Haraka 3.1.4 → 3.1.6

package/server.js

@@ -2,12 +2,11 @@
 // smtp network server
 
 const cluster = require('node:cluster')
+const { spawn } = require('node:child_process')
 const fs = require('node:fs')
 const os = require('node:os')
 const path = require('node:path')
 const tls = require('node:tls')
-
-const daemon = require('daemon')
 const constants = require('haraka-constants')
 
 const tls_socket = require('./tls_socket')
@@ -77,15 +76,26 @@ Server.daemonize = function () {
         // we get a spurious 'Exiting' log entry.
         process.removeAllListeners('exit')
         Server.lognotice('Daemonizing...')
-    }
 
-    const log_fd = fs.openSync(c.daemon_log_file, 'a')
-    daemon({ cwd: process.cwd(), stdout: log_fd })
+        const log_fd = fs.openSync(c.daemon_log_file, 'a')
+        const child = spawn(process.execPath, process.argv.slice(1), {
+            detached: true,
+            stdio: ['ignore', log_fd, log_fd],
+            env: { ...process.env, __daemon: '1' },
+            cwd: process.cwd(),
+        })
+        child.unref()
+        process.exit(0)
+    }
 
     // We are the daemon from here on...
-    const npid = require('npid')
     try {
-        npid.create(c.daemon_pid_file).removeOnExit()
+        fs.writeFileSync(c.daemon_pid_file, `${process.pid}\n`, { flag: 'wx' })
+        process.on('exit', () => {
+            try {
+                fs.unlinkSync(c.daemon_pid_file)
+            } catch {}
+        })
     } catch (err) {
         Server.logerror(err.message)
         logger.dump_and_exit(1)

package/smtp_client.js

@@ -216,8 +216,7 @@ class SMTPClient extends events.EventEmitter {
 
     release() {
         if (this.state === STATE.DESTROYED) return
-        logger.debug(`[smtp_client] ${this.uuid} releasing, state=${this.state}`)
-        ;[
+        const listeners = [
             'auth',
             'bad_code',
             'capabilities',
@@ -233,9 +232,11 @@ class SMTPClient extends events.EventEmitter {
             'rset',
             'server_protocol',
             'xclient',
-        ].forEach((l) => {
+        ]
+        logger.debug(`[smtp_client] ${this.uuid} releasing, state=${this.state}`)
+        for (const l of listeners) {
             this.removeAllListeners(l)
-        })
+        }
 
         if (this.connected) this.send_command('QUIT')
         this.destroy()
@@ -349,7 +350,7 @@ exports.get_client_plugin = (plugin, connection, c, callback) => {
         }
     }
 
-    const hostport = get_hostport(connection, connection.server, c)
+    const hostport = get_hostport(connection, c)
     const smtp_client = new SMTPClient(hostport)
     logger.info(`[smtp_client] uuid=${smtp_client.uuid} host=${hostport.host} port=${hostport.port} created`)
 
@@ -468,7 +469,8 @@ exports.get_client_plugin = (plugin, connection, c, callback) => {
     callback(null, smtp_client)
 }
 
-function get_hostport(connection, server, cfg) {
+function get_hostport(connection, cfg) {
+    const server = connection.server
     if (cfg.forwarding_host_pool) {
         if (!server.notes.host_pool) {
             connection.logwarn(`creating host_pool from ${cfg.forwarding_host_pool}`)

package/test/connection.js

@@ -5,6 +5,7 @@ const assert = require('node:assert/strict')
 
 const constants = require('haraka-constants')
 const DSN = require('haraka-dsn')
+const { Address } = require('address-rfc2821')
 
