Haraka 3.2.1 → 3.3.1

package/.githooks/pre-commit

@@ -0,0 +1,41 @@
+#!/bin/sh
+# pre-commit: if package.json has a `prettier` script AND prettier is
+# resolvable without triggering npx auto-install, run it and block the
+# commit on formatting violations.
+
+[ -f package.json ] || exit 0
+command -v npm >/dev/null 2>&1 || exit 0
+
+has_script() {
+  # Detect a "scriptname": "..." entry. Prefers jq; falls back to grep so
+  # the hook works on minimal environments. The grep pattern requires a
+  # string value (opening quote after the colon), which avoids matching
+  # the top-level "prettier": { ... } config block.
+  if command -v jq >/dev/null 2>&1; then
+    jq -e ".scripts[\"$1\"]" package.json >/dev/null 2>&1
+  else
+    grep -qE "\"$1\"[[:space:]]*:[[:space:]]*\"" package.json
+  fi
+}
+
+has_script prettier || exit 0
+
+# Bail if prettier isn't locally or globally installed — `npx prettier`
+# would otherwise prompt to install it, which a hook can't answer.
+if [ ! -x node_modules/.bin/prettier ] && ! command -v prettier >/dev/null 2>&1; then
+  exit 0
+fi
+
+npm run --silent prettier && exit 0
+
+echo
+echo "Prettier reported formatting violations. To fix:"
+if has_script format; then
+  echo "  npm run format          # prettier:fix + lint:fix"
+elif has_script prettier:fix; then
+  echo "  npm run prettier:fix"
+else
+  echo "  npx prettier . --write"
+fi
+echo "Or bypass with: git commit --no-verify"
+exit 1

package/.prettierignore

@@ -1,4 +1,5 @@
 docs/*.md
+AGENTS.md
 CHANGELOG.md
 CONTRIBUTORS.md
 Plugins.md

package/.qlty/.gitignore

@@ -0,0 +1,7 @@
+*
+!configs
+!configs/**
+!hooks
+!hooks/**
+!qlty.toml
+!.gitignore

package/.qlty/configs/.shellcheckrc

@@ -0,0 +1 @@
+source-path=SCRIPTDIR

package/.qlty/qlty.toml

@@ -0,0 +1,15 @@
+exclude_patterns = [
+  ".release/**",
+  "test/**",
+  "docs/**",
+  "bin/**",
+  "eslint.config.mjs",
+  "coverage/**",
+  "node_modules/**",
+]
+
+[smells.file_complexity]
+threshold = 300
+
+[smells.return_statements]
+enabled = false

package/CHANGELOG.md

@@ -4,14 +4,36 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/).
 
 ### Unreleased
 
-- fix(deps): update haraka-plugin-dkim to 1.2.0 to match new addresses handling #3564
-- fix(deps): update haraka-plugin-rspamd to 1.6.0 to match new addresses handling #3564
-
-### [3.2.0] - 2026-05-NN
+### [3.3.1] - 2026-06-12
+
+- fix(conn): flag soft queue denials in results
+- feat: expose fetch to plugins
+- change: remove @haraka/email-address wrapper #3598
+- change: log when MFROM or RCPT fail to parse #3581
+- fix: change package name from Haraka to haraka #3596
+- fix(haraka): wrap util.createFile in a try #3595
+- fix(conn): update local and remote results after proxy #3593
+- feat(conn): add main.postel option #3592
+- feat: proxy support for smtps (465) #3577
+- refactor(auth_proxy): use net_utils.endpoint #3584
+- refactor: move endpoint, HostPool, LineSocket to net-utils #3583
+- refactor: move rfc1869, FsyncWriteStream, TimerQueue to haraka-utils #3585
+- refactor: move cram_md5_response to haraka-utils #3585
+- dep(many): bump to latest #3587
+- dep(eslint): update @haraka/eslint-config to v3, #3586
+- dep(haraka-utils): ~2.1.1 for position-aware MAIL/RCPT address errors
+- build: add qlty config and README badge #3588
+- test: update to test-fixtures 1.7.0 helpers #3589
+
+### [3.2.1] - 2026-05-24
+
+- fix(deps): update rspamd, dkim plugins to latest #3576
+
+### [3.2.0] - 2026-05-24
 
 - fix(status): merge worker status into summary #3574
 - dep: replace address-rfc282{1,2} with @haraka/email-address #3566
-- change(BREAKING for some plugins), see https://github.com/haraka/Haraka/issues/3564
+  - change(BREAKING for some plugins), see https://github.com/haraka/Haraka/issues/3564
 
 ### [3.1.7] - 2026-05-19
 
@@ -1872,3 +1894,5 @@ config files.
 [3.1.6]: https://github.com/haraka/Haraka/releases/tag/v3.1.6
 [3.1.7]: https://github.com/haraka/Haraka/releases/tag/v3.1.7
 [3.2.0]: https://github.com/haraka/Haraka/releases/tag/v3.2.0
+[3.2.1]: https://github.com/haraka/Haraka/releases/tag/v3.2.1
+[3.3.1]: https://github.com/haraka/Haraka/releases/tag/v3.3.1

package/CONTRIBUTORS.md

@@ -2,14 +2,14 @@
 
 This handcrafted artisanal software is brought to you by:
 
