Haraka 3.1.1 → 3.1.2

package/docs/plugins/tarpit.md

@@ -1,14 +1,13 @@
 # tarpit
 
 This plugin is designed to introduce deliberate delays on the response
-of every hook in order to slow down a connection.  It has no
+of every hook in order to slow down a connection. It has no
 configuration and is designed to be used only by other plugins.
 
 It must be loaded early in config/plugins (e.g. before any plugins
-that accept recipients or that return OK) but must be loaded *after*
+that accept recipients or that return OK) but must be loaded _after_
 any plugins that wish to use it.
 
-
 ## Usage
 
 To use this plugin in another plugin set:
@@ -19,26 +18,24 @@ or
 
     connection.transaction.notes.tarpit = <seconds to delay>;
 
-
 ## Configuration
 
 The configuration file for tarpit is config/tarpit.ini.
 
-* hooks\_to\_delay - a list of hooks to delay at. This setting can be used to
+- hooks_to_delay - a list of hooks to delay at. This setting can be used to
   override the default list in the plugin. For example, if you notice that
-  malware is disconnecting after delaying rcpt\_ok, you can remove just that
+  malware is disconnecting after delaying rcpt_ok, you can remove just that
   hook from the list:
 
-hooks\_to\_delay=connect,helo,ehlo,mail,rcpt,data,data\_post,queue,unrecognized\_command,vrfy,noop,rset,quit
-
+hooks_to_delay=connect,helo,ehlo,mail,rcpt,data,data_post,queue,unrecognized_command,vrfy,noop,rset,quit
 
 ## Plugin Timeout
 
 config/tarpit.timeout (Default: 0)
 
-All Haraka plugins can configure a *name*.timeout file. The timeout specifies
+All Haraka plugins can configure a _name_.timeout file. The timeout specifies
 how long Haraka lets the plugin do nothing before it times out. When zero,
-there is no timeout. When non-zero and *seconds to delay* is longer than
+there is no timeout. When non-zero and _seconds to delay_ is longer than
 tarpit.timeout (default: 1s), you'll get errors like this in your log files:
 
     [core] Plugin tarpit timed out on hook rcpt - make sure it calls the callback
@@ -47,7 +44,6 @@ tarpit.timeout (default: 1s), you'll get errors like this in your log files:
 The solution is to set the contents of config/tarpit.timeout to zero or
 **seconds to delay** + 1.
 
-
 ## Logging
 
 When tarpitting a command it will log 'tarpitting response for Ns' to

package/docs/plugins/tls.md

@@ -32,21 +32,21 @@ An example [acme.sh](https://acme.sh) deployment [script](https://github.com/msi
 
 ### Wild Wild West
 
-PEM encoded TLS certificates and keys can be stored in files in `config/tls`. The certificate loader is recursive, so TLS files can be in subdirs like `config/tls/mx1.example.com`. The certificate names are parsed from the 1st cert in each file and indexed by the certs Common Name(s). Subject Alternate Names are supported. The file name containing the certificates does *not* matter. Additional certificates within each file are presumed to be CA chain (intermediate) certificates.
+PEM encoded TLS certificates and keys can be stored in files in `config/tls`. The certificate loader is recursive, so TLS files can be in subdirs like `config/tls/mx1.example.com`. The certificate names are parsed from the 1st cert in each file and indexed by the certs Common Name(s). Subject Alternate Names are supported. The file name containing the certificates does _not_ matter. Additional certificates within each file are presumed to be CA chain (intermediate) certificates.
 
