├── test ├── plugins │ ├── noop.js │ ├── order-1.js │ ├── order-2.js │ ├── hook-1.js │ ├── hook-2.js │ ├── analyzer-1.js │ ├── analyzer-2.js │ ├── rewriter-2.js │ └── rewriter-1.js ├── ttl-cache-test.js ├── dkim-relaxed-body-test.js ├── plugin-handler-test.js ├── fixtures │ └── message1.eml └── address-tools-test.js ├── .npmignore ├── .prettierrc.js ├── .gitignore ├── .eslintrc ├── logo.txt ├── setup ├── zone-mta.conf └── zone-mta.service ├── lib ├── plugins.js ├── transport │ ├── frames.js │ ├── server.js │ ├── client.js │ ├── connection.js │ └── frame-parser.js ├── stream-hash.js ├── counters.js ├── byte-counter.js ├── message-parser.js ├── size-limiter.js ├── line-ends.js ├── ip-tools.js ├── connection-pool.js ├── bounces.js ├── remote-queue.js ├── dkim-sign.js ├── db.js ├── ttl-cache.js ├── address-tools.js ├── dkim-relaxed-body.js ├── queue-locker.js ├── mail-drop.js └── receiver │ └── smtp-proxy.js ├── Gruntfile.js ├── plugins └── core │ ├── api-send.js │ ├── srs.js │ ├── image-hashes.js │ ├── http-auth.js │ ├── dkim.js │ ├── http-bounce.js │ ├── http-config.js │ ├── clamav │ ├── clamav-client.js │ └── index.js │ ├── rspamd │ ├── rspamd-client.js │ └── index.js │ ├── example-plugin.js │ ├── email-bounce.js │ └── default-headers.js ├── bin └── check-bounce.js ├── indexes.yaml ├── package.json ├── services ├── receiver.js └── sender.js ├── CHANGELOG.md ├── app.js ├── LICENSE_ET └── LICENSE /test/plugins/noop.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | -------------------------------------------------------------------------------- /test/plugins/order-1.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | module.exports.init = (app, done) => { 4 | setImmediate(done); 5 | }; 6 | -------------------------------------------------------------------------------- /test/plugins/order-2.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | module.exports.init = (app, done) => { 4 | setImmediate(done); 5 | }; 6 | -------------------------------------------------------------------------------- /.npmignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | .DS_Store 3 | npm-debug.log 4 | data/ 5 | .lev_history 6 | keys/*.pem 7 | test/queuetest 8 | config/production.* 9 | config/development.* 10 | *v8.log 11 | -------------------------------------------------------------------------------- /.prettierrc.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | printWidth: 160, 3 | tabWidth: 4, 4 | singleQuote: true, 5 | endOfLine: 'lf', 6 | trailingComma: 'none', 7 | arrowParens: 'avoid' 8 | }; 9 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | .DS_Store 3 | npm-debug.log 4 | data/ 5 | .lev_history 6 | keys/*.pem 7 | keys/*.crt 8 | keys/*.key 9 | test/queuetest 10 | config/production.* 11 | config/development.* 12 | *v8.log 13 | package-lock.json* 14 | -------------------------------------------------------------------------------- /test/plugins/hook-1.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | module.exports.title = 'Hook Test 1'; 4 | 5 | module.exports.init = (app, done) => { 6 | app.addHook('testhook', (a, b, next) => { 7 | a.incr++; 8 | b.incr++; 9 | return next(); 10 | }); 11 | 12 | done(); 13 | }; 14 | -------------------------------------------------------------------------------- /test/plugins/hook-2.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | module.exports.title = 'Hook Test 2'; 4 | 5 | module.exports.init = (app, done) => { 6 | app.addHook('testhook', (a, b, next) => { 7 | a.incr++; 8 | b.incr++; 9 | return next(); 10 | }); 11 | 12 | done(); 13 | }; 14 | -------------------------------------------------------------------------------- /.eslintrc: -------------------------------------------------------------------------------- 1 | { 2 | "rules": { 3 | "indent": 0, 4 | "no-await-in-loop": 0, 5 | "require-atomic-updates": 0, 6 | "no-prototype-builtins": 0 7 | }, 8 | "extends": ["nodemailer", "prettier"], 9 | "parserOptions": { 10 | "ecmaVersion": 2018 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /test/plugins/analyzer-1.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | module.exports.title = 'Analyzer Test 1'; 4 | 5 | module.exports.init = (app, done) => { 6 | app.addAnalyzerHook((envelope, source, destination) => { 7 | destination.write('X-Step-1: Analyzer\r\n'); 8 | source.pipe(destination); 9 | }); 10 | done(); 11 | }; 12 | -------------------------------------------------------------------------------- /test/plugins/analyzer-2.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | module.exports.title = 'Analyzer Test 2'; 4 | 5 | module.exports.init = (app, done) => { 6 | app.addAnalyzerHook((envelope, source, destination) => { 7 | destination.write('X-Step-2: Analyzer\r\n'); 8 | source.pipe(destination); 9 | }); 10 | done(); 11 | }; 12 | -------------------------------------------------------------------------------- /logo.txt: -------------------------------------------------------------------------------- 1 | ███████╗ ██████╗ ███╗ ██╗███████╗███╗ ███╗████████╗ █████╗ 2 | ╚══███╔╝██╔═══██╗████╗ ██║██╔════╝████╗ ████║╚══██╔══╝██╔══██╗ 3 | ███╔╝ ██║ ██║██╔██╗ ██║█████╗ ██╔████╔██║ ██║ ███████║ 4 | ███╔╝ ██║ ██║██║╚██╗██║██╔══╝ ██║╚██╔╝██║ ██║ ██╔══██║ 5 | ███████╗╚██████╔╝██║ ╚████║███████╗██║ ╚═╝ ██║ ██║ ██║ ██║ 6 | ╚══════╝ ╚═════╝ ╚═╝ ╚═══╝╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ 7 | -------------------------------------------------------------------------------- /setup/zone-mta.conf: -------------------------------------------------------------------------------- 1 | # upstart script for ZoneMTA 2 | 3 | description "Zone Mail Transport Agent" 4 | author "Andris Reinman " 5 | 6 | start on runlevel [2345] 7 | stop on runlevel [!2345] 8 | 9 | env NODE_ENV=production 10 | 11 | respawn 12 | respawn limit 10 0 13 | 14 | script 15 | cd /opt/zone-mta 16 | exec node -max-old-space-size=2048 app.js >> /var/log/zone-mta.log 2>&1 17 | end script 18 | -------------------------------------------------------------------------------- /setup/zone-mta.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Zone Mail Transport Agent 3 | Conflicts=sendmail.service exim.service postfix.service 4 | After=network.target 5 | 6 | [Service] 7 | Environment="NODE_ENV=production" 8 | # replace with your actual working directory 9 | WorkingDirectory=/opt/zone-mta 10 | ExecStart=/usr/bin/node --max-old-space-size=2048 app.js 11 | ExecReload=/bin/kill -HUP $MAINPID 12 | SyslogIdentifier=zone-mta 13 | Type=simple 14 | Restart=always 15 | 16 | [Install] 17 | WantedBy=multi-user.target 18 | -------------------------------------------------------------------------------- /lib/plugins.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const config = require('wild-config'); 4 | const log = require('npmlog'); 5 | const PluginHandler = require('./plugin-handler'); 6 | const db = require('./db'); 7 | 8 | module.exports.handler = false; 9 | 10 | module.exports.init = context => { 11 | module.exports.handler = new PluginHandler({ 12 | logger: log, 13 | pluginsPath: config.pluginsPath, 14 | plugins: config.plugins, 15 | context, 16 | log: config.log, 17 | db 18 | }); 19 | }; 20 | -------------------------------------------------------------------------------- /lib/transport/frames.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const msgpack = require('msgpack-js'); 4 | 5 | function parse(frame) { 6 | if (!frame || !frame.length) { 7 | return false; 8 | } 9 | return msgpack.decode(frame); 10 | } 11 | 12 | function encode(data) { 13 | let encoded = msgpack.encode(data); 14 | let frame = Buffer.allocUnsafe(encoded.length + 4); 15 | frame.writeUInt32LE(encoded.length, 0); 16 | encoded.copy(frame, 4); 17 | return frame; 18 | } 19 | 20 | module.exports = { 21 | parse, 22 | encode 23 | }; 24 | -------------------------------------------------------------------------------- /Gruntfile.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | module.exports = function(grunt) { 4 | // Project configuration. 5 | grunt.initConfig({ 6 | eslint: { 7 | all: ['lib/**/*.js', 'test/**/*.js', 'config/**/*.js', 'Gruntfile.js', 'app.js'] 8 | }, 9 | 10 | nodeunit: { 11 | all: ['test/**/*-test.js'] 12 | } 13 | }); 14 | 15 | // Load the plugin(s) 16 | grunt.loadNpmTasks('grunt-eslint'); 17 | grunt.loadNpmTasks('grunt-contrib-nodeunit'); 18 | 19 | // Tasks 20 | grunt.registerTask('default', ['eslint', 'nodeunit']); 21 | }; 22 | -------------------------------------------------------------------------------- /test/plugins/rewriter-2.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | module.exports.title = 'Rewriter Test 2'; 4 | 5 | module.exports.init = (app, done) => { 6 | app.addRewriteHook( 7 | (envelope, node) => node.contentType === 'text/plain', 8 | (envelope, node, source, destination) => { 9 | source.on('data', chunk => { 10 | // replace all O's with 0's 11 | destination.write(Buffer.from(chunk.toString().replace(/O/g, '0'))); 12 | }); 13 | source.on('end', () => destination.end()); 14 | } 15 | ); 16 | done(); 17 | }; 18 | -------------------------------------------------------------------------------- /plugins/core/api-send.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | module.exports.title = 'API Mail Checks'; 4 | module.exports.init = function(app, done) { 5 | // Called when a mail is dropped to HTTP 6 | app.addHook('api:mail', (envelope, session, next) => { 7 | if (app.config.maxRecipients && Array.isArray(envelope.to) && envelope.to.length >= app.config.maxRecipients) { 8 | let err = new Error('Too many recipients: ' + envelope.to.length + ' provided, ' + app.config.maxRecipients + ' allowed'); 9 | return next(err); 10 | } 11 | next(); 12 | }); 13 | 14 | done(); 15 | }; 16 | -------------------------------------------------------------------------------- /test/plugins/rewriter-1.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | module.exports.title = 'Rewriter Test 1'; 4 | 5 | module.exports.init = (app, done) => { 6 | app.addRewriteHook( 7 | (envelope, node) => node.contentType === 'text/plain', 8 | (envelope, node, source, destination) => { 9 | source.on('data', chunk => { 10 | // convert all chars to uppercase 11 | destination.write(Buffer.from(chunk.toString().toUpperCase())); 12 | }); 13 | source.on('end', () => { 14 | destination.end(); 15 | }); 16 | } 17 | ); 18 | done(); 19 | }; 20 | -------------------------------------------------------------------------------- /bin/check-bounce.js: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env node 2 | 3 | /* eslint no-unused-expressions: 0, global-require: 0, no-console: 0 */ 4 | 'use strict'; 5 | 6 | const bounces = require('../lib/bounces'); 7 | 8 | let chunks = []; 9 | 10 | process.stdin.on('data', chunk => { 11 | chunks.push(chunk); 12 | }); 13 | 14 | process.stdin.on('end', () => { 15 | let str = Buffer.concat(chunks) 16 | .toString() 17 | .trim(); 18 | let bounceInfo = bounces.check(str); 19 | console.log('data : %s', str.replace(/\n/g, '\n' + ' '.repeat(11))); 20 | Object.keys(bounceInfo || {}).forEach(key => { 21 | console.log('%s %s: %s', key, ' '.repeat(8 - key.length), bounceInfo[key]); 22 | }); 23 | }); 24 | -------------------------------------------------------------------------------- /lib/stream-hash.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const Transform = require('stream').Transform; 4 | const crypto = require('crypto'); 5 | 6 | class StreamHash extends Transform { 7 | constructor(config) { 8 | config = config || {}; 9 | super(); 10 | this.hash = crypto.createHash(config.algo || 'md5'); 11 | this.bytes = 0; 12 | } 13 | 14 | _transform(chunk, encoding, callback) { 15 | this.hash.update(chunk); 16 | this.bytes += chunk.length; 17 | this.push(chunk); 18 | callback(); 19 | } 20 | 21 | _flush(callback) { 22 | this.emit('hash', { 23 | hash: this.hash.digest('hex'), 24 | bytes: this.bytes 25 | }); 26 | callback(); 27 | } 28 | } 29 | 30 | module.exports = StreamHash; 31 | -------------------------------------------------------------------------------- /plugins/core/srs.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const SRS = require('srs.js'); 4 | 5 | module.exports.title = 'SRS Rewriter'; 6 | module.exports.init = function(app, done) { 7 | const srsRewriter = new SRS({ 8 | secret: app.config.secret 9 | }); 10 | 11 | app.addHook('sender:headers', (delivery, connection, next) => { 12 | if (delivery.envelope.from) { 13 | let from = delivery.envelope.from; 14 | let domain = from.substr(from.lastIndexOf('@') + 1).toLowerCase(); 15 | if (!app.config.excludeDomains.includes(domain) && domain !== app.config.rewriteDomain) { 16 | delivery.envelope.from = srsRewriter.rewrite(from.substr(0, from.lastIndexOf('@')), domain) + '@' + app.config.rewriteDomain; 17 | } 18 | } 19 | next(); 20 | }); 21 | 22 | done(); 23 | }; 24 | -------------------------------------------------------------------------------- /lib/counters.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | // Internal counters for debugging 4 | module.exports.counters = new Map(); 5 | module.exports.started = new Date(); 6 | module.exports.count = (key, increment) => { 7 | increment = Number(increment) || 1; 8 | if (module.exports.counters.has(key)) { 9 | module.exports.counters.set(key, module.exports.counters.get(key) + increment); 10 | } else { 11 | module.exports.counters.set(key, increment); 12 | } 13 | }; 14 | module.exports.clear = () => { 15 | module.exports.started = new Date(); 16 | module.exports.counters.clear(); 17 | }; 18 | module.exports.list = () => { 19 | let list = []; 20 | module.exports.counters.forEach((value, key) => { 21 | list.push({ 22 | key, 23 | value 24 | }); 25 | }); 26 | list = list.sort((a, b) => b.value - a.value); 27 | let result = {}; 28 | list.forEach(item => { 29 | result[item.key] = item.value; 30 | }); 31 | result.startTime = module.exports.started.toISOString(); 32 | return result; 33 | }; 34 | -------------------------------------------------------------------------------- /lib/byte-counter.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const Transform = require('stream').Transform; 4 | 5 | class ByteCounter extends Transform { 6 | constructor(options) { 7 | super(options); 8 | 9 | this.created = Date.now(); 10 | this.started = false; 11 | this.finished = false; 12 | this.byteSize = 0; 13 | this.finished = false; 14 | } 15 | 16 | _transform(chunk, encoding, callback) { 17 | if (chunk && chunk.length) { 18 | if (!this.started) { 19 | this.started = Date.now(); 20 | } 21 | this.byteSize += chunk.length; 22 | } 23 | return callback(null, chunk); 24 | } 25 | 26 | stats() { 27 | return { 28 | size: this.byteSize, 29 | time: this.finished ? this.finished - this.created : false, 30 | start: this.started ? this.started - this.created : false 31 | }; 32 | } 33 | 34 | _flush(callback) { 35 | this.finished = Date.now(); 36 | callback(); 37 | } 38 | } 39 | 40 | module.exports = ByteCounter; 41 | -------------------------------------------------------------------------------- /lib/message-parser.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const Transform = require('stream').Transform; 4 | 5 | /** 6 | * MessageParser instance is a transform stream that separates message headers 7 | * from the rest of the body. Headers are emitted with the 'headers' event. Message 8 | * body is passed on as the resulting stream. 9 | */ 10 | class MessageParser extends Transform { 11 | constructor() { 12 | let options = { 13 | readableObjectMode: false, 14 | writableObjectMode: true 15 | }; 16 | super(options); 17 | this.headers = false; 18 | } 19 | 20 | _transform(data, encoding, callback) { 21 | if (!this.headers && data.type === 'node') { 22 | this.headers = data.headers; 23 | if (typeof this.onHeaders === 'function') { 24 | return this.onHeaders(this.headers, callback); 25 | } 26 | } else { 27 | let buf = data.type === 'node' ? data.getHeaders() : data.value; 28 | this.push(buf); 29 | } 30 | 31 | setImmediate(callback); 32 | } 33 | 34 | _flush(callback) { 35 | callback(); 36 | } 37 | } 38 | 39 | module.exports = MessageParser; 40 | -------------------------------------------------------------------------------- /lib/transport/server.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const net = require('net'); 4 | const Connection = require('./connection'); 5 | const EventEmitter = require('events'); 6 | 7 | class Server extends EventEmitter { 8 | constructor(options) { 9 | super(options); 10 | 11 | this.clients = new Set(); 12 | 13 | this.server = net.createServer(socket => { 14 | let client = new Connection(socket); 15 | this.clients.add(client); 16 | client.on('close', () => { 17 | this.clients.delete(client); 18 | }); 19 | client.once('error', () => { 20 | this.clients.delete(client); 21 | }); 22 | this.emit('client', client); 23 | }); 24 | 25 | this.server.once('error', err => { 26 | this.emit('error', err); 27 | }); 28 | } 29 | 30 | listen() { 31 | this.server.listen(...arguments); 32 | } 33 | 34 | close(next) { 35 | this.clients.forEach(client => { 36 | client.send({ 37 | cmd: 'close' 38 | }); 39 | client.close(); 40 | }); 41 | this.server.close(next); 42 | } 43 | } 44 | 45 | module.exports = Server; 46 | -------------------------------------------------------------------------------- /lib/size-limiter.