-| <img height="80" src="https://avatars.githubusercontent.com/u/261635?v=4"><br><a href="https://github.com/msimerson">msimerson</a> (<a href="https://github.com/haraka/Haraka/commits?author=msimerson">1682</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/662371?v=4"><br><a href="https://github.com/baudehlo">baudehlo</a> (<a href="https://github.com/haraka/Haraka/commits?author=baudehlo">969</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/550490?v=4"><br><a href="https://github.com/smfreegard">smfreegard</a> (<a href="https://github.com/haraka/Haraka/commits?author=smfreegard">794</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/959600?v=4"><br><a href="https://github.com/godsflaw">godsflaw</a> (<a href="https://github.com/haraka/Haraka/commits?author=godsflaw">171</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/934254?v=4"><br><a href="https://github.com/analogic">analogic</a> (<a href="https://github.com/haraka/Haraka/commits?author=analogic">42</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/1674289?v=4"><br><a href="https://github.com/Dexus">Dexus</a> (<a href="https://github.com/haraka/Haraka/commits?author=Dexus">42</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/82041?v=4"><br><a href="https://github.com/gramakri">gramakri</a> (<a href="https://github.com/haraka/Haraka/commits?author=gramakri">40</a>) |
+| <img height="80" src="https://avatars.githubusercontent.com/u/261635?v=4"><br><a href="https://github.com/msimerson">msimerson</a> (<a href="https://github.com/haraka/Haraka/commits?author=msimerson">1685</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/662371?v=4"><br><a href="https://github.com/baudehlo">baudehlo</a> (<a href="https://github.com/haraka/Haraka/commits?author=baudehlo">969</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/550490?v=4"><br><a href="https://github.com/smfreegard">smfreegard</a> (<a href="https://github.com/haraka/Haraka/commits?author=smfreegard">794</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/959600?v=4"><br><a href="https://github.com/godsflaw">godsflaw</a> (<a href="https://github.com/haraka/Haraka/commits?author=godsflaw">171</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/934254?v=4"><br><a href="https://github.com/analogic">analogic</a> (<a href="https://github.com/haraka/Haraka/commits?author=analogic">42</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/1674289?v=4"><br><a href="https://github.com/Dexus">Dexus</a> (<a href="https://github.com/haraka/Haraka/commits?author=Dexus">42</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/82041?v=4"><br><a href="https://github.com/gramakri">gramakri</a> (<a href="https://github.com/haraka/Haraka/commits?author=gramakri">40</a>) |
 | :---: | :---: | :---: | :---: | :---: | :---: | :---: |
 | <img height="80" src="https://avatars.githubusercontent.com/u/203240?v=4"><br><a href="https://github.com/lnedry">lnedry</a> (<a href="https://github.com/haraka/Haraka/commits?author=lnedry">27</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/748075?v=4"><br><a href="https://github.com/celesteking">celesteking</a> (<a href="https://github.com/haraka/Haraka/commits?author=celesteking">21</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/791972?v=4"><br><a href="https://github.com/lpatters">lpatters</a> (<a href="https://github.com/haraka/Haraka/commits?author=lpatters">20</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/366268?v=4"><br><a href="https://github.com/chazomaticus">chazomaticus</a> (<a href="https://github.com/haraka/Haraka/commits?author=chazomaticus">19</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/123708?v=4"><br><a href="https://github.com/arlolra">arlolra</a> (<a href="https://github.com/haraka/Haraka/commits?author=arlolra">16</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/271024?v=4"><br><a href="https://github.com/hayesgm">hayesgm</a> (<a href="https://github.com/haraka/Haraka/commits?author=hayesgm">16</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/1573133?v=4"><br><a href="https://github.com/gauravaror">gauravaror</a> (<a href="https://github.com/haraka/Haraka/commits?author=gauravaror">14</a>) |
 | <img height="80" src="https://avatars.githubusercontent.com/u/260607?v=4"><br><a href="https://github.com/typingArtist">typingArtist</a> (<a href="https://github.com/haraka/Haraka/commits?author=typingArtist">14</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/11343494?v=4"><br><a href="https://github.com/superman20">superman20</a> (<a href="https://github.com/haraka/Haraka/commits?author=superman20">13</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/158380?v=4"><br><a href="https://github.com/darkpixel">darkpixel</a> (<a href="https://github.com/haraka/Haraka/commits?author=darkpixel">12</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/9887966?v=4"><br><a href="https://github.com/KingNoosh">KingNoosh</a> (<a href="https://github.com/haraka/Haraka/commits?author=KingNoosh">11</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/5229495?v=4"><br><a href="https://github.com/tstonis">tstonis</a> (<a href="https://github.com/haraka/Haraka/commits?author=tstonis">10</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/1746394?v=4"><br><a href="https://github.com/wltsmrz">wltsmrz</a> (<a href="https://github.com/haraka/Haraka/commits?author=wltsmrz">9</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/218741413?v=4"><br><a href="https://github.com/SamuelGrave">SamuelGrave</a> (<a href="https://github.com/haraka/Haraka/commits?author=SamuelGrave">9</a>) |
-| <img height="80" src="https://avatars.githubusercontent.com/u/2176651?v=4"><br><a href="https://github.com/fatalbanana">fatalbanana</a> (<a href="https://github.com/haraka/Haraka/commits?author=fatalbanana">9</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/231081?v=4"><br><a href="https://github.com/EyePulp">EyePulp</a> (<a href="https://github.com/haraka/Haraka/commits?author=EyePulp">8</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/81561?v=4"><br><a href="https://github.com/Synchro">Synchro</a> (<a href="https://github.com/haraka/Haraka/commits?author=Synchro">8</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/3957811?v=4"><br><a href="https://github.com/gene-hightower">gene-hightower</a> (<a href="https://github.com/haraka/Haraka/commits?author=gene-hightower">7</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/8224508?v=4"><br><a href="https://github.com/DarkSorrow">DarkSorrow</a> (<a href="https://github.com/haraka/Haraka/commits?author=DarkSorrow">6</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/103802?v=4"><br><a href="https://github.com/joshuathayer">joshuathayer</a> (<a href="https://github.com/haraka/Haraka/commits?author=joshuathayer">6</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/298453?v=4"><br><a href="https://github.com/zllovesuki">zllovesuki</a> (<a href="https://github.com/haraka/Haraka/commits?author=zllovesuki">5</a>) |