 If the TLS key is stored in the same file as the matching certificate, then the name of the file does not matter. If the TLS key is alone in a file, the file MUST be named with the keys Common Name. The file extension does not matter, `.pem` and `.key` are common. If the key is used for multiple CNs, the key must be stored in a file name matching each CN. Examples of working TLS key/cert file pairs for the Common Name mx1.example.com:
 
 1. certificate bundle (see above), key & cert in same file
-    - config/tls/mx1.example.com.pem (recommended)
-    - config/tls/any-unique-name.pem (CN is extracted from 1st cert)
+   - config/tls/mx1.example.com.pem (recommended)
+   - config/tls/any-unique-name.pem (CN is extracted from 1st cert)
 2. files in TLS dir
-    - config/tls/mx1.example.com.crt
-    - config/tls/mx1.example.com.key
+   - config/tls/mx1.example.com.crt
+   - config/tls/mx1.example.com.key
 3. files in subdir
-    - config/tls/example.com/mx1.cert
-    - config/tls/example.com/mx1.example.com.key
-4. wildcard bundle on Windows platform (* is not allowed in file names)
-    - config/tls/_.example.com.pem
+   - config/tls/example.com/mx1.cert
+   - config/tls/example.com/mx1.example.com.key
+4. wildcard bundle on Windows platform (\* is not allowed in file names)
+   - config/tls/\_.example.com.pem
 
 ## Purchased Certificate
 
@@ -129,7 +129,7 @@ no_starttls_ports[]=2525
 
 ### force_tls_hosts
 
-For known good TLS hosts, it's possible to force that the outbound mailer will only connect via secure sockets. This makes Haraka use *forced TLS* instead of *opportunistic TLS*. For forced TLS, the STARTTLS upgrade must succeed with a valid certificate (overriding `rejectUnauthorized`). The list is matched both against the host (MX record or `nexthop` in `relay_dest_domains.ini`), and the domain name of the email address.
+For known good TLS hosts, it's possible to force that the outbound mailer will only connect via secure sockets. This makes Haraka use _forced TLS_ instead of _opportunistic TLS_. For forced TLS, the STARTTLS upgrade must succeed with a valid certificate (overriding `rejectUnauthorized`). The list is matched both against the host (MX record or `nexthop` in `relay_dest_domains.ini`), and the domain name of the email address.
 
 Note: unlike `no_tls_hosts`, this feature is implemented as an array:
 
@@ -153,11 +153,11 @@ See also: [Mozilla SSL configuration generator](https://ssl-config.mozilla.org/)
 
 Specifies minimum allowable TLS protocol version to use. Example:
 
-     minVersion=TLSv1.1 
+     minVersion=TLSv1.1
 
 If unset, the default is node's tls.DEFAULT_MIN_VERSION constant.
 
-(**Node.js 11.4+ required**, for older instances you can use *secureProtocol* settings)
+(**Node.js 11.4+ required**, for older instances you can use _secureProtocol_ settings)
 
 ### honorCipherOrder
 
@@ -178,14 +178,12 @@ Whether Haraka should request a certificate from a connecting client.
 
     requestCert=[true|false]  (default: true)
 
-
 ### rejectUnauthorized
 
 Reject connections from clients without a CA validated TLS certificate.
 
     rejectUnauthorized=[true|false]  (default: false)
 
