From eef9c4d83ca2aeac7e8fe546632593a04928c01b Mon Sep 17 00:00:00 2001 From: Matt Simerson Date: Sat, 13 Apr 2024 13:45:09 -0700 Subject: [PATCH] Release v1.2.0 (#7) - dnswl: sending OK on helo & mail hooks disabled by default - check_zones: check all zones concurrently (test speedup) --- CHANGELOG.md | 6 ++++++ CONTRIBUTORS.md | 2 +- README.md | 9 +++++++++ config/dns-list.ini | 3 +++ index.js | 30 +++++++++++++++++++++--------- package.json | 2 +- test/dns-list.js | 5 +++++ 7 files changed, 46 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 41af8c2..0950072 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/). ### Unreleased +### [1.2.0] - 2024-04-13 + +- dnswl: sending OK on helo & mail hooks disabled by default +- check_zones: check all zones concurrently (test speedup) + ### [1.1.0] - 2024-04-10 - feat: imported backscatterer from haraka/Haraka @@ -29,3 +34,4 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/). [1.0.2]: https://github.com/haraka/haraka-plugin-dns-list/releases/tag/v1.0.2 [1.0.3]: https://github.com/haraka/haraka-plugin-dns-list/releases/tag/v1.0.3 [1.1.0]: https://github.com/haraka/haraka-plugin-dns-list/releases/tag/v1.1.0 +[1.2.0]: https://github.com/haraka/haraka-plugin-dns-list/releases/tag/v1.2.0 diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index c4c2d49..73e1dd8 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -2,7 +2,7 @@ This handcrafted artisinal software is brought to you by: -|
msimerson (6) |
lnedry (1) | +|
msimerson (7) |
lnedry (1) | | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | this file is maintained by [.release](https://github.com/msimerson/.release) diff --git a/README.md b/README.md index 305aaa8..b5b03bb 100644 --- a/README.md +++ b/README.md @@ -102,6 +102,15 @@ The exact name of the DNS zone (as specified above in main.zones) may contain se - reject=true (default: true) Reject connections from IPs on block lists. Setting this to false makes dnsbl informational. reject=false is best used in conjunction with plugins like [karma](https://github.com/haraka/haraka-plugin-karma) that employ a scoring engine to make choices about message delivery. - ipv6=true | false +#### dnswl + +```ini +ok_helo=false +ok_mail=false +``` + +if DNSBL returns OK on the mail hook, it prevents any subsequent mail hooks in other plugins from running. This might include [SPF](haraka-plugin-spf), [known senders](https://github.com/haraka/haraka-plugin-known-senders), [karma](https://github.com/haraka/haraka-plugin-karma), recipient plugins, and any other plugins that want to do transaction initialization on `hook_mail`. It can be dangerous. + [ci-img]: https://github.com/haraka/haraka-plugin-dns-list/actions/workflows/ci.yml/badge.svg [ci-url]: https://github.com/haraka/haraka-plugin-dns-list/actions/workflows/ci.yml [clim-img]: https://codeclimate.com/github/haraka/haraka-plugin-dns-list/badges/gpa.svg diff --git a/config/dns-list.ini b/config/dns-list.ini index c21e0e3..e1b5c2e 100644 --- a/config/dns-list.ini +++ b/config/dns-list.ini @@ -94,6 +94,9 @@ loopback_is_rejected=true [list.dnswl.org] ; https://www.dnswl.org/?page_id=15 type=allow +; see docs +ok_helo=false +ok_mail=false ; 127.0.{2-20}.{0-3} diff --git a/index.js b/index.js index 6f0495a..e753d0c 100644 --- a/index.js +++ b/index.js @@ -16,11 +16,18 @@ exports.register = function () { this.register_hook('connect', 'onConnect') - // IMPORTANT: don't run this on hook_rcpt otherwise we're an open relay... - for (const hook of ['ehlo', 'helo', 'mail']) { - this.register_hook(hook, 'check_dnswl') + if (this.cfg['ips.backscatterer.org'].enable) { + this.register_hook('mail', 'check_backscatterer') + } + + // IMPORTANT: don't run this on hook_rcpt else we're an open relay... + if (this.cfg['list.dnswl.org'].ok_helo) { + this.register_hook('helo', 'check_dnswl') + this.register_hook('ehlo', 'check_dnswl') + } + if (this.cfg['list.dnswl.org'].ok_mail) { + this.register_hook('mail', 'check_dnswl') } - this.register_hook('mail', 'check_backscatterer') } exports.load_config = function () { @@ -33,6 +40,8 @@ exports.load_config = function () { '*.ipv6', '*.loopback_is_rejected', '-ips.backscatterer.org.enable', + '-list.dnswl.org.ok_helo', + '-list.dnswl.org.ok_mail', ], }, () => { @@ -375,12 +384,15 @@ exports.check_zone = async function (zone) { exports.check_zones = async function (interval) { if (interval) interval = parseInt(interval) + const promises = [] for (const zone of this.cfg.main.zones) { - try { - await this.check_zone(zone) - } catch (err) { - console.error(`zone ${zone} err: ${err}`) - } + promises.push(this.check_zone(zone)) + } + + try { + await Promise.all(promises) + } catch (err) { + console.error(err) } // Set a timer to re-test diff --git a/package.json b/package.json index cca2e1c..fb075f4 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "haraka-plugin-dns-list", - "version": "1.1.0", + "version": "1.2.0", "description": "Haraka plugin for DNS lists (DNSBL, DNSWL)", "main": "index.js", "files": [ diff --git a/test/dns-list.js b/test/dns-list.js index 438e7c3..e2b9162 100644 --- a/test/dns-list.js +++ b/test/dns-list.js @@ -40,26 +40,31 @@ describe('dns-list', function () { describe('lookup', function () { it('Spamcop, test IPv4', async function () { + this.timeout=4000 const a = await this.plugin.lookup('127.0.0.2', 'bl.spamcop.net') assert.deepStrictEqual(['127.0.0.2'], a) }) it('Spamcop, unlisted IPv6', async function () { + this.timeout=4000 const r = await this.plugin.lookup('::1', 'bl.spamcop.net') assert.deepStrictEqual(undefined, r) }) it('b.barracudacentral.org, unlisted IPv6', async function () { + this.timeout=4000 const r = await this.plugin.lookup('::1', 'b.barracudacentral.org') assert.deepStrictEqual(undefined, r) }) it('Spamcop, unlisted IPv4', async function () { + this.timeout=4000 const a = await this.plugin.lookup('127.0.0.1', 'bl.spamcop.net') assert.deepStrictEqual(undefined, a) }) it('CBL', async function () { + this.timeout=4000 const a = await this.plugin.lookup('127.0.0.2', 'xbl.spamhaus.org') assert.deepStrictEqual(a, ['127.0.0.4']) })