Haraka 3.1.5 → 3.1.7

package/test/plugins/queue/discard.js

@@ -0,0 +1,79 @@
+'use strict'
+
+const assert = require('node:assert')
+const { describe, it, beforeEach, before } = require('node:test')
+
+const fixtures = require('haraka-test-fixtures')
+
+before(() => {
+    require('haraka-constants').import(global)
+})
+
+describe('queue/discard', () => {
+    describe('discard hook', () => {
+        let plugin, conn
+
+        beforeEach(() => {
+            plugin = new fixtures.plugin('queue/discard')
+            conn = fixtures.connection.createConnection()
+            conn.init_transaction()
+            delete process.env.YES_REALLY_DO_DISCARD
+        })
+
+        it('calls next() when queue.wants is set to another plugin', (t, done) => {
+            conn.transaction.notes.set('queue.wants', 'smtp_forward')
+            plugin.discard((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+
+        it('calls next(OK) when connection.notes.discard is set', (t, done) => {
+            conn.notes.discard = true
+            plugin.discard((rc) => {
+                assert.equal(rc, OK)
+                done()
+            }, conn)
+        })
+
+        it('calls next(OK) when txn.notes.discard is set', (t, done) => {
+            conn.transaction.notes.discard = true
+            plugin.discard((rc) => {
+                assert.equal(rc, OK)
+                done()
+            }, conn)
+        })
+
+        it('calls next(OK) when queue.wants is discard', (t, done) => {
+            conn.transaction.notes.set('queue.wants', 'discard')
+            plugin.discard((rc) => {
+                assert.equal(rc, OK)
+                done()
+            }, conn)
+        })
+
+        it('calls next(OK) when YES_REALLY_DO_DISCARD env var is set', (t, done) => {
+            process.env.YES_REALLY_DO_DISCARD = '1'
+            plugin.discard((rc) => {
+                assert.equal(rc, OK)
+                done()
+            }, conn)
+        })
+
+        it('calls next() (pass-through) when no discard conditions are met', (t, done) => {
+            plugin.discard((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+
+        it('queue.wants=discard takes priority over other queue wants', (t, done) => {
+            // Once queue.wants is set, it's compared against 'discard'; since it equals 'discard', discard runs
+            conn.transaction.notes.set('queue.wants', 'discard')
+            plugin.discard((rc) => {
+                assert.equal(rc, OK)
+                done()
+            }, conn)
+        })
+    })
+})