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const Transform = require('stream').Transform; 4 | 5 | class SizeLimiter extends Transform { 6 | constructor(options) { 7 | super(); 8 | this.options = options || {}; 9 | this.maxSize = Number(this.options.maxSize); 10 | this.byteSize = 0; 11 | this.finished = false; 12 | } 13 | 14 | _transform(chunk, encoding, callback) { 15 | if (!chunk || !chunk.length) { 16 | return callback(); 17 | } 18 | 19 | if (typeof chunk === 'string') { 20 | chunk = new Buffer(chunk, encoding); 21 | } 22 | 23 | this.byteSize += chunk.length; 24 | 25 | if (this.finished) { 26 | return callback(); 27 | } 28 | 29 | if (this.byteSize > this.maxSize) { 30 | this.finished = true; 31 | } 32 | 33 | this.push(chunk); 34 | 35 | return callback(); 36 | } 37 | 38 | _flush(callback) { 39 | if (this.finished) { 40 | let err = new Error('Error: message exceeds fixed maximum message size ' + this.maxSize + ' B (' + this.byteSize + ' B)'); 41 | err.name = 'SMTPResponse'; 42 | err.responseCode = 552; 43 | return callback(err); 44 | } 45 | callback(); 46 | } 47 | } 48 | 49 | module.exports = SizeLimiter; 50 | -------------------------------------------------------------------------------- /test/ttl-cache-test.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const TtlCache = require('../lib/ttl-cache'); 4 | 5 | module.exports['Set and let expire'] = test => { 6 | let cache = new TtlCache(); 7 | let expireCbCalled = 0; 8 | 9 | cache.set('key1', 'val1', 403, () => { 10 | expireCbCalled++; 11 | }); 12 | 13 | cache.set('key2', 'val2', 803, () => { 14 | expireCbCalled++; 15 | }); 16 | cache.set('key3', 'val3', 203, () => { 17 | expireCbCalled++; 18 | }); 19 | 20 | setTimeout(() => { 21 | test.ok(!cache.get('key1')); 22 | test.ok(cache.get('key2')); 23 | test.ok(!cache.get('key3')); 24 | }, 650); 25 | 26 | let interval = setInterval(() => { 27 | let key1 = cache.get('key1'); 28 | let key2 = cache.get('key2'); 29 | let key3 = cache.get('key3'); 30 | 31 | if (key3) { 32 | test.equal(key1, 'val1'); 33 | test.equal(key2, 'val2'); 34 | test.equal(key3, 'val3'); 35 | } else if (key1) { 36 | test.equal(key1, 'val1'); 37 | test.equal(key2, 'val2'); 38 | } else if (key2) { 39 | test.equal(key2, 'val2'); 40 | } else if (!key1 && !key2 && !key3) { 41 | test.ok(expireCbCalled); 42 | clearInterval(interval); 43 | test.done(); 44 | } 45 | }, 10); 46 | }; 47 | -------------------------------------------------------------------------------- /plugins/core/image-hashes.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const crypto = require('crypto'); 4 | 5 | // Set module title 6 | module.exports.title = 'Image Hashes'; 7 | 8 | // Initialize the module 9 | module.exports.init = (app, done) => { 10 | // This example calculates MD5 hash for every image in the message 11 | app.addStreamHook( 12 | (envelope, node) => /^(image|application)\//i.test(node.contentType), 13 | (envelope, node, source, done) => { 14 | let hash = crypto.createHash('md5'); 15 | let filename = node.filename; 16 | let contentType = node.contentType; 17 | let bytes = 0; 18 | 19 | source.on('data', chunk => { 20 | bytes += chunk.length; 21 | hash.update(chunk); 22 | }); 23 | 24 | source.on('end', () => { 25 | if (!envelope.attachments) { 26 | envelope.attachments = []; 27 | } 28 | hash = hash.digest('hex'); 29 | envelope.attachments.push({ 30 | name: filename, 31 | type: contentType, 32 | bytes, 33 | hash 34 | }); 35 | app.logger.info('ImageHash', '%s ATTACHMENT name="%s" type="%s" size=%s md5=%s', envelope.id, filename || '', contentType, bytes, hash); 36 | done(); 37 | }); 38 | } 39 | ); 40 | 41 | // all set up regarding this plugin 42 | done(); 43 | }; 44 | -------------------------------------------------------------------------------- /plugins/core/http-auth.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const fetch = require('nodemailer/lib/fetch'); 4 | const urllib = require('url'); 5 | 6 | module.exports.title = 'HTTP Basic Authorization'; 7 | module.exports.init = function(app, done) { 8 | // Listen for AUTH command 9 | // Make a Authorization:Basic call against an HTTP URL to authenticate an user 10 | app.addHook('smtp:auth', (auth, session, next) => { 11 | let urlparts = urllib.parse(app.config.url, true, true); 12 | 13 | urlparts.search = false; 14 | urlparts.query.transport = 'SMTP'; 15 | urlparts.auth = encodeURIComponent(auth.username || '') + ':' + encodeURIComponent(auth.password || ''); 16 | 17 | let returned = false; 18 | let req = fetch(urllib.format(urlparts)); 19 | 20 | req.on('data', () => false); // ignore response data 21 | req.once('error', err => { 22 | if (returned) { 23 | return; 24 | } 25 | returned = true; 26 | // do not provide any details about the failure 27 | err.message = new Error('Authentication failed'); 28 | err.responseCode = 535; 29 | return next(err); 30 | }); 31 | req.on('end', () => { 32 | if (returned) { 33 | return; 34 | } 35 | returned = true; 36 | // consider the authentication as succeeded as we did not get an error 37 | next(); 38 | }); 39 | }); 40 | 41 | done(); 42 | }; 43 | -------------------------------------------------------------------------------- /indexes.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | indexes: 3 | 4 | - collection: files 5 | key: gfs # actual collection name is options[gfs].files 6 | index: 7 | name: mailupload 8 | key: 9 | uploadDate: 1 10 | 11 | - collection: files 12 | key: gfs 13 | index: 14 | name: mailfile 15 | key: 16 | filename: 1 17 | 18 | - collection: suppressionlist 19 | index: 20 | name: suppressed_address 21 | key: 22 | address: 1 23 | 24 | - collection: suppressionlist 25 | index: 26 | name: suppressed_domain 27 | key: 28 | domain: 1 29 | 30 | - collection: suppressionlist 31 | index: 32 | name: list_by_newer 33 | key: 34 | created: -1 35 | 36 | - collection: false # from variable based on .key 37 | key: collection # actual collection name is options[collection] 38 | index: 39 | name: findall 40 | key: 41 | created: 1 42 | 43 | - collection: false # from variable based on .key 44 | key: collection 45 | index: 46 | name: search_next 47 | key: 48 | sendingZone: 1 49 | queued: 1 50 | locked: 1 51 | assigned: 1 52 | domain: 1 53 | 54 | - collection: false # from variable based on .key 55 | key: collection 56 | index: 57 | name: find_all_queued 58 | key: 59 | queued: 1 60 | 61 | - collection: false # from variable based on .key 62 | key: collection 63 | index: 64 | name: delivery 65 | key: 66 | id: 1 67 | seq: 1 68 | 69 | - collection: false # from variable based on .key 70 | key: collection 71 | index: 72 | name: message_locking 73 | key: 74 | locked: 1 75 | assigned: 1 76 | lockTime: 1 77 | -------------------------------------------------------------------------------- /lib/transport/client.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const net = require('net'); 4 | const Connection = require('./connection'); 5 | const EventEmitter = require('events'); 6 | 7 | class Client extends EventEmitter { 8 | constructor(options) { 9 | super(); 10 | this.options = options || {}; 11 | this.connected = false; 12 | this.socket = false; 13 | this.client = false; 14 | } 15 | 16 | connect(next) { 17 | if (this.socket) { 18 | return setImmediate(() => next(new Error('Socket already created'))); 19 | } 20 | 21 | this.socket = net.connect(this.options, () => { 22 | this.connected = true; 23 | 24 | this.client = new Connection(this.socket); 25 | 26 | this.client.once('close', () => { 27 | this.emit('close'); 28 | }); 29 | 30 | this.client.once('error', err => { 31 | this.emit('error', err); 32 | }); 33 | 34 | this.client.onData = (data, next) => { 35 | this.onData(data, next); 36 | }; 37 | 38 | next(); 39 | }); 40 | 41 | this.socket.once('error', err => { 42 | if (!this.connected) { 43 | return next(err); 44 | } 45 | }); 46 | } 47 | 48 | send(data) { 49 | if (!this.connected) { 50 | return false; 51 | } 52 | return this.client.send(data); 53 | } 54 | 55 | close() { 56 | if (!this.connected) { 57 | return false; 58 | } 59 | this.client.close(); 60 | } 61 | } 62 | 63 | module.exports = Client; 64 | -------------------------------------------------------------------------------- /plugins/core/dkim.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const fs = require('fs'); 4 | 5 | module.exports.title = 'DKIM signer'; 6 | module.exports.init = function (app, done) { 7 | let privKey; 8 | 9 | try { 10 | privKey = fs.readFileSync(app.config.path, 'ascii').trim(); 11 | } catch (E) { 12 | app.logger.error('DKIM', 'Failed loading key: %s', E.message); 13 | return done(); 14 | } 15 | 16 | app.addHook('sender:connection', (delivery, options, next) => { 17 | if (!delivery.dkim.keys) { 18 | delivery.dkim.keys = []; 19 | } 20 | 21 | let from = delivery.envelope.from || ''; 22 | let fromDomain = from.substr(from.lastIndexOf('@') + 1).toLowerCase(); 23 | let headersToSign = app.config.headerFields.join(':') || ''; 24 | let additionalHeaderFields = app.config.additionalHeaderFields.join(':') || ''; 25 | 26 | delivery.dkim.keys.push({ 27 | domainName: app.config.domain || fromDomain, 28 | keySelector: app.config.selector, 29 | privateKey: privKey, 30 | headerFieldNames: headersToSign, 31 | additionalHeaderFieldNames: additionalHeaderFields 32 | }); 33 | 34 | if (options.localHostname && app.config.signTransportDomain && !delivery.dkim.keys.find(key => key.domainName === options.localHostname)) { 35 | delivery.dkim.keys.push({ 36 | domainName: options.localHostname, 37 | keySelector: app.config.selector, 38 | privateKey: privKey, 39 | headerFieldNames: headersToSign, 40 | additionalHeaderFieldNames: additionalHeaderFields 41 | }); 42 | } 43 | 44 | next(); 45 | }); 46 | 47 | done(); 48 | }; 49 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "zone-mta", 3 | "private": false, 4 | "version": "3.3.0", 5 | "description": "Tiny outbound MTA", 6 | "main": "app.js", 7 | "scripts": { 8 | "test": "grunt", 9 | "start": "node app.js", 10 | "show": "NODE_CONFIG_ONLY=true node app.js", 11 | "certs": "mkdir -p keys && cd keys && openssl req -x509 -newkey rsa:2048 -nodes -subj \"/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.example.com\" -keyout private.key -out server.crt -days 365" 12 | }, 13 | "author": "Andris Reinman", 14 | "license": "EUPL-1.1+", 15 | "dependencies": { 16 | "crc-32": "1.2.1", 17 | "dnscache": "1.0.2", 18 | "gelf": "2.0.1", 19 | "ioredis": "4.28.5", 20 | "isemail": "3.2.0", 21 | "js-yaml": "4.1.0", 22 | "libmime": "5.0.0", 23 | "mailsplit": "5.3.1", 24 | "minimist": "1.2.5", 25 | "mongodb": "4.4.0", 26 | "msgpack-js": "0.3.0", 27 | "mx-connect": "1.2.0", 28 | "nodemailer": "6.7.2", 29 | "npmlog": "6.0.1", 30 | "prom-client": "14.0.1", 31 | "punycode": "2.1.1", 32 | "request": "2.88.2", 33 | "restify": "8.6.1", 34 | "seq-index": "1.1.0", 35 | "smtp-server": "3.10.0", 36 | "srs.js": "0.1.0", 37 | "uuid": "8.3.2", 38 | "wild-config": "1.6.0" 39 | }, 40 | "devDependencies": { 41 | "ajv": "8.10.0", 42 | "eslint": "8.9.0", 43 | "eslint-config-nodemailer": "1.2.0", 44 | "eslint-config-prettier": "8.4.0", 45 | "grunt": "1.4.1", 46 | "grunt-cli": "1.4.3", 47 | "grunt-contrib-nodeunit": "4.0.0", 48 | "grunt-eslint": "24.0.0", 49 | "moment": "2.29.1", 50 | "random-message": "1.1.0", 51 | "zip-stream": "4.1.0" 52 | }, 53 | "engines": { 54 | "node": ">=10.0.0" 55 | }, 56 | "bin": { 57 | "check-bounce": "bin/check-bounce.js" 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /plugins/core/http-bounce.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const fetch = require('nodemailer/lib/fetch'); 4 | 5 | module.exports.title = 'HTTP Bounce Notification'; 6 | module.exports.init = function(app, done) { 7 | // Send bounce notification to a HTTP url 8 | app.addHook('queue:bounce', (bounce, maildrop, next) => { 9 | let retries = 0; 10 | let body = { 11 | id: bounce.id, 12 | to: bounce.to, 13 | seq: bounce.seq, 14 | returnPath: bounce.from, 15 | category: bounce.category, 16 | time: bounce.time, 17 | response: bounce.response 18 | }; 19 | 20 | let fbl = bounce.headers.getFirst('X-FBL'); 21 | 22 | if (fbl) { 23 | body.fbl = fbl; 24 | } 25 | 26 | let notifyBounce = () => { 27 | // send bounce information 28 | let returned; 29 | let stream = fetch(app.config.url, { 30 | body 31 | }); 32 | 33 | stream.on('readable', () => { 34 | while (stream.read() !== null) { 35 | // ignore 36 | } 37 | }); 38 | 39 | stream.once('error', err => { 40 | if (returned) { 41 | return; 42 | } 43 | returned = true; 44 | app.logger.error('HTTPBounce[' + process.pid + ']', 'Could not send bounce info'); 45 | app.logger.error('HTTPBounce[' + process.pid + ']', err.message); 46 | if (retries++ <= 5) { 47 | setTimeout(notifyBounce, Math.pow(retries, 2) * 1000).unref(); 48 | } else { 49 | next(); 50 | } 51 | }); 52 | 53 | stream.on('end', () => { 54 | if (returned) { 55 | return; 56 | } 57 | returned = true; 58 | next(); 59 | }); 60 | }; 61 | 62 | setImmediate(notifyBounce); 63 | }); 64 | 65 | done(); 66 | }; 67 | -------------------------------------------------------------------------------- /lib/line-ends.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const stream = require('stream'); 4 | const Transform = stream.Transform; 5 | 6 | /** 7 | * Make sure that only sequences are used for linebreaks 8 | * 9 | * @param {Object} options Stream options 10 | */ 11 | class LineEnds extends Transform { 12 | constructor(options) { 13 | super(options); 14 | // init Transform 15 | this.inByteCount = 0; 16 | this.outByteCount = 0; 17 | this.lastByte = false; 18 | } 19 | 20 | /** 21 | * Convert line endings to 22 | */ 23 | _transform(chunk, encoding, done) { 24 | let chunks = []; 25 | let chunklen = 0; 26 | let i, 27 | len, 28 | lastPos = 0; 29 | let buf; 30 | 31 | if (!chunk || !chunk.length) { 32 | return done(); 33 | } 34 | 35 | if (typeof chunk === 'string') { 36 | chunk = Buffer.from(chunk, encoding); 37 | } 38 | 39 | this.inByteCount += chunk.length; 40 | 41 | for (i = 0, len = chunk.length; i < len; i++) { 42 | if (chunk[i] === 0x0a) { 43 | // \n 44 | if ((i && chunk[i - 1] !== 0x0d) || (!i && this.lastByte !== 0x0d)) { 45 | // prepend missing \r 46 | if (i > lastPos) { 47 | buf = chunk.slice(lastPos, i); 48 | chunks.push(buf); 49 | chunklen += buf.length + 2; 50 | } else { 51 | chunklen += 2; 52 | } 53 | chunks.push(Buffer.from('\r\n')); 54 | lastPos = i + 1; 55 | } 56 | } 57 | } 58 | 59 | if (chunklen) { 60 | // add last piece 61 | if (lastPos < chunk.length) { 62 | buf = chunk.slice(lastPos); 63 | chunks.push(buf); 64 | chunklen += buf.length; 65 | } 66 | 67 | this.outByteCount += chunklen; 68 | this.push(Buffer.concat(chunks, chunklen)); 69 | } else { 70 | this.outByteCount += chunk.length; 71 | this.push(chunk); 72 | } 73 | 74 | this.lastByte = chunk[chunk.length - 1]; 75 | done(); 76 | } 77 | } 78 | 79 | module.exports = LineEnds; 80 | -------------------------------------------------------------------------------- /test/dkim-relaxed-body-test.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | let fs = require('fs'); 4 | let DkimRelaxedBody = require('../lib/dkim-relaxed-body'); 5 | 6 | module.exports['Calculate body hash byte by byte'] = test => { 7 | fs.readFile(__dirname + '/fixtures/message1.eml', 'utf-8', (err, message) => { 8 | test.ifError(err); 9 | 10 | message = message.replace(/\r?\n/g, '\r\n'); 11 | message = message.split('\r\n\r\n'); 12 | message.shift(); 13 | message = message.join('\r\n\r\n'); 14 | 15 | message = Buffer.from(message); 16 | 17 | let s = new DkimRelaxedBody({ 18 | hashAlgo: 'sha256', 19 | debug: true 20 | }); 21 | 22 | s.on('hash', hash => { 23 | test.equal(hash, 'V42It+OeQEd8AxbXHLJW9KkYkv/+fy9B6c33emWfVI4='); 24 | test.done(); 25 | }); 26 | 27 | let pos = 0; 28 | let stream = () => { 29 | if (pos >= message.length) { 30 | return s.end(); 31 | } 32 | let ord = Buffer.from([message[pos++]]); 33 | s.write(ord); 34 | setImmediate(stream); 35 | }; 36 | setImmediate(stream); 37 | }); 38 | }; 39 | 40 | module.exports['Calculate body hash byte all at once'] = test => { 41 | fs.readFile(__dirname + '/fixtures/message1.eml', 'utf-8', (err, message) => { 42 | test.ifError(err); 43 | 44 | message = message.replace(/\r?