From 2075b94bc4e100c54302346082b01a0e1f37c295 Mon Sep 17 00:00:00 2001 From: Matt Simerson Date: Wed, 7 Feb 2024 22:53:01 -0800 Subject: [PATCH] Release v3.0.3 (#3256) ### [3.0.3] - 2024-02-07 #### Added - feat(auth_vpopmaild): when outbound, assure the envelope domain matches AUTH domain #3265 - docs(outbound): remove example setting outbound_ip #3253 - doc(Plugins.md): add pi-queue-kafka #3247 - feat(rabbitmq_amqplib): configurable optional queue arguments #3239 - feat(clamd): add x-haraka-virus header #3207 #### Fixed - Fix: add empty string as param to .join() on bounce. #3237 - Update links in documentation #3234 - fix(ob/hmail):Add filename to the error for easy debugging - fix(ob/queue): Ignore 'error.' prefixed files in the queue because corrupted #### Changed - docs(outbound): remove example of outbound_ip #3253 - transaction: simplify else condition in add_data #3252 - q/smtp_forward: always register get_mx hook #3204 - dep(pi-es): bump version to 8.0.2 #3206 - dep(redis): bump version to 4.6.7 #3193 - dep(pi-spf): bump version to 1.2.4 - dep(net-utils): bump version to 1.5.3 - dep(pi-redis): bump version to 2.0.6 - dep(tld): bump version to 1.2.0 - remove defunct config files: lookup_rdns.strict.ini, lookup_rdns.strict.timeout, lookup_rdns.strict.whitelist, lookup_rdns.strict.whitelist_regex, rcpt_to.blocklist, rdns.allow_regexps, rdns.deny_regexps --- .github/workflows/ci.yml | 4 +- Changes.md | 34 +++++++++---- TODO | 25 +--------- config.js | 6 --- config/lookup_rdns.strict.ini | 12 ----- config/lookup_rdns.strict.timeout | 1 - config/lookup_rdns.strict.whitelist | 1 - config/lookup_rdns.strict.whitelist_regex | 5 -- config/rcpt_to.blocklist | 1 - config/rdns.allow_regexps | 0 config/rdns.deny_regexps | 0 .../connect.rdns_access.md | 0 .../mail_from.access.md | 0 .../{plugins => deprecated}/rcpt_to.access.md | 0 .../{plugins => deprecated}/rcpt_to.routes.md | 0 docs/plugins/relay_acl.md | 29 ----------- docs/plugins/relay_all.md | 15 ------ docs/plugins/relay_force_routing.md | 33 ------------- package.json | 48 +++++++++---------- plugins.js | 1 + plugins/data.headers.js | 4 -- plugins/relay_all.js | 13 ----- 22 files changed, 54 insertions(+), 178 deletions(-) delete mode 100644 config.js delete mode 100644 config/lookup_rdns.strict.ini delete mode 100644 config/lookup_rdns.strict.timeout delete mode 100644 config/lookup_rdns.strict.whitelist delete mode 100644 config/lookup_rdns.strict.whitelist_regex delete mode 100644 config/rcpt_to.blocklist delete mode 100644 config/rdns.allow_regexps delete mode 100644 config/rdns.deny_regexps rename docs/{plugins => deprecated}/connect.rdns_access.md (100%) rename docs/{plugins => deprecated}/mail_from.access.md (100%) rename docs/{plugins => deprecated}/rcpt_to.access.md (100%) rename docs/{plugins => deprecated}/rcpt_to.routes.md (100%) delete mode 100644 docs/plugins/relay_acl.md delete mode 100644 docs/plugins/relay_all.md delete mode 100644 docs/plugins/relay_force_routing.md delete mode 100644 plugins/data.headers.js delete mode 100644 plugins/relay_all.js diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 627237be7..7384d2b1c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,8 +23,8 @@ jobs: node-version: ${{ fromJson(needs.get-lts.outputs.active) }} fail-fast: false steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 name: Node.js ${{ matrix.node-version }} on ${{ matrix.os }} with: node-version: ${{ matrix.node-version }} diff --git