mailauth 2.2.0 → 2.3.0

package/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2020-2021 Andris Reinman
+Copyright (c) 2020-2022 Postal Systems OÜ
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/README.md

@@ -1,4 +1,4 @@
-![](https://github.com/andris9/mailauth/raw/master/assets/mailauth.png)
+![](https://github.com/postalsys/mailauth/raw/master/assets/mailauth.png)
 
 [Command line utility](cli.md) and a Node.js library for email authentication.
 
@@ -442,6 +442,6 @@ const { authenticate } = require('mailauth');
 
 ## License
 
-© 2020 Andris Reinman
+© 2020-2022 Postal Systems OÜ
 
 Licensed under MIT license

package/bin/mailauth.js

@@ -10,6 +10,8 @@ const commandReport = require('../lib/commands/report');
 const commandSign = require('../lib/commands/sign');
 const commandSeal = require('../lib/commands/seal');
 const commandSpf = require('../lib/commands/spf');
+const fs = require('fs');
+const pathlib = require('path');
 
 const argv = yargs(hideBin(process.argv))
     .command(
@@ -285,6 +287,41 @@ const argv = yargs(hideBin(process.argv))
                 });
         }
     )
+    .command(
+        ['license'],
+        'Show license information',
+        () => false,
+        () => {
+            fs.readFile(pathlib.join(__dirname, '..', 'LICENSE.txt'), (err, license) => {
+                if (err) {
+                    console.error('Failed to load license information');
+                    console.error(err);
+                    return process.exit(1);
+                }
+
+                console.error('Mailauth License');
+                console.error('================');
+
+                console.error(license.toString().trim());
+
+                console.error('');
+
+                fs.readFile(pathlib.join(__dirname, '..', 'licenses.txt'), (err, data) => {
+                    if (err) {
+                        console.error('Failed to load license information');
+                        console.error(err);
+                        return process.exit(1);
+                    }
+
+                    console.error('Included Modules');
+                    console.error('================');
+
+                    console.error(data.toString().trim());
+                    process.exit();
+                });
+            });
+        }
+    )
     .option('verbose', {
         alias: 'v',
         type: 'boolean',

package/cli.md

@@ -2,29 +2,26 @@
 
 ## TOC
 
--   [Requirements](#requirements)
 -   [Installation](#installation)
 -   [Help](#help)
 -   [Available commands](#available-commands)
     -   [report](#report) – to validate SPF, DKIM, DMARC, ARC
     -   [sign](#sign) - to sign an email with DKIM
     -   [seal](#seal) - to seal an email with ARC
-    -   [spt](#spf) - to validate SPF for an IP address and email address
+    -   [spf](#spf) - to validate SPF for an IP address and an email address
+    -   [license](#license) - display licenses for `mailauth` and included modules
 -   [DNS cache file](#dns-cache-file)
 
-## Requirements
-
--   **Node.js v14+** – using an older version of Node is not supported
-
 ## Installation
 
-Install `mailauth` globally to get the command line interface
+Download `mailauth` for your platform:
 
-```
-npm install -g mailauth
-```
+-   [MacOS](https://github.com/postalsys/mailauth/releases/latest/download/mailauth.pkg)
+-   [Linux](https://github.com/postalsys/mailauth/releases/latest/download/mailauth.tar.gz)
+-   [Windows](https://github.com/postalsys/mailauth/releases/latest/download/mailauth.exe)
+-   Or install from the NPM registry: `npm install -g mailauth`
 
-> Depending on you system you might need to use _sudo_ for this step.
+> **NB!** Downloadable files are quite large because these are packaged Node.js applications
 
 ## Help
 
@@ -36,12 +33,6 @@ $ mailauth seal --help
 $ mailauth spf --help
 ```
 
-In some systems you can also use manpages (manpage availability depends on how node and npm were installed to the system).
-
-```
-$ man mailauth
-```
-
 ## Available commands
 
 ### report
@@ -211,6 +202,14 @@ DNS query for A mail.wildduck.email: ["217.146.76.20"]
   ...
 ```
 
+### license
+
+Display licenses for `mailauth` and included modules.
+
+```
+$ mailauth licenses
+```
+
 ## DNS cache file
 
 In general you would use the `--dns-cache` option only when testing. This way you can provide different kind of DNS responses without actually setting up a DNS server and unlike when using real DNS you do not have to wait for the changes in the DNS server to propagate – whatever is in the provided cache file, is used for the DNS query responses.

package/entitlements.mac.plist

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+    <true/>
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
+    <key>com.apple.security.network.client</key>
+    <true/>
+    <key>com.apple.security.network.server</key>
+    <true/>
+  </dict>
+</plist>

package/lib/dkim/dkim-verifier.js

@@ -172,7 +172,12 @@ class DkimVerifier extends MessageParser {
                     instance: ['ARC', 'AS'].includes(signatureHeader.type) ? signatureHeader.parsed?.i?.value : false
                 });
 