\n/g, '\r\n'); 45 | message = message.split('\r\n\r\n'); 46 | message.shift(); 47 | message = message.join('\r\n\r\n'); 48 | 49 | message = Buffer.from(message); 50 | 51 | let s = new DkimRelaxedBody({ 52 | hashAlgo: 'sha256', 53 | debug: true 54 | }); 55 | 56 | s.on('hash', hash => { 57 | test.equal(hash, 'V42It+OeQEd8AxbXHLJW9KkYkv/+fy9B6c33emWfVI4='); 58 | test.done(); 59 | }); 60 | 61 | setImmediate(() => s.end(message)); 62 | }); 63 | }; 64 | 65 | module.exports['Calculate body hash for empty message'] = test => { 66 | let message = Buffer.from('\r\n'); 67 | 68 | let s = new DkimRelaxedBody({ 69 | hashAlgo: 'sha256', 70 | debug: true 71 | }); 72 | 73 | s.on('hash', hash => { 74 | test.equal(hash, '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='); 75 | test.done(); 76 | }); 77 | 78 | let pos = 0; 79 | let stream = () => { 80 | if (pos >= message.length) { 81 | return s.end(); 82 | } 83 | let ord = Buffer.from([message[pos++]]); 84 | s.write(ord); 85 | setImmediate(stream); 86 | }; 87 | setImmediate(stream); 88 | }; 89 | -------------------------------------------------------------------------------- /lib/transport/connection.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const FrameParser = require('./frame-parser'); 4 | const EventEmitter = require('events'); 5 | const frames = require('./frames'); 6 | 7 | class Connection extends EventEmitter { 8 | constructor(socket) { 9 | super(); 10 | 11 | this.socket = socket; 12 | 13 | this.parser = new FrameParser(this.socket, (frame, next) => { 14 | let data; 15 | 16 | try { 17 | data = frames.parse(frame); 18 | } catch (E) { 19 | this.onError(new Error('Invalid data frame. ' + E.message)); 20 | return this.close(); 21 | } 22 | 23 | this.onData(data, err => { 24 | if (err) { 25 | this.onError(err); 26 | return this.close(); 27 | } 28 | setImmediate(next); 29 | }); 30 | }); 31 | 32 | let onClose = () => { 33 | if (this._closed) { 34 | return; 35 | } 36 | 37 | this._closed = true; 38 | this._closing = false; 39 | this.emit('close'); 40 | }; 41 | 42 | this.socket.once('close', onClose); 43 | this.socket.once('end', onClose); 44 | 45 | this.socket.once('error', err => this.onError(err)); 46 | this.parser.once('error', err => { 47 | this.onError(err); 48 | return this.close(); 49 | }); 50 | } 51 | 52 | send(data) { 53 | if (this.closing || this.closed) { 54 | return false; 55 | } 56 | 57 | if (this.socket.destroyed) { 58 | return this.close(); 59 | } 60 | 61 | let chunk = frames.encode(data); 62 | let response; 63 | 64 | try { 65 | response = this.socket.write(chunk); 66 | } catch (E) { 67 | return this.close(); 68 | } 69 | 70 | return response; 71 | } 72 | 73 | onError(err) { 74 | if (err.code === 'ECONNRESET' || err.code === 'EPIPE') { 75 | return this.close(); 76 | } 77 | 78 | this.emit('error', err); 79 | } 80 | 81 | close() { 82 | if (this._closed || this._closing) { 83 | return false; 84 | } 85 | 86 | if (this.socket && !this.socket.destroyed) { 87 | try { 88 | this.socket.end(); 89 | } catch (E) { 90 | // just ignore 91 | } 92 | } 93 | 94 | this._closing = true; 95 | this.emit('close'); 96 | } 97 | } 98 | 99 | module.exports = Connection; 100 | -------------------------------------------------------------------------------- /lib/ip-tools.js: -------------------------------------------------------------------------------- 1 | /* eslint global-require:0 */ 2 | 'use strict'; 3 | 4 | const config = require('wild-config'); 5 | const dns = require('dns'); 6 | const log = require('npmlog'); 7 | const db = require('./db'); 8 | 9 | const nameservers = [].concat(config.nameservers || []); 10 | 11 | const logKey = `DNS/${process.pid}`; 12 | const CACHE_GET_MAX_WAIT = 500; // how much time to wait for the cache to respond 13 | 14 | // set the nameservers to use for resolving 15 | 16 | if (nameservers.length) { 17 | dns.setServers(nameservers); 18 | } 19 | 20 | class RedisCache { 21 | constructor(conf) { 22 | conf = conf || {}; 23 | this.ttl = parseInt(conf.ttl, 10) || 300; //0 is not permissible 24 | } 25 | 26 | set(key, value, callback) { 27 | if (typeof value === 'undefined') { 28 | return callback(); 29 | } 30 | if (!db.redis) { 31 | return callback(); 32 | } 33 | 34 | db.redis 35 | .multi() 36 | .set('dns:' + key, JSON.stringify(value)) 37 | .expire('dns:' + key, this.ttl) 38 | .exec((...args) => { 39 | if (args[0]) { 40 | // err 41 | log.error(logKey, 'DNSREDISERR SET key=%s error=%s', key, args[0].message); 42 | } 43 | callback(...args); 44 | }); 45 | } 46 | 47 | get(key, callback) { 48 | if (!db.redis) { 49 | return callback(); 50 | } 51 | 52 | let finished = false; 53 | let waitUntil = setTimeout(() => { 54 | if (finished) { 55 | return; 56 | } 57 | finished = true; 58 | return callback(); 59 | }, CACHE_GET_MAX_WAIT); 60 | 61 | db.redis.get('dns:' + key, (err, value) => { 62 | clearTimeout(waitUntil); 63 | if (finished) { 64 | return; 65 | } 66 | finished = true; 67 | 68 | if (err) { 69 | log.error(logKey, 'DNSREDISERR GET key=%s error=%s', key, err.message); 70 | // treat errors as a MISS 71 | return callback(); 72 | } 73 | 74 | if (!value) { 75 | log.silly(logKey, 'DNSCACHEMISS key=%s', key); 76 | return callback(); 77 | } 78 | try { 79 | value = JSON.parse(value); 80 | } catch (E) { 81 | return callback(); 82 | } 83 | 84 | log.silly(logKey, 'DNSCACHEHIT key=%s', key); 85 | callback(null, value); 86 | }); 87 | } 88 | } 89 | 90 | // use caching 91 | if (config.dns.caching) { 92 | // setup DNS caching 93 | require('dnscache')({ 94 | enable: true, 95 | ttl: config.dns.cacheTTL, 96 | cachesize: 1000, 97 | cache: RedisCache 98 | }); 99 | log.info(logKey, 'Loaded DNS cache'); 100 | } 101 | -------------------------------------------------------------------------------- /plugins/core/http-config.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const fetch = require('nodemailer/lib/fetch'); 4 | const addressTools = require('../../lib/address-tools'); 5 | 6 | module.exports.title = 'HTTP Sender Config'; 7 | module.exports.init = function(app, done) { 8 | let sessions = new WeakMap(); 9 | 10 | let getConfig = (mailFrom, session, next) => { 11 | let returned = false; 12 | let stream = fetch(app.config.url, { 13 | body: { 14 | from: mailFrom || '', 15 | origin: session.remoteAddress || '', 16 | originhost: session.clientHostname || '', 17 | transhost: session.hostNameAppearsAs || '', 18 | transtype: session.transmissionType || '', 19 | user: session.user || '' 20 | } 21 | }); 22 | let chunks = []; 23 | let chunklen = 0; 24 | 25 | stream.on('readable', () => { 26 | let chunk; 27 | while ((chunk = stream.read()) !== null) { 28 | chunks.push(chunk); 29 | chunklen += chunk.length; 30 | } 31 | }); 32 | 33 | stream.once('error', err => { 34 | if (returned) { 35 | return; 36 | } 37 | returned = true; 38 | err.responseCode = 442; 39 | return next(err); 40 | }); 41 | 42 | stream.on('end', () => { 43 | if (returned) { 44 | return; 45 | } 46 | returned = true; 47 | let data; 48 | let response = Buffer.concat(chunks, chunklen); 49 | 50 | try { 51 | data = JSON.parse(response.toString()); 52 | } catch (E) { 53 | E.responseCode = 442; 54 | return next(E); 55 | } 56 | 57 | if (data.error) { 58 | let err = new Error(data.error); 59 | err.responseCode = data.code; 60 | return next(err); 61 | } 62 | 63 | // there is no envelope yet at this point, so store 64 | // this information for later 65 | sessions.set(session, data); 66 | 67 | return next(); 68 | }); 69 | }; 70 | 71 | let updateConfig = (envelope, session, next) => { 72 | if (sessions.has(session)) { 73 | let data = sessions.get(session); 74 | sessions.delete(session); 75 | Object.keys(data || {}).forEach(key => { 76 | envelope[key] = data[key]; 77 | }); 78 | } 79 | next(); 80 | }; 81 | 82 | // Listen for MAIL FROM command 83 | // Requests sender config from an API server 84 | app.addHook('smtp:mail_from', (address, session, next) => { 85 | let mailFrom = addressTools.normalizeAddress((address && address.address) || address); 86 | 87 | getConfig(mailFrom, session, next); 88 | }); 89 | 90 | // Called when a mail is dropped to HTTP 91 | app.addHook('api:mail', (envelope, session, next) => { 92 | getConfig(envelope.from, session, err => { 93 | if (err) { 94 | return next(err); 95 | } 96 | updateConfig(envelope, session, next); 97 | }); 98 | }); 99 | 100 | app.addHook('smtp:data', updateConfig); 101 | 102 | done(); 103 | }; 104 | -------------------------------------------------------------------------------- /plugins/core/clamav/clamav-client.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const net = require('net'); 4 | const Transform = require('stream').Transform; 5 | 6 | class ClamStream extends Transform { 7 | constructor(options) { 8 | super(options); 9 | this._started = false; 10 | } 11 | 12 | _transform(chunk, encoding, done) { 13 | if (!this._started) { 14 | this.push('zINSTREAM\x00'); 15 | this._started = true; 16 | } 17 | 18 | let size = Buffer.allocUnsafe(4); 19 | size.writeInt32BE(chunk.length, 0); 20 | this.push(size); 21 | this.push(chunk); 22 | 23 | done(); 24 | } 25 | 26 | _flush(done) { 27 | let size = Buffer.allocUnsafe(4); 28 | size.writeInt32BE(0, 0); 29 | this.push(size); 30 | 31 | done(); 32 | } 33 | } 34 | 35 | module.exports = (port, host, stream, done) => { 36 | port = port || 3310; 37 | host = host || '127.0.0.1'; 38 | 39 | let socket = new net.Socket(); 40 | let response = ''; 41 | let closeTimer = false; 42 | 43 | let returned = false; 44 | let callback = (...args) => { 45 | clearTimeout(closeTimer); 46 | if (returned) { 47 | return; // ignore 48 | } 49 | returned = true; 50 | done(...args); 51 | }; 52 | 53 | socket.connect( 54 | port, 55 | host, 56 | () => { 57 | socket.setTimeout(10 * 1000); 58 | let client = new ClamStream(); 59 | stream.on('end', () => false); 60 | stream.on('error', callback); 61 | stream.pipe(client).pipe(socket); 62 | } 63 | ); 64 | 65 | socket.on('readable', () => { 66 | let chunk; 67 | 68 | while ((chunk = socket.read()) !== null) { 69 | response += chunk.toString(); 70 | 71 | if (chunk.toString().indexOf('\x00') >= 0) { 72 | socket.end(); 73 | let result = response.match(/^stream: (.+) FOUND/); 74 | if (result !== null) { 75 | return callback(null, { clean: false, response: result[1] }); 76 | } else if (response.indexOf('stream: OK') >= 0) { 77 | return callback(null, { clean: true }); 78 | } else { 79 | result = response.match(/^(.+) ERROR/); 80 | if (result !== null) { 81 | return callback(new Error(result[1])); 82 | } else { 83 | return callback(new Error('ERROR response=' + response)); 84 | } 85 | } 86 | } 87 | } 88 | }); 89 | 90 | socket.on('error', err => { 91 | try { 92 | socket.destroy(); 93 | } catch (err) { 94 | // ignore 95 | } 96 | 97 | callback(err); 98 | }); 99 | 100 | socket.on('timeout', () => { 101 | try { 102 | socket.destroy(); 103 | } catch (err) { 104 | // ignore 105 | } 106 | 107 | callback(new Error('Timeout connecting to ClamAV')); 108 | }); 109 | 110 | socket.on('close', () => { 111 | if (returned) { 112 | return; 113 | } 114 | closeTimer = setTimeout(() => { 115 | callback(new Error('Unexpected socket close')); 116 | }, 5000); 117 | }); 118 | 119 | socket.setTimeout(30 * 1000); 120 | }; 121 | -------------------------------------------------------------------------------- /lib/connection-pool.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const log = require('npmlog'); 4 | 5 | class ConnectionPool { 6 | 7 | constructor(sendCommand) { 8 | // the actual connection pool 9 | this.connectionPool = new Map(); 10 | 11 | this.sendCommand = sendCommand; 12 | 13 | log.info("ConnPool/"+process.pid, "Connection pool is ready to take connections"); 14 | } 15 | 16 | delete(connectionKey) { 17 | this.connectionPool.delete(connectionKey); 18 | } 19 | 20 | getConnection(connectionKey) { 21 | let connList = this.connectionPool.get(connectionKey); 22 | 23 | if (connList.length) { 24 | let conn = connList.shift(); 25 | 26 | // Connection list is empty, remove it from pool 27 | if (!connList.size) { 28 | this.connectionPool.delete(connectionKey); 29 | } 30 | clearTimeout(conn.timer); // prevent closing of socket 31 | if (conn.connection && conn.connection.connected && !conn.connection._closing && !conn.connection._destroyed) { 32 | // connection seems to be still open 33 | conn.connection.logtrail = []; // reset logtrail 34 | 35 | // send statistics to queue server in master process 36 | this.sendCommand({ cmd: 'COUNTMETRICS', metric: 'connPoolSizeGauge', func: 'dec' }, () => false); 37 | this.sendCommand({ cmd: 'COUNTMETRICS', metric: 'connReuseCounter', func: 'inc' }, () => false); 38 | 39 | return conn; 40 | } 41 | } 42 | return null; 43 | } 44 | 45 | killConnection(err, connection) { 46 | if (!err && typeof connection.quit === 'function') { 47 | connection.quit(); 48 | } 49 | if (typeof connection.close === 'function') { 50 | setImmediate(() => connection.close()); 51 | } 52 | } 53 | 54 | add(connectionKey, connection, ttl) { 55 | 56 | let killTimer = setTimeout(() => { 57 | if (this.has(connectionKey)) { 58 | let connList = this.connectionPool.get(connectionKey); 59 | for (let i = 0, len = connList.length; i < len; i++) { 60 | if (connList[i].connection === connection) { 61 | connList.splice(i, 1); 62 | break; 63 | } 64 | } 65 | if (!connList.length) { 66 | this.connectionPool.delete(connectionKey); 67 | } 68 | } 69 | 70 | this.sendCommand({ cmd: 'COUNTMETRICS', metric: 'connPoolSizeGauge', func: 'dec' }, () => false); 71 | this.killConnection(null, connection); 72 | }, ttl * 1000); 73 | killTimer.unref(); 74 | 75 | let conn = { 76 | timer: killTimer, 77 | connection 78 | }; 79 | 80 | log.verbose("ConnPool/"+process.pid, "Pooling connection for '"+connectionKey+"'"); 81 | this.sendCommand({ cmd: 'COUNTMETRICS', metric: 'connPoolSizeGauge', func: 'inc' }, () => false); 82 | if (this.has(connectionKey)) { 83 | // already cached connections found, appending new connection 84 | this.connectionPool.get(connectionKey).push(conn); 85 | } else { 86 | // no connections found, caching it 87 | this.connectionPool.set(connectionKey, [conn]); 88 | } 89 | } 90 | 91 | has(connectionKey) { 92 | return this.connectionPool.has(connectionKey); 93 | } 94 | } 95 | 96 | module.exports = ConnectionPool; 97 | -------------------------------------------------------------------------------- /lib/bounces.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const log = require('npmlog'); 4 | const fs = require('fs'); 5 | const path = require('path'); 6 | 7 | function reloadBounces() { 8 | let body; 9 | 10 | try { 11 | body = fs.readFileSync(path.join(__dirname, '..', 'config', 'bounces.txt'), 'utf-8'); 12 | } catch (E) { 13 | log.error('Bounces/' + process.pid, 'Could not load bounce rules. %s', E.message); 14 | if (module.exports.rules && module.exports.rules.length) { 15 | return; 16 | } 17 | process.exit(1); 18 | } 19 | 20 | // Parse defined rules into an array of bounce rules 21 | module.exports.rules = body 22 | .split(/\r?\n/) 23 | .map((line, nr) => { 24 | line = line.trim(); 25 | 26 | if (!line || line.charAt(0) === '#') { 27 | return false; 28 | } 29 | 30 | let parts = line.split(','); 31 | let re; 32 | 33 | try { 34 | re = new RegExp(parts[0], 'im'); 35 | } catch (E) { 36 | log.error('Bounces/' + process.pid, 'Invalid bounce rule regex /%s/ on line %s', parts[0], nr + 1); 37 | } 38 | 39 | return { 40 | re, 41 | action: parts[1], 42 | category: parts[2], 43 | message: parts.slice(3).join(','), 44 | line: nr + 1 45 | }; 46 | }) 47 | .filter(rule => rule && rule.re); 48 | body = null; 49 | 50 | log.verbose('Bounces/' + process.pid, 'Loaded %s bounce rules', module.exports.rules.length); 51 | } 52 | 53 | module.exports.reloadBounces = reloadBounces; 54 | 55 | module.exports.formatSMTPResponse = formatSMTPResponse; 56 | 57 | module.exports.check = (input, category) => { 58 | let str = formatSMTPResponse(input); 59 | if (!str) { 60 | return { 61 | action: 'reject', 62 | message: 'Unknown', 63 | category: category || 'other', 64 | code: 0, 65 | status: false 66 | }; 67 | } 68 | 69 | let parts = str.substr(0, 100).split(/[-\s]+/); 70 | let code = Number(parts[0]) || 0; 71 | let status = /^(\d+\.)+\d+$/.test(parts[1]) ? parts[1] : false; 72 | 73 | switch (category) { 74 | case 'dns': 75 | if (code && code > 500) { 76 | break; 77 | } 78 | return { 79 | action: 'defer', 80 | message: str.replace(/^[\d.\s]+/, ''), 81 | category, 82 | code, 83 | status 84 | }; 85 | } 86 | 87 | for (let i = 0, len = module.exports.rules.length; i < len; i++) { 88 | if (module.exports.rules[i].re.test(str)) { 89 | return { 90 | action: module.exports.rules[i].action, 91 | message: module.exports.rules[i].message, 92 | category: module.exports.rules[i].category, 93 | code, 94 | status, 95 | line: module.exports.rules[i].line 96 | }; 97 | } 98 | } 99 | 100 | // no idea, just reject 101 | return { 102 | action: 'reject', 103 | message: 'Unknown', 104 | code, 105 | status 106 | }; 107 | }; 108 | 109 | function formatSMTPResponse(str) { 110 | str = (str || '').toString().trim(); 111 | let code = str.match(/^\d{3}[\s-]+([\d.]