a/Changes.md b/Changes.md index 123c17d2d..595cbafcc 100644 --- a/Changes.md +++ b/Changes.md @@ -1,19 +1,36 @@ ### Unreleased +### [3.0.3] - 2024-02-07 + +#### Added + - feat(auth_vpopmaild): when outbound, assure the envelope domain matches AUTH domain #3265 - docs(outbound): remove example setting outbound_ip #3253 -- dep(plugin-es): bump version to 8.0.2 #3206 -- transaction: simplify else condition in add_data #3252 - doc(Plugins.md): add pi-queue-kafka #3247 - feat(rabbitmq_amqplib): configurable optional queue arguments #3239 -- fix(ob/hmail): bounce, add '' in .join() #3237 -- dep(pi-redis): bump version to 4.6.7 #3193 - feat(clamd): add x-haraka-virus header #3207 -- dep(pi-spf): bump version to 1.2.1 #3214 -- feat(rabbitmq_amqplib): configurable optional queue arguments -- fix(ob/hmail):Add filename to the 'Didn't find right amount of data in todo!' error for easy debugging -- fix(ob/queue):Ignore error. prefixed files in the queue because are corrupted + +#### Fixed + +- Fix: add empty string as param to .join() on bounce. #3237 +- Update links in documentation #3234 +- fix(ob/hmail):Add filename to the error for easy debugging +- fix(ob/queue): Ignore 'error.' prefixed files in the queue because corrupted + +#### Changed + +- docs(outbound): remove example of outbound_ip #3253 +- transaction: simplify else condition in add_data #3252 +- q/smtp_forward: always register get_mx hook #3204 +- dep(pi-es): bump version to 8.0.2 #3206 +- dep(redis): bump version to 4.6.7 #3193 +- dep(pi-spf): bump version to 1.2.4 +- dep(net-utils): bump version to 1.5.3 +- dep(pi-redis): bump version to 2.0.6 +- dep(tld): bump version to 1.2.0 +- remove defunct config files: lookup_rdns.strict.ini, lookup_rdns.strict.timeout, lookup_rdns.strict.whitelist, lookup_rdns.strict.whitelist_regex, rcpt_to.blocklist, rdns.allow_regexps, rdns.deny_regexps + ### [3.0.2] - 2023-06-12 @@ -1383,3 +1400,4 @@ [3.0.0]: https://github.com/haraka/Haraka/releases/tag/3.0.0 [3.0.1]: https://github.com/haraka/Haraka/releases/tag/3.0.1 [3.0.2]: https://github.com/haraka/Haraka/releases/tag/3.0.2 +[3.0.3]: https://github.com/haraka/Haraka/releases/tag/3.0.3 diff --git a/TODO b/TODO index e55b33da5..fe0e57260 100644 --- a/TODO +++ b/TODO @@ -1,8 +1,6 @@ - Milter support - Ability to modify the body of email - Done for banners. Modifying the rest, not so much. -- Plugins to copy from Qpsmtpd: - - dspam Outbound improvements - Provide better command line tools for manipulating/inspecting the queue @@ -16,29 +14,8 @@ Plugin behavior changes only when requested, with a sunset date. - data.uribl; expand short URLs before lookups, add support for uri-a (sbl.spamhaus.org), uri-ns, uri-ns-a lookup types. - -Remove the following deprecated plugins - - rdns.regexp - - data.nomsgid (subsumed into data.headers.js) - - data.noreceived "" - - data.rfc5322_header_checks "" - - daemonize - - mail_from.nobounces (subsumed into bounce.js) - - mail_from.blocklist - - rcpt_to.blocklist - - lookup_rdns_strict - - mail_from.access (replaced by access.js) - - rcpt_to.access "" - - connect.rdns_access "" - - relay_acl (replaced by relay.js) - - relay_all "" - - relay_force_routing "" - -Move the following plugins: - - test_queue -> queue/test_queue - Built-in HTTP server -- uses the same TLS/SSL certs as smtpd +- use the same TLS/SSL certs as smtpd - auth against SMTP-AUTH provider Update tests to detect HARAKA_NETWORK_TESTS and skip network tests unless it's set