Haraka 3.1.0 → 3.1.2

package/plugins/block_me.js

@@ -3,84 +3,84 @@
 // in the mail_from.blocklist file. You need to be running the
 // mail_from.blocklist plugin for this to work fully.
 
-const fs    = require('node:fs');
-const utils = require('haraka-utils');
+const fs = require('node:fs')
+const utils = require('haraka-utils')
 
 exports.hook_data = (next, connection) => {
     // enable mail body parsing
-    connection.transaction.parse_body = true;
-    next();
+    connection.transaction.parse_body = true
+    next()
 }
 
 exports.hook_data_post = function (next, connection) {
-    if (!connection?.relaying || !connection?.transaction) return next();
+    if (!connection?.relaying || !connection?.transaction) return next()
 
-    const recip = (this.config.get('block_me.recipient') || '').toLowerCase();
-    const senders = this.config.get('block_me.senders', 'list');
+    const recip = (this.config.get('block_me.recipient') || '').toLowerCase()
+    const senders = this.config.get('block_me.senders', 'list')
 
     // Make sure only 1 recipient
     if (connection.transaction.rcpt_to.length != 1) {
-        return next();
+        return next()
     }
 
     // Check recipient is the right one
     if (connection.transaction.rcpt_to[0].address().toLowerCase() != recip) {
-        return next();
+        return next()
     }
 
     // Check sender is in list
-    const sender = connection.transaction.mail_from.address();
+    const sender = connection.transaction.mail_from.address()
     if (!utils.in_array(sender, senders)) {
-        return next(DENY, `You are not allowed to block mail, ${sender}`);
+        return next(DENY, `You are not allowed to block mail, ${sender}`)
     }
 
     // Now extract the "From" from the body...
-    const to_block = extract_from_line(connection.transaction.body);
+    const to_block = extract_from_line(connection.transaction.body)
     if (!to_block) {
-        connection.logerror(this, "No sender found in email");
-        return next();
+        connection.logerror(this, 'No sender found in email')
+        return next()
     }
 
-    connection.loginfo(this, `Blocking new sender: ${to_block}`);
+    connection.loginfo(this, `Blocking new sender: ${to_block}`)
 
-    connection.transaction.notes.block_me = 1;
+    connection.transaction.notes.block_me = 1
 
     // add to mail_from.blocklist
     fs.open('./config/mail_from.blocklist', 'a', (err, fd) => {
         if (err) {
-            connection.logerror(this, `Unable to append to mail_from.blocklist: ${err}`);
-            return;
+            connection.logerror(this, `Unable to append to mail_from.blocklist: ${err}`)
+            return
         }
         fs.write(fd, `${to_block}\n`, null, 'UTF-8', (err2, written) => {
-            fs.close(fd);
-        });
-    });
+            fs.close(fd)
+        })
+    })
 
-    next();
+    next()
 }
 
 exports.hook_queue = (next, connection) => {
     if (connection.transaction.notes.block_me) {
         // pretend we queued this mail
-        return next(OK);
+        return next(OK)
     }
 
-    next();
+    next()
 }
 
 // Example: From: 	Site Tucano Gold <contato@tucanogold.com.br>
-function extract_from_line (body) {
-    const matches = body.bodytext.match(/\bFrom:[^<\n]*<([^>\n]*)>/);
+function extract_from_line(body) {
+    const matches = body.bodytext.match(/\bFrom:[^<\n]*<([^>\n]*)>/)
     if (matches) {
-        return matches[1];
+        return matches[1]
     }
 
-    for (let i=0,l=body.children.length; i < l; i++) {
-        const from = extract_from_line(body.children[i]);
+    for (let i = 0, l = body.children.length; i < l; i++) {
+        const from = extract_from_line(body.children[i])
         if (from) {
-            return from;
+            return from
         }
     }
 
-    return null;
+    return null
 }

package/plugins/data.signatures.js

@@ -1,30 +1,30 @@
-'use strict';
+'use strict'
 // Simple string signatures
 
 exports.hook_data = (next, connection) => {
     // enable mail body parsing
-    if (connection?.transaction) connection.transaction.parse_body = true;
-    next();
+    if (connection?.transaction) connection.transaction.parse_body = true
+    next()
 }
 
 exports.hook_data_post = function (next, connection) {
-    if (!connection?.transaction) return next();
+    if (!connection?.transaction) return next()
 