package/test/plugins/queue/lmtp.js

@@ -0,0 +1,138 @@
+'use strict'
+
+const assert = require('node:assert')
+const { describe, it, beforeEach, before } = require('node:test')
+
+const fixtures = require('haraka-test-fixtures')
+
+before(() => {
+    require('haraka-constants').import(global)
+})
+
+describe('queue/lmtp', () => {
+    describe('hook_get_mx', () => {
+        let plugin
+
+        beforeEach(() => {
+            plugin = new fixtures.plugin('queue/lmtp')
+            plugin.load_lmtp_ini()
+        })
+
+        it('calls next() when hmail does not have using_lmtp note', (t, done) => {
+            const hmail = { todo: { notes: {} } }
+            plugin.hook_get_mx(
+                (rc, mx) => {
+                    assert.equal(rc, undefined)
+                    assert.equal(mx, undefined)
+                    done()
+                },
+                hmail,
+                'example.com',
+            )
+        })
+
+        it('returns OK with default host and port when using_lmtp is set', (t, done) => {
+            const hmail = { todo: { notes: { using_lmtp: true } } }
+            plugin.cfg = { main: {} }
+            plugin.hook_get_mx(
+                (rc, mx) => {
+                    assert.equal(rc, OK)
+                    assert.equal(mx.using_lmtp, true)
+                    assert.equal(mx.exchange, '127.0.0.1')
+                    assert.equal(mx.port, 24)
+                    assert.equal(mx.priority, 0)
+                    done()
+                },
+                hmail,
+                'example.com',
+            )
+        })
+
+        it('uses domain-specific section when available', (t, done) => {
+            const hmail = { todo: { notes: { using_lmtp: true } } }
+            plugin.cfg = {
+                main: { host: '127.0.0.1' },
+                'example.com': { host: 'lmtp.example.com', port: 2400 },
+            }
+            plugin.hook_get_mx(
+                (rc, mx) => {
+                    assert.equal(rc, OK)
+                    assert.equal(mx.exchange, 'lmtp.example.com')
+                    assert.equal(mx.port, 2400)
+                    done()
+                },
+                hmail,
+                'example.com',
+            )
+        })
+
+        it('falls back to main section when no domain-specific section', (t, done) => {
+            const hmail = { todo: { notes: { using_lmtp: true } } }
+            plugin.cfg = { main: { host: 'lmtp.default.com', port: 24 } }
+            plugin.hook_get_mx(
+                (rc, mx) => {
+                    assert.equal(rc, OK)
+                    assert.equal(mx.exchange, 'lmtp.default.com')
+                    done()
+                },
+                hmail,
+                'other.com',
+            )
+        })
+
+        it('includes path in mx when configured', (t, done) => {
+            const hmail = { todo: { notes: { using_lmtp: true } } }
+            plugin.cfg = { main: { host: '127.0.0.1', path: '/var/run/lmtp.sock' } }
+            plugin.hook_get_mx(
+                (rc, mx) => {
+                    assert.equal(rc, OK)
+                    assert.equal(mx.path, '/var/run/lmtp.sock')
+                    done()
+                },
+                hmail,
+                'example.com',
+            )
+        })
+
+        it('does not include path in mx when not configured', (t, done) => {
+            const hmail = { todo: { notes: { using_lmtp: true } } }
+            plugin.cfg = { main: {} }
+            plugin.hook_get_mx(
+                (rc, mx) => {
+                    assert.equal(rc, OK)
+                    assert.equal(mx.path, undefined)
+                    done()
+                },
+                hmail,
+                'example.com',
+            )
+        })
+    })
+
+    describe('hook_queue', () => {
+        let plugin, conn
+
+        beforeEach(() => {
+            plugin = new fixtures.plugin('queue/lmtp')
+            plugin.load_lmtp_ini()
+            conn = fixtures.connection.createConnection()
+            conn.init_transaction()
+        })
+
+        it('calls next() when there is no transaction', (t, done) => {
+            const connNoTxn = fixtures.connection.createConnection()
+            plugin.hook_queue((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, connNoTxn)
+        })
+
+        it('calls next() when queue.wants is set to another plugin', (t, done) => {
+            conn.transaction.notes.set('queue.wants', 'smtp_forward')
+            plugin.hook_queue((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+    })
+})

