Haraka 3.1.1 → 3.1.2

package/plugins/status.js

@@ -1,50 +1,49 @@
-'use strict';
+'use strict'
+/* global server */
 
-const fs = require('node:fs');
-const path = require('node:path');
+const fs = require('node:fs')
+const path = require('node:path')
 
 exports.register = function () {
-    this.outbound = require('../outbound');
-    this.queue_dir = require('../outbound/queue').queue_dir;
+    this.outbound = require('../outbound')
+    this.queue_dir = require('../outbound/queue').queue_dir
 }
 
 exports.hook_capabilities = (next, connection) => {
-
     if (connection.remote.is_local) {
-        connection.capabilities.push('STATUS');
+        connection.capabilities.push('STATUS')
     }
 
-    next();
+    next()
 }
 
 exports.hook_unrecognized_command = function (next, connection, params) {
-    if (params[0] !== 'STATUS') return next();
-    if (!connection.remote.is_local) return next(DENY, 'STATUS not allowed remotely');
+    if (params[0] !== 'STATUS') return next()
+    if (!connection.remote.is_local) return next(DENY, 'STATUS not allowed remotely')
 
     this.run(params[1], (err, result) => {
-        if (err) return next(DENY, err.message);
+        if (err) return next(DENY, err.message)
 
-        connection.respond(211, result ? JSON.stringify(result) : 'null', () => next(OK));
-    });
+        connection.respond(211, result ? JSON.stringify(result) : 'null', () => next(OK))
+    })
 }
 
 exports.run = function (cmd, cb) {
     if (server.cluster && !/^QUEUE LIST/.test(cmd)) {
-        this.call_master(cmd, cb);
-    }
-    else {
-        this.command_action(cmd, cb);
+        this.call_master(cmd, cb)
+    } else {
+        this.command_action(cmd, cb)
     }
 }
 
 exports.command_action = function (cmd, cb) {
-    const params = cmd.split(' ');
+    const params = cmd.split(' ')
 
     switch (params.shift()) {
         case 'POOL':
-            return this.pool_action(params, cb);
+            return this.pool_action(params, cb)
         case 'QUEUE':
-            return this.queue_action(params, cb);
+            return this.queue_action(params, cb)
         default:
             cb('unknown STATUS command')
     }
@@ -53,7 +52,7 @@ exports.command_action = function (cmd, cb) {
 exports.pool_action = function (params, cb) {
     switch (params.shift()) {
         case 'LIST':
-            return this.pool_list(cb);
+            return this.pool_list(cb)
         default:
             cb('unknown POOL command')
     }
@@ -62,40 +61,40 @@ exports.pool_action = function (params, cb) {
 exports.queue_action = function (params, cb) {
     switch (params.shift()) {
         case 'LIST':
-            return this.queue_list(cb);
+            return this.queue_list(cb)
         case 'STATS':
-            return this.queue_stats(cb);
+            return this.queue_stats(cb)
         case 'INSPECT':
-            return this.queue_inspect(cb);
+            return this.queue_inspect(cb)
         case 'DISCARD':
-            return this.queue_discard(params.shift(), cb);
+            return this.queue_discard(params.shift(), cb)
         case 'PUSH':
-            return this.queue_push(params.shift(), cb);
+            return this.queue_push(params.shift(), cb)
         default:
             cb('unknown QUEUE command')
     }
 }
 
-exports.pool_list = cb => {
-    const result = {};
+exports.pool_list = (cb) => {
+    const result = {}
 
     if (server.notes.pool) {
         for (const name of Object.keys(server.notes.pool)) {
-            const instance = server.notes.pool[name];
+            const instance = server.notes.pool[name]
 
             result[name] = {
                 inUse: instance.inUseObjectsCount(),
-                size: instance.getPoolSize()
-            };
+                size: instance.getPoolSize(),
+            }
         }
     }
 
-    cb(null, result);
+    cb(null, result)
 }
 
 exports.queue_list = function (cb) {
     this.outbound.list_queue((err, qlist = []) => {
-        const result = [];
+        const result = []
 
         for (const todo of qlist) {
             result.push({
@@ -104,120 +103,115 @@ exports.queue_list = function (cb) {
                 queue_time: todo.queue_time,
                 domain: todo.domain,
                 from: todo.mail_from.toString(),
-                to: todo.rcpt_to.map((r) => r.toString())
+                to: todo.rcpt_to.map((r) => r.toString()),
             })
         }
 