-
 ### requireAuthorized
 
 When `rejectUnauthorized=false`, require validated TLS certificates on just the specified ports.
@@ -195,7 +193,6 @@ requireAuthorized[]=465
 ;requireAuthorized[]=587
 ```
 
-
 ### secureProtocol
 
 Specifies the OpenSSL API function used for handling the TLS session. Choose
@@ -203,7 +200,6 @@ one of the methods described at the
 [OpenSSL API page](https://www.openssl.org/docs/manmaster/ssl/ssl.html).
 The default is `SSLv23_method`.
 
-
 ### requestOCSP
 
 Specifies that OCSP Stapling should be enabled, according to RFC 6066.
@@ -218,7 +214,6 @@ they are valid, and get refreshed after that time. A server restart
 requires the OCSP responses to be fetched again upon the first client
 connection.
 
-
 ## Inbound Specific Configuration
 
 By default the above options are shared with outbound mail (either

package/docs/plugins/toobusy.md

@@ -1,6 +1,6 @@
 # toobusy
 
-This plugin will stop Haraka accepting new connections when the event loop 
+This plugin will stop Haraka accepting new connections when the event loop
 latency is too high.
 
 See https://github.com/STRML/node-toobusy for details.
@@ -8,13 +8,13 @@ See https://github.com/STRML/node-toobusy for details.
 To use this plugin you have to install the 'toobusy-js' module by running
 'npm install toobusy-js' in your Haraka configuration directory.
 
-This plugin should be listed at the top of your config/plugins file so that 
-it runs before any other plugin that hooks lookup\_rdns.
+This plugin should be listed at the top of your config/plugins file so that
+it runs before any other plugin that hooks lookup_rdns.
 
 ## Configuration
 
 If you wish to override the default maxLag value of 70ms then add the desired
-value to config/toobusy.maxlag.  This can be set and changed at runtime and
+value to config/toobusy.maxlag. This can be set and changed at runtime and
 no restart is required.
 
 Note that if you set the maxLag value to <10 then this will cause the toobusy

package/docs/plugins/xclient.md

@@ -4,7 +4,7 @@ Implements the [XCLIENT](http://www.postfix.org/XCLIENT_README.html) protocol.
 
 ## configuration
 
-* xclient.hosts
+- xclient.hosts
 
-    A list of IP addresses, one per line that should be allowed to use the 
-    XCLIENT protocol.  Localhost (127.0.0.1 or ::1) is allowed implicitly.
+  A list of IP addresses, one per line that should be allowed to use the
+  XCLIENT protocol. Localhost (127.0.0.1 or ::1) is allowed implicitly.

package/docs/tutorials/Migrating_from_v1_to_v2.md

@@ -1,47 +1,26 @@
-Migrating from Haraka v1.x to v2.x
-==================================
+# Migrating from Haraka v1.x to v2.x
 
-Haraka v2.x contains two significant changes to the v1.x API related to
-streams.
+Haraka v2.x contains two significant changes to the v1.x API related to streams.
 
-Streams are an abstraction over a data flow that is provided by Node core
-and is used throughout node to "pipe" data between two places or more. This
-makes programming very easy, and is hence why we started using them in Haraka
-starting with version 2.0.0.
+Streams are an abstraction over a data flow that is provided by Node core and is used throughout node to "pipe" data between two places or more. This makes programming very easy, and is hence why we started using them in Haraka starting with version 2.0.0.
 
-For more information about the Stream API, see 
-http://nodejs.org/api/stream.html
+For more information about the Stream API, see http://nodejs.org/api/stream.html
 
-It's important to note that if you are using standard Haraka plugins then
-it's very unlikely you will need to change anything. Though you may want
-to configure `spool_dir` and `spool_after` in `config/smtp.ini`. However if
-you have written custom plugins, continue reading.
+Note that when using bundled Haraka plugins, it's very unlikely you will need to change anything. Though you may want to configure `spool_dir` and `spool_after` in `config/smtp.ini`. If you have custom plugins, continue reading.
 
-Changes To Look For
--------------------
+## Changes To Look For
 
-Firstly, the incoming data in an email (the email body) is now stored in an
-object which you can treat as a ReadableStream. To find if this is relevant
-for you, look for instances of `data_lines` in your plugins.
+Firstly, the incoming data in an email (the email body) is now stored in an object which you can treat as a ReadableStream. To find if this is relevant for you, look for instances of `data_lines` in your plugins.
 
-Secondly, if you parse the mail body, attachments are now provided as a