-                let publicKey, rr;
+                let signingHeaders = {
+                    keys: signingHeaderLines.keys,
+                    headers: signingHeaderLines.headers.map(l => l.line.toString())
+                };
+
+                let publicKey, rr, modulusLength;
                 let status = {
                     result: 'neutral',
                     comment: false,
@@ -208,6 +213,7 @@ class DkimVerifier extends MessageParser {
 
                         publicKey = res?.publicKey;
                         rr = res?.rr;
+                        modulusLength = res?.modulusLength;
 
                         try {
                             status.result = crypto.verify(
@@ -283,6 +289,7 @@ class DkimVerifier extends MessageParser {
                     format: signatureHeader.parsed?.c?.value,
                     bodyHash,
                     bodyHashExpecting: signatureHeader.parsed?.bh?.value,
+                    signingHeaders,
                     status
                 };
 
@@ -298,6 +305,10 @@ class DkimVerifier extends MessageParser {
                     result.publicKey = publicKey.toString();
                 }
 
+                if (modulusLength) {
+                    result.modulusLength = modulusLength;
+                }
+
                 if (rr) {
                     result.rr = rr;
                 }

package/lib/spf/index.js

@@ -61,29 +61,6 @@ let limitedResolver = (resolver, maxResolveCount) => {
 
         try {
             let result = await resolver(domain, type);
-
-            switch (type) {
-                case 'TXT':
-                    for (let row of result) {
-                        if (
-                            /[^\x20-\x7E]/.test(
-                                []
-                                    .concat(row || [])
-                                    .map(line => line.trim())
-                                    .join('')
-                            )
-                        ) {
-                            let err = new Error('Invalid characters in DNS response');
-                            err.spfResult = {
-                                error: 'permerror',
-                                text: 'DNS response includes invalid characters'
-                            };
-                            throw err;
-                        }
-                    }
-                    break;
-            }
-
             return result;
         } catch (err) {
             switch (err.code) {

package/lib/spf/macro.js

@@ -89,7 +89,7 @@ const macro = (input, values) => {
                 break;
 
             case 'h':
-                curval = helo;
+                curval = helo || `[${ipaddr.parse(ip).toString()}]`;
                 break;
 
             case 'c':

package/lib/spf/spf-verify.js

@@ -90,6 +90,15 @@ const spfVerify = async (domain, opts) => {
             }
             spfRr = row;
             spfRecord = parts.slice(1);
+
+            if (spfRr && /[^\x20-\x7E]/.test(spfRr)) {
+                let err = new Error('Invalid characters in DNS response');
+                err.spfResult = {
+                    error: 'permerror',
+                    text: 'DNS response includes invalid characters'
+                };
+                throw err;
+            }
         }
     }
 

package/lib/tools.js

@@ -6,7 +6,6 @@ const punycode = require('punycode/');
 const libmime = require('libmime');
 const dns = require('dns').promises;
 const crypto = require('crypto');
-const pki = require('node-forge').pki;
 const https = require('https');
 const packageData = require('../package');
 const parseDkimHeaders = require('./parse-dkim-headers');
@@ -15,6 +14,9 @@ const { Certificate } = require('@fidm/x509');
 const zlib = require('zlib');
 const util = require('util');
 const gunzip = util.promisify(zlib.gunzip);
+const pki = require('node-forge').pki;
+const Joi = require('joi');
+const base64Schema = Joi.string().base64({ paddingRequired: false });
 
 const defaultDKIMFieldNames =
     'From:Sender:Reply-To:Subject:Date:Message-ID:To:' +
@@ -247,14 +249,23 @@ const getPublicKey = async (type, name, minBitLength, resolver) => {
         // prefix value for parsing as there is no default value
         let entry = parseDkimHeaders(`DNS: TXT;${rr}`);
 
-        let publicKey = entry?.parsed?.p?.value;
-        if (!publicKey) {
+        const publicKeyValue = entry?.parsed?.p?.value;
+        if (!publicKeyValue) {
             let err = new Error('Missing key value');
             err.code = 'EINVALIDVAL';
             err.rr = rr;
             throw err;
         }
 
+        let validation = base64Schema.validate(publicKeyValue);
+        if (validation.error) {
+            let err = new Error('Invalid base64 format for public key');
+            err.code = 'EINVALIDVAL';
+            err.rr = rr;
+            err.details = validation.error;
+            throw err;
+        }
+
         if (type === 'DKIM' && entry?.parsed?.v && (entry?.parsed?.v?.value || '').toString().toLowerCase().trim() !== 'dkim1') {
             let err = new Error('Unknown key version');
             err.code = 'EINVALIDVER';
@@ -262,28 +273,42 @@ const getPublicKey = async (type, name, minBitLength, resolver) => {
             throw err;
         }
 