 const connection = require('../connection')
 const Server = require('../server')
@@ -442,4 +443,237 @@ describe('connection', () => {
             })
         })
     })
+
+    describe('queue responses', () => {
+        beforeEach(setUp)
+
+        const prepQueueTestConnection = () => {
+            const calls = { respond: [], reset: 0, disconnect: 0, queue_ok: 0, results: [] }
+            const plugins = require('../plugins')
+            const originalRunHooks = plugins.run_hooks
+
+            this.connection.transaction = {
+                uuid: 'txn-123',
+                msg_status: null,
+                results: {
+                    add(_meta, payload) {
+                        calls.results.push(payload)
+                    },
+                },
+            }
+
+            this.connection.respond = (code, msg, cb) => {
+                calls.respond.push({ code, msg })
+                if (cb) cb()
+            }
+            this.connection.reset_transaction = (cb) => {
+                calls.reset++
+                this.connection.transaction = this.connection.transaction || {}
+                if (cb) cb()
+            }
+            this.connection.disconnect = () => {
+                calls.disconnect++
+            }
+            plugins.run_hooks = (hook) => {
+                if (hook === 'queue_ok') calls.queue_ok++
+            }
+
+            return {
+                calls,
+                restore() {
+                    plugins.run_hooks = originalRunHooks
+                },
+            }
+        }
+
+        it('queue_respond handles denydisconnect and marks message rejected', () => {
+            const harness = prepQueueTestConnection()
+            try {
+                this.connection.queue_respond(constants.denydisconnect)
+                assert.equal(harness.calls.respond[0].code, 550)
+                assert.equal(this.connection.msg_count.reject, 1)
+                assert.equal(this.connection.transaction.msg_status, 'rejected')
+                assert.equal(harness.calls.disconnect, 1)
+                assert.deepEqual(harness.calls.results[0], { fail: 'Message denied' })
+            } finally {
+                harness.restore()
+            }
+        })
+
+        it('queue_respond handles denysoft and resets transaction', () => {
+            const harness = prepQueueTestConnection()
+            try {
+                this.connection.queue_respond(constants.denysoft)
+                assert.equal(harness.calls.respond[0].code, 450)
+                assert.equal(this.connection.msg_count.tempfail, 1)
+                assert.equal(this.connection.transaction.msg_status, 'deferred')
+                assert.equal(harness.calls.reset, 1)
+                assert.deepEqual(harness.calls.results[0], { fail: 'Message denied temporarily' })
+            } finally {
+                harness.restore()
+            }
+        })
+
+        it('queue_respond handles denysoftdisconnect and disconnects', () => {
+            const harness = prepQueueTestConnection()
+            try {
+                this.connection.queue_respond(constants.denysoftdisconnect)
+                assert.equal(harness.calls.respond[0].code, 450)
+                assert.equal(this.connection.msg_count.tempfail, 1)
+                assert.equal(this.connection.transaction.msg_status, 'deferred')
+                assert.equal(harness.calls.disconnect, 1)
+            } finally {
+                harness.restore()
+            }
+        })
+
+        it('queue_respond default path returns 451 and resets transaction', () => {
+            const harness = prepQueueTestConnection()
+            try {
+                this.connection.queue_respond(constants.cont)
+                assert.equal(harness.calls.respond[0].code, 451)
+                assert.equal(this.connection.msg_count.tempfail, 1)
+                assert.equal(this.connection.transaction.msg_status, 'deferred')
+                assert.equal(harness.calls.reset, 1)
+            } finally {
+                harness.restore()
+            }
+        })
+
+        it('queue_ok_respond accepts and resets transaction', () => {
+            const harness = prepQueueTestConnection()
+            try {
+                this.connection.queue_ok_respond(constants.ok, null, 'queued')
+                assert.equal(harness.calls.respond[0].code, 250)
+                assert.equal(this.connection.msg_count.accept, 1)
+                assert.equal(this.connection.transaction.msg_status, 'accepted')
+                assert.equal(harness.calls.reset, 1)
+            } finally {
+                harness.restore()
+            }
+        })
+    })
+
+    describe('smtp command/response branches', () => {
+        beforeEach(setUp)
+