-stream, rather than custom start/data/end events. To find if this is relevant
-for you, look for instances of `attachment_hooks` in your plugins.
+Secondly, if you parse the mail body, attachments are now provided as a stream, rather than custom start/data/end events. To find if this is relevant for you, look for instances of `attachment_hooks` in your plugins.
 
-Fixing data\_lines plugins
--------------------------
+## Fixing data_lines plugins
 
-Any plugins now working on each line of data will need to change to using a
-stream. The stream is called `transaction.message_stream`.
+Any plugins now working on each line of data will need to change to using a stream. The stream is called `transaction.message_stream`.
 
-These changes may be complicated if you are iterating over each line and
-doing something with the strings therein. However if you are piping the data
-to an application or over a network, your code will become significantly
-simpler (and a lot faster).
+These changes may be complicated if you are iterating over each line and doing something with the strings therein. However if you are piping the data to an application or over a network, your code will become significantly simpler (and a lot faster).
 
-In v1.x Haraka populated the `transaction.data_lines` array for each line of 
-data received.  If you were writing the data to a socket then you had to handle backpressure manually by checking the return of `write()` and adding 
-`on('drain')` handlers like so:
+In v1.x Haraka populated the `transaction.data_lines` array for each line of data received. If you were writing the data to a socket then you had to handle backpressure manually by checking the return of `write()` and adding `on('drain')` handlers like so:
 
     var data_marker = 0;
     var in_data = false;
@@ -70,18 +49,17 @@ data received.  If you were writing the data to a socket then you had to handle
 
 In v2.x this now becomes:
 
-    connection.transaction.message_stream.pipe(socket, {dot_stuffing: true, ending_dot: true});
+    connection.transaction.message_stream.pipe(socket, {ending_dot: true});
 
-This automatically chunks the data, handles backpressure and will apply any 
-necessary format changes.  See `docs/Transaction.md` for the full details.
+This automatically chunks the data, handles backpressure and will apply any
+necessary format changes. See `docs/Transaction.md` for the full details.
 
-If you need to handle the input data by line, then you will need to create 
-your own writable stream and then pipe the message to the stream and then 
-extract the lines from the stream of data.  See `plugins/dkim_sign.js` for 
+If you need to handle the input data by line, then you will need to create
+your own writable stream and then pipe the message to the stream and then
+extract the lines from the stream of data. See the `dkim` plugin for
 an example.
 
-Fixing attachment\_hooks plugins
--------------------------------
+## Fixing attachment_hooks plugins
 
 For v1.x you passed in functions to `transaction.attachment_hooks()` as
 follows:

package/docs/tutorials/SettingUpOutbound.md

@@ -1,19 +1,17 @@
-Configuring Haraka For Outbound Email
-=====================================
+# Configuring Haraka For Outbound Email
 
 It is trivially easy to configure Haraka as an outbound email server. But
 first there are external things you may want to sort out:
 
-* Get your DNS PTR record working - make sure it matches the A record of the
+- Get your DNS PTR record working - make sure it matches the A record of the
   host you are sending from.
-* Consider implementing an SPF record. I don't personally do this, but some
+- Consider implementing an SPF record. I don't personally do this, but some
   people seem to think it helps.
 
 There's lots of information elsewhere on the internet about getting these
 things working, and they are specific to your network and your DNS hosting.
 
-First Some Background
----------------------
+## First Some Background
 
 Sending outbound mail through Haraka is called "relaying", and that is the
 term the internals use. The process is simple - if a plugin in Haraka tells
@@ -25,8 +23,7 @@ address used when connecting to Haraka. If that address also bounces then
 it is considered a "double bounce" and Haraka will log an error and drop it
 on the floor.
 
-The Setup
----------
+## The Setup
 
 Outbound mail servers should run on port 587 and enforce authentication. This
 is slightly different from the "old" model where there would simply be a