diff --git a/config.js b/config.js deleted file mode 100644 index 0de83a513..000000000 --- a/config.js +++ /dev/null @@ -1,6 +0,0 @@ -'use strict' - -module.exports = require('haraka-config') - -// use emit is the same way util.deprecate does it, so follow that style -process.emit('warning', 'Loading config via require("./config") is deprecated, please use: require("haraka-config") instead.') diff --git a/config/lookup_rdns.strict.ini b/config/lookup_rdns.strict.ini deleted file mode 100644 index 79fec8771..000000000 --- a/config/lookup_rdns.strict.ini +++ /dev/null @@ -1,12 +0,0 @@ -[general] -nomatch=Please setup matching DNS and rDNS records. -timeout=60 -timeout_msg=DNS check timed out. - -[forward] -nxdomain=Please setup a forward DNS record. -dnserror=Please setup matching DNS and rDNS records. - -[reverse] -nxdomain=Please setup a reverse DNS record. -dnserror=Please setup matching DNS and rDNS records. diff --git a/config/lookup_rdns.strict.timeout b/config/lookup_rdns.strict.timeout deleted file mode 100644 index 573541ac9..000000000 --- a/config/lookup_rdns.strict.timeout +++ /dev/null @@ -1 +0,0 @@ -0 diff --git a/config/lookup_rdns.strict.whitelist b/config/lookup_rdns.strict.whitelist deleted file mode 100644 index e86947fcb..000000000 --- a/config/lookup_rdns.strict.whitelist +++ /dev/null @@ -1 +0,0 @@ -# Hostnames and IPs are matched exactly as written on each line. diff --git a/config/lookup_rdns.strict.whitelist_regex b/config/lookup_rdns.strict.whitelist_regex deleted file mode 100644 index bbfb0bdd1..000000000 --- a/config/lookup_rdns.strict.whitelist_regex +++ /dev/null @@ -1,5 +0,0 @@ -# Does the same thing as the whitelist file, but each line is a regex. -# Each line is also anchored for you, meaning '^' + regex + '$' is added for -# you. If you need to get around this restriction, you may use a '.*' at -# either the start or the end of your regex. This should help prevent people -# from writing overly permissive rules on accident. diff --git a/config/rcpt_to.blocklist b/config/rcpt_to.blocklist deleted file mode 100644 index 3b11b879e..000000000 --- a/config/rcpt_to.blocklist +++ /dev/null @@ -1 +0,0 @@ -# This is a blocklist for the rcpt_to line. One address per line. diff --git a/config/rdns.allow_regexps b/config/rdns.allow_regexps deleted file mode 100644 index e69de29bb..000000000 diff --git a/config/rdns.deny_regexps b/config/rdns.deny_regexps deleted file mode 100644 index e69de29bb..000000000 diff --git a/docs/plugins/connect.rdns_access.md b/docs/deprecated/connect.rdns_access.md similarity index 100% rename from docs/plugins/connect.rdns_access.md rename to docs/deprecated/connect.rdns_access.md diff --git a/docs/plugins/mail_from.access.md b/docs/deprecated/mail_from.access.md similarity index 100% rename from docs/plugins/mail_from.access.md rename to docs/deprecated/mail_from.access.md diff --git a/docs/plugins/rcpt_to.access.md b/docs/deprecated/rcpt_to.access.md similarity index 100% rename from docs/plugins/rcpt_to.access.md rename to docs/deprecated/rcpt_to.access.md diff --git a/docs/plugins/rcpt_to.routes.md b/docs/deprecated/rcpt_to.routes.md similarity index 100% rename from docs/plugins/rcpt_to.routes.md rename to docs/deprecated/rcpt_to.routes.md diff --git a/docs/plugins/relay_acl.md b/docs/plugins/relay_acl.md deleted file mode 100644 index e7a3cf670..000000000 --- a/docs/plugins/relay_acl.md +++ /dev/null @@ -1,29 +0,0 @@ -relay\_acl -======== - -This plugin