+        it('rcpt_respond deny removes recipient and records reject', () => {
+            const plugins = require('../plugins')
+            const originalRunHooks = plugins.run_hooks
+            const rcpt = new Address('<to@example.com>')
+            const sender = new Address('<from@example.com>')
+            const actions = []
+
+            this.connection.transaction = {
+                rcpt_to: [rcpt],
+                mail_from: sender,
+                results: { push() {} },
+            }
+            this.connection.rcpt_incr = (_rcpt, action) => actions.push(action)
+            this.connection.respond = (_code, _msg, cb) => cb && cb()
+            plugins.run_hooks = () => {}
+
+            try {
+                this.connection.rcpt_respond(constants.deny, 'no')
+                assert.equal(actions[0], 'reject')
+                assert.equal(this.connection.transaction.rcpt_to.length, 0)
+            } finally {
+                plugins.run_hooks = originalRunHooks
+            }
+        })
+
+        it('rcpt_respond ok runs rcpt_ok hook', () => {
+            const plugins = require('../plugins')
+            const originalRunHooks = plugins.run_hooks
+            const rcpt = new Address('<to@example.com>')
+            const sender = new Address('<from@example.com>')
+            const hooks = []
+
+            this.connection.transaction = {
+                rcpt_to: [rcpt],
+                mail_from: sender,
+                results: { push() {} },
+            }
+            this.connection.respond = (_code, _msg, cb) => cb && cb()
+            plugins.run_hooks = (hook) => hooks.push(hook)
+
+            try {
+                this.connection.rcpt_respond(constants.ok, 'ok')
+                assert.equal(hooks.includes('rcpt_ok'), true)
+                assert.equal(this.connection.last_rcpt_msg, 'ok')
+            } finally {
+                plugins.run_hooks = originalRunHooks
+            }
+        })
+
+        it('cmd_proxy rejects when not allowed', () => {
+            let code
+            this.connection.proxy.allowed = false
+            this.connection.respond = (c) => {
+                code = c
+            }
+            this.connection.disconnect = () => {}
+            this.connection.cmd_proxy('TCP4 1.2.3.4 5.6.7.8 100 25')
+            assert.equal(code, 421)
+        })
+
+        it('cmd_proxy accepts valid TCP4 proxy line and runs connect_init', () => {
+            const plugins = require('../plugins')
+            const originalRunHooks = plugins.run_hooks
+            const hooks = []
+            this.connection.proxy.allowed = true
+            this.connection.remote.ip = '10.0.0.1'
+            this.connection.reset_transaction = (cb) => cb && cb()
+            this.connection.respond = () => {}
+            plugins.run_hooks = (hook) => hooks.push(hook)
+
+            try {
+                this.connection.cmd_proxy('TCP4 1.2.3.4 5.6.7.8 100 25')
+                assert.equal(this.connection.proxy.type, 'haproxy')
+                assert.equal(this.connection.remote.ip, '1.2.3.4')
+                assert.equal(this.connection.local.ip, '5.6.7.8')
+                assert.equal(hooks.includes('connect_init'), true)
+            } finally {
+                plugins.run_hooks = originalRunHooks
+            }
+        })
+
+        it('cmd_data validates argument/transaction/recipient preconditions', () => {
+            const responses = []
+            this.connection.respond = (code, msg) => {
+                responses.push([code, msg])
+            }
+
+            this.connection.cmd_data('unexpected')
+            this.connection.cmd_data()
+            this.connection.transaction = { rcpt_to: [] }
+            this.connection.cmd_data()
+
+            assert.equal(responses[0][0], 501)
+            assert.equal(responses[1][0], 503)
+            assert.equal(responses[2][0], 503)
+        })
+
+        it('data_respond denysoftdisconnect disconnects and default enters DATA', () => {
+            const responses = []
+            let disconnected = 0
+            this.connection.transaction = { data_bytes: 5 }
+            this.connection.respond = (code, _msg, cb) => {
+                responses.push(code)
+                if (cb) cb()
+            }
+            this.connection.disconnect = () => {
+                disconnected++
+            }
+
+            this.connection.data_respond(constants.denysoftdisconnect, 'tmpfail')
+            this.connection.data_respond(constants.ok, 'ok')
+
+            assert.equal(responses[0], 451)
+            assert.equal(disconnected, 1)
+            assert.equal(responses[1], 354)
+            assert.equal(this.connection.state, constants.connection.state.DATA)
+            assert.equal(this.connection.transaction.data_bytes, 0)
+        })
+    })
 })