-| <img height="80" src="https://avatars.githubusercontent.com/u/132251?v=4"><br><a href="https://github.com/schamane">schamane</a> (<a href="https://github.com/haraka/Haraka/commits?author=schamane">5</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/2158203?v=4"><br><a href="https://github.com/luto">luto</a> (<a href="https://github.com/haraka/Haraka/commits?author=luto">5</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/21576638?v=4"><br><a href="https://github.com/steflw">steflw</a> (<a href="https://github.com/haraka/Haraka/commits?author=steflw">5</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/1263856?v=4"><br><a href="https://github.com/ricardopolo">ricardopolo</a> (<a href="https://github.com/haraka/Haraka/commits?author=ricardopolo">5</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/1521113?v=4"><br><a href="https://github.com/hontas">hontas</a> (<a href="https://github.com/haraka/Haraka/commits?author=hontas">5</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/918201?v=4"><br><a href="https://github.com/DoobleD">DoobleD</a> (<a href="https://github.com/haraka/Haraka/commits?author=DoobleD">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/11270?v=4"><br><a href="https://github.com/swerter">swerter</a> (<a href="https://github.com/haraka/Haraka/commits?author=swerter">4</a>) |
-| <img height="80" src="https://avatars.githubusercontent.com/u/791835?v=4"><br><a href="https://github.com/Juerd">Juerd</a> (<a href="https://github.com/haraka/Haraka/commits?author=Juerd">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/5351045?v=4"><br><a href="https://github.com/rhedshi">rhedshi</a> (<a href="https://github.com/haraka/Haraka/commits?author=rhedshi">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/7155684?v=4"><br><a href="https://github.com/rw251">rw251</a> (<a href="https://github.com/haraka/Haraka/commits?author=rw251">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/255701?v=4"><br><a href="https://github.com/abhas">abhas</a> (<a href="https://github.com/haraka/Haraka/commits?author=abhas">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/147893?v=4"><br><a href="https://github.com/Andrew565">Andrew565</a> (<a href="https://github.com/haraka/Haraka/commits?author=Andrew565">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/1451395?v=4"><br><a href="https://github.com/bmonty">bmonty</a> (<a href="https://github.com/haraka/Haraka/commits?author=bmonty">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/308887?v=4"><br><a href="https://github.com/benjisg">benjisg</a> (<a href="https://github.com/haraka/Haraka/commits?author=benjisg">4</a>) |
-| <img height="80" src="https://avatars.githubusercontent.com/u/5624708?v=4"><br><a href="https://github.com/Bramzor">Bramzor</a> (<a href="https://github.com/haraka/Haraka/commits?author=Bramzor">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/8285462?v=4"><br><a href="https://github.com/CalgaryMichael">CalgaryMichael</a> (<a href="https://github.com/haraka/Haraka/commits?author=CalgaryMichael">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/34087?v=4"><br><a href="https://github.com/fredjean">fredjean</a> (<a href="https://github.com/haraka/Haraka/commits?author=fredjean">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/13922268?v=4"><br><a href="https://github.com/jdai8">jdai8</a> (<a href="https://github.com/haraka/Haraka/commits?author=jdai8">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/6220422?v=4"><br><a href="https://github.com/dcharbonnier">dcharbonnier</a> (<a href="https://github.com/haraka/Haraka/commits?author=dcharbonnier">3</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/232225?v=4"><br><a href="https://github.com/soncodi">soncodi</a> (<a href="https://github.com/haraka/Haraka/commits?author=soncodi">3</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/2115696?v=4"><br><a href="https://github.com/AuspeXeu">AuspeXeu</a> (<a href="https://github.com/haraka/Haraka/commits?author=AuspeXeu">3</a>) |
+| <img height="80" src="https://avatars.githubusercontent.com/u/2176651?v=4"><br><a href="https://github.com/fatalbanana">fatalbanana</a> (<a href="https://github.com/haraka/Haraka/commits?author=fatalbanana">9</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/231081?v=4"><br><a href="https://github.com/EyePulp">EyePulp</a> (<a href="https://github.com/haraka/Haraka/commits?author=EyePulp">8</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/81561?v=4"><br><a href="https://github.com/Synchro">Synchro</a> (<a href="https://github.com/haraka/Haraka/commits?author=Synchro">8</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/3957811?v=4"><br><a href="https://github.com/gene-hightower">gene-hightower</a> (<a href="https://github.com/haraka/Haraka/commits?author=gene-hightower">7</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/8224508?v=4"><br><a href="https://github.com/DarkSorrow">DarkSorrow</a> (<a href="https://github.com/haraka/Haraka/commits?author=DarkSorrow">6</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/103802?v=4"><br><a href="https://github.com/joshuathayer">joshuathayer</a> (<a href="https://github.com/haraka/Haraka/commits?author=joshuathayer">6</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/918201?v=4"><br><a href="https://github.com/DoobleD">DoobleD</a> (<a href="https://github.com/haraka/Haraka/commits?author=DoobleD">5</a>) |
+| <img height="80" src="https://avatars.githubusercontent.com/u/298453?v=4"><br><a href="https://github.com/zllovesuki">zllovesuki</a> (<a href="https://github.com/haraka/Haraka/commits?author=zllovesuki">5</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/132251?v=4"><br><a href="https://github.com/schamane">schamane</a> (<a href="https://github.com/haraka/Haraka/commits?author=schamane">5</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/2158203?v=4"><br><a href="https://github.com/luto">luto</a> (<a href="https://github.com/haraka/Haraka/commits?author=luto">5</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/21576638?v=4"><br><a href="https://github.com/steflw">steflw</a> (<a href="https://github.com/haraka/Haraka/commits?author=steflw">5</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/1263856?v=4"><br><a href="https://github.com/ricardopolo">ricardopolo</a> (<a href="https://github.com/haraka/Haraka/commits?author=ricardopolo">5</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/1521113?v=4"><br><a href="https://github.com/hontas">hontas</a> (<a href="https://github.com/haraka/Haraka/commits?author=hontas">5</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/11270?v=4"><br><a href="https://github.com/swerter">swerter</a> (<a href="https://github.com/haraka/Haraka/commits?author=swerter">4</a>) |
