Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release v1.1.6 #30

Merged
merged 10 commits into from
Apr 9, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions .codeclimate.yml
Original file line number Diff line number Diff line change
@@ -1,24 +1,24 @@
engines:
eslint:
enabled: true
channel: "eslint-8"
channel: 'eslint-8'
config:
config: ".eslintrc.yaml"
config: '.eslintrc.yaml'
checks:
complexity:
enabled: false

ratings:
paths:
- "**.js"
paths:
- '**.js'

checks:
file-lines:
config:
threshold: 500
method-lines:
config:
threshold: 45
threshold: 50
method-complexity:
config:
threshold: 10
threshold: 11
19 changes: 2 additions & 17 deletions .eslintrc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,6 @@ env:
node: true
es6: true
mocha: true
es2022: true

plugins:
- haraka

extends: [ "eslint:recommended", "plugin:haraka/recommended" ]

root: true

rules:
indent: [2, 4, {"SwitchCase": 1}]

globals:
OK: true
CONT: true
DENY: true
DENYSOFT: true
DENYDISCONNECT: true
DENYSOFTDISCONNECT: true
extends: ['@haraka']
6 changes: 3 additions & 3 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@

version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
- package-ecosystem: 'npm'
directory: '/'
schedule:
interval: "weekly"
interval: 'weekly'
allow:
- dependency-type: production
37 changes: 7 additions & 30 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -1,41 +1,18 @@
name: CI

on: [ push ]
on: [push, pull_request]

env:
CI: true

jobs:

lint:
uses: haraka/.github/.github/workflows/lint.yml@master

# coverage:
# uses: haraka/.github/.github/workflows/coverage.yml@master
# secrets: inherit

test:
needs: [ lint, get-lts ]
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ ubuntu-latest, windows-latest ]
node-version: ${{ fromJson(needs.get-lts.outputs.active) }}
fail-fast: false
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
name: Node ${{ matrix.node-version }} on ${{ matrix.os }}
with:
node-version: ${{ matrix.node-version }}
- run: npm install
- run: npm test
ubuntu:
needs: [lint]
uses: haraka/.github/.github/workflows/ubuntu.yml@master

get-lts:
runs-on: ubuntu-latest
steps:
- id: get
uses: msimerson/node-lts-versions@v1
outputs:
active: ${{ steps.get.outputs.active }}
lts: ${{ steps.get.outputs.lts }}
windows:
needs: [lint]
uses: haraka/.github/.github/workflows/windows.yml@master
6 changes: 3 additions & 3 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
name: "CodeQL"
name: 'CodeQL'

on:
push:
branches: [ master ]
branches: [master]
pull_request:
branches: [ master ]
branches: [master]
schedule:
- cron: '18 7 * * 4'

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,4 @@ env:
jobs:
publish:
uses: haraka/.github/.github/workflows/publish.yml@master
secrets: inherit
secrets: inherit
2 changes: 2 additions & 0 deletions .prettierrc
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
singleQuote: true
semi: false
2 changes: 1 addition & 1 deletion .release
18 changes: 11 additions & 7 deletions Changes.md → CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,40 +1,44 @@
### Unreleased

### [1.1.6] - 2024-04-09

- dep: update all versions and pin to latest
- dep: eslint-plugin-haraka -> @haraka/eslint-config
- lint: remove duplicate / stale rules from .eslintrc
- chore: populate [files] in package.json.
- chore: remove `const plugin = this` pattern (deprecated)
- chore: remove unused in_file and in_re_file
- test: remove `done` from sync tests

### [1.1.5] - 2022-06-06

- ci: use shared GHA workflows
- ci: add submodule .release
- ci: expand codeclimate config


### 1.1.4 - 2020-04-09

- wrap from parsing in a try #20


### 1.1.3 - 2018-11-16

- check if OD was found before attemping to use it


### 1.1.2 - 2018-11-10

- use header.get_decoded('from'), was get('from')


### 1.1.1 - 2018-06-09

- #9: make all mail address comparisons case insensitive, instead of the previously mixed behavior