package/test/endpoint.js

@@ -1,3 +1,6 @@
+'use strict'
+
+const { describe, it, beforeEach, afterEach } = require('node:test')
 const assert = require('node:assert')
 
 const mock = require('mock-require')
@@ -17,6 +20,20 @@ describe('endpoint', () => {
             assert.deepEqual(endpoint(25), { host: '::0', port: 25 })
         })
 
+        it('Unbracketed IPv6 host uses default port', () => {
+            assert.deepEqual(endpoint('::0', 25), {
+                host: '::0',
+                port: 25,
+            })
+        })
+
+        it('Unbracketed IPv6 host:port parses correctly (PR #3552 compatibility)', () => {
+            assert.deepEqual(endpoint('::0:25'), {
+                host: '::0',
+                port: 25,
+            })
+        })
+
         it('Default port if only host', () => {
             assert.deepEqual(endpoint('10.0.0.3', 42), {
                 host: '10.0.0.3',
@@ -24,6 +41,13 @@ describe('endpoint', () => {
             })
         })
 
+        it('Bracketed IPv6 host is normalized to lowercase', () => {
+            assert.deepEqual(endpoint('[ABCD::EF01]:2525'), {
+                host: 'abcd::ef01',
+                port: 2525,
+            })
+        })
+
         it('Unix socket', () => {
             assert.deepEqual(endpoint('/foo/bar.sock'), {
                 path: '/foo/bar.sock',
@@ -36,10 +60,16 @@ describe('endpoint', () => {
                 mode: '770',
             })
         })
+
+        it('Invalid unbracketed IPv6 host with non-numeric tail returns Error', () => {
+            const ep = endpoint('::0:port')
+            assert.equal(ep instanceof Error, true)
+            assert.match(ep.message, /Invalid socket address/)
+        })
     })
 
     describe('bind()', () => {
-        beforeEach((done) => {
+        beforeEach(() => {
             // Mock filesystem and log server + fs method calls
             const modes = (this.modes = {})
             const log = (this.log = [])
@@ -63,12 +93,10 @@ describe('endpoint', () => {
 
             mock('node:fs/promises', this.mockfs)
             this.endpoint = mock.reRequire('../endpoint')
-            done()
         })
 
-        afterEach((done) => {
+        afterEach(() => {
             mock.stop('node:fs/promises')
-            done()
         })
 
         it('IP socket', async () => {

package/test/host_pool.js

@@ -1,20 +1,20 @@
 'use strict'
 
-const assert = require('node:assert')
+const { describe, it } = require('node:test')
+const assert = require('node:assert/strict')
 
 const HostPool = require('../host_pool')
 
 describe('HostPool', () => {
-    it('get a host', (done) => {
+    it('get a host', () => {
         const pool = new HostPool('1.1.1.1:1111, 2.2.2.2:2222')
         const host = pool.get_host()
 
         assert.ok(/\d\.\d\.\d\.\d/.test(host.host), `'${host.host}' looks like a IP`)
         assert.ok(/\d\d\d\d/.test(host.port), `'${host.port}' looks like a port`)
-        done()
     })
 
-    it('uses all the list', (done) => {
+    it('uses all the list', () => {
         const pool = new HostPool('1.1.1.1:1111, 2.2.2.2:2222')
 
         const host1 = pool.get_host()
@@ -24,10 +24,9 @@ describe('HostPool', () => {
         assert.notEqual(host1.host, host2.host)
         assert.notEqual(host3.host, host2.host)
         assert.equal(host3.host, host1.host)
-        done()
     })
 
-    it('default port 25', (done) => {
+    it('default port 25', () => {
         const pool = new HostPool('1.1.1.1, 2.2.2.2')
 
         const host1 = pool.get_host()
@@ -35,11 +34,24 @@ describe('HostPool', () => {
 
         assert.equal(host1.port, 25, `is port 25: ${host1.port}`)
         assert.equal(host2.port, 25, `is port 25: ${host2.port}`)
-        done()
     })
 