-        cb(err, result);
+        cb(err, result)
     })
 }
 
 exports.queue_stats = function (cb) {
-    cb(null, this.outbound.get_stats());
+    cb(null, this.outbound.get_stats())
 }
 
 exports.queue_inspect = function (cb) {
-    const delivery_queue_items = this.outbound.delivery_queue._tasks.toArray();
-    const fail_queue_items = this.outbound.temp_fail_queue.queue;
+    const delivery_queue_items = this.outbound.delivery_queue._tasks.toArray()
+    const fail_queue_items = this.outbound.temp_fail_queue.queue
 
     cb(null, {
         delivery_queue: delivery_queue_items.map((hmail) => ({
-            id: hmail.file
+            id: hmail.file,
         })),
         temp_fail_queue: fail_queue_items.map((tqtimer) => ({
             id: tqtimer.id,
-            fire_time: tqtimer.fire_time
-        }))
-    });
+            fire_time: tqtimer.fire_time,
+        })),
+    })
 }
 
 exports.queue_discard = function (file, cb) {
     try {
-        this.outbound.temp_fail_queue.discard(file);
-    }
-    catch (e) {
+        this.outbound.temp_fail_queue.discard(file)
+    } catch (e) {
         // we ignore not found error
     }
 
     fs.unlink(path.join(this.queue_dir || '', file), () => {
-        cb(null, 'OK');
-    });
+        cb(null, 'OK')
+    })
 }
 
 exports.queue_push = function (file, cb) {
-    const { queue } = this.outbound.temp_fail_queue;
+    const { queue } = this.outbound.temp_fail_queue
 
     for (let i = 0; i < queue.length; i++) {
-        if (queue[i].id !== file) continue;
+        if (queue[i].id !== file) continue
 
-        const item = queue.splice(i, 1)[0];
-        item.cb();
+        const item = queue.splice(i, 1)[0]
+        item.cb()
 
-        break;
+        break
     }
 
-    cb(null, 'OK');
+    cb(null, 'OK')
 }
 
 // cluster IPC
 
 exports.hook_init_master = function (next) {
-    const plugin = this;
+    const plugin = this
 
-    if (!server.cluster) return next();
+    if (!server.cluster) return next()
 
-    function message_handler (sender, msg) {
-        if (msg.event !== 'status.request') return;
+    function message_handler(sender, msg) {
+        if (msg.event !== 'status.request') return
 
         plugin.call_workers(msg, (response) => {
-            msg.result = response.filter((el) => el != null);
-            msg.event = 'status.result';
-            sender.send(msg);
-        });
+            msg.result = response.filter((el) => el != null)
+            msg.event = 'status.result'
+            sender.send(msg)
+        })
     }
 
-    server.cluster.on('message', message_handler);
-    next();
+    server.cluster.on('message', message_handler)
+    next()
 }
 
 exports.hook_init_child = function (next) {
-    const self = this;
+    const self = this
 
-    function message_handler (msg) {
-        if (msg.event !== 'status.request') return;
+    function message_handler(msg) {
+        if (msg.event !== 'status.request') return
 
         self.command_action(msg.params, (err, result) => {
-            msg.event = 'status.response';
-            msg.result = result;
-            process.send(msg);
-        });
+            msg.event = 'status.response'
+            msg.result = result
+            process.send(msg)
+        })
     }
 
-    process.on('message', message_handler);
-    next();
+    process.on('message', message_handler)
+    next()
 }
 
 exports.call_master = (cmd, cb) => {
+    function message_handler(msg) {
+        if (msg.event !== 'status.result') return
 
-    function message_handler (msg) {
-        if (msg.event !== 'status.result') return;
-
-        process.removeListener('message', message_handler);
-        cb(null, msg.result);
+        process.removeListener('message', message_handler)
+        cb(null, msg.result)
     }
 