### 1.1.0 - 2018-04-23

- #6: add rcpt.accept setting to enable recipient validation for users in whitelists (like an rcpt_to.* plugin)

- #6: add rcpt.accept setting to enable recipient validation for users in whitelists (like an rcpt_to.\* plugin)

### 1.0.0 - 2017-06-29

- initial release

[1.1.5]: https://github.com/haraka/haraka-plugin-access/releases/tag/1.1.5
[1.1.6]: https://github.com/haraka/haraka-plugin-access/releases/tag/1.1.6
9 changes: 9 additions & 0 deletions CONTRIBUTORS.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@

# Contributors

This handcrafted artisinal software is brought to you by:

| <img height="80" src="https://avatars.githubusercontent.com/u/261635?v=4"><br><a href="https://github.com/msimerson">msimerson</a> (<a href="https://github.com/haraka/haraka-plugin-access/commits?author=msimerson">37</a>)| <img height="80" src="https://avatars.githubusercontent.com/u/2158203?v=4"><br><a href="https://github.com/luto">luto</a> (<a href="https://github.com/haraka/haraka-plugin-access/commits?author=luto">8</a>)| <img height="80" src="https://avatars.githubusercontent.com/u/1674289?v=4"><br><a href="https://github.com/Dexus">Dexus</a> (<a href="https://github.com/haraka/haraka-plugin-access/commits?author=Dexus">2</a>)| <img height="80" src="https://avatars.githubusercontent.com/u/83369329?v=4"><br><a href="https://github.com/polarismail">polarismail</a> (<a href="https://github.com/haraka/haraka-plugin-access/commits?author=polarismail">1</a>)|
| :---: | :---: | :---: | :---: |

<sub>created and maintained with [.release](https://github.com/msimerson/.release)</sub>
93 changes: 49 additions & 44 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,12 +43,12 @@ the message headers as well. Settings 'data=true' in the [checks] section of
## PRECISE

The precise ACLs share a common file format with each phase having a set of
4 files (whitelist, whitelist\_regex, blacklist, and blacklist\_regex) which
4 files (whitelist, whitelist_regex, blacklist, and blacklist_regex) which
are simple lists.

The ACLs for each phase apply their tests in the order listed. The whitelist
is primarily to counter blacklist entries that match too much, so the the flow
of control is: if whitelisted, stop processing. Then apply the blacklist.
of control is: if whitelisted, stop processing. Then apply the blacklist.

Entries in ACL files are one per line.

Expand All @@ -63,11 +63,11 @@ add entries to the config files for the addresses or patterns to block.

## Upgrading

When upgrading from the rdns\_access, mail\_from.access, and rcpt\_to.access
When upgrading from the rdns_access, mail_from.access, and rcpt_to.access
plugins, be sure to remove the plugins from config/plugins, upon pain of
wasted CPU cycles.

There is no need to modify your black/white lists in any way.
There is no need to modify your black/white lists.

If you just want the new plugin to work exactly like the old trio it replaces,
add this section to _config/access.ini_:
Expand All @@ -81,18 +81,20 @@ add this section to _config/access.ini_:

### Checking ACL results

To check access results from other plugins, use the standard *results*
To check access results from other plugins, use the standard _results_
methods.

var ar = connection.results.get('access');
if (ar.pass.length > 2) {
// they passed the connection and helo checks
}

var ar = connection.transaction.results.get('access');
if (ar.pass.length > 2) {
// they passed the mail and rcpt checks
}
```js
const ar = connection.results.get('access');
if (ar.pass.length > 2) {
// they passed the connection and helo checks
}

const ar = connection.transaction.results.get('access');
if (ar.pass.length > 2) {
// they passed the mail and rcpt checks
}
```

To determine which file(s) had matching entries, inspect the contents
of the pass/fail elements in the result object.
Expand All @@ -103,24 +105,27 @@ of the pass/fail elements in the result object.