-        publicKey = Buffer.from(`-----BEGIN PUBLIC KEY-----\n${publicKey}\n-----END PUBLIC KEY-----`);
-        let keyType = crypto.createPublicKey({ key: publicKey, format: 'pem' }).asymmetricKeyType;
+        const publicKeyPem = Buffer.from(`-----BEGIN PUBLIC KEY-----\n${publicKeyValue.replace(/.{64}/g, '$&\r\n')}\n-----END PUBLIC KEY-----`);
+        const publicKeyObj = crypto.createPublicKey({
+            key: publicKeyPem,
+            format: 'pem'
+        });
+
+        let keyType = publicKeyObj.asymmetricKeyType;
 
         if (!['rsa', 'ed25519'].includes(keyType) || (entry?.parsed?.k && entry?.parsed?.k?.value?.toLowerCase() !== keyType)) {
-            let err = new Error('Unknown key type');
+            let err = new Error('Unknown key type (${keyType})');
             err.code = 'EINVALIDTYPE';
             err.rr = rr;
             throw err;
         }
 
-        if (keyType === 'rsa') {
-            // check key length
-            const pubKeyData = pki.publicKeyFromPem(publicKey.toString());
-            if (pubKeyData.n.bitLength() < 1024) {
-                let err = new Error('Key too short');
-                err.code = 'ESHORTKEY';
-                err.rr = rr;
-                throw err;
-            }
+        let modulusLength;
+        if (publicKeyObj.asymmetricKeyDetails) {
+            modulusLength = publicKeyObj.asymmetricKeyDetails.modulusLength;
+        } else {
+            // fall back to node-forge
+            const pubKeyData = pki.publicKeyFromPem(publicKeyPem.toString());
+            modulusLength = pubKeyData.n.bitLength();
+        }
+
+        if (keyType === 'rsa' && modulusLength < 1024) {
+            let err = new Error('RSA key too short');
+            err.code = 'ESHORTKEY';
+            err.rr = rr;
+            throw err;
         }
 
-        return { publicKey, rr };
+        return {
+            publicKey: publicKeyPem,
+            rr,
+            modulusLength
+        };
     }
 
     let err = new Error('Missing key value');

package/license-report-config.json

@@ -0,0 +1,3 @@
+{
+    "fields": ["name", "licenseType", "link", "installedVersion", "author"]
+}

package/licenses.txt

@@ -0,0 +1,11 @@
+name        license type               link                                              installed version  author
+----        ------------               ----                                              -----------------  ------
+@fidm/x509  MIT                        git+ssh://git@github.com/fidm/x509.git            1.2.1              n/a
+ipaddr.js   MIT                        git://github.com/whitequark/ipaddr.js.git         2.0.1              whitequark
+joi         BSD-3-Clause               git://github.com/sideway/joi.git                  17.5.0             n/a
+libmime     MIT                        git://github.com/andris9/libmime.git              5.0.0              Andris Reinman
+node-forge  (BSD-3-Clause OR GPL-2.0)  git+https://github.com/digitalbazaar/forge.git    1.2.1              Digital Bazaar, Inc.
+nodemailer  MIT                        git+https://github.com/nodemailer/nodemailer.git  6.7.2              Andris Reinman
+psl         MIT                        git+ssh://git@github.com/lupomontero/psl.git      1.8.0              Lupo Montero
+punycode    MIT                        git+https://github.com/bestiejs/punycode.js.git   2.1.1              Mathias Bynens
+yargs       MIT                        git+https://github.com/yargs/yargs.git            17.3.1             n/a

package/man/mailauth.1

@@ -1,4 +1,4 @@
-.TH "MAILAUTH" "1" "August 2021" "v2.2.0" "Mailauth Help"
+.TH "MAILAUTH" "1" "January 2022" "v2.3.0" "Mailauth Help"
 .SH "NAME"
 \fBmailauth\fR
 .QP
@@ -33,9 +33,13 @@ Authenticates an email and seals it with an ARC digital signature
 \fBspf\fR
 .br
 Authenticates SPF for an IP address and email address
+.P
+\fBlicense\fR
+.br
+Display licenses for mailauth and included modules
 .SH Website
 .P
-\fIhttps://github\.com/andris9/mailauth\fR
+\fIhttps://github\.com/postalsys/mailauth\fR
 .SH EXAMPLES
 .P
 \fBnpm install mailauth \-g\fP
@@ -128,10 +132,10 @@ For cached DNS requests use the following JSON structure where main keys are dom
 Longer TXT strings can be split into multiple strings\. Unlike in real DNS there is no length limit, so you can put the entire public key into a single string\.
 .SH BUGS
 .P
-Please report any bugs to https://github\.com/andris9/mailauth/issues\.
+Please report any bugs to https://github\.com/postalsys/mailauth/issues\.
 .SH LICENSE
 .P
-Copyright (c) 2020, Andris Reinman (MIT)\.
+Copyright (c) 2020\-2022, Postal Systems (MIT)\.
 .SH SEE ALSO
 .P
 node\.js(1)