-    process.on('message', message_handler);
-    process.send({event: 'status.request', params: cmd});
+    process.on('message', message_handler)
+    process.send({ event: 'status.request', params: cmd })
 }
 
 exports.call_workers = function (cmd, cb) {
-    Promise.allSettled(
-        Object.values(server.cluster.workers).map(w => this.call_worker(w, cmd))
-    )
-    .then(r => {
+    Promise.allSettled(Object.values(server.cluster.workers).map((w) => this.call_worker(w, cmd))).then((r) => {
         cb(
             // r.filter(s => s.status === 'rejected').flatMap(s => s.reason),
-            r.filter(s => s.status === 'fulfilled').flatMap(s => s.value),
+            r.filter((s) => s.status === 'fulfilled').flatMap((s) => s.value),
         )
     })
 }
@@ -225,25 +219,24 @@ exports.call_workers = function (cmd, cb) {
 // sends command to worker and then wait for response or timeout
 exports.call_worker = (worker, cmd) => {
     return new Promise((resolve) => {
-        let timeout;
+        let timeout
 
-        function message_handler (sender, msg) {
-            if (sender.id !== worker.id) return;
-            if (msg.event !== 'status.response') return;
+        function message_handler(sender, msg) {
+            if (sender.id !== worker.id) return
+            if (msg.event !== 'status.response') return
 
-            clearTimeout(timeout);
-            server.cluster.removeListener('message', message_handler);
+            clearTimeout(timeout)
+            server.cluster.removeListener('message', message_handler)
 
-            resolve(msg.result);
+            resolve(msg.result)
         }
 
         timeout = setTimeout(() => {
-            server.cluster.removeListener('message', message_handler);
-            resolve();
-        }, 1000);
-
+            server.cluster.removeListener('message', message_handler)
+            resolve()
+        }, 1000)
 
-        server.cluster.on('message', message_handler);
-        worker.send(cmd);
+        server.cluster.on('message', message_handler)
+        worker.send(cmd)
     })
 }

package/plugins/tarpit.js

@@ -1,34 +1,45 @@
 // tarpit
 
 let hooks_to_delay = [
-    'connect', 'helo', 'ehlo', 'mail', 'rcpt', 'rcpt_ok',
-    'data', 'data_post', 'queue', 'unrecognized_command', 'vrfy', 'noop',
-    'rset', 'quit'
-];
+    'connect',
+    'helo',
+    'ehlo',
+    'mail',
+    'rcpt',
+    'rcpt_ok',
+    'data',
+    'data_post',
+    'queue',
+    'unrecognized_command',
+    'vrfy',
+    'noop',
+    'rset',
+    'quit',
+]
 
 exports.register = function () {
     // Register tarpit function last
 
-    const cfg = this.config.get('tarpit.ini');
+    const cfg = this.config.get('tarpit.ini')
     if (cfg?.main.hooks_to_delay) {
-        hooks_to_delay = cfg.main.hooks_to_delay.split(/[\s,;]+/);
+        hooks_to_delay = cfg.main.hooks_to_delay.split(/[\s,;]+/)
     }
 
     for (const hook of hooks_to_delay) {
-        this.register_hook(hook, 'tarpit');
+        this.register_hook(hook, 'tarpit')
     }
 }
 
 exports.tarpit = function (next, connection) {
-    const { transaction } = connection;
-    if (!transaction) return next();
+    const { transaction } = connection
+    if (!transaction) return next()
 
-    let delay = connection.notes.tarpit;
+    let delay = connection.notes.tarpit
 
-    if (!delay) delay = transaction.notes.tarpit;
+    if (!delay) delay = transaction.notes.tarpit
 
-    if (!delay) return next();
+    if (!delay) return next()
 
-    connection.loginfo(this, `tarpitting response for ${delay}s`);
-    setTimeout(() => next(),  delay * 1000);
+    connection.loginfo(this, `tarpitting response for ${delay}s`)
+    setTimeout(() => next(), delay * 1000)
 }

package/plugins/tls.js

@@ -1,156 +1,156 @@
-'use strict';
+'use strict'
 // TLS is built into Haraka. This plugin conditionally advertises STARTTLS.
 // see 'haraka -h tls' for help
 
-const tls_socket = require('./tls_socket');
+/* global server */
+
+const tls_socket = require('./tls_socket')
 