+| <img height="80" src="https://avatars.githubusercontent.com/u/791835?v=4"><br><a href="https://github.com/Juerd">Juerd</a> (<a href="https://github.com/haraka/Haraka/commits?author=Juerd">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/5351045?v=4"><br><a href="https://github.com/rhedshi">rhedshi</a> (<a href="https://github.com/haraka/Haraka/commits?author=rhedshi">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/7155684?v=4"><br><a href="https://github.com/rw251">rw251</a> (<a href="https://github.com/haraka/Haraka/commits?author=rw251">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/13922268?v=4"><br><a href="https://github.com/jdai8">jdai8</a> (<a href="https://github.com/haraka/Haraka/commits?author=jdai8">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/34087?v=4"><br><a href="https://github.com/fredjean">fredjean</a> (<a href="https://github.com/haraka/Haraka/commits?author=fredjean">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/8285462?v=4"><br><a href="https://github.com/CalgaryMichael">CalgaryMichael</a> (<a href="https://github.com/haraka/Haraka/commits?author=CalgaryMichael">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/5624708?v=4"><br><a href="https://github.com/Bramzor">Bramzor</a> (<a href="https://github.com/haraka/Haraka/commits?author=Bramzor">4</a>) |
+| <img height="80" src="https://avatars.githubusercontent.com/u/308887?v=4"><br><a href="https://github.com/benjisg">benjisg</a> (<a href="https://github.com/haraka/Haraka/commits?author=benjisg">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/1451395?v=4"><br><a href="https://github.com/bmonty">bmonty</a> (<a href="https://github.com/haraka/Haraka/commits?author=bmonty">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/147893?v=4"><br><a href="https://github.com/Andrew565">Andrew565</a> (<a href="https://github.com/haraka/Haraka/commits?author=Andrew565">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/255701?v=4"><br><a href="https://github.com/abhas">abhas</a> (<a href="https://github.com/haraka/Haraka/commits?author=abhas">4</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/6220422?v=4"><br><a href="https://github.com/dcharbonnier">dcharbonnier</a> (<a href="https://github.com/haraka/Haraka/commits?author=dcharbonnier">3</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/232225?v=4"><br><a href="https://github.com/soncodi">soncodi</a> (<a href="https://github.com/haraka/Haraka/commits?author=soncodi">3</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/2115696?v=4"><br><a href="https://github.com/AuspeXeu">AuspeXeu</a> (<a href="https://github.com/haraka/Haraka/commits?author=AuspeXeu">3</a>) |
 | <img height="80" src="https://avatars.githubusercontent.com/u/6684599?v=4"><br><a href="https://github.com/acharkizakaria">acharkizakaria</a> (<a href="https://github.com/haraka/Haraka/commits?author=acharkizakaria">3</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/1810178?v=4"><br><a href="https://github.com/pvsousalima">pvsousalima</a> (<a href="https://github.com/haraka/Haraka/commits?author=pvsousalima">3</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/759912?v=4"><br><a href="https://github.com/davebeyer">davebeyer</a> (<a href="https://github.com/haraka/Haraka/commits?author=davebeyer">3</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/706078?v=4"><br><a href="https://github.com/brunolm">brunolm</a> (<a href="https://github.com/haraka/Haraka/commits?author=brunolm">3</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/7008027?v=4"><br><a href="https://github.com/mkp7">mkp7</a> (<a href="https://github.com/haraka/Haraka/commits?author=mkp7">2</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/1007551?v=4"><br><a href="https://github.com/unquietwiki">unquietwiki</a> (<a href="https://github.com/haraka/Haraka/commits?author=unquietwiki">2</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/10368105?v=4"><br><a href="https://github.com/mtrivera">mtrivera</a> (<a href="https://github.com/haraka/Haraka/commits?author=mtrivera">2</a>) |
 | <img height="80" src="https://avatars.githubusercontent.com/u/1829326?v=4"><br><a href="https://github.com/slattery">slattery</a> (<a href="https://github.com/haraka/Haraka/commits?author=slattery">2</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/8569238?v=4"><br><a href="https://github.com/MuraraAllan">MuraraAllan</a> (<a href="https://github.com/haraka/Haraka/commits?author=MuraraAllan">2</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/994004?v=4"><br><a href="https://github.com/stefanocoding">stefanocoding</a> (<a href="https://github.com/haraka/Haraka/commits?author=stefanocoding">2</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/5483299?v=4"><br><a href="https://github.com/thihara">thihara</a> (<a href="https://github.com/haraka/Haraka/commits?author=thihara">2</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/43457281?v=4"><br><a href="https://github.com/benjamonnguyen">benjamonnguyen</a> (<a href="https://github.com/haraka/Haraka/commits?author=benjamonnguyen">2</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/15035337?v=4"><br><a href="https://github.com/gtech99">gtech99</a> (<a href="https://github.com/haraka/Haraka/commits?author=gtech99">2</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/3073292?v=4"><br><a href="https://github.com/joelchornik">joelchornik</a> (<a href="https://github.com/haraka/Haraka/commits?author=joelchornik">2</a>) |
 | <img height="80" src="https://avatars.githubusercontent.com/u/934178?v=4"><br><a href="https://github.com/vrevo">vrevo</a> (<a href="https://github.com/haraka/Haraka/commits?author=vrevo">2</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/1249760?v=4"><br><a href="https://github.com/andreis">andreis</a> (<a href="https://github.com/haraka/Haraka/commits?author=andreis">2</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/15694566?v=4"><br><a href="https://github.com/apoorv-mishra">apoorv-mishra</a> (<a href="https://github.com/haraka/Haraka/commits?author=apoorv-mishra">2</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/563469?v=4"><br><a href="https://github.com/niieani">niieani</a> (<a href="https://github.com/haraka/Haraka/commits?author=niieani">2</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/196198?v=4"><br><a href="https://github.com/hathaway">hathaway</a> (<a href="https://github.com/haraka/Haraka/commits?author=hathaway">2</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/14928995?v=4"><br><a href="https://github.com/carolinaknoll">carolinaknoll</a> (<a href="https://github.com/haraka/Haraka/commits?author=carolinaknoll">2</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/654682?v=4"><br><a href="https://github.com/martin1yness">martin1yness</a> (<a href="https://github.com/haraka/Haraka/commits?author=martin1yness">2</a>) |