Each check can be enabled or disabled in the [check] section of access.ini:

[check]
any=true (see below)
conn=false
helo=false
mail=false
rcpt=false
```ini
[check]
any=true (see below)
conn=false
helo=false
mail=false
rcpt=false

[rcpt]
accept=false (see below)
[rcpt]
accept=false (see below)
```

A custom deny message can be configured for each SMTP phase:

[deny_msg]
conn=You are not allowed to connect
helo=That HELO is not allowed to connect
mail=That sender cannot send mail here
rcpt=That recipient is not allowed

```ini
[deny_msg]
conn=You are not allowed to connect
helo=That HELO is not allowed to connect
mail=That sender cannot send mail here
rcpt=That recipient is not allowed
```

## PRECISE ACLs

Expand All @@ -129,24 +134,24 @@ A custom deny message can be configured for each SMTP phase:
The connect ACLs are evaluated against the IP address **and** the rDNS
hostname (if any) of the remote.

* connect.rdns\_access.whitelist (pass)
* connect.rdns\_access.whitelist\_regex (pass)
* connect.rdns\_access.blacklist (block)
* connect.rdns\_access.blacklist\_regex (block)
* connect.rdns_access.whitelist (pass)
* connect.rdns_access.whitelist_regex (pass)
* connect.rdns_access.blacklist (block)
* connect.rdns_access.blacklist_regex (block)

### MAIL FROM

* mail\_from.access.whitelist (pass)
* mail\_from.access.whitelist\_regex (pass)
* mail\_from.access.blacklist (block)
* mail\_from.access.blacklist\_regex (block)
* mail_from.access.whitelist (pass)
* mail_from.access.whitelist_regex (pass)
* mail_from.access.blacklist (block)
* mail_from.access.blacklist_regex (block)

### RCPT TO

* rcpt\_to.access.whitelist (pass)
* rcpt\_to.access.whitelist\_regex (pass)
* rcpt\_to.access.blacklist (block)
* rcpt\_to.access.blacklist\_regex (block)
* rcpt_to.access.whitelist (pass)
* rcpt_to.access.whitelist_regex (pass)
* rcpt_to.access.blacklist (block)
* rcpt_to.access.blacklist_regex (block)


## NOTES
Expand All @@ -160,7 +165,7 @@ matches are 3x times as slow. When the matches are moved to the end of the
30 member list, the regex searches are over 100x slower than indexOf.

Based on this observation, reducing the domain name and doing an indexOf
search of an (even much longer) blacklist is *much* faster than adding lists
search of an (even much longer) blacklist is _much_ faster than adding lists
of .\*domain.com entries to the \*\_regex files.

### rcpt accept mode
Expand All @@ -169,7 +174,7 @@ By default this plugin only rejects recipients on the blacklists, and ignores th

### Organizational Domain

The OD is a term that describes the highest level portion of domain name that is under the control of a private organization. I'll explain, but first, lets clarify a few terms:
The OD is a term that describes the highest level portion of domain name that is under the control of a private organization. Let's clarify a few terms:

#### TLD

Expand All @@ -189,10 +194,10 @@ The portion of a domain name that is operated by a registry. These are often syn
com
co.uk

The Organizational Domain is the next level higher than the Public Suffix. So if a hostname is *mail.example.com*, and *com* is the Public Suffix, the OD is *example.com*. If the hostname is *www.bbc.co.uk*, the PS is *co.uk* and the OD is *bbc.co.uk*.

The Organizational Domain is the next level higher than the Public Suffix. So if a hostname is _mail.example.com_, and _com_ is the Public Suffix, the OD is _example.com_. If the hostname is *www.bbc.co.uk*, the PS is _co.uk_ and the OD is _bbc.co.uk_.

<!-- leave these buried at the bottom of the document -->

[ci-img]: https://github.com/haraka/haraka-plugin-access/actions/workflows/ci.yml/badge.svg
[ci-url]: https://github.com/haraka/haraka-plugin-access/actions/workflows/ci.yml
[clim-img]: https://codeclimate.com/github/haraka/haraka-plugin-access/badges/gpa.svg
Expand Down
Loading