@@ -52,7 +49,7 @@ and password:
 
     vi config/auth_flat_file.ini
 
-See the documentation in docs/plugins/auth/flat\_file.md for information about
+See the documentation in docs/plugins/auth/flat_file.md for information about
 what can go in that file.
 
 Now you can start Haraka. That's all the configuration you need.

package/endpoint.js

@@ -1,69 +1,66 @@
-'use strict';
+'use strict'
 // Socket address parser/formatter and server binding helper
 
-const fs = require('node:fs/promises');
-const sockaddr = require('sockaddr');
+const fs = require('node:fs/promises')
+const sockaddr = require('sockaddr')
 
-module.exports = function endpoint (addr, defaultPort) {
+module.exports = function endpoint(addr, defaultPort) {
     try {
         if ('string' === typeof addr || 'number' === typeof addr) {
-            addr = sockaddr(addr, {defaultPort});
-            const match = /^(.*):([0-7]{3})$/.exec(addr.path || '');
+            addr = sockaddr(addr, { defaultPort })
+            const match = /^(.*):([0-7]{3})$/.exec(addr.path || '')
             if (match) {
-                addr.path = match[1];
-                addr.mode = match[2];
+                addr.path = match[1]
+                addr.mode = match[2]
             }
         }
-    }
-    catch (err) {
+    } catch (err) {
         // Return the parse exception instead of throwing it
-        return err;
+        return err
     }
-    return new Endpoint(addr);
+    return new Endpoint(addr)
 }
 
 class Endpoint {
-
-    constructor (addr) {
+    constructor(addr) {
         if (addr.path) {
-            this.path = addr.path;
-            if (addr.mode) this.mode = addr.mode;
-        }
-        else {
+            this.path = addr.path
+            if (addr.mode) this.mode = addr.mode
+        } else {
             // Handle server.address() return as well as parsed host/port
-            const host = addr.address || addr.host || '::0';
+            const host = addr.address || addr.host || '::0'
             // Normalize '::' to '::0'
-            this.host = ('::' === host) ? '::0' : host ;
-            this.port = parseInt(addr.port, 10);
+            this.host = '::' === host ? '::0' : host
+            this.port = parseInt(addr.port, 10)
         }
     }
 
-    toString () {
-        if (this.mode) return `${this.path}:${this.mode}`;
-        if (this.path) return this.path;
-        if (this.host.includes(':')) return `[${this.host}]:${this.port}`;
-        return `${this.host}:${this.port}`;
+    toString() {
+        if (this.mode) return `${this.path}:${this.mode}`
+        if (this.path) return this.path
+        if (this.host.includes(':')) return `[${this.host}]:${this.port}`
+        return `${this.host}:${this.port}`
     }
 
     // Make server listen on this endpoint, w/optional options
-    async bind (server, opts) {
-        opts = {...opts};
+    async bind(server, opts) {
+        opts = { ...opts }
 
-        const mode = this.mode ? parseInt(this.mode, 8) : false;
+        const mode = this.mode ? parseInt(this.mode, 8) : false
         if (this.path) {
-            opts.path = this.path;
-            await fs.rm(this.path, { force: true }); // errors are ignored when force is true
+            opts.path = this.path
+            await fs.rm(this.path, { force: true }) // errors are ignored when force is true
         } else {
-            opts.host = this.host;
-            opts.port = this.port;
+            opts.host = this.host
+            opts.port = this.port
         }
-        
+
         return new Promise((resolve, reject) => {
             server.listen(opts, async (err) => {
-                if(err) return reject(err);
-                if (mode) await fs.chmod(opts.path, mode);
+                if (err) return reject(err)
+                if (mode) await fs.chmod(opts.path, mode)
                 resolve()
-            });
-        });
+            })
+        })
     }
 }

package/eslint.config.mjs

@@ -1,27 +1,30 @@
-import globals from "globals";
-import path from "node:path";
-import { fileURLToPath } from "node:url";
-import js from "@eslint/js";
-import { FlatCompat } from "@eslint/eslintrc";
+import globals from 'globals'
+import path from 'node:path'
+import { fileURLToPath } from 'node:url'
+import js from '@eslint/js'
+import { FlatCompat } from '@eslint/eslintrc'
 
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = path.dirname(__filename);
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = path.dirname(__filename)
 const compat = new FlatCompat({