package/test/plugins/queue/qmail-queue.js

@@ -0,0 +1,99 @@
+'use strict'
+
+const assert = require('node:assert')
+const { describe, it, beforeEach, before } = require('node:test')
+
+const fixtures = require('haraka-test-fixtures')
+
+before(() => {
+    require('haraka-constants').import(global)
+})
+
+describe('queue/qmail-queue', () => {
+    describe('register', () => {
+        it('throws when qmail-queue binary is not found', () => {
+            const plugin = new fixtures.plugin('queue/qmail-queue')
+            assert.throws(() => plugin.register(), /Cannot find qmail-queue binary/)
+        })
+    })
+
+    describe('load_qmail_queue_ini', () => {
+        it('loads config with enable_outbound boolean', () => {
+            const plugin = new fixtures.plugin('queue/qmail-queue')
+            plugin.load_qmail_queue_ini()
+            assert.ok(typeof plugin.cfg.main.enable_outbound === 'boolean')
+        })
+    })
+
+    describe('hook_queue', () => {
+        let plugin, conn
+
+        beforeEach(() => {
+            plugin = new fixtures.plugin('queue/qmail-queue')
+            plugin.load_qmail_queue_ini()
+            plugin.queue_exec = '/bin/echo' // use a real binary that exists
+            conn = fixtures.connection.createConnection()
+            conn.init_transaction()
+        })
+
+        it('calls next() when there is no transaction', (t, done) => {
+            const connNoTxn = fixtures.connection.createConnection()
+            plugin.hook_queue((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, connNoTxn)
+        })
+
+        it('calls next() when queue.wants is set to another plugin', (t, done) => {
+            conn.transaction.notes.set('queue.wants', 'smtp_forward')
+            plugin.hook_queue((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+
+        it('calls next() when queue.wants is set to discard', (t, done) => {
+            conn.transaction.notes.set('queue.wants', 'discard')
+            plugin.hook_queue((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+    })
+
+    describe('build_envelope', () => {
+        let plugin
+        beforeEach(() => {
+            plugin = new fixtures.plugin('queue/qmail-queue')
+        })
+
+        it('formats F<sender>\\0(T<rcpt>\\0)*\\0 with no padding', () => {
+            const buf = plugin.build_envelope({
+                mail_from: { address: 'snd@example.com' },
+                rcpt_to: [{ address: 'a@example.com' }, { address: 'b@example.com' }],
+            })
+            assert.deepEqual(buf, Buffer.from('Fsnd@example.com\x00Ta@example.com\x00Tb@example.com\x00\x00', 'utf8'))
+        })
+
+        it('is not truncated for large recipient sets', () => {
+            const rcpt_to = []
+            for (let i = 0; i < 500; i++) {
+                rcpt_to.push({ address: `recipient-with-a-fairly-long-localpart-${i}@example.com` })
+            }
+            const buf = plugin.build_envelope({ mail_from: { address: 'snd@example.com' }, rcpt_to })
+            assert.equal((buf.toString('utf8').match(/T/g) || []).length, 500)
+            assert.ok(buf.length > 4096, 'exceeds the old fixed 4096-byte cap')
+            assert.ok(buf.toString('utf8').includes('recipient-with-a-fairly-long-localpart-499@example.com'))
+            assert.equal(buf[buf.length - 1], 0)
+        })
+
+        it('encodes non-ASCII (SMTPUTF8) addresses correctly', () => {
+            const buf = plugin.build_envelope({
+                mail_from: { address: 'sénder@exämple.com' },
+                rcpt_to: [{ address: 'reçìpient@exämple.com' }],
+            })
+            assert.ok(buf.includes(Buffer.from('sénder@exämple.com', 'utf8')))
+            assert.ok(buf.includes(Buffer.from('reçìpient@exämple.com', 'utf8')))
+        })
+    })
+})

package/test/plugins/queue/quarantine.js

@@ -0,0 +1,81 @@
+'use strict'
+
+const assert = require('node:assert')
+const { describe, it, beforeEach } = require('node:test')
+
+const fixtures = require('haraka-test-fixtures')
+
+describe('queue/quarantine', () => {
+    let plugin
+
+    beforeEach(() => {
+        plugin = new fixtures.plugin('queue/quarantine')
+        plugin.load_quarantine_ini()
+    })
+
+    describe('zeroPad', () => {
+        it('pads a single digit number to 2 digits', () => {
+            assert.equal(plugin.zeroPad(5, 2), '05')
+        })
+
+        it('pads a single digit to 4 digits', () => {
+            assert.equal(plugin.zeroPad(7, 4), '0007')
+        })
+
+        it('does not pad when already at target length', () => {
+            assert.equal(plugin.zeroPad(12, 2), '12')
+        })
+
+        it('does not pad when number exceeds target length', () => {
+            assert.equal(plugin.zeroPad(2025, 2), '2025')
+        })
+
+        it('handles 0 correctly', () => {
+            assert.equal(plugin.zeroPad(0, 2), '00')
+        })
+    })
+
+    describe('get_base_dir', () => {
+        it('returns default quarantine path when not configured', () => {
+            plugin.cfg = { main: {} }
+            assert.equal(plugin.get_base_dir(), '/var/spool/haraka/quarantine')
+        })
+
+        it('returns configured quarantine_path when set', () => {
+            plugin.cfg = { main: { quarantine_path: '/tmp/my-quarantine' } }
+            assert.equal(plugin.get_base_dir(), '/tmp/my-quarantine')
+        })
+    })
+
+    describe('quarantine hook', () => {
+        let conn
+
+        beforeEach(() => {
+            conn = fixtures.connection.createConnection()
+            conn.init_transaction()
+        })
+
+        it('calls next() when no quarantine conditions are met', (t, done) => {
+            plugin.quarantine((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+
+        it('calls next() when connection.notes.quarantine is falsy', (t, done) => {
+            conn.notes.quarantine = false
+            plugin.quarantine((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+
+        it('calls next() when queue.wants is set to something other than quarantine', (t, done) => {
+            conn.transaction.notes.set('queue.wants', 'smtp_forward')
+            plugin.quarantine((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, conn)
+        })
+    })
+})