-    const sigs = this.config.get('data.signatures', 'list');
+    const sigs = this.config.get('data.signatures', 'list')
 
     if (check_sigs(sigs, connection.transaction.body)) {
-        return next(DENY, "Mail matches a known spam signature");
+        return next(DENY, 'Mail matches a known spam signature')
     }
-    next();
+    next()
 }
 
-function check_sigs (sigs, body) {
-    for (let i=0,l=sigs.length; i < l; i++) {
-        if (body.bodytext.includes(sigs[i])) return 1;
+function check_sigs(sigs, body) {
+    for (let i = 0, l = sigs.length; i < l; i++) {
+        if (body.bodytext.includes(sigs[i])) return 1
     }
 
-    for (let i=0,l=body.children.length; i < l; i++) {
-        if (check_sigs(sigs, body.children[i])) return 1;
+    for (let i = 0, l = body.children.length; i < l; i++) {
+        if (check_sigs(sigs, body.children[i])) return 1
     }
-    return 0;
+    return 0
 }

package/plugins/delay_deny.js

@@ -1,61 +1,65 @@
 /*
-** delay_deny
-**
-** This plugin delays all pre-DATA 'deny' results until the recipients are sent
-** and all post-DATA commands until all hook_data_post plugins have run.
-** This allows relays and authenticated users to bypass pre-DATA rejections.
-*/
+ ** delay_deny
+ **
+ ** This plugin delays all pre-DATA 'deny' results until the recipients are sent
+ ** and all post-DATA commands until all hook_data_post plugins have run.
+ ** This allows relays and authenticated users to bypass pre-DATA rejections.
+ */
 
 exports.hook_deny = function (next, connection, params) {
     /* params
-    ** [0] = plugin return value (DENY or DENYSOFT)
-    ** [1] = plugin return message
-    */
+     ** [0] = plugin return value (DENY or DENYSOFT)
+     ** [1] = plugin return message
+     */
 
-    const pi_name     = params[2];
-    const pi_function = params[3];
+    const pi_name = params[2]
+    const pi_function = params[3]
     // var pi_params   = params[4];
-    const pi_hook     = params[5];
+    const pi_hook = params[5]
 
-    const { transaction } = connection;
+    const { transaction } = connection
 
     // Don't delay ourselves...
-    if (pi_name == 'delay_deny') return next();
+    if (pi_name == 'delay_deny') return next()
 
     // Load config
-    const cfg = this.config.get('delay_deny.ini');
-    let skip;
-    let included;
+    const cfg = this.config.get('delay_deny.ini')
+    let skip
+    let included
     if (cfg.main.included_plugins) {
-        included = cfg.main.included_plugins.split(/[;, ]+/);
-    }
-    else if (cfg.main.excluded_plugins) {
-        skip = cfg.main.excluded_plugins.split(/[;, ]+/);
+        included = cfg.main.included_plugins.split(/[;, ]+/)
+    } else if (cfg.main.excluded_plugins) {
+        skip = cfg.main.excluded_plugins.split(/[;, ]+/)
     }
 
     // 'included' mode: only delay deny plugins in the included list
     if (included?.length) {
-        if (!included.includes(pi_name) &&
+        if (
+            !included.includes(pi_name) &&
             !included.includes(`${pi_name}:${pi_hook}`) &&
-            !included.includes(`${pi_name}:${pi_hook}:${pi_function}`)) {
-            return next();
+            !included.includes(`${pi_name}:${pi_hook}:${pi_function}`)
+        ) {
+            return next()
         }
-    }
-    else if (skip?.length) { // 'excluded' mode: delay deny everything except in skip list
+    } else if (skip?.length) {
+        // 'excluded' mode: delay deny everything except in skip list
         // Skip by <plugin name>
         if (skip.includes(pi_name)) {
-            connection.logdebug(this, `not delaying excluded plugin: ${pi_name}`);
-            return next();
+            connection.logdebug(this, `not delaying excluded plugin: ${pi_name}`)
+            return next()
         }
         // Skip by <plugin name>:<hook>
         if (skip.includes(`${pi_name}:${pi_hook}`)) {
-            connection.logdebug(this, `not delaying excluded hook: ${pi_hook} in plugin: ${pi_name}`);
-            return next();
+            connection.logdebug(this, `not delaying excluded hook: ${pi_hook} in plugin: ${pi_name}`)
+            return next()
         }
         // Skip by <plugin name>:<hook>:<function name>
         if (skip.includes(`${pi_name}:${pi_hook}:${pi_function}`)) {
-            connection.logdebug(this, `not delaying excluded function: ${pi_function} on hook: ${pi_hook} in plugin: ${pi_name}`);
-            return next();
+            connection.logdebug(
+                this,
+                `not delaying excluded function: ${pi_function} on hook: ${pi_hook} in plugin: ${pi_name}`,
+            )
+            return next()
         }
     }
 