package/README.md

@@ -1,7 +1,6 @@
 # Haraka — a Node.js Mail Server
 
-![Tests](https://github.com/haraka/Haraka/actions/workflows/ci.yml/badge.svg)
-[![Coverage Status][cov-img]][cov-url]
+[![Build][ci-img]][ci-url] [![Cover][cov-img]][cov-url] [![Qlty][qlty-img]][qlty-url]
 
 Haraka is a highly scalable [Node.js][1] SMTP server with a modular plugin architecture. It handles thousands of concurrent connections and delivers thousands of messages per second. Haraka and its plugins are written in asynchronous JavaScript, optimised for throughput and low latency.
 
@@ -115,5 +114,9 @@ Haraka is released under the MIT License. See [LICENSE][license] for details.
 [msimerson]: https://github.com/msimerson
 [spamassassin]: https://spamassassin.apache.org/
 [qpsmtpd]: https://github.com/smtpd/qpsmtpd/
+[ci-img]: https://github.com/haraka/Haraka/actions/workflows/ci.yml/badge.svg
+[ci-url]: https://github.com/haraka/Haraka/actions/workflows/ci.yml
 [cov-img]: https://codecov.io/github/haraka/Haraka/coverage.svg
-[cov-url]: https://codecov.io/github/haraka/Haraka?branch=master
+[cov-url]: https://codecov.io/github/haraka/Haraka
+[qlty-img]: https://qlty.sh/gh/haraka/projects/Haraka/maintainability.svg
+[qlty-url]: https://qlty.sh/gh/haraka/projects/Haraka

package/bin/haraka

@@ -165,6 +165,14 @@ function setupRequire() {
 
 function noop() {}
 
+function tryCreateFile(filePath, data, info = {}, force = false) {
+  try {
+    utils.createFile(...arguments)
+  } catch (e) {
+    warning(`EEXIST, File exists '${filePath}'`)
+  }
+}
+
 const readme = `Haraka
 