+\s*)?/); 112 | return ((code ? code[0] : '') + (code ? str.substr(code[0].length) : str).replace(/^\d{3}[\s-]+([\d.]+\s*)?/gm, ' ')).replace(/\s+/g, ' ').trim(); 113 | } 114 | 115 | reloadBounces(); 116 | -------------------------------------------------------------------------------- /lib/remote-queue.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const config = require('wild-config'); 4 | const log = require('npmlog'); 5 | const db = require('./db'); 6 | const GridFSBucket = require('mongodb').GridFSBucket; 7 | 8 | class RemoteQueue { 9 | constructor() { 10 | this.mongodb = false; 11 | this.gridstore = false; 12 | this.sendCommand = false; 13 | } 14 | 15 | store(id, stream, callback) { 16 | let returned = false; 17 | let store = this.gridstore.openUploadStream('message ' + id, { 18 | contentType: 'message/rfc822', 19 | metadata: { 20 | created: new Date() 21 | } 22 | }); 23 | 24 | stream.once('error', err => { 25 | if (returned) { 26 | return; 27 | } 28 | returned = true; 29 | 30 | if (err.name !== 'SMTPResponse') { 31 | log.error('StoreStream', '%s STREAMERR %s', id, err.message); 32 | } else { 33 | log.info('StoreStream', '%s SMTPFAIL %s', id, err.message); 34 | } 35 | 36 | store.once('finish', () => { 37 | log.verbose('StoreStream', '%s CLEANUP', id); 38 | this.removeMessage(id, () => callback(err)); 39 | }); 40 | 41 | store.end(); 42 | }); 43 | 44 | store.once('error', err => { 45 | if (returned) { 46 | return; 47 | } 48 | returned = true; 49 | callback(err); 50 | }); 51 | 52 | store.on('finish', () => { 53 | if (returned) { 54 | return; 55 | } 56 | returned = true; 57 | 58 | return callback(null, id); 59 | }); 60 | 61 | stream.pipe(store); 62 | } 63 | 64 | setMeta(id, data, callback) { 65 | this.mongodb.collection(config.queue.gfs + '.files').updateOne( 66 | { 67 | filename: 'message ' + id 68 | }, 69 | { 70 | $set: { 71 | 'metadata.data': data 72 | } 73 | }, 74 | err => { 75 | if (err) { 76 | return callback(err); 77 | } 78 | return callback(); 79 | } 80 | ); 81 | } 82 | 83 | push(id, envelope, callback) { 84 | this.sendCommand( 85 | { 86 | cmd: 'PUSH', 87 | id, 88 | envelope 89 | }, 90 | callback 91 | ); 92 | } 93 | 94 | retrieve(id) { 95 | return this.gridstore.openDownloadStreamByName('message ' + id); 96 | } 97 | 98 | generateId(callback) { 99 | this.sendCommand('INDEX', callback); 100 | } 101 | 102 | removeMessage(id, callback) { 103 | this.sendCommand( 104 | { 105 | cmd: 'REMOVE', 106 | id 107 | }, 108 | callback 109 | ); 110 | } 111 | 112 | init(sendCommand, callback) { 113 | this.sendCommand = sendCommand; 114 | db.connect(err => { 115 | if (err) { 116 | log.error('Queue/' + process.pid, 'Could not initialize database: %s', err.message); 117 | return process.exit(1); 118 | } 119 | 120 | this.mongodb = db.senderDb; 121 | this.gridstore = new GridFSBucket(this.mongodb, { 122 | bucketName: config.queue.gfs 123 | }); 124 | 125 | return setImmediate(() => callback(null, true)); 126 | }); 127 | } 128 | } 129 | 130 | module.exports = RemoteQueue; 131 | -------------------------------------------------------------------------------- /lib/transport/frame-parser.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const EventEmitter = require('events'); 4 | 5 | // We use 4-bytes unsigned integers so we waste the fourth byte when limiting 6 | // max frame size number in megabytes. The good thing is that we can increase the 7 | // frame size in the future if needed 8 | const MAX_ALLOWED_FRAME_SIZE = 3 * 1024 * 1024; // 3MB 9 | 10 | class FrameParser extends EventEmitter { 11 | constructor(socket, handler) { 12 | super(); 13 | this.socket = socket; 14 | this.handler = handler; 15 | 16 | this.chunks = []; 17 | this.chunklen = 0; 18 | this.frame = false; 19 | 20 | this.processing = false; 21 | this.hasData = false; 22 | 23 | this.socket.on('readable', () => { 24 | this.hasData = true; 25 | if (!this.processing) { 26 | this.read(); 27 | } 28 | }); 29 | } 30 | 31 | read() { 32 | this.processing = true; 33 | let chunk; 34 | 35 | // enough data already piled up 36 | if (!this.frame && this.chunklen >= 4) { 37 | chunk = Buffer.concat(this.chunks, this.chunklen); 38 | this.chunks = []; 39 | this.chunklen = 0; 40 | } else { 41 | chunk = this.socket.read(); 42 | } 43 | 44 | if (chunk === null) { 45 | this.hasData = false; 46 | this.processing = false; 47 | // all done 48 | return; 49 | } 50 | 51 | if (!this.frame) { 52 | if (this.chunklen + chunk.length < 4) { 53 | this.chunks.push(chunk); 54 | this.chunklen += chunk.length; 55 | return setImmediate(() => this.read()); 56 | } 57 | if (this.chunklen) { 58 | this.chunks.push(chunk); 59 | this.chunklen += chunk.length; 60 | chunk = Buffer.concat(this.chunks, this.chunklen); 61 | this.chunks = []; 62 | this.chunklen = 0; 63 | } 64 | this.frame = chunk.readUInt32LE(0); 65 | 66 | if (this.frame > MAX_ALLOWED_FRAME_SIZE) { 67 | return this.emit('error', new Error('Invalid Frame Size ' + this.frame + ' (allowed %s' + MAX_ALLOWED_FRAME_SIZE + ')')); 68 | } 69 | if (chunk.length > 4) { 70 | chunk = chunk.slice(4); 71 | } else { 72 | return setImmediate(() => this.read()); 73 | } 74 | } 75 | 76 | if (this.chunklen + chunk.length < this.frame) { 77 | this.chunks.push(chunk); 78 | this.chunklen += chunk.length; 79 | return setImmediate(() => this.read()); 80 | } 81 | 82 | // we have a full dataframe! 83 | if (this.chunklen) { 84 | this.chunks.push(chunk); 85 | this.chunklen += chunk.length; 86 | chunk = Buffer.concat(this.chunks, this.chunklen); 87 | this.chunks = []; 88 | this.chunklen = 0; 89 | } 90 | 91 | return this.getFrame(chunk); 92 | } 93 | 94 | getFrame(chunk) { 95 | let frame; 96 | if (chunk.length === this.frame) { 97 | frame = chunk; 98 | chunk = false; 99 | } else { 100 | frame = chunk.slice(0, this.frame); 101 | chunk = chunk.slice(this.frame); 102 | this.chunks.push(chunk); 103 | this.chunklen += chunk.length; 104 | } 105 | this.frame = false; 106 | return setImmediate(() => this.processFrame(frame)); 107 | } 108 | 109 | processFrame(frame) { 110 | this.id = this.id || 0; 111 | this.id++; 112 | this.handler(frame, () => this.read()); 113 | } 114 | } 115 | 116 | module.exports = FrameParser; 117 | -------------------------------------------------------------------------------- /plugins/core/clamav/index.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const PassThrough = require('stream').PassThrough; 4 | const clamavClient = require('./clamav-client'); 5 | 6 | module.exports.title = 'ClamAV Virus Check'; 7 | module.exports.init = function(app, done) { 8 | app.addAnalyzerHook((envelope, source, destination) => { 9 | let interfaces = Array.isArray(app.config.interfaces) ? app.config.interfaces : [].concat(app.config.interfaces || []); 10 | if (!interfaces.includes(envelope.interface) && !interfaces.includes('*')) { 11 | return source.pipe(destination); 12 | } 13 | 14 | let clamStream = new PassThrough(); 15 | 16 | clamavClient(app.config.port, app.config.host, clamStream, (err, response) => { 17 | if (err) { 18 | app.logger.error('Clamav', '%s RESULTS error="%s"', err.message); 19 | return; 20 | } 21 | if (response) { 22 | envelope.virus = response; 23 | app.logger.info('Clamav', '%s RESULTS clean=%s response="%s"', envelope.id, response.clean ? 'yes' : 'no', response.response); 24 | 25 | app.remotelog(envelope.id, false, 'VIRUSCHECK', { 26 | result: response.clean ? 'clean' : 'infected', 27 | response: response.response 28 | }); 29 | } 30 | }); 31 | 32 | clamStream.once('error', err => { 33 | source.emit('error', err); 34 | }); 35 | 36 | destination.once('error', err => { 37 | source.emit('error', err); 38 | }); 39 | 40 | let finished = false; 41 | let reading = false; 42 | let readNext = () => { 43 | let chunk = source.read(); 44 | if (chunk === null) { 45 | if (finished) { 46 | clamStream.end(); 47 | } 48 | reading = false; 49 | return; 50 | } 51 | 52 | let drainClam = !clamStream.write(chunk); 53 | let drainDestination = !destination.write(chunk); 54 | 55 | let canContinue = () => { 56 | if (!drainClam && !drainDestination) { 57 | return readNext(); 58 | } 59 | }; 60 | 61 | if (drainClam) { 62 | clamStream.once('drain', () => { 63 | drainClam = false; 64 | canContinue(); 65 | }); 66 | } 67 | 68 | if (drainDestination) { 69 | destination.once('drain', () => { 70 | drainDestination = false; 71 | canContinue(); 72 | }); 73 | } 74 | 75 | canContinue(); 76 | }; 77 | 78 | source.on('readable', () => { 79 | if (reading) { 80 | return; 81 | } 82 | reading = true; 83 | readNext(); 84 | }); 85 | 86 | source.once('end', () => { 87 | finished = true; 88 | if (reading) { 89 | return; 90 | } 91 | clamStream.end(); 92 | destination.end(); 93 | }); 94 | }); 95 | 96 | app.addHook('message:queue', (envelope, messageInfo, next) => { 97 | let interfaces = Array.isArray(app.config.interfaces) ? app.config.interfaces : [].concat(app.config.interfaces || []); 98 | if ((!interfaces.includes(envelope.interface) && !interfaces.includes('*')) || !envelope.virus) { 99 | return next(); 100 | } 101 | 102 | if (!app.config.ignoreOrigins.includes(envelope.origin)) { 103 | if (!envelope.virus.clean) { 104 | return next(app.reject(envelope, 'virus', messageInfo, '550 This message contains a virus and may not be delivered')); 105 | } 106 | } 107 | 108 | next(); 109 | }); 110 | 111 | done(); 112 | }; 113 | -------------------------------------------------------------------------------- /lib/dkim-sign.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const punycode = require('punycode/'); 4 | const libmime = require('libmime'); 5 | const crypto = require('crypto'); 6 | 7 | /** 8 | * Returns DKIM signature header line 9 | * 10 | * @param {Object} headers Parsed headers object from MessageParser 11 | * @param {String} bodyHash Base64 encoded hash of the message 12 | * @param {Object} options DKIM options 13 | * @param {String} options.domainName Domain name to be signed for 14 | * @param {String} options.keySelector DKIM key selector to use 15 | * @param {String} options.privateKey DKIM private key to use 16 | * @return {String} Complete header line 17 | */ 18 | 19 | module.exports.sign = (headers, hashAlgo, bodyHash, options) => { 20 | options = options || {}; 21 | 22 | // all listed fields from RFC4871 #5.5 23 | let defaultFieldNames = 24 | 'From:Sender:Reply-To:Subject:Date:Message-ID:To:' + 25 | 'Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:' + 26 | 'Content-Description:Resent-Date:Resent-From:Resent-Sender:' + 27 | 'Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:' + 28 | 'List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:' + 29 | 'List-Owner:List-Archive:List-Unsubscribe-Post:Feedback-ID'; 30 | 31 | let fieldNames = options.headerFieldNames || defaultFieldNames; 32 | if (options.additionalHeaderFieldNames) { 33 | fieldNames += ':' + options.additionalHeaderFieldNames; 34 | } 35 | 36 | let canonicalizedHeaderData = relaxedHeaders(headers, fieldNames); 37 | let dkimHeader = generateDKIMHeader(options.domainName, options.keySelector, canonicalizedHeaderData.fieldNames, hashAlgo, bodyHash); 38 | 39 | let signer, signature; 40 | 41 | canonicalizedHeaderData.headers += 'dkim-signature:' + relaxedHeaderLine(dkimHeader); 42 | 43 | signer = crypto.createSign(('rsa-' + hashAlgo).toUpperCase()); 44 | signer.update(Buffer.from(canonicalizedHeaderData.headers, 'binary')); 45 | try { 46 | signature = signer.sign(options.privateKey, 'base64'); 47 | } catch (E) { 48 | return false; 49 | } 50 | 51 | return dkimHeader + signature.replace(/(^.{73}|.{75}(?!\r?\n|\r))/g, '$&\r\n ').trim(); 52 | }; 53 | 54 | function generateDKIMHeader(domainName, keySelector, fieldNames, hashAlgo, bodyHash) { 55 | let dkim = [ 56 | 'v=1', 57 | 'a=rsa-' + hashAlgo, 58 | 'c=relaxed/relaxed', 59 | 'd=' + punycode.toASCII(domainName), 60 | 'q=dns/txt', 61 | 's=' + keySelector, 62 | 'bh=' + bodyHash, 63 | 'h=' + fieldNames 64 | ].join('; '); 65 | 66 | return libmime.foldLines('DKIM-Signature: ' + dkim, 76) + ';\r\n b='; 67 | } 68 | 69 | function relaxedHeaders(headers, fieldNames) { 70 | let includedFields = new Set(); 71 | let headerFields = new Map(); 72 | let headerLines = headers.getList(); 73 | 74 | fieldNames 75 | .toLowerCase() 76 | .split(':') 77 | .forEach(field => { 78 | includedFields.add(field.trim()); 79 | }); 80 | 81 | for (let i = headerLines.length - 1; i >= 0; i--) { 82 | let line = headerLines[i]; 83 | // only include the first value from bottom to top 84 | if (includedFields.has(line.key) && !headerFields.has(line.key)) { 85 | headerFields.set(line.key, relaxedHeaderLine(line.line)); 86 | } 87 | } 88 | 89 | let headersList = []; 90 | let fields = []; 91 | includedFields.forEach(field => { 92 | if (headerFields.has(field)) { 93 | fields.push(field); 94 | headersList.push(field + ':' + headerFields.get(field)); 95 | } 96 | }); 97 | 98 | return { 99 | headers: headersList.join('\r\n') + '\r\n', 100 | fieldNames: fields.join(':') 101 | }; 102 | } 103 | 104 | function relaxedHeaderLine(line) { 105 | return line 106 | .substr(line.indexOf(':') + 1) 107 | .replace(/\r?\n/g, '') 108 | .replace(/\s+/g, ' ') 109 | .trim(); 110 | } 111 | -------------------------------------------------------------------------------- /lib/db.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const config = require('wild-config'); 4 | const mongodb = require('mongodb'); 5 | const Redis = require('ioredis'); 6 | const log = require('npmlog'); 7 | const MongoClient = mongodb.MongoClient; 8 | 9 | module.exports.mongoclient = false; 10 | 11 | module.exports.database = false; 12 | module.exports.senderDb = false; 13 | module.exports.gridfs = false; 14 | module.exports.users = false; 15 | 16 | module.exports.redisConfig = redisConfig(config.dbs.redis); 17 | module.exports.redis = false; 18 | 19 | let getRedisConnection = callback => { 20 | let redisReturned = false; 21 | let redis = new Redis(module.exports.redisConfig); 22 | redis.on('error', err => { 23 | log.error('Redis/' + process.pid, '%s', err.message); 24 | if (!redisReturned) { 25 | redisReturned = true; 26 | return callback(err); 27 | } 28 | }); 29 | redis.once('ready', () => { 30 | module.exports.redis = redis; 31 | log.info('Redis/' + process.pid, 'Redis ready to take connections'); 32 | if (!redisReturned) { 33 | redisReturned = true; 34 | return callback(null, true); 35 | } 36 | }); 37 | }; 38 | 39 | let getDBConnection = (main, config, callback) => { 40 | if (main) { 41 | if (!config) { 42 | return callback(null, false); 43 | } 44 | if (config && !/[:/]/.test(config)) { 45 | return callback(null, main.db(config)); 46 | } 47 | } 48 | MongoClient.connect( 49 | config, 50 | { 51 | useNewUrlParser: true, 52 | useUnifiedTopology: true 53 | }, 54 | (err, db) => { 55 | if (err) { 56 | return callback(err); 57 | } 58 | 59 | if (main && db.s && db.s.options && db.s.options.dbName) { 60 | db = db.db(db.s.options.dbName); 61 | } 62 | 63 | return callback(null, db); 64 | } 65 | ); 66 | }; 67 | 68 | module.exports.getDBConnection = (config, callback) => { 69 | getDBConnection(module.exports.mongoclient, config, callback); 70 | }; 71 | 72 | module.exports.connect = callback => { 73 | getRedisConnection(err => { 74 | if (err) { 75 | return callback(err); 76 | } 77 | 78 | if (module.exports.database) { 79 | // already connected 80 | return callback(null, module.exports.database); 81 | } 82 | 83 | getDBConnection(false, config.dbs.mongo, (err, db) => { 84 | if (err) { 85 | return callback(err); 86 | } 87 | module.exports.mongoclient = db; 88 | 89 | if (db.s && db.s.options && db.s.options.dbName) { 90 | module.exports.database = db.db(db.s.options.dbName); 91 | } else { 92 | module.exports.database = db; 93 | } 94 | 95 | getDBConnection(db, config.dbs.gridfs, (err, gdb) => { 96 | if (err) { 97 | return callback(err); 98 | } 99 | module.exports.gridfs = gdb || module.exports.database; 100 | 101 | getDBConnection(db, config.dbs.users, (err, udb) => { 102 | if (err) { 103 | return callback(err); 104 | } 105 | module.exports.users = udb || module.exports.database; 106 | 107 | getDBConnection(db, config.dbs.sender, (err, sdb) => { 108 | if (err) { 109 | return callback(err); 110 | } 111 | module.exports.senderDb = sdb || module.exports.database; 112 | 113 | return callback(null, module.exports.database); 114 | }); 115 | }); 116 | }); 117 | }); 118 | }); 119 | }; 120 | 121 | // returns a redis config object with a retry strategy 122 | function redisConfig(defaultConfig) { 123 | return defaultConfig; 124 | } 125 | -------------------------------------------------------------------------------- /test/plugin-handler-test.