@@ -66,84 +70,84 @@ exports.hook_deny = function (next, connection, params) {
         case 'ehlo':
         case 'helo':
             if (!connection.notes.delay_deny_pre) {
-                connection.notes.delay_deny_pre = [];
+                connection.notes.delay_deny_pre = []
             }
-            connection.notes.delay_deny_pre.push(params);
+            connection.notes.delay_deny_pre.push(params)
             if (!connection.notes.delay_deny_pre_fail) {
-                connection.notes.delay_deny_pre_fail = {};
+                connection.notes.delay_deny_pre_fail = {}
             }
-            connection.notes.delay_deny_pre_fail[pi_name] = 1;
-            return next(OK);
+            connection.notes.delay_deny_pre_fail[pi_name] = 1
+            return next(OK)
         // Pre-DATA transaction delays
         case 'mail':
         case 'rcpt':
         case 'rcpt_ok':
             if (!transaction.notes.delay_deny_pre) {
-                transaction.notes.delay_deny_pre = [];
+                transaction.notes.delay_deny_pre = []
             }
-            transaction.notes.delay_deny_pre.push(params);
+            transaction.notes.delay_deny_pre.push(params)
             if (!transaction.notes.delay_deny_pre_fail) {
-                transaction.notes.delay_deny_pre_fail = {};
+                transaction.notes.delay_deny_pre_fail = {}
             }
-            transaction.notes.delay_deny_pre_fail[pi_name] = 1;
-            return next(OK);
+            transaction.notes.delay_deny_pre_fail[pi_name] = 1
+            return next(OK)
         // Post-DATA delays
         case 'data':
         case 'data_post':
-            // fall through
+        // fall through
         default:
             // No delays
-            next();
+            next()
     }
 }
 
 exports.hook_rcpt_ok = function (next, connection, rcpt) {
-    const transaction = connection?.transaction;
-    if  (!transaction) return next();
+    const transaction = connection?.transaction
+    if (!transaction) return next()
 
     // Bypass all pre-DATA deny for AUTH/RELAY
     if (connection.relaying) {
-        connection.loginfo(this, 'bypassing all pre-DATA deny: AUTH/RELAY');
-        return next();
+        connection.loginfo(this, 'bypassing all pre-DATA deny: AUTH/RELAY')
+        return next()
     }
 
     // Apply any delayed rejections
     // Check connection level pre-DATA rejections first
     if (connection.notes?.delay_deny_pre) {
         for (const params of connection.notes.delay_deny_pre) {
-            return next(params[0], params[1]);
+            return next(params[0], params[1])
         }
     }
 
     // Then check transaction level pre-DATA
     if (transaction.notes?.delay_deny_pre) {
-        for (let i=0; i<transaction.notes.delay_deny_pre.length; i++) {
-            const params = transaction.notes.delay_deny_pre[i];
+        for (let i = 0; i < transaction.notes.delay_deny_pre.length; i++) {
+            const params = transaction.notes.delay_deny_pre[i]
 
             // Remove rejection from the array if it was on the rcpt hooks
             if (params[5] === 'rcpt' || params[5] === 'rcpt_ok') {
-                transaction.notes.delay_deny_pre.splice(i, 1);
+                transaction.notes.delay_deny_pre.splice(i, 1)
             }
 