 Congratulations on creating a new installation of Haraka.
@@ -406,7 +414,7 @@ if (parsed.version) {
   plugins.load_plugins(parsed.test && parsed.test[0] !== 'all' ? parsed.test : null)
   const Connection = require(path.join(base, 'connection'))
   // var Transaction = require(path.join(base, "transaction"));
-  const Address = require('../address').Address
+  const Address = require('@haraka/email-address').Address
   const Notes = require('haraka-notes')
   const constants = require('haraka-constants')
   const client = {
@@ -549,10 +557,10 @@ if (parsed.version) {
     utils.mkDir(path.join(pa, d))
   }
   utils.copyFile(path.join(base, 'docs', 'Plugins.md'), path.join(pa, 'docs', 'Plugins.md'))
-  utils.createFile(path.join(pa, 'README'), readme, {}, parsed.force)
-  utils.createFile(path.join(pa, 'package.json'), packageJson, {}, parsed.force)
+  tryCreateFile(path.join(pa, 'README'), readme, {}, parsed.force)
+  tryCreateFile(path.join(pa, 'package.json'), packageJson, {}, parsed.force)
   const bytes = require('crypto').randomBytes(32)
-  utils.createFile(path.join(pa, 'config', 'internalcmd_key'), bytes.toString('hex'), {}, parsed.force)
+  tryCreateFile(path.join(pa, 'config', 'internalcmd_key'), bytes.toString('hex'), {}, parsed.force)
   setupHostname(path.join(pa, 'config'))
   setupBaseConfig(path.join(pa, 'config'))
 } else {

package/config/connection.ini

@@ -14,11 +14,17 @@
 ; Require senders to conform to RFC 1869 and RFC 821 when sending the MAIL FROM and RCPT TO commands. In particular, the inclusion of spurious spaces or missing angle brackets will be rejected.
 ; strict_rfc1869 = false
 
+; Liberal envelope parsing. See @haraka/email-address for what postel mode relaxes.
+; postel = false
+
 ; Advertise support for SMTPUTF8 (RFC-6531)
 ; smtputf8=true
 
 
 [haproxy]
+; Bool: enable HAProxy PROXY protocol support and SMTPS pre-parsing.
+; enabled=true
+
 ; Array: hosts or CIDRs that Haraka should enable the PROXY protocol from. See docs/HAProxy for format
 hosts[] =
 ; hosts[] = 192.0.2.4

package/connection.js

@@ -2,7 +2,6 @@
 // a single connection
 
 const dns = require('node:dns')
-const net = require('node:net')
 const os = require('node:os')
 
 // npm libs
@@ -12,14 +11,14 @@ const constants = require('haraka-constants')
 const net_utils = require('haraka-net-utils')
 const Notes = require('haraka-notes')
 const utils = require('haraka-utils')
-const { Address } = require('./address')
+const { Address } = require('@haraka/email-address')
 const ResultStore = require('haraka-results')
 
 // Haraka libs
 const logger = require('./logger')
 const trans = require('./transaction')
 const plugins = require('./plugins')
-const rfc1869 = require('./rfc1869')
+const rfc1869 = utils.rfc1869
 const outbound = require('./outbound')
 
 const states = constants.connection.state
@@ -27,6 +26,7 @@ const states = constants.connection.state
 const cfg = config.get('connection.ini', {
     booleans: [
         '-main.strict_rfc1869',
+        '-main.postel',
         '+main.smtputf8',
         '+headers.add_received',
         '+headers.show_version',
@@ -34,20 +34,8 @@ const cfg = config.get('connection.ini', {
     ],
 })
 
-const haproxy_hosts_ipv4 = []
-const haproxy_hosts_ipv6 = []
-
-for (const ip of cfg.haproxy.hosts) {
-    if (!ip) continue
-    if (net.isIPv6(ip.split('/')[0])) {
-        haproxy_hosts_ipv6.push([ipaddr.IPv6.parse(ip.split('/')[0]), parseInt(ip.split('/')[1] || 64)])
-    } else {
-        haproxy_hosts_ipv4.push([ipaddr.IPv4.parse(ip.split('/')[0]), parseInt(ip.split('/')[1] || 32)])
-    }
-}
-
 class Connection {
-    constructor(client, server, smtp_cfg) {
+    constructor(client, server) {
         this.client = client
         this.server = server
 
@@ -160,7 +148,7 @@ class Connection {
             self.fail()
         })
 
-        self.client.on('close', (has_error) => {
+        self.client.on('close', () => {
             if (self.state >= states.DISCONNECTING) return
             self.remote.closed = true
             self.loginfo('client dropped connection', log_data)
@@ -190,8 +178,20 @@ class Connection {
             self.process_data(data)
         })
 