 // exported so tests can override config dir
-exports.net_utils = require('haraka-net-utils');
+exports.net_utils = require('haraka-net-utils')
 
 exports.register = function () {
     tls_socket.load_tls_ini()
 
     if (tls_socket.cfg.redis.disable_for_failed_hosts) this.logdebug('Will disable STARTTLS for failing TLS hosts')
 
-    this.register_hook('capabilities',         'advertise_starttls')
+    this.register_hook('capabilities', 'advertise_starttls')
     this.register_hook('unrecognized_command', 'upgrade_connection')
 }
 
 exports.shutdown = () => {
-    if (tls_socket.shutdown) tls_socket.shutdown();
+    if (tls_socket.shutdown) tls_socket.shutdown()
 }
 
 exports.advertise_starttls = function (next, connection) {
-
     // if no TLS setup incomplete/invalid, don't advertise
     if (!tls_socket.tls_valid) {
-        this.logerror('no valid TLS config');
-        return next();
+        this.logerror('no valid TLS config')
+        return next()
     }
 
     /* Caution: do not advertise STARTTLS if already TLS upgraded */
-    if (connection.tls.enabled) return next();
+    if (connection.tls.enabled) return next()
 
     if (this.net_utils.ip_in_list(tls_socket.cfg.no_tls_hosts, connection.remote.ip)) {
-        return next();
+        return next()
     }
 
-    function enable_tls () {
-        connection.capabilities.push('STARTTLS');
-        connection.tls.advertised = true;
-        next();
+    function enable_tls() {
+        connection.capabilities.push('STARTTLS')
+        connection.tls.advertised = true
+        next()
     }
 
     // check if local port is excluded from starttls advertisement
-    if (tls_socket.cfg.main.no_starttls_ports.includes(connection.local.port)) return next();
+    if (tls_socket.cfg.main.no_starttls_ports.includes(connection.local.port)) return next()
 
     // exclude port 587 from NO-GO
-    if (connection.local.port === 587) return enable_tls();
+    if (connection.local.port === 587) return enable_tls()
 
     if (!tls_socket.cfg.redis || !server.notes.redis) {
-        return enable_tls();
+        return enable_tls()
     }
 
-    const { redis } = server.notes;
-    const dbkey = `no_tls|${connection.remote.ip}`;
+    const { redis } = server.notes
+    const dbkey = `no_tls|${connection.remote.ip}`
 
-    redis.get(dbkey)
-        .then(dbr => {
-            if (!dbr) return enable_tls();
-            connection.results.add(this, { msg: 'no_tls'});
+    redis
+        .get(dbkey)
+        .then((dbr) => {
+            if (!dbr) return enable_tls()
+            connection.results.add(this, { msg: 'no_tls' })
             next(CONT, 'STARTTLS disabled because previous attempt failed')
         })
-        .catch(err => {
-            connection.results.add(this, {err});
-            enable_tls();
+        .catch((err) => {
+            connection.results.add(this, { err })
+            enable_tls()
         })
 }
 
 exports.set_notls = function (connection) {
+    if (!tls_socket.cfg.redis.disable_for_failed_hosts) return
+    if (!server.notes.redis) return
 
-    if (!tls_socket.cfg.redis.disable_for_failed_hosts) return;
-    if (!server.notes.redis) return;
+    const expiry = tls_socket.cfg.redis.disable_inbound_expiry || 3600
 
-    const expiry = tls_socket.cfg.redis.disable_inbound_expiry || 3600;
+    this.lognotice(connection, `STARTTLS failed. Marking ${connection.remote.ip} as non-TLS host for ${expiry} seconds`)
 
-    this.lognotice(connection, `STARTTLS failed. Marking ${connection.remote.ip} as non-TLS host for ${expiry} seconds`);
-
-    server.notes.redis.setEx(`no_tls|${connection.remote.ip}`, expiry, (new Date()).toISOString());
+    server.notes.redis.setEx(`no_tls|${connection.remote.ip}`, expiry, new Date().toISOString())
 }
 
 exports.upgrade_connection = function (next, connection, params) {
-    if (!connection.tls.advertised) return next();
+    if (!connection.tls.advertised) return next()
 
     /* Watch for STARTTLS directive from client. */
-    if (params[0].toUpperCase() !== 'STARTTLS') return next();
+    if (params[0].toUpperCase() !== 'STARTTLS') return next()
 
     /* Respond to STARTTLS command. */
-    connection.respond(220, "Go ahead.");
+    connection.respond(220, 'Go ahead.')
 