package/test/plugins/queue/smtp_bridge.js

@@ -0,0 +1,154 @@
+'use strict'
+
+const assert = require('node:assert')
+const { describe, it, beforeEach, before } = require('node:test')
+
+const fixtures = require('haraka-test-fixtures')
+
+before(() => {
+    require('haraka-constants').import(global)
+})
+
+describe('queue/smtp_bridge', () => {
+    describe('hook_data_post', () => {
+        let plugin, conn
+
+        beforeEach(() => {
+            plugin = new fixtures.plugin('queue/smtp_bridge')
+            plugin.load_flat_ini()
+            conn = fixtures.connection.createConnection()
+            conn.init_transaction()
+        })
+
+        it('calls next() when no transaction', (t, done) => {
+            const connNoTxn = fixtures.connection.createConnection()
+            plugin.hook_data_post((rc) => {
+                assert.equal(rc, undefined)
+                done()
+            }, connNoTxn)
+        })
+
+        it('copies auth_user from connection notes to transaction notes', (t, done) => {
+            conn.notes.auth_user = 'alice'
+            conn.notes.auth_passwd = 'secret'
+            plugin.hook_data_post((rc) => {
+                assert.equal(rc, undefined)
+                assert.equal(conn.transaction.notes.auth_user, 'alice')
+                done()
+            }, conn)
+        })
+
+        it('copies auth_passwd from connection notes to transaction notes', (t, done) => {
+            conn.notes.auth_user = 'bob'
+            conn.notes.auth_passwd = 'mypassword'
+            plugin.hook_data_post(() => {
+                assert.equal(conn.transaction.notes.auth_passwd, 'mypassword')
+                done()
+            }, conn)
+        })
+
+        it('copies undefined auth values when not set on connection', (t, done) => {
+            plugin.hook_data_post(() => {
+                assert.equal(conn.transaction.notes.auth_user, undefined)
+                assert.equal(conn.transaction.notes.auth_passwd, undefined)
+                done()
+            }, conn)
+        })
+    })
+
+    describe('hook_get_mx', () => {
+        let plugin
+
+        beforeEach(() => {
+            plugin = new fixtures.plugin('queue/smtp_bridge')
+            plugin.load_flat_ini()
+        })
+
+        it('returns OK with default priority 10 and configured host', (t, done) => {
+            plugin.cfg.main = { host: 'relay.example.com' }
+            const hmail = { todo: { notes: {} } }
+            plugin.hook_get_mx(
+                (rc, mx) => {
+                    assert.equal(rc, OK)
+                    assert.equal(mx.priority, 10)
+                    assert.equal(mx.exchange, 'relay.example.com')
+                    done()
+                },
+                hmail,
+                'example.com',
+            )
+        })
+
+        it('uses configured priority when set', (t, done) => {
+            plugin.cfg.main = { host: 'relay.example.com', priority: 20 }
+            const hmail = { todo: { notes: {} } }
+            plugin.hook_get_mx(
+                (rc, mx) => {
+                    assert.equal(rc, OK)
+                    assert.equal(mx.priority, 20)
+                    done()
+                },
+                hmail,
+                'example.com',
+            )
+        })
+
+        it('passes auth_type from config', (t, done) => {
+            plugin.cfg.main = { host: 'relay.example.com', auth_type: 'PLAIN' }
+            const hmail = { todo: { notes: {} } }
+            plugin.hook_get_mx(
+                (rc, mx) => {
+                    assert.equal(rc, OK)
+                    assert.equal(mx.auth_type, 'PLAIN')
+                    done()
+                },
+                hmail,
+                'example.com',
+            )
+        })
+
+        it('passes port from config', (t, done) => {
+            plugin.cfg.main = { host: 'relay.example.com', port: '587' }
+            const hmail = { todo: { notes: {} } }
+            plugin.hook_get_mx(
+                (rc, mx) => {
+                    assert.equal(rc, OK)
+                    assert.equal(mx.port, '587')
+                    done()
+                },
+                hmail,
+                'example.com',
+            )
+        })
+
+        it('passes auth_user and auth_pass from hmail notes', (t, done) => {
+            plugin.cfg.main = { host: 'relay.example.com' }
+            const hmail = { todo: { notes: { auth_user: 'alice', auth_passwd: 'secret' } } }
+            plugin.hook_get_mx(
+                (rc, mx) => {
+                    assert.equal(rc, OK)
+                    assert.equal(mx.auth_user, 'alice')
+                    assert.equal(mx.auth_pass, 'secret')
+                    done()
+                },
+                hmail,
+                'example.com',
+            )
+        })
+
+        it('sets port null and auth_type null when not configured', (t, done) => {
+            plugin.cfg.main = { host: 'relay.example.com' }
+            const hmail = { todo: { notes: {} } }
+            plugin.hook_get_mx(
+                (rc, mx) => {
+                    assert.equal(rc, OK)
+                    assert.equal(mx.port, null)
+                    assert.equal(mx.auth_type, null)
+                    done()
+                },
+                hmail,
+                'example.com',
+            )
+        })
+    })
+})