-        const ha_list = net.isIPv6(self.remote.ip) ? haproxy_hosts_ipv6 : haproxy_hosts_ipv4
-        if (ha_list.some((element) => ipaddr.parse(self.remote.ip).match(element[0], element[1]))) {
+        // SMTPS pre-parser state: proxy means the PROXY line was already consumed;
+        // peer_allowed means a trusted PROXY peer sent direct TLS instead.
+        const smtps = self.client.haraka_smtps
+        if (smtps?.proxy) {
+            self.proxy.allowed = true
+            return
+        }
+
+        if (smtps?.peer_allowed) {
+            plugins.run_hooks('connect_init', self)
+            return
+        }
+
+        if (net_utils.is_haproxy_allowed(self.remote.ip)) {
             self.proxy.allowed = true
             // Wait for PROXY command
             self.proxy.timer = setTimeout(() => {
@@ -678,8 +678,7 @@ class Connection {
     }
     /////////////////////////////////////////////////////////////////////////////
     // SMTP Responses
-    connect_init_respond(retval, msg) {
-        // retval and message are ignored
+    connect_init_respond() {
         this.logdebug('running connect_init_respond')
         plugins.run_hooks('lookup_rdns', this)
     }
@@ -889,7 +888,7 @@ class Connection {
             }
         }
     }
-    capabilities_respond(retval, msg) {
+    capabilities_respond() {
         this.respond(250, this.capabilities)
     }
     quit_respond(retval, msg) {
@@ -940,7 +939,7 @@ class Connection {
                 this.respond(250, 'OK')
         }
     }
-    rset_respond(retval, msg) {
+    rset_respond() {
         this.respond(250, 'OK', () => {
             this.reset_transaction()
         })
@@ -1137,39 +1136,14 @@ class Connection {
     /////////////////////////////////////////////////////////////////////////////
     // HAProxy support
 
-    cmd_proxy(line) {
-        if (!this.proxy.allowed) {
-            this.respond(421, `PROXY not allowed from ${this.remote.ip}`)
-            return this.disconnect()
+    apply_proxy(proxy) {
+        if (this.proxy.timer) {
+            clearTimeout(this.proxy.timer)
+            this.proxy.timer = null
         }
 
-        const match = /(TCP4|TCP6|UNKNOWN) (\S+) (\S+) (\d+) (\d+)$/.exec(line)
-        if (!match) {
-            this.respond(421, 'Invalid PROXY format')
-            return this.disconnect()
-        }
-        const proto = match[1]
-        const src_ip = match[2]
-        const dst_ip = match[3]
-        const src_port = match[4]
-        const dst_port = match[5]
-
-        // Validate source/destination IP
-        /*eslint no-fallthrough: 0 */
-        switch (proto) {
-            case 'TCP4':
-                if (ipaddr.IPv4.isValid(src_ip) && ipaddr.IPv4.isValid(dst_ip)) {
-                    break
-                }
-            case 'TCP6':
-                if (ipaddr.IPv6.isValid(src_ip) && ipaddr.IPv6.isValid(dst_ip)) {
-                    break
-                }
-            // case 'UNKNOWN':
-            default:
-                this.respond(421, 'Invalid PROXY format')
-                return this.disconnect()
-        }
+        const { proto, src_ip, src_port, dst_ip, dst_port } = proxy
+        const proxy_ip = proxy.proxy_ip || this.remote.ip
 
         // Apply changes
         this.loginfo('HAProxy', {
@@ -1185,11 +1159,11 @@ class Connection {
             src_port,
             dst_ip,
             dst_port,
-            proxy_ip: this.remote.ip,
+            proxy_ip,
         }
 
         this.reset_transaction(() => {
-            this.set('proxy.ip', this.remote.ip)
+            this.set('proxy.ip', proxy_ip)
             this.set('proxy.type', 'haproxy')
             this.relaying = false
             this.set('local.ip', dst_ip)
@@ -1198,9 +1172,26 @@ class Connection {
             this.set('remote.port', parseInt(src_port, 10))
             this.set('remote.host', null)
             this.set('hello.host', null)
+            this.results.add({ name: 'local' }, this.local)
+            this.results.add({ name: 'remote' }, this.remote)
             plugins.run_hooks('connect_init', this)
         })
     }
+
+    cmd_proxy(line) {
+        if (!this.proxy.allowed) {
+            this.respond(421, `PROXY not allowed from ${this.remote.ip}`)
+            return this.disconnect()
+        }
+
+        const proxy = net_utils.parse_proxy_line(line)
+        if (!proxy) {
+            this.respond(421, 'Invalid PROXY format')
+            return this.disconnect()
+        }
+
+        this.apply_proxy(proxy)
+    }
     /////////////////////////////////////////////////////////////////////////////
     // SMTP Commands
 
@@ -1283,7 +1274,7 @@ class Connection {
         }
         plugins.run_hooks('rset', this)
     }
-    cmd_vrfy(line) {
+    cmd_vrfy() {
         // only supported via plugins
         plugins.run_hooks('vrfy', this)
     }
@@ -1323,10 +1314,13 @@ class Connection {
         }
 
         let from
+        const from_raw = results.shift()
         try {
-            from = new Address(results.shift())
+            from = new Address(from_raw, { postel: cfg.main.postel })
         } catch (err) {
-            return this.respond(501, `Invalid MAIL FROM address`)
+            const msg = `Invalid MAIL FROM address ${utils.sanitize(from_raw)}: ${err.message}`
+            this.lognotice(msg)
+            return this.respond(501, msg)
         }
 
