-Normally the OS will decide which IP address will be used for outbound  connections using the IP routing table.  
+Normally the OS will decide which IP address will be used for outbound connections using the IP routing table.
 
 There are instances where you may want to separate outbound traffic on different IP addresses based on sender, domain or some other identifier. To do this, the IP address that you want to use *must* be bound to an interface (or alias) on the local system.
 
@@ -235,9 +234,9 @@ Where `options` is a Object that may contain the following keys:
 |------------------------|-------------|
 | `dot_stuffed: true`    | Use this if you are passing your content dot-stuffed (a dot at the start of a line is doubled, like it is in SMTP conversation, see [RFC 2821][url-rfc2821].|
 | `notes: { key: value}` | In case you need notes in the new transaction that `send_email()` creates. |
-| `remove_msgid: true`   | Remove any Message-Id header found in the message.  If you are reading a message in from the filesystem and you want to ensure that a generated Message-Id header is used in preference over the original.  This is useful if you are releasing mail from a quarantine. |
-| `remove_date: true`    | Remove any Date header found in the message.  If you are reading a message in from the filesystem and you want to ensure that a generated Date header is used in preference over the original.  This is useful if you are releasing mail from a quarantine. |
-| `origin: Object`       | Adds object as argument to logger.log calls inside outbound.send_email. Useful for tracking which Plugin/Connection/HMailItem object generated email. | 
+| `remove_msgid: true`   | Remove any Message-Id header found in the message. If you are reading a message in from the filesystem and you want to ensure that a generated Message-Id header is used in preference over the original. This is useful if you are releasing mail from a quarantine. |
+| `remove_date: true`    | Remove any Date header found in the message. If you are reading a message in from the filesystem and you want to ensure that a generated Date header is used in preference over the original. This is useful if you are releasing mail from a quarantine. |
+| `origin: Object`       | Adds object as argument to logger.log calls inside outbound.send_email. Useful for tracking which Plugin/Connection/HMailItem object generated email. |
 
 
 ```js
@@ -248,4 +247,4 @@ outbound.send_email(from, to, contents, outnext, { notes: transaction.notes });
 
 [url-tls]: https://haraka.github.io/plugins/tls
 [url-harakamx]: https://github.com/haraka/haraka-net-utils?tab=readme-ov-file#harakamx
-[url-rfc2821]: https://tools.ietf.org/html/rfc2821#section-4.5.2
+[url-rfc2821]: https://tools.ietf.org/html/rfc2821#section-4.5.2

package/docs/plugins/aliases.md

@@ -1,5 +1,4 @@
-aliases
-=======
+# aliases
 
 This plugin allows one to configure aliases that may perform an action or
 change the RCPT address in a number of ways.  All aliases are specified in
@@ -12,8 +11,7 @@ that run on hook_rcpt
 
 WARNING: DO NOT USE THIS PLUGIN WITH queue/smtp\_proxy.
 
-Configuration
--------------
+## Configuration
 
 * aliases
 
@@ -135,8 +133,8 @@ Configuration
             aliases on a single domain that map to other local parts at the
             same domain.
 
-Example Configuration
----------------------
+### Example Configuration
+
 {
     "test1" : { "action" : "drop" },
     "test2" : { "action" : "drop" },

package/docs/plugins/block_me.md

@@ -1,5 +1,4 @@
-block\_me
-========
+# block\_me
 
 This plugin allows you to configure an address which mail sent to will be
 parsed for a From: address in the body of the message, and will add that
@@ -10,8 +9,7 @@ particular mailbox to block them in the future.
 
 Note that this is a system-wide block, and not per-user. Be careful with this.
 
-Configuration
--------------
+## Configuration
 
 * `config/block_me.recipient` - a file containing the address to email to
   get something blocked. For example: **spam@domain.com**.

package/docs/plugins/data.signatures.md

@@ -1,12 +1,10 @@
-data.signatures
-===============
+# data.signatures
 
 This plugin allows you to add string signatures to a configuration file and
 have this plugin scan the body text of an email for those strings. Mails
 matching these signatures will be blocked.
 
-Configuration
--------------
+## Configuration
 
 * data.signatures
 

package/docs/plugins/max_unrecognized_commands.md

@@ -1,5 +1,4 @@
-max\_unrecognized\_commands
-=========================
+# max\_unrecognized\_commands
 
 This plugin places a maximum limit on the number of unrecognized commands
 allowed before recognising that the connection is bad.
@@ -13,8 +12,7 @@ runs after any plugins that use the unrecognized_command hook to implement
 other SMTP verbs and extensions (such as the auth/* plugins), otherwise
 commands valid for these plugins will be counted as unknown by this plugin.
 
-Configuration
--------------
+## Configuration
 
 * max\_unrecognized\_commands
 

package/docs/plugins/prevent_credential_leaks.md

@@ -1,5 +1,4 @@
-prevent\_credential\_leaks
-========
+# prevent\_credential\_leaks
 
 This plugin prevents an authenticated user (via SMTP AUTH) from sending
 their username and password out in a message (e.g. like replying to a
@@ -16,9 +15,7 @@ Note that if the username is qualified e.g. user@domain.com - then the
 plugin will search for both `user` and `user@domain.com` for maximum 
 effectiveness.
 
-
-Configuration
--------------
+## Configuration
 
 No configuration is required.  Simply add the plugin to your `config/plugins`
 file.  It should be added before any other plugins that run on hook_data_post

package/docs/plugins/process_title.md

@@ -1,5 +1,4 @@
-process\_title
-=============
+# process\_title
 
 This plugin causes the process title seen by the UNIX 'ps' command to
 be modified from this:

package/docs/plugins/queue/test.md

@@ -0,0 +1,9 @@
+queue/test
+==========
+
+This plugin saves incoming E-Mail to your temporary directory, as `mail_{message_id}.eml`, where message_id is a UUID.
+
+This plugin can be useful to quickly test if you're able to receive incoming E-Mail and just dump them to disk.
+
+The temporary directory is determined using Node's [`os.tmpdir()`](https://nodejs.org/api/os.html#ostmpdir), which respects standard platform configurations.
+

package/docs/plugins/rcpt_to.in_host_list.md

@@ -1,5 +1,4 @@
-rcpt\_to.in\_host\_list
-=====================
+# rcpt\_to.in\_host\_list
 
 This plugin is the mainstay of an inbound Haraka server. It should list the
 domains that are local to the host. Mails that have RCPT TO not matching

package/docs/plugins/rcpt_to.max_count.md

@@ -1,11 +1,3 @@
-rcpt\_to.max\_count
-=================
+# rcpt\_to.max\_count
 
-This plugin sets a maximum limit on RCPT TOs. Violators will be disconnected.
-
-Configuration
--------------
-
-* rcpt\_to.max\_count
-
-  The maximum number of recipients. Default: 40.
+The functionality of this plugin was integrated in to [haraka-plugin-limit](https://github.com/haraka/haraka-plugin-limit).