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const PluginHandler = require('../lib/plugin-handler'); 4 | const mailsplit = require('mailsplit'); 5 | const PassThrough = require('stream').PassThrough; 6 | 7 | module.exports['Loading empty plugin with no init method should fail'] = test => { 8 | let plugins = new PluginHandler({ 9 | pluginsPath: __dirname + '/plugins', 10 | plugins: { 11 | noop: true 12 | } 13 | }); 14 | plugins.load(() => { 15 | test.equal(plugins.loaded.length, 0); 16 | test.done(); 17 | }); 18 | }; 19 | 20 | module.exports['Load plugins by order'] = test => { 21 | let plugins = new PluginHandler({ 22 | pluginsPath: __dirname + '/plugins', 23 | plugins: { 24 | 'order-1': { 25 | enabled: true, 26 | ordering: 2 27 | }, 28 | 'order-2': { 29 | enabled: true, 30 | ordering: 1 31 | } 32 | }, 33 | db: {}, 34 | log: {} 35 | }); 36 | plugins.load(() => { 37 | test.equal(plugins.loaded.length, 2); 38 | test.equal(plugins.loaded[0].title, 'Order-2'); 39 | test.equal(plugins.loaded[1].title, 'Order-1'); 40 | test.done(); 41 | }); 42 | }; 43 | 44 | module.exports['Load plugins with a hook'] = test => { 45 | let plugins = new PluginHandler({ 46 | pluginsPath: __dirname + '/plugins', 47 | plugins: { 48 | 'hook-1': true, 49 | 'hook-2': true 50 | }, 51 | db: {}, 52 | log: {} 53 | }); 54 | plugins.load(() => { 55 | let a = { 56 | incr: 0 57 | }; 58 | let b = { 59 | incr: 15 60 | }; 61 | plugins.runHooks('testhook', [a, b], err => { 62 | test.ifError(err); 63 | test.equal(a.incr, 2); 64 | test.equal(b.incr, 17); 65 | test.done(); 66 | }); 67 | }); 68 | }; 69 | 70 | module.exports['Load plugins with a rewriter hook'] = test => { 71 | let plugins = new PluginHandler({ 72 | pluginsPath: __dirname + '/plugins', 73 | plugins: { 74 | 'rewriter-1': true, 75 | 'rewriter-2': true 76 | }, 77 | db: {}, 78 | log: {} 79 | }); 80 | plugins.load(() => { 81 | let splitter = new mailsplit.Splitter(); 82 | let joiner = new mailsplit.Joiner(); 83 | 84 | plugins.runRewriteHooks( 85 | { 86 | test: true 87 | }, 88 | splitter, 89 | joiner 90 | ); 91 | 92 | let output = ''; 93 | joiner.on('data', chunk => { 94 | output += chunk.toString(); 95 | }); 96 | joiner.on('end', () => { 97 | test.ok(/HELL0 W0RLD/.test(output)); 98 | test.done(); 99 | }); 100 | splitter.end('Subject: text\nContent-Type: text/plain\n\nHello world!'); 101 | }); 102 | }; 103 | 104 | module.exports['Load plugin with an analyzer hook'] = test => { 105 | let plugins = new PluginHandler({ 106 | pluginsPath: __dirname + '/plugins', 107 | plugins: { 108 | 'analyzer-1': true, 109 | 'analyzer-2': true 110 | }, 111 | db: {}, 112 | log: {} 113 | }); 114 | plugins.load(() => { 115 | let source = new PassThrough(); 116 | let destination = new PassThrough(); 117 | 118 | plugins.runAnalyzerHooks( 119 | { 120 | test: true 121 | }, 122 | source, 123 | destination 124 | ); 125 | 126 | let output = ''; 127 | destination.on('data', chunk => { 128 | output += chunk.toString(); 129 | }); 130 | destination.on('end', () => { 131 | test.ok(/X-Step-1/.test(output)); 132 | test.ok(/X-Step-2/.test(output)); 133 | test.done(); 134 | }); 135 | source.end('Subject: text\nContent-Type: text/plain\n\nHello world!'); 136 | }); 137 | }; 138 | -------------------------------------------------------------------------------- /lib/ttl-cache.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | class TtlCache { 4 | constructor(options) { 5 | options = options || {}; 6 | this.defaultTtl = options.defaultTtl || 5 * 1000; 7 | 8 | this.data = new Map(); 9 | this.sorted = []; 10 | this.checkTimer = null; 11 | } 12 | 13 | get(key) { 14 | if (!this.data.has(key)) { 15 | return null; 16 | } 17 | let data = this.data.get(key); 18 | 19 | if (data.expires < Date.now()) { 20 | this.remove(key); 21 | return null; 22 | } 23 | 24 | return data && data.value; 25 | } 26 | 27 | set(key, value, ttl, expireCb) { 28 | if (typeof ttl === 'undefined') { 29 | ttl = this.defaultTtl; 30 | } 31 | 32 | if (ttl <= 0 || value === null) { 33 | if (this.data.has(key)) { 34 | this.remove(key); 35 | } 36 | return false; 37 | } 38 | 39 | let created = Date.now(); 40 | let expires = created + ttl; 41 | 42 | let data = { 43 | key, 44 | value, 45 | ttl, 46 | created, 47 | expires, 48 | expireCb 49 | }; 50 | this.data.set(key, data); 51 | 52 | let added = false; 53 | 54 | for (let i = this.sorted.length - 1; i >= 0; i--) { 55 | if (this.sorted[i].key === key) { 56 | this.sorted.splice(i, 1); 57 | } else if (!added && this.sorted[i].expires <= expires) { 58 | this.sorted.splice(i + 1, 0, data); 59 | added = true; 60 | } 61 | } 62 | 63 | if (!added) { 64 | this.sorted.unshift(data); 65 | } 66 | 67 | setImmediate(() => this.updateTimer()); 68 | } 69 | 70 | updateTimer() { 71 | clearTimeout(this.checkTimer); 72 | 73 | if (!this.sorted.length) { 74 | return; 75 | } 76 | 77 | let expires = this.sorted[0].expires; 78 | let now = Date.now(); 79 | 80 | if (expires <= now) { 81 | return setImmediate(() => this.checkExpired()); 82 | } 83 | 84 | let ttl = expires - now + 1; 85 | this.checkTimer = setTimeout(() => this.checkExpired(), ttl); 86 | this.checkTimer.unref(); 87 | } 88 | 89 | checkExpired() { 90 | let expired = 0; 91 | let now = Date.now(); 92 | 93 | for (let i = 0, len = this.sorted.length; i < len; i++) { 94 | if (this.sorted[i].expires <= now) { 95 | expired++; 96 | if (typeof this.sorted[i].expireCb === 'function') { 97 | let func = this.sorted[i].expireCb; 98 | let value = this.sorted[i].value; 99 | setImmediate(() => func(value)); 100 | } 101 | this.data.delete(this.sorted[i].key); 102 | } else { 103 | break; 104 | } 105 | } 106 | 107 | if (expired === this.sorted.length || !this.data.size) { 108 | this.sorted = []; 109 | } else if (expired) { 110 | this.sorted.splice(0, expired); 111 | } 112 | 113 | setImmediate(() => this.updateTimer()); 114 | } 115 | 116 | remove(key) { 117 | if (!this.data.has(key)) { 118 | return false; 119 | } 120 | let data = this.data.get(key); 121 | if (typeof data.expireCb === 'function') { 122 | let func = data.expireCb; 123 | let value = data.value; 124 | setImmediate(() => func(value)); 125 | } 126 | this.data.delete(key); 127 | for (let i = 0, len = this.sorted.length; i < len; i++) { 128 | if (this.sorted[i] === data) { 129 | this.sorted.splice(i, 1); 130 | break; 131 | } 132 | } 133 | 134 | setImmediate(() => this.updateTimer()); 135 | } 136 | 137 | flush() { 138 | clearTimeout(this.checkTimer); 139 | this.data = new Map(); 140 | this.sorted = []; 141 | this.checkTimer = null; 142 | } 143 | } 144 | 145 | module.exports = TtlCache; 146 | -------------------------------------------------------------------------------- /plugins/core/rspamd/rspamd-client.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | // streams through a message body and passes it to rspamd for checks 4 | 5 | const fetch = require('nodemailer/lib/fetch'); 6 | const Transform = require('stream').Transform; 7 | const PassThrough = require('stream').PassThrough; 8 | 9 | class RspamdClient extends Transform { 10 | constructor(options) { 11 | super(); 12 | this.options = options || {}; 13 | this.maxSize = Number(options.maxSize) || Infinity; 14 | 15 | this.bytesWritten = 0; 16 | 17 | let headers = {}; 18 | 19 | if (options.from) { 20 | headers.from = options.from; 21 | } 22 | 23 | if (options.to) { 24 | headers['deliver-to'] = options.to; 25 | } 26 | 27 | if (options.id) { 28 | headers['queue-id'] = options.id; 29 | } 30 | 31 | if (options.ip) { 32 | headers.ip = options.ip; 33 | } 34 | 35 | if (options.user) { 36 | headers.user = options.user; 37 | } 38 | 39 | this.body = new PassThrough(); 40 | this.req = fetch(options.url, { 41 | method: 'post', 42 | contentType: 'message/rfc822', 43 | body: this.body, 44 | allowErrorResponse: true, 45 | headers 46 | }); 47 | this.req.once('error', err => { 48 | if (this.req.finished) { 49 | return; 50 | } 51 | this.req.finished = true; 52 | this.emit('fail', err); 53 | this.body.emit('drain'); 54 | }); 55 | 56 | this.chunks = []; 57 | this.chunklen = 0; 58 | this.req.on('readable', () => { 59 | let chunk; 60 | while ((chunk = this.req.read()) !== null) { 61 | this.chunks.push(chunk); 62 | this.chunklen += chunk.length; 63 | } 64 | }); 65 | } 66 | 67 | _transform(chunk, encoding, callback) { 68 | if (!chunk || !chunk.length) { 69 | return callback(); 70 | } 71 | 72 | if (typeof chunk === 'string') { 73 | chunk = new Buffer(chunk, encoding); 74 | } 75 | 76 | this.push(chunk); 77 | 78 | if (this.req.finished) { 79 | return callback(); 80 | } 81 | 82 | if (this.bytesWritten + chunk.length > this.maxSize) { 83 | this.req.finished = true; 84 | this.body.end(); 85 | this.emit('fail', new Error('Message too large to be scanned for spam')); 86 | return callback(); 87 | } 88 | 89 | this.bytesWritten += chunk.length; 90 | if (this.body.write(chunk) === false) { 91 | return this.body.once('drain', () => { 92 | callback(); 93 | }); 94 | } else { 95 | return callback(); 96 | } 97 | } 98 | 99 | _flush(callback) { 100 | if (this.req.finished) { 101 | return callback(); 102 | } 103 | 104 | this.req.removeAllListeners('error'); 105 | this.req.once('error', err => { 106 | if (this.req.finished) { 107 | return; 108 | } 109 | this.req.finished = true; 110 | this.emit('fail', err); 111 | return callback(); 112 | }); 113 | 114 | this.req.on('end', () => { 115 | if (this.req.finished) { 116 | return; 117 | } 118 | this.req.finished = true; 119 | let response = Buffer.concat(this.chunks, this.chunklen); 120 | 121 | try { 122 | response = JSON.parse(response.toString()); 123 | let tests = []; 124 | Object.keys((response && response.default) || {}).forEach(key => { 125 | if (response.default[key] && response.default[key].name) { 126 | tests.push(response.default[key].name + '=' + response.default[key].score); 127 | } 128 | }); 129 | response.tests = tests; 130 | this.emit('response', response); 131 | } catch (E) { 132 | this.emit('fail', new Error('Failed parsing server response (code ' + this.req.statusCode + ').' + E.message)); 133 | } 134 | callback(); 135 | }); 136 | 137 | this.body.end(); 138 | } 139 | } 140 | 141 | module.exports = RspamdClient; 142 | -------------------------------------------------------------------------------- /plugins/core/example-plugin.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | // This plugin is disabled by default. See config.plugins to enable it 4 | // The main objective for this plugin is to make sure that ./user is not empty (otherwise it would be excluded from git) 5 | 6 | const Packer = require('zip-stream'); 7 | const crypto = require('crypto'); 8 | 9 | // Set module title 10 | module.exports.title = 'ExamplePlugin'; 11 | 12 | // Initialize the module 13 | module.exports.init = (app, done) => { 14 | // register a new hook for MAIL FROM command 15 | // if the hook returns an error, then sender address is rejected 16 | app.addHook('smtp:mail_from', (address, session, next) => { 17 | let mailFrom = ((address && address.address) || address || '').toString(); 18 | if (mailFrom.length > 2048) { 19 | // respond with an error 20 | let err = new Error('Sender address is too long'); 21 | err.responseCode = 452; 22 | return next(err); 23 | } 24 | // allow the message to pass 25 | return next(); 26 | }); 27 | 28 | app.addHook('message:headers', (envelope, messageInfo, next) => { 29 | if (/^Yes$/i.test(envelope.headers.getFirst('X-Block-Message'))) { 30 | let err = new Error('This message was blocked'); 31 | err.responseCode = 500; 32 | return setTimeout(() => next(err), 10000); 33 | } 34 | 35 | // add a new header 36 | envelope.headers.add('X-Blocked', 'no'); 37 | 38 | // allow the message to pass 39 | return next(); 40 | }); 41 | 42 | app.addRewriteHook( 43 | (envelope, node) => { 44 | // check if the node is text/html and is not an attachment 45 | if (node.contentType === 'text/html' && node.disposition !== 'attachment') { 46 | // we want to process this node 47 | return true; 48 | } 49 | }, 50 | (envelope, node, decoder, encoder) => { 51 | // add an header for this node 52 | node.headers.add('X-Processed', 'yes'); 53 | // you can read the contents of the node from `message` and write 54 | // the updated contents to the same object (it's a duplex stream) 55 | decoder.pipe(encoder); 56 | } 57 | ); 58 | 59 | // This example calculates a md5 hash of the original unprocessed message 60 | // NB! this is not a good example stream-wise as it does not handle piping correctly 61 | app.addAnalyzerHook((envelope, source, destination) => { 62 | let hash = crypto.createHash('md5'); 63 | 64 | source.on('data', chunk => { 65 | hash.update(chunk); 66 | destination.write(chunk); 67 | }); 68 | 69 | source.on('end', () => { 70 | envelope.sourceMd5 = hash.digest('hex'); 71 | destination.end(); 72 | }); 73 | }); 74 | 75 | // This example converts all jpg images into zip compressed files 76 | app.addRewriteHook( 77 | (envelope, node) => node.contentType === 'image/jpeg', 78 | (envelope, node, source, destination) => { 79 | let archive = new Packer(); 80 | 81 | // update content type of the resulting mime node 82 | node.setContentType('application/zip'); 83 | 84 | // update filename (if set), replace the .jpeg extension with .zip 85 | let filename = node.filename; 86 | if (filename) { 87 | let newFilename = node.filename.replace(/\.jpe?g$/i, '.zip'); 88 | node.setFilename(newFilename); 89 | } 90 | 91 | archive.pipe(destination); 92 | archive.entry( 93 | source, 94 | { 95 | name: filename || 'image.jpg' 96 | }, 97 | () => { 98 | archive.finish(); 99 | } 100 | ); 101 | } 102 | ); 103 | 104 | // This example calculates MD5 hash for every png image 105 | app.addStreamHook( 106 | (envelope, node) => node.contentType === 'image/png', 107 | (envelope, node, source, done) => { 108 | let hash = crypto.createHash('md5'); 109 | source.on('data', chunk => hash.update(chunk)); 110 | source.on('end', () => { 111 | app.logger.info('MD5', 'Calculated hash for "%s": %s', node.filename, hash.digest('hex')); 112 | done(); 113 | }); 114 | } 115 | ); 116 | 117 | // all set up regarding this plugin 118 | done(); 119 | }; 120 | -------------------------------------------------------------------------------- /plugins/core/email-bounce.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const os = require('os'); 4 | const MimeNode = require('nodemailer/lib/mime-node'); 5 | 6 | module.exports.title = 'Email Bounce Notification'; 7 | module.exports.init = function(app, done) { 8 | // generate a multipart/report DSN failure response 9 | function generateBounceMessage(bounce) { 10 | let headers = bounce.headers; 11 | let messageId = headers.getFirst('Message-ID'); 12 | 13 | let cfg = app.config.zoneConfig[bounce.zone]; 14 | if (!cfg || cfg.disabled) { 15 | cfg = {}; 16 | } 17 | 18 | let from = cfg.mailerDaemon || app.config.mailerDaemon; 19 | let to = bounce.from; 20 | let sendingZone = cfg.sendingZone || app.config.sendingZone; 21 | 22 | let rootNode = new MimeNode('multipart/report; report-type=delivery-status'); 23 | 24 | // format Mailer Daemon address 25 | let fromAddress = rootNode._convertAddresses(rootNode._parseAddresses(from)).replace(/\[HOSTNAME\]/gi, bounce.name || os.hostname()); 26 | 27 | rootNode.setHeader('From', fromAddress); 28 | rootNode.setHeader('To', to); 29 | rootNode.setHeader('X-Sending-Zone', sendingZone); 30 | rootNode.setHeader('X-Failed-Recipients', bounce.to); 31 | rootNode.setHeader('Auto-Submitted', 'auto-replied'); 32 | rootNode.setHeader('Subject', 'Delivery Status Notification (Failure)'); 33 | 34 | if (messageId) { 35 | rootNode.setHeader('In-Reply-To', messageId); 36 | rootNode.setHeader('References', messageId); 37 | } 38 | 39 | rootNode 40 | .createChild('text/plain') 41 | .setHeader('Content-Description', 'Notification') 42 | .setContent( 43 | `Delivery to the following recipient failed permanently: 44 | ${bounce.to} 45 | 46 | Technical details of permanent failure: 47 | 48 | ${bounce.response} 49 | 50 | ` 51 | ); 52 | 53 | rootNode 54 | .createChild('message/delivery-status') 55 | .setHeader('Content-Description', 'Delivery report') 56 | .setContent( 57 | `Reporting-MTA: dns; ${bounce.name || os.hostname()} 58 | X-ZoneMTA-Queue-ID: ${bounce.id} 59 | X-ZoneMTA-Sender: rfc822; ${bounce.from} 60 | Arrival-Date: ${new Date(bounce.arrivalDate).toUTCString().replace(/GMT/, '+0000')} 61 | 62 | Final-Recipient: rfc822; ${bounce.to} 63 | Action: failed 64 | Status: 5.0.0 65 | ` + 66 | (bounce.mxHostname 67 | ? `Remote-MTA: dns; ${bounce.mxHostname} 68 | ` 69 | : '') + 70 | `Diagnostic-Code: smtp; ${bounce.response} 71 | 72 | ` 73 | ); 74 | 75 | rootNode 76 | .createChild('text/rfc822-headers') 77 | .setHeader('Content-Description', 'Undelivered Message Headers') 78 | .setContent(headers.build()); 79 | 80 | return rootNode; 81 | } 82 | 83 | // Send bounce notification to the MAIL FROM email 84 | app.addHook('queue:bounce', (bounce, maildrop, next) => { 85 | if ((app.config.disableInterfaces || []).includes(bounce.interface)) { 86 | // bounces are disabled for messages from this interface (eg. forwarded messages) 87 | return next(); 88 | } 89 | 90 | if (!bounce.from) { 91 | // nowhere to send the bounce to 92 | return next(); 93 | } 94 | 95 | let headers = bounce.headers; 96 | 97 | if (headers.get('Received').length > 25) { 98 | // too many hops 99 | app.logger.info( 100 | 'Bounce', 101 | 'Too many hops (%s)! Delivery loop detected for %s.