         // Get rest of key=value pairs
@@ -1382,10 +1376,13 @@ class Connection {
         }
 
         let recip
+        const recip_raw = results.shift()
         try {
-            recip = new Address(results.shift())
+            recip = new Address(recip_raw, { postel: cfg.main.postel })
         } catch (err) {
-            return this.respond(501, `Invalid RCPT TO address`)
+            const msg = `Invalid RCPT TO address ${utils.sanitize(recip_raw)}: ${err.message}`
+            this.lognotice(msg)
+            return this.respond(501, msg)
         }
 
         // Get rest of key=value pairs
@@ -1448,19 +1445,17 @@ class Connection {
         // value (e.g. a failed AUTH username, see auth_base) must not be
         // able to inject extra header lines into Authentication-Results.
         // The legitimate folding (;\r\n\t) is added by the join below.
-        const ar_clean = (s) => String(s).replace(/[\x00-\x1f\x7f]/g, '')
-
         // if message, store it in the appropriate note
         if (message) {
             if (has_tran === true) {
-                this.transaction.notes.authentication_results.push(ar_clean(message))
+                this.transaction.notes.authentication_results.push(utils.sanitize(message))
             } else {
-                this.notes.authentication_results.push(ar_clean(message))
+                this.notes.authentication_results.push(utils.sanitize(message))
             }
         }
 
         // assemble the new header
-        let header = [ar_clean(this.local.host), ...this.notes.authentication_results]
+        let header = [utils.sanitize(this.local.host), ...this.notes.authentication_results]
         if (has_tran === true) {
             header = [...header, ...this.transaction.notes.authentication_results]
         }
@@ -1668,7 +1663,7 @@ class Connection {
                 }
         }
     }
-    max_data_exceeded_respond(retval, msg) {
+    max_data_exceeded_respond(retval) {
         // TODO: Maybe figure out what to do with other return codes
         this.respond(retval === constants.denysoft ? 450 : 550, 'Message too big!', () => {
             this.reset_transaction()
@@ -1703,9 +1698,11 @@ class Connection {
                 break
             case constants.deny:
             case constants.denydisconnect:
+                this.transaction.results.add(res_as, { fail: msg })
+                break
             case constants.denysoft:
             case constants.denysoftdisconnect:
-                this.transaction.results.add(res_as, { fail: msg })
+                this.transaction.results.add(res_as, { fail: msg, soft: true })
                 break
             case constants.cont:
                 break
@@ -1859,6 +1856,8 @@ class Connection {
 
 exports.Connection = Connection
 
+exports.cfg = cfg
+
 exports.createConnection = (client, server, cfg) => {
     return new Connection(client, server, cfg)
 }

package/contrib/bsd-rc.d/haraka

@@ -6,6 +6,8 @@
 # REQUIRE: NETWORKING ldconfig
 # KEYWORD: shutdown
 
+PATH="$PATH:/usr/local/bin"
+
 . /etc/rc.subr
 
 name="haraka"

package/docs/CoreConfig.md

@@ -48,6 +48,8 @@ Per-connection limits and behaviours. See inline comments in the shipped
 | `main.spool_after` | `-1` | Size (bytes) at which to spool the message to disk. `-1` never spools; `0` always spools. |
 | `main.strict_rfc1869` | `false` | Reject `MAIL FROM` / `RCPT TO` that violates RFC 1869/821 (spurious spaces, missing brackets). |
 | `main.smtputf8` | `true` | Advertise `SMTPUTF8` (RFC 6531). |
+| `main.postel` | `false` | Liberal envelope parsing. |
+| `haproxy.enabled` | `true` | Enable HAProxy PROXY protocol handling. Set `false` to bypass PROXY support. |
 | `haproxy.hosts` | empty | Array of IPs/CIDRs allowed to send the PROXY protocol. See [HAProxy.md](HAProxy.md). |
 | `headers.add_received` | `true` | Add a `Received:` header to incoming mail. |
 | `headers.clean_auth_results` | `true` | Strip inbound `Authentication-Results:` headers before plugins run. |

package/docs/HAProxy.md

@@ -6,15 +6,18 @@ The PROXY v2 binary header is not currently supported.
 
 ## Configuration
 
-PROXY support is disabled by default. To enable it, list the IPs (or CIDRs) of trusted proxies in `connection.ini`:
+PROXY support is enabled by default, but inactive until trusted proxy IPs or CIDRs are listed in `connection.ini`:
 
 ```ini
 [haproxy]
+enabled=true
 hosts[] = 192.0.2.4
 hosts[] = 192.0.2.5/30
 hosts[] = 2001:db8::1
 ```
 
+Set `enabled=false` to disable PROXY protocol handling entirely. On SMTPS listeners this bypasses pre-TLS PROXY parsing and uses the standard implicit TLS server.
+
 Connections from any other IP get a `DENYSOFTDISCONNECT` if they send a `PROXY` command. `DENYSOFT` is deliberate — it avoids permanently rejecting valid mail when a misconfiguration causes a legitimate proxy to fall outside the allow-list.
 
 When a listed proxy connects, Haraka **does not** send the SMTP banner; it waits for the `PROXY` command. If none arrives within 30 seconds the connection is closed with `421 PROXY timed out`.