package/test/plugins/queue/smtp_forward.js

@@ -42,7 +42,7 @@ function makeHmail(notes = {}) {
 class MockSMTPClient extends EventEmitter {
     constructor() {
         super()
-        this.smtp_utf8 = false
+        this.smtputf8 = false
         this.response = ['250 OK']
         this.next = null
         this.commands = []
@@ -140,11 +140,47 @@ describe('smtp_forward register', () => {
         assert.equal(plugin.hooks.queue, undefined)
     })
 
-    it('TLS enabled but no outbound config in tls.ini', () => {
-        const plugin = new fixtures.plugin('queue/smtp_forward')
-        plugin.register()
-        assert.equal(plugin.tls_options, undefined)
-        assert.ok(Object.keys(plugin.hooks).length)
+    it('populates tls_options after register (no-op shape)', () => {
+        const plugin = makePlugin()
+        assert.ok(plugin.tls_options, 'tls_options should be populated after register')
+        assert.ok(Array.isArray(plugin.tls_options.no_tls_hosts))
+        assert.ok(Array.isArray(plugin.tls_options.force_tls_hosts))
+    })
+})
+
+// ─── tls_options ─────────────────────────────────────────────────────────────
+
+describe('smtp_forward tls_options', () => {
+    const tls_socket = require('../../../tls_socket')
+    let origTlsConfig, origTlsCfg
+
+    beforeEach(() => {
+        // Redirect tls_socket.config at test/config so tls.ini fixtures load.
+        origTlsConfig = tls_socket.config
+        origTlsCfg = tls_socket.cfg
+        tls_socket.config = require('haraka-config').module_config(path.resolve('test'))
+        tls_socket.cfg = undefined
+    })
+
+    afterEach(() => {
+        tls_socket.config = origTlsConfig
+        tls_socket.cfg = origTlsCfg
+    })
+
+    it('inherits rejectUnauthorized/minVersion/ciphers from tls.ini [main]', () => {
+        const plugin = makePlugin()
+        assert.equal(plugin.tls_options.rejectUnauthorized, false)
+        assert.equal(plugin.tls_options.minVersion, 'TLSv1')
+        assert.ok(plugin.tls_options.ciphers)
+    })
+
+    it('reload re-derives tls_options', () => {
+        const plugin = makePlugin()
+        const first = plugin.tls_options
+        plugin.load_smtp_forward_ini()
+        assert.ok(plugin.tls_options)
+        assert.notEqual(plugin.tls_options, first, 'reload returns a fresh object')
+        assert.equal(plugin.tls_options.rejectUnauthorized, false)
     })
 })