-            return next(params[0], params[1]);
+            return next(params[0], params[1])
         }
     }
-    next();
+    next()
 }
 
 exports.hook_data = (next, connection) => {
-    const transaction = connection?.transaction;
-    if (!transaction) return next();
+    const transaction = connection?.transaction
+    if (!transaction) return next()
 
     // Add a header showing all pre-DATA rejections
-    const fails = [];
+    const fails = []
     if (connection.notes?.delay_deny_pre_fail) {
-        fails.push.apply(Object.keys(connection.notes.delay_deny_pre_fail));
+        fails.push.apply(Object.keys(connection.notes.delay_deny_pre_fail))
     }
     if (transaction.notes?.delay_deny_pre_fail) {
-        fails.push.apply(Object.keys(transaction.notes.delay_deny_pre_fail));
+        fails.push.apply(Object.keys(transaction.notes.delay_deny_pre_fail))
     }
-    if (fails.length) transaction.add_header('X-Haraka-Fail-Pre', fails.join(' '));
+    if (fails.length) transaction.add_header('X-Haraka-Fail-Pre', fails.join(' '))
 
-    next();
+    next()
 }

package/plugins/prevent_credential_leaks.js

@@ -1,59 +1,59 @@
 // Prevent a user from sending their AUTH credentials
 // This is a simple, primitive form of anti-phishing.
 
-function escapeRegExp (str) {
-    return str.replace(/[-[\]/{}()*+?.\\^$|]/g, "\\$&");
+function escapeRegExp(str) {
+    return str.replace(/[-[\]/{}()*+?.\\^$|]/g, '\\$&')
 }
 
 exports.hook_data = (next, connection) => {
     const { notes, transaction } = connection ?? {}
 
     if (transaction && notes?.auth_user && notes.auth_passwd) {
-        transaction.parse_body = true;
+        transaction.parse_body = true
     }
-    next();
+    next()
 }
 
 exports.hook_data_post = (next, connection) => {
     if (!(connection.notes.auth_user && connection.notes.auth_passwd)) {
-        return next();
+        return next()
     }
 
-    let user = connection.notes.auth_user;
-    let domain;
+    let user = connection.notes.auth_user
+    let domain
     const idx = user.indexOf('@')
     if (idx) {
         // If the username is qualified (e.g. user@domain.com)
         // then we make the @domain.com part optional in the regexp.
-        domain = user.substr(idx);
-        user = user.substr(0, idx);
+        domain = user.substr(idx)
+        user = user.substr(0, idx)
     }
-    const passwd        = connection.notes.auth_passwd;
-    const bound_regexp  = "(?:\\b|\\B)";
-    const passwd_regexp = new RegExp(bound_regexp + escapeRegExp(passwd) + bound_regexp, 'm');
-    const user_regexp   = new RegExp(bound_regexp +
-                                   escapeRegExp(user) +
-                                   (domain ? `(?:${escapeRegExp(domain)})?` : '') +
-                                   bound_regexp, 'im');
+    const passwd = connection.notes.auth_passwd
+    const bound_regexp = '(?:\\b|\\B)'
+    const passwd_regexp = new RegExp(bound_regexp + escapeRegExp(passwd) + bound_regexp, 'm')
+    const user_regexp = new RegExp(
+        bound_regexp + escapeRegExp(user) + (domain ? `(?:${escapeRegExp(domain)})?` : '') + bound_regexp,
+        'im',
+    )
 
     if (look_for_credentials(user_regexp, passwd_regexp, connection?.transaction?.body)) {
-        return next(DENY, "Credential leak detected: never give out your username/password to anyone!");
+        return next(DENY, 'Credential leak detected: never give out your username/password to anyone!')
     }
 
-    next();
+    next()
 }
 
-function look_for_credentials (user_regexp, passwd_regexp, body) {
+function look_for_credentials(user_regexp, passwd_regexp, body) {
     if (user_regexp.test(body.bodytext) && passwd_regexp.test(body.bodytext)) {
-        return true;
+        return true
     }
 
     // Check all child parts
-    for (let i=0,l=body.children.length; i < l; i++) {
+    for (let i = 0, l = body.children.length; i < l; i++) {
         if (look_for_credentials(user_regexp, passwd_regexp, body.children[i])) {
-            return true;
+            return true
         }
     }
 
-    return false;
+    return false
 }