%s, dropping message', 102 | headers.get('Received').length, 103 | bounce.seq, 104 | bounce.id 105 | ); 106 | return next(); 107 | } 108 | 109 | let envelope = { 110 | interface: 'bounce', 111 | from: '', 112 | to: bounce.from, 113 | transtype: 'HTTP', 114 | time: Date.now() 115 | }; 116 | 117 | let mail = generateBounceMessage(bounce); 118 | 119 | app.getQueue().generateId((err, id) => { 120 | if (err) { 121 | return next(err); 122 | } 123 | envelope.id = id; 124 | 125 | maildrop.add(envelope, mail.createReadStream(), err => { 126 | if (err && err.name !== 'SMTPResponse') { 127 | app.logger.error('Bounce', err.message); 128 | } 129 | next(); 130 | }); 131 | }); 132 | }); 133 | 134 | done(); 135 | }; 136 | -------------------------------------------------------------------------------- /services/receiver.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | // NB! This script is ran as a separate process 4 | 5 | const argv = require('minimist')(process.argv.slice(2)); 6 | const config = require('wild-config'); 7 | const log = require('npmlog'); 8 | const crypto = require('crypto'); 9 | 10 | log.level = config.log.level; 11 | 12 | // initialize plugin system 13 | const plugins = require('../lib/plugins'); 14 | plugins.init('receiver'); 15 | 16 | const SMTPInterface = require('../lib/smtp-interface'); 17 | 18 | const QueueClient = require('../lib/transport/client'); 19 | const queueClient = new QueueClient(config.queueServer); 20 | const RemoteQueue = require('../lib/remote-queue'); 21 | 22 | let currentInterface = argv.interfaceName; 23 | let clientId = argv.interfaceId || crypto.randomBytes(10).toString('hex'); 24 | let smtpServer = false; 25 | 26 | let cmdId = 0; 27 | let responseHandlers = new Map(); 28 | let closing = false; 29 | 30 | process.title = config.ident + ': receiver/' + currentInterface; 31 | 32 | config.on('reload', () => { 33 | log.info('SMTP/' + currentInterface + '/' + process.pid, '[%s] Configuration reloaded', clientId); 34 | }); 35 | 36 | let sendCommand = (cmd, callback) => { 37 | let id = ++cmdId; 38 | let data = { 39 | req: id 40 | }; 41 | 42 | if (typeof cmd === 'string') { 43 | cmd = { 44 | cmd 45 | }; 46 | } 47 | 48 | Object.keys(cmd).forEach(key => (data[key] = cmd[key])); 49 | responseHandlers.set(id, callback); 50 | queueClient.send(data); 51 | }; 52 | 53 | let startSMTPInterface = (key, done) => { 54 | let smtp = new SMTPInterface(key, config.smtpInterfaces[key], sendCommand); 55 | smtp.setup(err => { 56 | if (err) { 57 | log.error(smtp.logName, 'Could not start ' + key + ' MTA server'); 58 | log.error(smtp.logName, err); 59 | return done(err); 60 | } 61 | log.info(smtp.logName, 'SMTP ' + key + ' MTA server started'); 62 | return done(null, smtp); 63 | }); 64 | }; 65 | 66 | queueClient.connect(err => { 67 | if (err) { 68 | log.error('SMTP/' + currentInterface + '/' + process.pid, 'Could not connect to Queue server'); 69 | log.error('SMTP/' + currentInterface + '/' + process.pid, err.message); 70 | process.exit(1); 71 | } 72 | 73 | queueClient.on('close', () => { 74 | if (!closing) { 75 | log.error('SMTP/' + currentInterface + '/' + process.pid, 'Connection to Queue server closed unexpectedly'); 76 | process.exit(1); 77 | } 78 | }); 79 | 80 | queueClient.on('error', err => { 81 | if (!closing) { 82 | log.error('SMTP/' + currentInterface + '/' + process.pid, 'Connection to Queue server ended with error %s', err.message); 83 | process.exit(1); 84 | } 85 | }); 86 | 87 | queueClient.onData = (data, next) => { 88 | let callback; 89 | if (responseHandlers.has(data.req)) { 90 | callback = responseHandlers.get(data.req); 91 | responseHandlers.delete(data.req); 92 | setImmediate(() => callback(data.error ? data.error : null, !data.error && data.response)); 93 | } 94 | next(); 95 | }; 96 | 97 | // Notify the server about the details of this client 98 | queueClient.send({ 99 | cmd: 'HELLO', 100 | smtp: currentInterface, 101 | id: clientId 102 | }); 103 | 104 | let queue = new RemoteQueue(); 105 | queue.init(sendCommand, err => { 106 | if (err) { 107 | log.error('SMTP/' + currentInterface + '/' + process.pid, 'Queue error %s', err.message); 108 | return process.exit(1); 109 | } 110 | 111 | plugins.handler.queue = queue; 112 | 113 | plugins.handler.load(() => { 114 | log.info('SMTP/' + currentInterface + '/' + process.pid, '%s plugins loaded', plugins.handler.loaded.length); 115 | }); 116 | 117 | startSMTPInterface(currentInterface, (err, smtp) => { 118 | if (err) { 119 | log.error('SMTP/' + currentInterface + '/' + process.pid, 'SMTP error %s', err.message); 120 | return process.exit(1); 121 | } 122 | smtpServer = smtp; 123 | }); 124 | }); 125 | }); 126 | 127 | // start accepting sockets 128 | process.on('message', (m, socket) => { 129 | if (m === 'socket') { 130 | if (!socket) { 131 | log.verbose('SMTP/' + currentInterface + '/' + process.pid, 'Null Socket'); 132 | return; 133 | } 134 | 135 | let passSocket = () => 136 | smtpServer.server._handleProxy(socket, (proxyErr, socketOptions) => { 137 | smtpServer.server.connect(socket, socketOptions); 138 | }); 139 | 140 | if (!smtpServer || !smtpServer.server) { 141 | let tryCount = 0; 142 | let nextTry = () => { 143 | if (smtpServer && smtpServer.server) { 144 | return passSocket(); 145 | } 146 | if (tryCount++ > 5) { 147 | try { 148 | return socket.end('421 Process not yet initialized\r\n'); 149 | } catch (E) { 150 | // ignore 151 | } 152 | } else { 153 | return setTimeout(nextTry, 100 * tryCount).unref(); 154 | } 155 | }; 156 | return setTimeout(nextTry, 100).unref(); 157 | } 158 | 159 | return passSocket(); 160 | } 161 | }); 162 | -------------------------------------------------------------------------------- /lib/address-tools.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | let addressparser = require('nodemailer/lib/addressparser'); 4 | let punycode = require('punycode/'); 5 | let libmime = require('libmime'); 6 | 7 | module.exports = { 8 | convertAddresses, 9 | parseAddressList, 10 | parseAddressses, 11 | normalizeDomain, 12 | normalizeAddress, 13 | flatten, 14 | validateAddress, 15 | divideLoad 16 | }; 17 | 18 | function validateAddress(headers, key) { 19 | let addressList = parseAddressList(headers, key, true); 20 | addressList.forEach(address => { 21 | try { 22 | address.name = libmime.decodeWords(address.name || ''); 23 | } catch (E) { 24 | // most probably an unknown charset was used, so keep as is 25 | } 26 | }); 27 | return { 28 | addresses: addressList, 29 | set() { 30 | let address = [].concat([...arguments]); 31 | let values = []; 32 | parseAddressses([].concat(address || []), true).forEach(parsed => { 33 | if (!parsed || !parsed.address) { 34 | return; 35 | } 36 | 37 | if (!/^[\w ']*$/.test(parsed.name)) { 38 | // check if contains only letters and numbers and such 39 | if (/^[\x20-\x7e]*$/.test(parsed.name)) { 40 | // check if only contains ascii characters 41 | parsed.name = '"' + parsed.name.replace(/([\\"])/g, '\\$1') + '"'; 42 | } else { 43 | // requires mime encoding 44 | parsed.name = libmime.encodeWord(parsed.name, 'Q', 52); 45 | } 46 | } 47 | 48 | values.push(parsed.name ? parsed.name + ' <' + parsed.address + '>' : parsed.address); 49 | }); 50 | 51 | if (values.length) { 52 | headers.update(key, values.join(', ')); 53 | } else { 54 | headers.remove(key); 55 | } 56 | } 57 | }; 58 | } 59 | 60 | function convertAddresses(addresses, withNames, addressList) { 61 | addressList = addressList || new Map(); 62 | 63 | flatten(addresses || []).forEach(address => { 64 | if (address.address) { 65 | let normalized = normalizeAddress(address, withNames); 66 | let key = typeof normalized === 'string' ? normalized : normalized.address; 67 | addressList.set(key, normalized); 68 | } else if (address.group) { 69 | convertAddresses(address.group, withNames, addressList); 70 | } 71 | }); 72 | 73 | return addressList; 74 | } 75 | 76 | function parseAddressList(headers, key, withNames) { 77 | return parseAddressses( 78 | headers.getDecoded(key).map(header => header.value), 79 | withNames 80 | ); 81 | } 82 | 83 | function parseAddressses(headerList, withNames) { 84 | let map = convertAddresses( 85 | headerList.map(address => { 86 | if (typeof address === 'string') { 87 | address = addressparser(address); 88 | } 89 | return address; 90 | }), 91 | withNames 92 | ); 93 | return Array.from(map).map(entry => entry[1]); 94 | } 95 | 96 | function normalizeDomain(domain) { 97 | return punycode.toASCII(domain.toLowerCase().trim()); 98 | } 99 | 100 | function normalizeAddress(address, withNames) { 101 | if (typeof address === 'string') { 102 | address = { 103 | address 104 | }; 105 | } 106 | if (!address || !address.address) { 107 | return ''; 108 | } 109 | let user = address.address.substr(0, address.address.lastIndexOf('@')); 110 | let domain = address.address.substr(address.address.lastIndexOf('@') + 1); 111 | let addr = user.trim() + '@' + normalizeDomain(domain); 112 | 113 | if (withNames) { 114 | return { 115 | name: address.name || '', 116 | address: addr 117 | }; 118 | } 119 | 120 | return addr; 121 | } 122 | 123 | // helper function to flatten arrays 124 | function flatten(arr) { 125 | let flat = [].concat(...arr); 126 | return flat.some(Array.isArray) ? flatten(flat) : flat; 127 | } 128 | 129 | function divideLoad(pool) { 130 | // handle warmup settings 131 | let customShares = 0; 132 | let customShareRatio = 0; 133 | 134 | pool = pool.map(item => { 135 | let copy = {}; 136 | Object.keys(item || {}).forEach(key => { 137 | copy[key] = item[key]; 138 | }); 139 | 140 | if (copy.ratio) { 141 | copy.ratio = Math.min(Math.max(copy.ratio, 0), 1); 142 | customShareRatio += copy.ratio; 143 | customShares++; 144 | } 145 | 146 | return copy; 147 | }); 148 | 149 | let totalShares = 0; 150 | let smallestShare = Infinity; 151 | if (pool.length > customShares) { 152 | let shareable = 1 - Math.min(customShareRatio, 1); 153 | let defaultShare = shareable / (pool.length - customShares); 154 | pool.forEach(item => { 155 | if (!item.ratio) { 156 | item.ratio = defaultShare; 157 | } 158 | if (item.ratio) { 159 | if (item.ratio < smallestShare) { 160 | smallestShare = item.ratio; 161 | } 162 | totalShares += item.ratio; 163 | } 164 | }); 165 | } 166 | 167 | let totalItems = Math.ceil(totalShares / smallestShare); 168 | 169 | let result = []; 170 | pool.forEach(item => { 171 | if (!item || !item.ratio) { 172 | return; 173 | } 174 | let copies = Math.ceil(totalItems * item.ratio); 175 | if (copies) { 176 | for (let i = 0; i < copies; i++) { 177 | result.push(item); 178 | } 179 | } 180 | }); 181 | 182 | return result; 183 | } 184 | -------------------------------------------------------------------------------- /plugins/core/default-headers.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const os = require('os'); 4 | const uuid = require('uuid'); 5 | const addressTools = require('../../lib/address-tools'); 6 | const sendingZone = require('../../lib/sending-zone'); 7 | const hostname = os.hostname(); 8 | 9 | module.exports.title = 'Default headers'; 10 | module.exports.init = async app => { 11 | const addMissing = [].concat(app.config.addMissing || []).map(key => (key || '').toString().toLowerCase().trim()); 12 | 13 | // Ensure default headers like Date, Message-ID etc 14 | app.addHook('message:headers', async (envelope, messageInfo) => { 15 | // Fetch sender and receiver addresses 16 | envelope.parsedEnvelope = { 17 | from: addressTools.parseAddressList(envelope.headers, 'from').shift() || false, 18 | to: addressTools.parseAddressList(envelope.headers, 'to'), 19 | cc: addressTools.parseAddressList(envelope.headers, 'cc'), 20 | bcc: addressTools.parseAddressList(envelope.headers, 'bcc'), 21 | replyTo: addressTools.parseAddressList(envelope.headers, 'reply-to').shift() || false, 22 | sender: addressTools.parseAddressList(envelope.headers, 'sender').shift() || false 23 | }; 24 | 25 | if (envelope.envelopeFromHeader) { 26 | envelope.from = envelope.parsedEnvelope.from || envelope.parsedEnvelope.sender || ''; 27 | envelope.to = [] 28 | .concat(envelope.parsedEnvelope.to || []) 29 | .concat(envelope.parsedEnvelope.cc || []) 30 | .concat(envelope.parsedEnvelope.bcc || []); 31 | } 32 | 33 | // Check Message-ID: value. Add if missing 34 | let mId = envelope.headers.getFirst('message-id'); 35 | if (!mId) { 36 | mId = '<' + uuid.v4() + '@' + (envelope.from.substr(envelope.from.lastIndexOf('@') + 1) || hostname) + '>'; 37 | if (addMissing.includes('message-id')) { 38 | envelope.headers.remove('message-id'); // in case there's an empty value 39 | envelope.headers.add('Message-ID', mId); 40 | } 41 | } 42 | envelope.messageId = mId; 43 | messageInfo['message-id'] = envelope.messageId; 44 | 45 | // Check Sending Zone for this message 46 | // X-Sending-Zone: loopback 47 | // If Sending Zone is not set or missing then the default is used 48 | if (!envelope.sendingZone && app.config.allowRoutingHeaders.includes(envelope.interface)) { 49 | let sZone = envelope.headers.getFirst('x-sending-zone').toLowerCase(); 50 | if (sZone) { 51 | app.logger.verbose('Queue', 'Detected Zone %s for %s by headers', sZone, mId); 52 | envelope.sendingZone = sZone; 53 | } 54 | } 55 | 56 | // Check Date: value. Add if missing or invalid or future date 57 | let date = envelope.headers.getFirst('date'); 58 | let dateVal = new Date(date); 59 | if (!date || dateVal.toString() === 'Invalid Date' || dateVal < new Date(1000)) { 60 | date = new Date().toUTCString().replace(/GMT/, '+0000'); 61 | if (addMissing.includes('date')) { 62 | envelope.headers.remove('date'); // remove old empty or invalid values 63 | envelope.headers.add('Date', date); 64 | } 65 | } 66 | 67 | // Check if Date header indicates a time in the future (+/- 300s clock skew is allowed) 68 | if (app.config.futureDate && date && dateVal.toString() !== 'Invalid Date' && dateVal.getTime() > Date.now() + 5 * 60 * 1000) { 69 | // The date is in the future, defer the message. Max defer time is 1 year 70 | envelope.deferDelivery = Math.min(dateVal.getTime(), Date.now() + 365 * 24 * 3600 * 1000); 71 | } 72 | 73 | envelope.date = date; 74 | 75 | // Fetch X-FBL header for bounce tracking 76 | let xFbl = envelope.headers.getFirst('x-fbl').trim(); 77 | if (xFbl) { 78 | envelope.fbl = xFbl; 79 | } 80 | 81 | if (app.config.xOriginatingIP && envelope.origin && !['127.0.0.1', '::1'].includes(envelope.origin)) { 82 | envelope.headers.update('X-Originating-IP', '[' + envelope.origin + ']'); 83 | } 84 | 85 | // Remove sending-zone routing key if present 86 | envelope.headers.remove('x-sending-zone'); 87 | 88 | // Remove BCC if present 89 | envelope.headers.remove('bcc'); 90 | 91 | if (!envelope.sendingZone) { 92 | let sZone = sendingZone.findByHeaders(envelope.headers); 93 | if (sZone) { 94 | app.logger.verbose('Queue', 'Detected Zone %s for %s by headers', sZone, mId); 95 | envelope.sendingZone = sZone; 96 | } 97 | } 98 | }); 99 | 100 | app.addHook('sender:headers', async delivery => { 101 | // Ensure that there is at least one recipient header 102 | 103 | let hasRecipient = false; 104 | let hasContent = false; 105 | let hasMime = false; 106 | 107 | let keys = delivery.headers.getList().map(line => line.key); 108 | for (let i = 0, len = keys.length; i < len; i++) { 109 | if (!hasRecipient && ['to', 'cc', 'bcc'].includes(keys[i])) { 110 | hasRecipient = true; 111 | } 112 | if (!hasMime && keys[i] === 'mime-version') { 113 | hasMime = true; 114 | } 115 | if (!hasContent && ['content-transfer-encoding', 'content-type', 'content-disposition'].includes(keys[i])) { 116 | hasContent = true; 117 | } 118 | } 119 | 120 | if (!hasRecipient && addMissing.includes('to')) { 121 | // No recipient addresses found, add a To: 122 | // This should not conflict DKIM signature 123 | delivery.headers.add('To', delivery.envelope.to); 124 | } 125 | 126 | if (hasContent && !hasMime && addMissing.includes('mime-version')) { 127 | // Add MIME-Version to bottom 128 | delivery.headers.add('MIME-Version', '1.0', Infinity); 129 | } 130 | }); 131 | }; 132 | -------------------------------------------------------------------------------- /plugins/core/rspamd/index.