Merge branch 'master' of github.com:baudehlo/Haraka

Conflicts:
	tests/rfc1869.js

README.md

@@ -49,7 +49,7 @@ code in Haraka, or maybe someone has already written this plugin.
 
 Plugins are already provided for running mail through SpamAssassin, checking
 for known bad HELO patterns, checking DNS Blocklists, and watching for
-violators of the SMTP protocol via the "early_talker" plugin.
+violators of the SMTP protocol via the "early\_talker" plugin.
 
 Furthermore Haraka comes with a simple plugin called "graph" which shows you
 real-time charts of which plugins rejected the most mail, allowing you to
@@ -90,9 +90,8 @@ And it will run.
 However the big thing you want to do next is to edit the `config/plugins`
 file. This determines what plugins run in Haraka, and controls the overall
 behaviour of the server. By default the server is setup to receive mails for
-domains in `host_list` and deliver them via `qmail-queue`. Queueing to
-qmail is likely not what you need unless you have qmail installed, so this is
-likely the first thing you want to change.
+domains in `host_list` and deliver them via `smtp-forward`. Configure the
+destination in `config/smtp_forward.ini`.
 
 Each plugin has documentation available via `haraka -h plugins/<name>`.
 Look there for information about how each plugin is configured, edit your

TODO

@@ -1,19 +1,41 @@
-- Rate Limiting for outbound mail (there's a branch for this but it's incomplete)
 - Milter support
 - Ability to modify the body of email (e.g add a banner)
 - Create a config file for each of the core shipping configs, so people have something as a baseline
 - IMAP server (long shot for now)
 - Plugins to copy from Qpsmtpd:
-  - bogus_bounce (checks bounces have one recipient and no return-path)
   - dspam
   - greylisting
-  - karma?
   - virus/*
 
 Outbound improvements
+ - Rate Limiting (there's a branch for this but it's incomplete)
  - Provide better command line tools for manipulating/inspecting the queue
  - Add the ability to force a run on a specific queue file or destination domain
  - Make retry times configurable (handle RFC requirements for 5 days and DSN queued warnings)
  - Limit concurrency by domain
  - Disable deliveries for a domain
  - Pool connections by domain/MX
+
+Plugin behavior changes
+ - in SpamAssassin plugin, change default behavior of 'legacy' status header.
+   Presently, when undefined, legacy is used. Legacy support should be changed to
+   only when requested, with a sunset date.
+
+Remove the following deprecated plugins
+ - rdns.regexp
+ - data.nomsgid
+ - data.noreceived
+ - data.rfc5322_header_checks
+ - daemonize
+ - mail_from.nobounces
+
+Rename the following plugins
+ - toobusy      -> connect.toobusy
+ - attachment   -> data.attachment
+ - avg          -> data.avg
+ - clamd        -> data.clamd
+ - spamassassin -> data.spamassassin
+ - spf          -> mail_from.spf
+
+Move the following plugins:
+ - test_queue   -> queue/test_queue

UPGRADE

@@ -0,0 +1,9 @@
+
+2013.12.27
+
+new plugin: data.headers
+
+   deprecates data.rfc5322_header_checks.js
+   deprecates data.noreceived.js
+   deprecates data.nomsgid.js
+

bin/haraka

@@ -344,6 +344,16 @@ else if (parsed.qempty) {
 }
 else if (parsed.configs) {
     var haraka_path = path.join(base, 'haraka.js');
+
+    var base_dir = process.argv[3];
+    var err_msg = "Did you install a Haraka config? (haraka -i " + base_dir +")";
+    if ( !fs.existsSync(base_dir) )
+        fail( "No such directory: " + base_dir + "\n" + err_msg );
+
+    var smtp_ini = path.join(base_dir,'config','smtp.ini');
+    if ( !fs.existsSync( smtp_ini ) )
+        fail( "No smtp.ini at: " + smtp_ini + "\n" + err_msg );
+
     process.argv[1] = haraka_path;
     process.env.HARAKA = parsed.configs;
     require(haraka_path);

config.js

@@ -7,14 +7,27 @@ var config = exports;
 
 var config_path = process.env.HARAKA ? path.join(process.env.HARAKA, 'config') : path.join(__dirname, './config');
 
-config.get = function(name, type, cb) {
-    if (type === 'nolog') {
-        type = arguments[2]; // deprecated - TODO: remove later
+/* Ways this can be called:
+config.get('thing');
+config.get('thing', type);
+config.get('thing', cb);
+config.get('thing', type, cb);
+config.get('thing', type, options);
+config.get('thing', type, cb, options);
+*/
+config.get = function(name, type, cb, options) {
+    if (typeof type == 'function') {
+        options = cb;
+        cb = type;
+        type = 'value';
+    }
+    if (typeof cb != 'function') {
+        options = cb;
+        cb = null;
     }
-
     type = type || 'value';
     var full_path = path.resolve(config_path, name);
-    var results = configloader.read_config(full_path, type, cb); 
+    var results = configloader.read_config(full_path, type, cb, options); 
 