makes it possible to relay outbound mails using IP based ACLs -and relay inbound mails using destination domains. - -Configuration -------------- - -* `config/relay_acl_allow` - Allowed IP ranges in CIDR notation, one per line. - IPs listed in here will be allowed to send mails without any furthur - checks. - -* `config/relay_dest_domains.ini` - Allowed destination domains. The format is in ini file, the domain - is the key and the value is in JSON, all under the [domains] section. - Currently supported field is "action": where the value can be - "accept" (accept the mail without further checks), "continue" (mails - are still subjected to further checks) or "deny" (reject the mails). - - An example: - - [domains] - test.com = { "action": "continue" } - - Please note that this config/relay\_dest\_domains.ini is shared with - plugins/relay\_force\_routing.js, which uses additional fields. - diff --git a/docs/plugins/relay_all.md b/docs/plugins/relay_all.md deleted file mode 100644 index d99ec0279..000000000 --- a/docs/plugins/relay_all.md +++ /dev/null @@ -1,15 +0,0 @@ -relay\_all -========= - -This plugin is useful in spamtraps to accept mail to any host, and to allow -any user from anywhere to send email. - -Do NOT use this plugin on a real mail server, unless you really know what -you are doing. If you use this plugin with anything that relays mail (such -as forwarding to a real mail server, or the `deliver` plugin), your mail -server is now an open relay. - -This is BAD. Hence the big letters. In short: DO NOT USE THIS PLUGIN. - -It is useful for testing, hence why it is here. Also I work with spamtraps -a lot, so it is useful there. diff --git a/docs/plugins/relay_force_routing.md b/docs/plugins/relay_force_routing.md deleted file mode 100644 index 34c3e3fa2..000000000 --- a/docs/plugins/relay_force_routing.md +++ /dev/null @@ -1,33 +0,0 @@ -relay\_force\_routing.js -======== - -This plugin allows you to force the next hop for the configured domains. -It works a lot like the transport map of Postfix. - -Configuration -------------- - -* `config/relay_dest_domains.ini` - This config file is shared with relay\_acl.js, for the basics see the - documentation provided by plugins/relay\_acl.js. - - relay\_force\_routing.js adds the field "nexthop": in the JSON value - of the domain. The value of "nexthop": can be hostname or IP optionally - follow by :port. - - Example: - - [domains] - test.com = { "action": "continue", "nexthop": "127.0.0.1:2525" } - - You can also define a default relay using the "any" domain, which will be - used if the message's destination domain doesn't match any of the domains - already defined. - - Example: -``` - [domains] - test.com = { "action": "continue", "nexthop": "127.0.0.1:2525" } - my.test.com = { "action": "continue", "nexthop": "127.0.0.1:2527" } - any = { "action": "continue", "nexthop": "10.10.10.1:2525"} -``` diff --git a/package.json b/package.json index 2e9efbc0a..0feec2dc1 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "server", "email" ], - "version": "3.0.2", + "version": "3.0.3", "homepage": "http://haraka.github.io", "repository": { "type": "git", @@ -20,28 +20,28 @@ "node": ">=16" }, "dependencies": { - "address-rfc2821": "^2.0.1", + "address-rfc2821": "^2.1.1", "address-rfc2822": "^2.1.0", - "async": "^3.2.4", + "async": "^3.2.5", "daemon": "~1.1.0", "ipaddr.js": "~2.1.0", - "node-gyp": "^9.4.0", + "node-gyp": "^10.0.1", "nopt": "~7.2.0", "npid": "~0.4.0", "semver": "~7.6.0", - "sprintf-js": "~1.1.2", + "sprintf-js": "~1.1.3", "haraka-config": "^1.1.0", "haraka-constants": "^1.0.6", "haraka-dsn": "^1.0.4", "haraka-email-message": "^1.2.0", "haraka-message-stream": "^1.2.0", - "haraka-net-utils": "^1.5.0", + "haraka-net-utils": "^1.5.3", "haraka-notes": "^1.0.6", "haraka-plugin-attachment": "^1.0.7", - "haraka-plugin-spf": "1.2.3", - "haraka-plugin-redis": "^2.0.5", + "haraka-plugin-spf": "1.2.4", + "haraka-plugin-redis": "^2.0.6", "haraka-results": "^2.2.3", - "haraka-tld": "^1.1.1", + "haraka-tld": "^1.2.0", "haraka-utils": "^1.0.3", "openssl-wrapper": "^0.3.4", "sockaddr": "^1.0.1" @@ -49,36 +49,36 @@ "optionalDependencies": { "haraka-plugin-access": "^1.1.5", "haraka-plugin-aliases": "^1.0.1", - "haraka-plugin-asn": "^2.0.1", - "haraka-plugin-auth-ldap": "^1.0.2", - "haraka-plugin-dcc": "^1.0.1", + "haraka-plugin-asn": "^2.0.2", + "haraka-plugin-auth-ldap": "^1.1.0", + "haraka-plugin-dcc": "^1.0.2", "haraka-plugin-elasticsearch": "^8.0.2", "haraka-plugin-fcrdns": "^1.1.0", "haraka-plugin-graph": "^1.0.5", "haraka-plugin-geoip": "^1.0.17", "haraka-plugin-headers": "^1.0.3", - "haraka-plugin-karma": "^2.1.0", - "haraka-plugin-limit": "^1.1.0", + "haraka-plugin-karma": "^2.1.2", + "haraka-plugin-limit": "^1.1.1", "haraka-plugin-p0f": "^1.0.9", "haraka-plugin-qmail-deliverable": "^1.2.1", - "haraka-plugin-known-senders": "^1.0.8", - "haraka-plugin-rcpt-ldap": "^1.0.0", - "haraka-plugin-recipient-routes": "^1.0.4", - "haraka-plugin-rspamd": "^1.2.0", - "haraka-plugin-syslog": "^1.0.3", - "haraka-plugin-uribl": "^1.0.6", + "haraka-plugin-known-senders": "^1.0.9", + "haraka-plugin-rcpt-ldap": "^1.1.0", + "haraka-plugin-recipient-routes": "^1.2.0", + "haraka-plugin-rspamd": "^1.3.1", + "haraka-plugin-syslog": "^1.0.5", + "haraka-plugin-uribl": "^1.0.8", "haraka-plugin-watch": "^2.0.2", "ocsp": "~1.2.0", - "redis": "~4.6.7", + "redis": "~4.6.11", "tmp": "~0.2.1" }, "devDependencies": { "nodeunit-x": "^0.16.0", - "haraka-test-fixtures": "^1.3.0", + "haraka-test-fixtures": "^1.3.3", "mock-require": "^3.0.3", - "eslint": "^8.42.0", + "eslint": "^8.56.0", "eslint-plugin-haraka": "^1.0.15", - "nodemailer": "^6.9.3" + "nodemailer": "^6.9.9" }, "bugs": { "mail": "haraka.mail@gmail.com", diff --git a/plugins.js b/plugins.js index 6c35839ba..261fe926a 100644 --- a/plugins.js +++ b/plugins.js @@ -363,6 +363,7 @@ plugins.deprecated = { 'rcpt_to.qmail_deliverable' : 'qmail-deliverable', 'rdns.regexp' : 'access', 'relay_acl' : 'relay', + 'relay_all' : 'relay', 'relay_force_routing' : 'relay', } diff --git a/plugins/data.headers.js b/plugins/data.headers.js deleted file mode 100644 index 090a2adf8..000000000 --- a/plugins/data.headers.js +++ /dev/null @@ -1,4 +0,0 @@ - -exports.register = function () { - this.logerror(this, "data.headers is deprecated, remove it from config/plugins. See 'haraka -h headers'"); -} diff --git a/plugins/relay_all.js b/plugins/relay_all.js deleted file mode 100644 index 0329a601b..000000000 --- a/plugins/relay_all.js +++ /dev/null @@ -1,13 +0,0 @@ -// Just relay everything - could be useful for a spamtrap - -exports.register = function () { - this.logerror(this, "deprecated. see 'haraka -h relay'"); - this.register_hook('rcpt', 'confirm_all'); -} - -exports.confirm_all = function (next, connection, params) { - const recipient = params.shift(); - connection.loginfo(this, `confirming recipient ${recipient}`); - connection.relaying = true; - next(OK); -}