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const RspamdClient = require('./rspamd-client'); 4 | 5 | module.exports.title = 'Rspamd Spam Check'; 6 | module.exports.init = function(app, done) { 7 | app.addAnalyzerHook((envelope, source, destination) => { 8 | let interfaces = Array.isArray(app.config.interfaces) ? app.config.interfaces : [].concat(app.config.interfaces || []); 9 | if (!interfaces.includes(envelope.interface) && !interfaces.includes('*')) { 10 | return source.pipe(destination); 11 | } 12 | 13 | let rspamdStream = new RspamdClient({ 14 | url: app.config.url, 15 | from: envelope.from, 16 | to: envelope.to, 17 | user: envelope.user, 18 | id: envelope.id, 19 | maxSize: app.config.maxSize, 20 | ip: app.config.ip === true ? envelope.origin : app.config.ip 21 | }); 22 | 23 | rspamdStream.on('fail', err => { 24 | app.logger.info('Rspamd', '%s SKIPPED "%s" (from=%s to=%s)', envelope.id, err.message, envelope.from, [].concat(envelope.to || []).join(',')); 25 | }); 26 | 27 | rspamdStream.on('response', response => { 28 | // store spam result to the envelope 29 | envelope.spam = response; 30 | let score = (Number(response && response.default && response.default.score) || 0).toFixed(2); 31 | let tests = [].concat((response && response.tests) || []).join(', '); 32 | let action = (response && response.default && response.default.action) || 'unknown'; 33 | app.logger.info('Rspamd', '%s RESULTS score=%s action="%s" [%s]', envelope.id, score, action, tests); 34 | 35 | app.remotelog(envelope.id, false, 'SPAMCHECK', { 36 | score, 37 | result: action, 38 | tests 39 | }); 40 | }); 41 | 42 | rspamdStream.once('error', err => { 43 | source.emit('error', err); 44 | }); 45 | 46 | let finished = false; 47 | let reading = false; 48 | let readNext = () => { 49 | let chunk = source.read(); 50 | if (chunk === null) { 51 | if (finished) { 52 | rspamdStream.end(); 53 | } 54 | reading = false; 55 | return; 56 | } 57 | if (!rspamdStream.write(chunk)) { 58 | return rspamdStream.once('drain', readNext); 59 | } 60 | readNext(); 61 | }; 62 | 63 | source.on('readable', () => { 64 | if (reading) { 65 | return; 66 | } 67 | reading = true; 68 | readNext(); 69 | }); 70 | 71 | source.once('end', () => { 72 | finished = true; 73 | if (reading) { 74 | return; 75 | } 76 | rspamdStream.end(); 77 | }); 78 | 79 | rspamdStream.pipe(destination); 80 | }); 81 | 82 | app.addHook('message:queue', (envelope, messageInfo, next) => { 83 | let interfaces = Array.isArray(app.config.interfaces) ? app.config.interfaces : [].concat(app.config.interfaces || []); 84 | if ((!interfaces.includes(envelope.interface) && !interfaces.includes('*')) || !envelope.spam || !envelope.spam.default) { 85 | return next(); 86 | } 87 | 88 | let score = Number(envelope.spam.default.score) || 0; 89 | score = Math.round(score * 100) / 100; 90 | 91 | messageInfo.tests = envelope.spam.tests.join(','); 92 | messageInfo.score = score.toFixed(2); 93 | 94 | if (!app.config.ignoreOrigins.includes(envelope.origin) && !envelope.ignoreSpamScore) { 95 | switch (envelope.spam.default.action) { 96 | case 'reject': 97 | if (app.config.dropSpam) { 98 | // accept message and silently drop it 99 | return next(app.drop(envelope, 'spam', messageInfo)); 100 | } 101 | // reject spam 102 | return next(app.reject(envelope, 'spam', messageInfo, '550 This message was classified as SPAM and may not be delivered')); 103 | case 'add header': 104 | case 'rewrite subject': 105 | case 'soft reject': 106 | if (app.config.rewriteSubject) { 107 | let subject = envelope.headers.getFirst('subject'); 108 | subject = ('[***SPAM(' + score.toFixed(2) + ')***] ' + subject).trim(); 109 | envelope.headers.update('Subject', subject); 110 | } 111 | break; 112 | } 113 | } 114 | 115 | next(); 116 | }); 117 | 118 | app.addHook('sender:headers', (delivery, connection, next) => { 119 | if (delivery.spam && delivery.spam.default) { 120 | // insert spam headers to the bottom of the header section 121 | let statusParts = []; 122 | 123 | // This is ougtgoing message so the recipient would have exactly 0 reasons to trust our 124 | // X-Spam-* headers, thus we use custom headers X-Zone-Spam-* and these are for debugging 125 | // purposes only 126 | 127 | if ('score' in delivery.spam.default) { 128 | statusParts.push('score=' + delivery.spam.default.score); 129 | } 130 | 131 | if ('required_score' in delivery.spam.default) { 132 | statusParts.push('required=' + delivery.spam.default.required_score); 133 | } 134 | 135 | if (Array.isArray(delivery.spam.tests) && delivery.spam.tests.length) { 136 | statusParts.push('tests=[' + delivery.spam.tests.join(', ') + ']'); 137 | } 138 | 139 | delivery.headers.add('X-Zone-Spam-Resolution', delivery.spam.default.action, Infinity); 140 | delivery.headers.add( 141 | 'X-Zone-Spam-Status', 142 | (delivery.spam.default.is_spam ? 'Yes' : 'No') + (statusParts.length ? ', ' + statusParts.join(', ') : ''), 143 | Infinity 144 | ); 145 | } 146 | next(); 147 | }); 148 | 149 | done(); 150 | }; 151 | -------------------------------------------------------------------------------- /lib/dkim-relaxed-body.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | // streams through a message body and calculates relaxed body hash 4 | 5 | const Transform = require('stream').Transform; 6 | const crypto = require('crypto'); 7 | 8 | class DkimRelaxedBody extends Transform { 9 | constructor(options) { 10 | super(); 11 | options = options || {}; 12 | this.chunkBuffer = []; 13 | this.chunkBufferLen = 0; 14 | this.bodyHash = crypto.createHash(options.hashAlgo || 'sha1'); 15 | this.remainder = ''; 16 | this.byteLength = 0; 17 | 18 | this.debug = options.debug; 19 | this._debugBody = options.debug ? [] : false; 20 | } 21 | 22 | updateHash(chunk) { 23 | let bodyStr; 24 | 25 | // find next remainder 26 | let nextRemainder = ''; 27 | 28 | // This crux finds and removes the spaces from the last line and the newline characters after the last non-empty line 29 | // If we get another chunk that does not match this description then we can restore the previously processed data 30 | let state = 'file'; 31 | for (let i = chunk.length - 1; i >= 0; i--) { 32 | let c = chunk[i]; 33 | 34 | if (state === 'file' && (c === 0x0a || c === 0x0d)) { 35 | // do nothing, found \n or \r at the end of chunk, stil end of file 36 | } else if (state === 'file' && (c === 0x09 || c === 0x20)) { 37 | // switch to line ending mode, this is the last non-empty line 38 | state = 'line'; 39 | } else if (state === 'line' && (c === 0x09 || c === 0x20)) { 40 | // do nothing, found ' ' or \t at the end of line, keep processing the last non-empty line 41 | } else if (state === 'file' || state === 'line') { 42 | // non line/file ending character found, switch to body mode 43 | state = 'body'; 44 | if (i === chunk.length - 1) { 45 | // final char is not part of line end or file end, so do nothing 46 | break; 47 | } 48 | } 49 | 50 | if (i === 0) { 51 | // reached to the beginning of the chunk, check if it is still about the ending 52 | // and if the remainder also matches 53 | if ( 54 | (state === 'file' && (!this.remainder || /[\r\n]$/.test(this.remainder))) || 55 | (state === 'line' && (!this.remainder || /[ \t]$/.test(this.remainder))) 56 | ) { 57 | // keep everything 58 | this.remainder += chunk.toString('binary'); 59 | return; 60 | } else if (state === 'line' || state === 'file') { 61 | // process existing remainder as normal line but store the current chunk 62 | nextRemainder = chunk.toString('binary'); 63 | chunk = false; 64 | break; 65 | } 66 | } 67 | 68 | if (state !== 'body') { 69 | continue; 70 | } 71 | 72 | // reached first non ending byte 73 | nextRemainder = chunk.slice(i + 1).toString('binary'); 74 | chunk = chunk.slice(0, i + 1); 75 | break; 76 | } 77 | 78 | let needsFixing = !!this.remainder; 79 | if (chunk && !needsFixing) { 80 | // check if we even need to change anything 81 | for (let i = 0, len = chunk.length; i < len; i++) { 82 | if (i && chunk[i] === 0x0a && chunk[i - 1] !== 0x0d) { 83 | // missing \r before \n 84 | needsFixing = true; 85 | break; 86 | } else if (i && chunk[i] === 0x0d && chunk[i - 1] === 0x20) { 87 | // trailing WSP found 88 | needsFixing = true; 89 | break; 90 | } else if (i && chunk[i] === 0x20 && chunk[i - 1] === 0x20) { 91 | // multiple spaces found, needs to be replaced with just one 92 | needsFixing = true; 93 | break; 94 | } else if (chunk[i] === 0x09) { 95 | // TAB found, needs to be replaced with a space 96 | needsFixing = true; 97 | break; 98 | } 99 | } 100 | } 101 | 102 | if (needsFixing) { 103 | bodyStr = this.remainder + (chunk ? chunk.toString('binary') : ''); 104 | this.remainder = nextRemainder; 105 | bodyStr = bodyStr 106 | .replace(/\r?\n/g, '\n') // use js line endings 107 | .replace(/[ \t]*$/gm, '') // remove line endings, rtrim 108 | .replace(/[ \t]+/gm, ' ') // single spaces 109 | .replace(/\n/g, '\r\n'); // restore rfc822 line endings 110 | chunk = Buffer.from(bodyStr, 'binary'); 111 | } else if (nextRemainder) { 112 | this.remainder = nextRemainder; 113 | } 114 | 115 | if (this.debug) { 116 | this._debugBody.push(chunk); 117 | } 118 | this.bodyHash.update(chunk); 119 | } 120 | 121 | _transform(chunk, encoding, callback) { 122 | if (!chunk || !chunk.length) { 123 | return callback(); 124 | } 125 | 126 | if (typeof chunk === 'string') { 127 | chunk = Buffer.from(chunk, encoding); 128 | } 129 | 130 | this.updateHash(chunk); 131 | 132 | this.byteLength += chunk.length; 133 | this.push(chunk); 134 | 135 | callback(); 136 | } 137 | 138 | _flush(callback) { 139 | // generate final hash and emit it 140 | if (/[\r\n]$/.test(this.remainder) && this.byteLength > 2) { 141 | // add terminating line end 142 | this.bodyHash.update(Buffer.from('\r\n')); 143 | } 144 | if (!this.byteLength) { 145 | // emit empty line buffer to keep the stream flowing 146 | this.push(Buffer.from('\r\n')); 147 | // this.bodyHash.update(Buffer.from('\r\n')); 148 | } 149 | this.emit('hash', this.bodyHash.digest('base64'), this.debug ? Buffer.concat(this._debugBody) : false); 150 | callback(); 151 | } 152 | } 153 | 154 | module.exports = DkimRelaxedBody; 155 | -------------------------------------------------------------------------------- /services/sender.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | // NB! This script is ran as a separate process, so no direct access to the queue, no data 4 | // sharing with other part of the code etc. 5 | 6 | const argv = require('minimist')(process.argv.slice(2)); 7 | const SendingZone = require('../lib/sending-zone').SendingZone; 8 | const config = require('wild-config'); 9 | const log = require('npmlog'); 10 | const bounces = require('../lib/bounces'); 11 | 12 | // initialize plugin system 13 | const plugins = require('../lib/plugins'); 14 | plugins.init('sender'); 15 | 16 | const Sender = require('../lib/sender'); 17 | const crypto = require('crypto'); 18 | 19 | const QueueClient = require('../lib/transport/client'); 20 | const queueClient = new QueueClient(config.queueServer); 21 | const RemoteQueue = require('../lib/remote-queue'); 22 | const ConnectionPool = require('../lib/connection-pool'); 23 | 24 | const senders = new Set(); 25 | 26 | let cmdId = 0; 27 | let responseHandlers = new Map(); 28 | 29 | let closing = false; 30 | let zone; 31 | 32 | // Read command line arguments 33 | let currentZone = argv.senderName; 34 | let clientId = argv.senderId || crypto.randomBytes(10).toString('hex'); 35 | 36 | // Find and setup correct Sending Zone 37 | Object.keys(config.zones || {}).find(zoneName => { 38 | let zoneData = config.zones[zoneName]; 39 | if (zoneName === currentZone) { 40 | zone = new SendingZone(zoneName, zoneData, false); 41 | return true; 42 | } 43 | return false; 44 | }); 45 | 46 | if (!zone) { 47 | log.error('Sender/' + process.pid, 'Unknown Zone %s', currentZone); 48 | return process.exit(5); 49 | } 50 | 51 | let logName = 'Sender/' + zone.name + '/' + process.pid; 52 | log.level = 'logLevel' in zone ? zone.logLevel : config.log.level; 53 | log.info(logName, '[%s] Starting sending for %s', clientId, zone.name); 54 | 55 | process.title = config.ident + ': sender/' + currentZone; 56 | 57 | let sendCommand = (cmd, callback) => { 58 | let id = ++cmdId; 59 | let data = { 60 | req: id 61 | }; 62 | 63 | if (typeof cmd === 'string') { 64 | cmd = { 65 | cmd 66 | }; 67 | } 68 | 69 | Object.keys(cmd).forEach(key => (data[key] = cmd[key])); 70 | responseHandlers.set(id, callback); 71 | queueClient.send(data); 72 | }; 73 | 74 | const connectionPool = new ConnectionPool(sendCommand); 75 | 76 | queueClient.connect(err => { 77 | if (err) { 78 | log.error(logName, 'Could not connect to Queue server. %s', err.message); 79 | process.exit(1); 80 | } 81 | 82 | queueClient.on('close', () => { 83 | if (!closing) { 84 | log.error(logName, 'Connection to Queue server closed unexpectedly'); 85 | process.exit(1); 86 | } 87 | }); 88 | 89 | queueClient.on('error', err => { 90 | if (!closing) { 91 | log.error(logName, 'Connection to Queue server ended with error %s', err.message); 92 | process.exit(1); 93 | } 94 | }); 95 | 96 | queueClient.onData = (data, next) => { 97 | let callback; 98 | if (responseHandlers.has(data.req)) { 99 | callback = responseHandlers.get(data.req); 100 | responseHandlers.delete(data.req); 101 | setImmediate(() => callback(data.error ? new Error(data.error) : null, !data.error && data.response)); 102 | } 103 | next(); 104 | }; 105 | 106 | // Notify the server about the details of this client 107 | queueClient.send({ 108 | cmd: 'HELLO', 109 | zone: zone.name, 110 | id: clientId 111 | }); 112 | 113 | let queue = new RemoteQueue(); 114 | queue.init(sendCommand, err => { 115 | if (err) { 116 | log.error(logName, 'Queue error %s', err.message); 117 | return process.exit(1); 118 | } 119 | 120 | plugins.handler.queue = queue; 121 | 122 | plugins.handler.load(() => { 123 | log.verbose(logName, '%s plugins loaded', plugins.handler.loaded.length); 124 | }); 125 | 126 | let zoneCounter = 0; 127 | let zoneConnections = zone.connections; 128 | 129 | let spawnConnections = count => { 130 | // start sending instances 131 | for (let i = 0; i < count; i++) { 132 | // use artificial delay to lower the chance of races 133 | setTimeout(() => { 134 | let sender = new Sender(clientId, ++zoneCounter, zone, sendCommand, queue, connectionPool); 135 | senders.add(sender); 136 | sender.once('error', err => { 137 | log.info(logName, 'Sender error. %s', err.message); 138 | closing = true; 139 | senders.forEach(sender => { 140 | sender.removeAllListeners('error'); 141 | sender.close(); 142 | }); 143 | senders.clear(); 144 | }); 145 | }, Math.random() * 1500); 146 | } 147 | }; 148 | 149 | spawnConnections(zoneConnections); 150 | 151 | config.on('reload', () => { 152 | bounces.reloadBounces(); 153 | 154 | zone.update(config.zones[zone.name]); 155 | 156 | if (zoneConnections !== zone.connections) { 157 | if (zoneConnections < zone.connections) { 158 | spawnConnections(zone.connections - zoneConnections); 159 | } else if (zoneConnections > zone.connections) { 160 | let i = 0; 161 | let deletedSenders = []; 162 | senders.forEach(sender => { 163 | if (i++ > zone.connections) { 164 | deletedSenders.push(sender); 165 | } 166 | }); 167 | deletedSenders.forEach(sender => { 168 | sender.removeAllListeners('error'); 169 | sender.close(); 170 | senders.delete(sender); 171 | }); 172 | deletedSenders = false; 173 | } 174 | zoneConnections = zone.connections; 175 | } 176 | 177 | log.info(logName, '[%s] Configuration reloaded', clientId); 178 | }); 179 | 180 | setImmediate(() => { 181 | process.send({ startup: true }); 182 | }); 183 | }); 184 | }); 185 | -------------------------------------------------------------------------------- /lib/queue-locker.