     // Pass arrays by value to prevent config being modified accidentally.
     if (Array.isArray(results)) {

config/auth_vpopmaild.ini

@@ -0,0 +1,2 @@
+host=127.0.0.6
+port=89

config/bounce.ini

@@ -0,0 +1,5 @@
+; reject all bounce messages (generally not a good idea)
+reject_all=0
+
+; reject bounces that are not RFC compliant (likely faked)
+reject_invalid=1

config/connect.geoip.ini

@@ -0,0 +1,20 @@
+; public_ip: the public IP address of *this* mail server
+; if your mail server is not bound to a public IP, you'll have to provide
+; this for distance calculations to work.
+; public_ip=
+
+; show_city: show city data in logs and headers
+;    note: city data is less accurate than country
+show_city=1
+
+; show_region: show regional data (US states, CA provinces, etc..)
+show_region=1
+
+; enable distance calculations. If you don't use the distance, leave it
+; disabled to save few CPU cycles.
+calc_distance=0
+
+; if calculating distance, an additional 'too_far' key in the geoip
+; connection note can be set to true if the distance exceeds the limit (in
+; kilometers). A suggested use for that data is the karma plugin.
+;too_far=4000

config/connect.p0f.ini

@@ -0,0 +1,8 @@
+
+; where the p0f socket is found
+; default: socket_path=/tmp/.p0f_socket
+socket_path=/tmp/.p0f_socket
+
+; add_header, add a message header with a p0f summary
+; default: X-Haraka-p0f
+add_header=X-Haraka-p0f

config/data.headers.ini

@@ -0,0 +1,30 @@
+; configuration for data.headers plugin
+
+; Requiring a date header will cause the loss of valid mail. The JavaMail
+; sender used by some banks, photo processing services, health insurance
+; companies, bounce senders, and others send messages without a Date header.
+;
+; If you can afford to reject some valid mail, please do enforce this, and
+; encourage mailers toward RFC adherence. Otherwise, do not require Date.
+
+; Headers that MUST be present (RFC 5322)
+; required=From,Date   ; <-- RFC 5322 compliant
+required=From,Date
+
+; Received
+; If you have no outbound, add 'Received' to the required list for an
+; aggressive anti-spam measure. It works because all real mail relays will
+; add a `Received` header. It may false positive on some bulk mail that
+; uses a custom tool to send, but this appears to be fairly rare.
+
+; If the date header is present, and future and/or past days are
+; defined, it will be validated. 0 = disabled
+date_future_days=2
+date_past_days=15
+
+
+; Headers that MUST be unique if present (RFC 5322)
+; singular=Date,From,Sender,Reply-To,To,Cc,Bcc,Message-Id,In-Reply-To,References,Subject (RFC 5322)
+singular=Date,From,Sender,Reply-To,To,Cc,Bcc,Message-Id,In-Reply-To,References,Subject
+
+

config/delay_deny.ini

@@ -0,0 +1,7 @@
+
+; excluded plugins: a list of denials that are to be excluded (ie, all the immediate rejection)
+; Examples: <plugin>
+;           <plugin>:<hook>
+;           <plugin>:<hook>:<function name>
+; 
+;excluded_plugins=spf,lookup_rdns_strict

config/dkim/dkim_key_gen.sh

@@ -0,0 +1,70 @@
+#!/bin/sh
+
+usage() {
+    echo "   usage: $0 <example.com> [haraka username]"
+    echo " "
+    exit
+}
+
+if [ -z $1 ];
+then
+    usage
+fi
+
+DOMAIN=$1
+SMTPD=$2
+if [ -z $SMTPD ];
+then
+    SMTPD="www"
+fi
+
+# create a directory for each DKIM signing domain
+mkdir -p $DOMAIN
+cd $DOMAIN
+
+# The selector can be any value that is a valid DNS label
+# create in the common format: mmmYYYY (apr2014)
+date '+%h%Y' | tr "[:upper:]" "[:lower:]" > selector
+
+# generate private and public keys
+#            key length considerations
+# The minimum recommended key length for short duration keys (ones that
+# will be replaced within a few months) is 1024. If you are unlikely to
+# rotate your keys frequently, choose 2048, at the expense of more CPU.
+openssl genrsa -out private 2048
+chmod 400 private
+openssl rsa -in private -out public -pubout
+
+# make it really easy to publish the public key in DNS
+# by creating a file named 'dns', with instructions
+cat > dns <<EO_DKIM_DNS
+
+Add this TXT record to the $DOMAIN DNS zone.
+
+`cat selector | tr -d "\n"`._domainkey TXT "v=DKIM1;p=`grep -v -e '^-' public | tr -d "\n"`"
+
+Tell the world that the ONLY mail servers that send mail from this domain are DKIM signed and/or bear our MX and A records.
+
+With SPF:
+
+        SPF "v=spf1 mx a -all"
+        TXT "v=spf1 mx a -all"
+
+With DMARC:
+
+_dmarc  TXT "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback@$DOMAIN; ruf=mailto:dmarc-feedback@$DOMAIN; pct=100"
+
+With DomainKeys (deprecated)
+
+_domainkey TXT "o=-; t=y; r=postmaster@$DOMAIN"
+
+For more information about DKIM and SPF policy, the documentation within each plugin contains a longer discussion and links to more detailed information:
+
+   haraka -h dkim_sign
+   haraka -h spf
+
+
+EO_DKIM_DNS
+
+cd ..
+#chown -R $SMTPD:$SMTPD $DOMAIN