-    it('dead host', (done) => {
-        const pool = new HostPool('1.1.1.1:1111, 2.2.2.2:2222')
+    it('dead host', () => {
+        const pool = new HostPool('1.1.1.1:1111, 2.2.2.2:2222', 0.001)
+        pool.get_socket = () => ({
+            pretendTimeout: () => {},
+            setTimeout(ms, cb) {
+                this.pretendTimeout = cb
+            },
+            listeners: {},
+            on(ev, cb) {
+                this.listeners[ev] = cb
+            },
+            connect(port, host, cb) {
+                cb()
+            }, // immediately "connects" to stop retry loop
+            destroy() {},
+        })
 
         pool.failed('1.1.1.1', '1111')
 
@@ -51,17 +63,30 @@ describe('HostPool', () => {
         assert.equal(host.host, '2.2.2.2', 'dead host is not returned')
         host = pool.get_host()
         assert.equal(host.host, '2.2.2.2', 'dead host is not returned')
-        done()
     })
 
     // if they're *all* dead, we return a host to try anyway, to keep from
     // accidentally DOS'ing ourselves if there's a transient but widespread
     // network outage
-    it("they're all dead", (done) => {
+    it("they're all dead", () => {
         let host1
         let host2
 
-        const pool = new HostPool('1.1.1.1:1111, 2.2.2.2:2222')
+        const pool = new HostPool('1.1.1.1:1111, 2.2.2.2:2222', 0.001)
+        pool.get_socket = () => ({
+            pretendTimeout: () => {},
+            setTimeout(ms, cb) {
+                this.pretendTimeout = cb
+            },
+            listeners: {},
+            on(ev, cb) {
+                this.listeners[ev] = cb
+            },
+            connect(port, host, cb) {
+                cb()
+            }, // immediately "connects" to stop retry loop
+            destroy() {},
+        })
 
         host1 = pool.get_host()
 
@@ -79,13 +104,12 @@ describe('HostPool', () => {
         host2 = pool.get_host()
         assert.ok(host2, "if they're all dead, try one anyway")
         assert.notEqual(host1.host, host2.host, 'rotation continues')
-        done()
     })
 
     // after .01 secs the timer to retry the dead host will fire, and then
     // we connect using this mock socket, whose "connect" always succeeds
     // so the code brings the dead host back to life
-    it('host dead checking timer', (done) => {
+    it('host dead checking timer', async () => {
         let num_reqs = 0
         const MockSocket = function MockSocket(pool) {
             // these are the methods called from probe_dead_host
@@ -141,22 +165,24 @@ describe('HostPool', () => {
 
         // probe_dead_host() will hit two failures and one success (based on
         // num_reqs above). So we wait at least 10s for that to happen:
-        const timer = setTimeout(() => {
-            clearInterval(interval)
-            assert.ok(false, 'probe_dead_host failed')
-            done()
-        }, 10 * 1000)
-
-        const interval = setInterval(
-            () => {
-                if (!pool.dead_hosts['1.1.1.1:1111']) {
-                    clearTimeout(timer)
-                    clearInterval(interval)
-                    assert.ok(true, 'timer un-deaded it')
-                    done()
-                }
-            },
-            retry_secs * 1000 * 3,
-        )
+        await new Promise((resolve, reject) => {
+            const timer = setTimeout(() => {
+                clearInterval(interval)
+                reject(new Error('probe_dead_host failed'))
+            }, 10 * 1000)
+
+            const interval = setInterval(
+                () => {
+                    if (!pool.dead_hosts['1.1.1.1:1111']) {
+                        clearTimeout(timer)
+                        clearInterval(interval)
+                        resolve()
+                    }
+                },
+                retry_secs * 1000 * 3,
+            )
+        })
+
+        assert.ok(true, 'timer un-deaded it')
     })
 })