-    const plugin = this;
-    let called_next = false;
+    const plugin = this
+    let called_next = false
     // adjust plugin.timeout like so: echo '45' > config/tls.timeout
-    const timeout = plugin.timeout - 1;
-
-    function nextOnce (disconnected) {
-        if (called_next) return;
-        called_next = true;
-        clearTimeout(connection.notes.tls_timer);
-        if (!disconnected) connection.lognotice(plugin, 'timeout setting up TLS');
-        plugin.set_notls(connection);
-        return next(DENYSOFTDISCONNECT);
+    const timeout = plugin.timeout - 1
+
+    function nextOnce(disconnected) {
+        if (called_next) return
+        called_next = true
+        clearTimeout(connection.notes.tls_timer)
+        if (!disconnected) connection.lognotice(plugin, 'timeout setting up TLS')
+        plugin.set_notls(connection)
+        return next(DENYSOFTDISCONNECT)
     }
 
     if (timeout && timeout > 0) {
-        connection.notes.tls_timer = setTimeout(nextOnce, timeout * 1000);
+        connection.notes.tls_timer = setTimeout(nextOnce, timeout * 1000)
     }
 
-    connection.notes.cleanUpDisconnect = nextOnce;
+    connection.notes.cleanUpDisconnect = nextOnce
 
     /* Upgrade the connection to TLS. */
     connection.client.upgrade((verified, verifyErr, cert, cipher) => {
-        if (called_next) return;
-        clearTimeout(connection.notes.tls_timer);
-        called_next = true;
+        if (called_next) return
+        clearTimeout(connection.notes.tls_timer)
+        called_next = true
         connection.reset_transaction(() => {
-
             connection.setTLS({
                 cipher,
                 verified,
                 authorizationError: verifyErr,
                 peerCertificate: cert,
-            });
+            })
 
-            connection.results.add(plugin, connection.tls);
-            plugin.emit_upgrade_msg(connection, verified, verifyErr, cert, cipher);
-            next(OK);
+            connection.results.add(plugin, connection.tls)
+            plugin.emit_upgrade_msg(connection, verified, verifyErr, cert, cipher)
+            next(OK)
         })
     })
 }
 
 exports.hook_disconnect = (next, connection) => {
     if (connection.notes.cleanUpDisconnect) {
-        connection.notes.cleanUpDisconnect(true);
+        connection.notes.cleanUpDisconnect(true)
     }
-    next();
+    next()
 }
 
 exports.emit_upgrade_msg = function (conn, verified, verifyErr, cert, cipher) {
-    let msg = 'secured:';
+    let msg = 'secured:'
     if (cipher) {
-        msg += ` cipher=${cipher.name} version=${cipher.version}`;
+        msg += ` cipher=${cipher.name} version=${cipher.version}`
     }
-    msg += ` verified=${verified}`;
-    if (verifyErr) msg += ` error="${verifyErr}"`;
+    msg += ` verified=${verified}`
+    if (verifyErr) msg += ` error="${verifyErr}"`
     if (cert) {
         if (cert.subject) {
-            msg += ` cn="${cert.subject.CN}" organization="${cert.subject.O}"`;
+            msg += ` cn="${cert.subject.CN}" organization="${cert.subject.O}"`
         }
-        if (cert.issuer)      msg += ` issuer="${cert.issuer.O}"`;
-        if (cert.valid_to)    msg += ` expires="${cert.valid_to}"`;
-        if (cert.fingerprint) msg += ` fingerprint=${cert.fingerprint}`;
+        if (cert.issuer) msg += ` issuer="${cert.issuer.O}"`
+        if (cert.valid_to) msg += ` expires="${cert.valid_to}"`
+        if (cert.fingerprint) msg += ` fingerprint=${cert.fingerprint}`
     }
 
-    conn.loginfo(this,  msg);
-    return msg;
+    conn.loginfo(this, msg)
+    return msg
 }