-    baseDirectory: __dirname,
-    recommendedConfig: js.configs.recommended,
-    allConfig: js.configs.all
-});
+  baseDirectory: __dirname,
+  recommendedConfig: js.configs.recommended,
+  allConfig: js.configs.all,
+})
 
-export default [...compat.extends("@haraka"), {
+export default [
+  ...compat.extends('@haraka'),
+  {
     languageOptions: {
-        globals: {
-            ...globals.node,
-        },
+      globals: {
+        ...globals.node,
+      },
     },
 
     rules: {
-        "prefer-template": "warn",
-        "no-unneeded-ternary": 1,
-        "no-unused-vars": 0,
+      'prefer-template': 'warn',
+      'no-unneeded-ternary': 1,
+      'no-unused-vars': 0,
     },
-}];
+  },
+]

package/haraka.js

@@ -1,79 +1,74 @@
 #!/usr/bin/env node
 
-'use strict';
-const path = require('path');
-const makePathJoin = () => path.join(process.env.HARAKA, 'node_modules');
+'use strict'
+const path = require('path')
+const makePathJoin = () => path.join(process.env.HARAKA, 'node_modules')
 
 if (!process.env.HARAKA) {
-    console.warn("WARNING: Not running installed Haraka - command line arguments ignored")
+    console.warn('WARNING: Not running installed Haraka - command line arguments ignored')
 }
 
 // this must be set before "server.js" is loaded
-process.env.HARAKA = process.env.HARAKA || path.resolve('.');
+process.env.HARAKA = process.env.HARAKA || path.resolve('.')
 try {
-    require.paths.push(makePathJoin());
-}
-catch (e) {
-    process.env.NODE_PATH = process.env.NODE_PATH ?
-        (`${process.env.NODE_PATH}:${makePathJoin()}`) :
-        (makePathJoin());
-    require('module')._initPaths(); // Horrible hack
+    require.paths.push(makePathJoin())
+} catch (e) {
+    process.env.NODE_PATH = process.env.NODE_PATH ? `${process.env.NODE_PATH}:${makePathJoin()}` : makePathJoin()
+    require('module')._initPaths() // Horrible hack
 }
 
-const utils = require('haraka-utils');
-const logger = require('./logger');
-const server = require('./server');
+const utils = require('haraka-utils')
+const logger = require('./logger')
+const server = require('./server')
 
 exports.version = utils.getVersion(__dirname)
 
-process.on('uncaughtException', err => {
+process.on('uncaughtException', (err) => {
     if (err.stack) {
-        err.stack.split("\n").forEach(line => logger.crit(line));
-    }
-    else {
-        logger.crit(`Caught exception: ${JSON.stringify(err)}`);
+        err.stack.split('\n').forEach((line) => logger.crit(line))
+    } else {
+        logger.crit(`Caught exception: ${JSON.stringify(err)}`)
     }
-    logger.dump_and_exit(1);
-});
+    logger.dump_and_exit(1)
+})
 
-let shutting_down = false;
-const signals = ['SIGINT'];
+let shutting_down = false
+const signals = ['SIGINT']
 
 if (process.pid === 1) signals.push('SIGTERM')
 
 for (const sig of signals) {
     process.on(sig, () => {
-        if (shutting_down) return process.exit(1);
-        shutting_down = true;
-        const [, filename] = process.argv;
-        process.title = path.basename(filename, '.js');
+        if (shutting_down) return process.exit(1)
+        shutting_down = true
+        const [, filename] = process.argv
+        process.title = path.basename(filename, '.js')
 
-        logger.notice(`${sig} received`);
+        logger.notice(`${sig} received`)
         logger.dump_and_exit(() => {
             if (server.cluster?.isMaster) {
-                server.performShutdown();
-            }
-            else if (!server.cluster) {
-                server.performShutdown();
+                server.performShutdown()
+            } else if (!server.cluster) {
+                server.performShutdown()
             }
-        });
-    });
+        })
+    })
 }
 
 process.on('SIGHUP', () => {
-    logger.notice('Flushing the temp fail queue');
-    server.flushQueue();
-});
+    logger.notice('Flushing the temp fail queue')
+    server.flushQueue()
+})
 
-process.on('exit', code => {
-    if (shutting_down) return;
-    const [, filename] = process.argv;
-    process.title = path.basename(filename, '.js');
+process.on('exit', (code) => {
+    if (shutting_down) return
+    const [, filename] = process.argv
+    process.title = path.basename(filename, '.js')
 
-    logger.notice('Shutting down');
-    logger.dump_logs();
-});
+    logger.notice('Shutting down')
+    logger.dump_logs()
+})
 
-logger.log('NOTICE', `Starting up Haraka version ${exports.version}`);
+logger.log('NOTICE', `Starting up Haraka version ${exports.version}`)
 
-server.createServer();
+server.createServer()