package/man/man.md

@@ -28,9 +28,12 @@ Authenticates an email and seals it with an ARC digital signature
 **spf**\
 Authenticates SPF for an IP address and email address
 
+**license**\
+Display licenses for mailauth and included modules
+
 ## Website
 
-[](https://github.com/andris9/mailauth)
+[](https://github.com/postalsys/mailauth)
 
 ## EXAMPLES
 
@@ -123,11 +126,11 @@ Longer TXT strings can be split into multiple strings. Unlike in real DNS there
 
 ## BUGS
 
-Please report any bugs to https://github.com/andris9/mailauth/issues.
+Please report any bugs to https://github.com/postalsys/mailauth/issues.
 
 ## LICENSE
 
-Copyright (c) 2020, Andris Reinman (MIT).
+Copyright (c) 2020-2022, Postal Systems (MIT).
 
 ## SEE ALSO
 

package/package.json

@@ -1,16 +1,18 @@
 {
     "name": "mailauth",
-    "version": "2.2.0",
+    "version": "2.3.0",
     "description": "Email authentication library for Node.js",
     "main": "lib/mailauth.js",
     "scripts": {
         "test": "eslint \"lib/**/*.js\" \"test/**/*.js\" && mocha --recursive \"./test/**/*.js\" --reporter spec",
         "prepublish": "npm run man || true",
-        "man": "cd man && marked-man --version `node -e \"console.log('v'+require('../package.json').version)\"` --manual 'Mailauth Help' --section 1 man.md > mailauth.1"
+        "man": "cd man && marked-man --version `node -e \"console.log('v'+require('../package.json').version)\"` --manual 'Mailauth Help' --section 1 man.md > mailauth.1",
+        "build-dist": "npm run man && npm run licenses && pkg package.json",
+        "licenses": "license-report --only=prod --output=table --config license-report-config.json > licenses.txt"
     },
     "repository": {
         "type": "git",
-        "url": "git+https://github.com/andris9/mailauth.git"
+        "url": "git+https://github.com/postalsys/mailauth.git"
     },
     "keywords": [
         "rfc822",
@@ -22,33 +24,35 @@
         "bimi",
         "mta-sts"
     ],
-    "author": "Andris Reinman",
+    "author": "Postal Systems OÜ",
     "license": "MIT",
     "bugs": {
-        "url": "https://github.com/andris9/mailauth/issues"
+        "url": "https://github.com/postalsys/mailauth/issues"
     },
-    "homepage": "https://github.com/andris9/mailauth",
+    "homepage": "https://github.com/postalsys/mailauth",
     "devDependencies": {
         "chai": "4.3.4",
-        "eslint": "7.32.0",
+        "eslint": "8.7.0",
         "eslint-config-nodemailer": "1.2.0",
         "eslint-config-prettier": "8.3.0",
         "js-yaml": "4.1.0",
+        "license-report": "4.5.0",
         "marked": "0.7.0",
         "marked-man": "0.7.0",
         "mbox-reader": "1.1.5",
-        "mocha": "9.1.0"
+        "mocha": "9.1.4",
+        "pkg": "5.5.2"
     },
     "dependencies": {
         "@fidm/x509": "1.2.1",
         "ipaddr.js": "2.0.1",
-        "joi": "17.4.2",
+        "joi": "17.5.0",
         "libmime": "5.0.0",
-        "node-forge": "0.10.0",
-        "nodemailer": "6.6.3",
+        "node-forge": "1.2.1",
+        "nodemailer": "6.7.2",
         "psl": "1.8.0",
         "punycode": "2.1.1",
-        "yargs": "17.1.1"
+        "yargs": "17.3.1"
     },
     "engines": {
         "node": ">=14.0.0"
@@ -58,5 +62,19 @@
     },
     "directories": {
         "man": "man"
+    },
+    "pkg": {
+        "scripts": [
+            "workers/**/*.js"
+        ],
+        "assets": [
+            "man/**/*",
+            "licenses.txt",
+            "LICENSE.txt"
+        ],
+        "_targets": [
+            "node16-macos-x64"
+        ],
+        "outputPath": "dist"
     }
 }