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | // TODO: use TtlCache for storing locks instead of implementing a separate solution 4 | 5 | class QueueLocker { 6 | constructor() { 7 | this.defaultTtl = 10 * 60 * 1000; 8 | 9 | this.locks = new Map(); 10 | this.zones = new Map(); 11 | this.lockOwners = new Map(); 12 | 13 | this.nextExpireCheck = Infinity; 14 | this.lockCheckTimer = false; 15 | } 16 | 17 | lockExists(key) { 18 | if (this.locks.has(key)) { 19 | let lock = this.locks.get(key); 20 | if (lock.nextExpire < Date.now()) { 21 | this.release(key); 22 | } else { 23 | return true; 24 | } 25 | } 26 | return false; 27 | } 28 | 29 | domainIsSkipped(zone, domain) { 30 | if (!domain) { 31 | return false; 32 | } 33 | 34 | if (!this.zones.has(zone)) { 35 | return false; 36 | } 37 | 38 | let zoneData = this.zones.get(zone); 39 | if (zoneData.skip && zoneData.skip.has(domain)) { 40 | return true; 41 | } 42 | 43 | return false; 44 | } 45 | 46 | lock(key, zone, domain, lockOwner, maxConnections, ttl) { 47 | if (this.lockExists(key)) { 48 | return false; 49 | } 50 | 51 | /* 52 | if (domain && this.domainIsSkipped(zone, domain)) { 53 | // lock the domain but do not skip entry 54 | return false; 55 | } 56 | */ 57 | 58 | ttl = ttl || this.defaultTtl; 59 | let expires = Date.now() + ttl; 60 | 61 | let lock = { 62 | key, 63 | zone, 64 | domain, 65 | lockOwner, 66 | maxConnections: Number(maxConnections) || 0, 67 | ttl, 68 | expires, 69 | created: new Date() 70 | }; 71 | 72 | this.locks.set(key, lock); 73 | 74 | if (expires < this.nextExpireCheck) { 75 | this.nextExpireCheck = expires; 76 | clearTimeout(this.lockCheckTimer); 77 | this.lockCheckTimer = setTimeout(() => this.checkExpired(), Math.max(expires + 1 - Date.now(), 0)); 78 | this.lockCheckTimer.unref(); 79 | } 80 | 81 | // link lock with sender instance 82 | if (!this.lockOwners.has(lockOwner)) { 83 | this.lockOwners.set(lockOwner, new Set()); 84 | } 85 | this.lockOwners.get(lockOwner).add(lock); 86 | 87 | if (!this.zones.has(zone)) { 88 | this.zones.set(zone, { 89 | domains: new Map(), 90 | skip: new Set() 91 | }); 92 | } 93 | let zoneData = this.zones.get(zone); 94 | 95 | if (domain) { 96 | // store reference for domain to zone 97 | if (!zoneData.domains.has(domain)) { 98 | zoneData.domains.set(domain, new Set()); 99 | } 100 | zoneData.domains.get(domain).add(lock); 101 | 102 | if (maxConnections && zoneData.domains.get(domain).size >= maxConnections && !zoneData.skip.has(domain)) { 103 | zoneData.skip.add(domain); 104 | zoneData.skipCache = false; 105 | } else if (zoneData.skip.has(domain)) { 106 | zoneData.skip.delete(domain); 107 | zoneData.skipCache = false; 108 | } 109 | } 110 | 111 | return true; 112 | } 113 | 114 | release(key) { 115 | if (!key) { 116 | return false; 117 | } 118 | 119 | if (!this.locks.has(key)) { 120 | return false; 121 | } 122 | 123 | let lock = this.locks.get(key); 124 | this.locks.delete(key); 125 | 126 | if (this.lockOwners.has(lock.lockOwner)) { 127 | this.lockOwners.get(lock.lockOwner).delete(lock); 128 | if (!this.lockOwners.get(lock.lockOwner).size) { 129 | this.lockOwners.delete(lock.lockOwner); 130 | } 131 | } 132 | 133 | if (this.zones.has(lock.zone)) { 134 | let zoneData = this.zones.get(lock.zone); 135 | if (lock.domain && zoneData.domains.has(lock.domain)) { 136 | let domainData = zoneData.domains.get(lock.domain); 137 | if (domainData.has(lock)) { 138 | domainData.delete(lock); 139 | if ((!lock.maxConnections || domainData.size < lock.maxConnections) && zoneData.skip.has(lock.domain)) { 140 | zoneData.skip.delete(lock.domain); 141 | zoneData.skipCache = false; 142 | } 143 | } 144 | if (!domainData.size) { 145 | zoneData.domains.delete(lock.domain); 146 | } 147 | if (!zoneData.domains.size) { 148 | this.zones.delete(lock.zone); 149 | } 150 | } 151 | } 152 | 153 | if (!this.locks.size) { 154 | clearTimeout(this.lockCheckTimer); 155 | this.nextExpireCheck = Infinity; 156 | } 157 | 158 | return true; 159 | } 160 | 161 | releaseLockOwner(lockOwner) { 162 | if (!this.lockOwners.has(lockOwner)) { 163 | return false; 164 | } 165 | let keys = []; 166 | this.lockOwners.get(lockOwner).forEach(lock => keys.push(lock.key)); 167 | keys.forEach(key => this.release(key)); 168 | } 169 | 170 | checkExpired() { 171 | clearTimeout(this.lockCheckTimer); 172 | 173 | let now = Date.now(); 174 | let expired = []; 175 | 176 | this.nextExpireCheck = Infinity; 177 | this.locks.forEach(lock => { 178 | if (lock.expires <= now) { 179 | expired.push(lock.key); 180 | } else if (lock.expires < this.nextExpireCheck) { 181 | this.nextExpireCheck = lock.expires; 182 | } 183 | }); 184 | expired.forEach(key => this.release(key)); 185 | if (this.locks.size) { 186 | this.lockCheckTimer = setTimeout(() => this.checkExpired(), Math.max(this.nextExpireCheck + 1 - Date.now(), 0)); 187 | this.lockCheckTimer.unref(); 188 | } 189 | } 190 | 191 | listSkipDomains(zone) { 192 | if (this.zones.has(zone)) { 193 | let zoneData = this.zones.get(zone); 194 | if (!zoneData.skipCache) { 195 | zoneData.skipCache = Array.from(zoneData.skip); 196 | } 197 | if (!zoneData.skipCache || !zoneData.skipCache.length) { 198 | return false; 199 | } 200 | return zoneData.skipCache; 201 | } 202 | return false; 203 | } 204 | } 205 | 206 | module.exports = QueueLocker; 207 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # CHANGELOG 2 | 3 | - v3.3.0 2022-02-23 4 | 5 | - Bumped deps (fixes issue with 334 response) 6 | - Replaced deprecated cursor.count() calls with collection.countDocuments() 7 | 8 | - v3.2.4 2021-10-01 9 | 10 | - Extra logging options for HTTP message uploads 11 | 12 | - v3.2.3 2021-09-23 13 | 14 | - Fix broken mongodb collection.find() 15 | 16 | - v3.2.0 2021-09-05 17 | 18 | - Update mongodb library from v3 to v4 19 | - Fix connection pooling with IPv6 (jpbede) 20 | 21 | - v3.1.0 2021-06-01 22 | 23 | - Bumped dependencies 24 | 25 | - v3.0.0 2021-05-14 26 | 27 | - Added new plugin hook 'smtp:sni' for custom secure context 28 | - Allow using promise based plugins instead of callbacks 29 | - Allow calling plugin hooks without ZoneMTA daemon running (allows to reuse ZoneMTA plugins in external applications) 30 | - Requires at least Node v10 31 | 32 | - v2.4.3 2021-03-04 33 | 34 | - Prom Client uses promises, so had to fix compatibility for the API server 35 | 36 | - v2.4.1 2021-02-01 37 | 38 | - another attempt to fix error message for too large emails 39 | 40 | - v2.4.0 2021-02-01 41 | 42 | - Handle suppression entries case-insensitive (teefax) 43 | - Add messageId to the entry object when using remote log (ohmysmtp) 44 | - do not wait longer than 500ms for DNS redis cache response 45 | - fix error message for too large emails 46 | 47 | - v2.3.3 2020-10-06 48 | 49 | - Minor changes in blacklist rules 50 | 51 | - v2.3.2 2020-10-05 52 | 53 | - Do not categorize response codes like 550 automaticaly as "recipient" 54 | 55 | - v2.3.1 2020-09-24 56 | 57 | - Updates in bounce messages 58 | 59 | - v2.3.0 2020-06-25 60 | 61 | - Added new hook 'sender:connection' that is run for every message, even when using cached connections 62 | 63 | - v2.2.0 2020-05-27 64 | 65 | - Updated garbage collection to delete orphaned message chunks by \_id 66 | - Added new option queue.maxQueueTime (default 30 days) to delete unprocessed entries from queue 67 | 68 | - v2.1.0 2020-05-27 69 | 70 | - Added bunch of new bounce responses 71 | - There is now a connection pool (since 2.0.0) 72 | 73 | - v1.17.0 2019-06-14 74 | 75 | - Fixed O365 bounce msg. (jpbede) 76 | - Make plugin api doc clear (jpbede) 77 | - Plugin HTTP API (jpbede) 78 | - DKIM: Configurable headers to sign (jpbede) 79 | - Make default zone configurable (jpbede) 80 | - Added new hook "smtp:connect" (jpbede) 81 | - added new outlook blacklist response 82 | - Add gmail block and odd greylist bounces (louis-lau) 83 | 84 | - v1.16.3 2019-06-14 85 | 86 | - Do not cache failed STARTTLS info, always try encryption first 87 | 88 | - v1.16.1 2019-06-10 89 | 90 | - Bumped dependencies to get rid of security warnings 91 | - Some new blacklist filters 92 | 93 | - v1.16.0 2019-04-04 94 | 95 | - Added new hook "sender:delivered" 96 | 97 | - v1.15.6 2019-03-21 98 | 99 | - Reverted Restify from 8 to 7 as 8 does not support Node v6 100 | - Convert line endings for incoming messages to always use 0x0D 0x0A, otherwise DKIM might get messed up 101 | 102 | - v1.15.5 2019-03-18 103 | 104 | - Added new headers to DKIM list 105 | 106 | - v1.15.4 2019-02-20 107 | 108 | - Fixed a typo in blacklist detection patterns 109 | 110 | - v1.15.0 2019-01-24 111 | 112 | - Fixed broken TLS support on connection 113 | 114 | - v1.14.0 2019-01-04 115 | 116 | - Fixed useProxy setting 117 | 118 | - v1.13.0 2018-10-23 119 | 120 | - Added option for plugins to send messages to Graylog 121 | 122 | - v1.12.1 2018-10-19 123 | 124 | - Log connection errors to MX servers 125 | 126 | - v1.12.0 2018-09-24 127 | 128 | - Allow overrideing database entry keys for deferred messages using `delivery.updates = {keys}` 129 | 130 | - v1.11.0 2018-09-14 131 | 132 | - Allow disabled bounce emails for messages from specific interfaces 133 | 134 | - v1.10.8 2018-09-12 135 | 136 | - Fixed issue with missing CA certs 137 | 138 | - v1.10.4 2018-08-22 139 | 140 | - Fixed an issue with MX connection timeouts where a working MX exisits but never was tried 141 | 142 | - v1.10.2 2018-08-16 143 | 144 | - Fixed broken relay 145 | 146 | - v1.10.0 2018-07-30 147 | 148 | - Bumped dependencies. Upgraded MongoDB driver to 3.1. 149 | 150 | - v1.8.4 2018-05-25 151 | 152 | - Fixed `host` option for zones 153 | 154 | - v1.8.1 2018-05-22 155 | 156 | - Use delivery object for the connect hook argument 157 | 158 | - v1.8.0 2018-05-17 159 | 160 | - Offload TCP connections for MX to mx-connect module 161 | 162 | - v1.7.3 2018-04-28 163 | 164 | - Fixed race condition with Redis on large number of sending zone processes 165 | 166 | - v1.7.0 2018-04-17 167 | 168 | - Allow using SMTP [server options](https://nodemailer.com/extras/smtp-server/#step-3-create-smtpserver-instance) for SMTP interfaces 169 | 170 | - v1.6.0 2018-02-08 171 | 172 | - Changed index handling. Indexes are defined in indexes.yaml instead of being hard coded to mail-queue.js 173 | - Do not search using \$ne, instead a separate index was added 174 | 175 | --- 176 | 177 | - v1.0.0-beta.25 2017-03-13 178 | 179 | - Drop LevelDB support entirely, use MongoDB for all storage related stuff 180 | 181 | - v1.0.0-beta.16 2017-01-30 182 | 183 | - Start using MongoDB GridFS for message storage instead of storing messages in LevelDB. This is an external requirement, MongoDB does not come bundled with ZoneMTA 184 | 185 | - v1.0.0-beta.3 2017-01-02 186 | 187 | - Log message data to UDP 188 | 189 | - v1.0.0-beta.2 2016-12-23 190 | 191 | - Do not store deleted messages, remove everything in the first possible moment 192 | 193 | - v0.1.0-alpha.8 2016-10-05 194 | 195 | - Added cli command "zone-mta" to create and run ZoneMTA applications 196 | - Added API endpoint to check message status in queue 197 | - Added new plugin option (`app.addStreamHook`) to process attachment streams without modifying the message. This can be used to store attachments to disk or calculating hashes etc. on the fly 198 | 199 | - v0.1.0-alpha.5 2016-09-25 200 | 201 | - Allow multiple SMTP interfaces (one for 465, one for 587 etc) 202 | 203 | - v0.1.0-alpha.4 2016-09-21 204 | 205 | - Added option to log to syslog instead of stderr 206 | 207 | - v0.1.0-alpha.3 2016-09-21 208 | 209 | - Added plugin system to be able to easily extend ZoneMTA 210 | - Added plugin to use Rspamd for message scanning 211 | - Added plugin to send bounce notifications either to an URL or email address or both 212 | - Converted built-in HTTP calls to optional plugins (authentication, sender config etc) 213 | - Allow total or partial message rewriting through the rewrite API 214 | 215 | - v0.1.0-alpha.2 2016-09-06 216 | 217 | - Added option to forward messages of a Zone not to MX but to another predefined MTA 218 | 219 | - v0.1.0-alpha.1 2016-09-06 220 | - Initial release 221 | -------------------------------------------------------------------------------- /app.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | // Main application file 4 | // Run as 'node app.js' to start 5 | const path = require('path'); 6 | process.env.NODE_CONFIG_DIR = path.join(__dirname, '.', 'config'); 7 | const config = require('wild-config'); 8 | 9 | if (process.env.NODE_CONFIG_ONLY === 'true') { 10 | console.log(require('util').inspect(config, false, 22)); // eslint-disable-line 11 | return process.exit(); 12 | } 13 | 14 | const fs = require('fs'); 15 | const log = require('npmlog'); 16 | log.level = config.log.level; 17 | 18 | // do not pass node args to children (--inspect, --max-old-space-size etc.) 19 | process.execArgv = []; 20 | 21 | const promClient = require('prom-client'); // eslint-disable-line no-unused-vars 22 | 23 | const SMTPProxy = require('./lib/receiver/smtp-proxy'); 24 | const APIServer = require('./lib/api-server'); 25 | const QueueServer = require('./lib/queue-server'); 26 | const MailQueue = require('./lib/mail-queue'); 27 | const sendingZone = require('./lib/sending-zone'); 28 | const plugins = require('./lib/plugins'); 29 | const packageData = require('./package.json'); 30 | 31 | process.title = config.ident + ': master process'; 32 | 33 | printLogo(); 34 | 35 | const smtpInterfaces = []; 36 | const apiServer = new APIServer(); 37 | const queueServer = new QueueServer(); 38 | const queue = new MailQueue(config.queue); 39 | 40 | promClient.collectDefaultMetrics({ timeout: 5000 }); 41 | 42 | config.on('reload', () => { 43 | queue.cache.flush(); 44 | log.info('APP', 'Configuration reloaded'); 45 | }); 46 | 47 | plugins.init('main'); 48 | 49 | let startSMTPInterfaces = done => { 50 | let keys = Object.keys(config.smtpInterfaces || {}).filter(key => config.smtpInterfaces[key].enabled); 51 | let pos = 0; 52 | let startNext = () => { 53 | if (pos >= keys.length) { 54 | return done(); 55 | } 56 | let key = keys[pos++]; 57 | let smtpProxy = new SMTPProxy(key, config.smtpInterfaces[key]); 58 | smtpProxy.start(err => { 59 | if (err) { 60 | log.error('SMTP/' + smtpProxy.interface, 'Could not start ' + key + ' MTA server'); 61 | log.error('SMTP/' + smtpProxy.interface, err); 62 | return done(err); 63 | } 64 | log.info('SMTP/' + smtpProxy.interface, 'SMTP ' + key + ' MTA server started listening on port %s', config.smtpInterfaces[key].port); 65 | smtpInterfaces.push(smtpProxy); 66 | return startNext(); 67 | }); 68 | }; 69 | startNext(); 70 | }; 71 | 72 | // Starts the queueing MTA 73 | startSMTPInterfaces(err => { 74 | if (err) { 75 | return process.exit(1); 76 | } 77 | queueServer.start(err => { 78 | if (err) { 79 | log.error('QS', 'Could not start Queue server'); 80 | log.error('QS', err); 81 | return process.exit(2); 82 | } 83 | log.info('QS', 'Queue server started'); 84 | 85 | // Starts the API HTTP REST server that is used by sending processes to fetch messages from the queue 86 | apiServer.start(err => { 87 | if (err) { 88 | log.error('API', 'Could not start API server'); 89 | log.error('API', err); 90 | return process.exit(2); 91 | } 92 | log.info('API', 'API server started'); 93 | 94 | // downgrade user if needed 95 | if (config.group) { 96 | try { 97 | process.setgid(config.group); 98 | log.info('Service', 'Changed group to "%s" (%s)', config.group, process.getgid()); 99 | } catch (E) { 100 | log.error('Service', 'Failed to change group to "%s" (%s)', config.group, E.message); 101 | return process.exit(1); 102 | } 103 | } 104 | if (config.user) { 105 | try { 106 | process.setuid(config.user); 107 | log.info('Service', 'Changed user to "%s" (%s)', config.user, process.getuid()); 108 | } catch (E) { 109 | log.error('Service', 'Failed to change user to "%s" (%s)', config.user, E.message); 110 | return process.exit(1); 111 | } 112 | } 113 | 114 | queue.init(err => { 115 | if (err) { 116 | log.error('Queue', 'Could not initialize sending queue'); 117 | log.error('Queue', err); 118 | return process.exit(3); 119 | } 120 | log.info('Queue', 'Sending queue initialized'); 121 | 122 | apiServer.setQueue(queue); 123 | queueServer.setQueue(queue); 124 | 125 | // spawn SMTP server interfaces 126 | smtpInterfaces.forEach(smtp => smtp.spawnReceiver()); 127 | 128 | // spawn sending zones 129 | sendingZone.init(queue, () => { 130 | plugins.handler.queue = queue; 131 | plugins.handler.apiServer = apiServer; 132 | plugins.handler.load(() => { 133 | log.verbose('Plugins', 'Plugins loaded'); 134 | }); 135 | }); 136 | }); 137 | }); 138 | }); 139 | }); 140 | 141 | let forceStop = code => { 142 | log.info('Process', 'Force closing...'); 143 | try { 144 | queue.db.close(() => false); 145 | } catch (E) { 146 | // ignore 147 | } 148 | setTimeout(() => process.exit(code), 10); 149 | return; 150 | }; 151 | 152 | let stop = code => { 153 | code = code || 0; 154 | if (queue.closing) { 155 | return forceStop(code); 156 | } 157 | log.info('Process', 'Server closing down...'); 158 | queue.closing = true; 159 | 160 | let closed = 0; 161 | let checkClosed = () => { 162 | if (++closed === 2 + smtpInterfaces.length) { 163 | if (queue.db) { 164 | queue.db.close(() => process.exit(code)); 165 | } else { 166 | process.exit(code); 167 | } 168 | } 169 | }; 170 | 171 | // Stop accepting any new connections 172 | smtpInterfaces.forEach(smtpInterface => 173 | smtpInterface.close(() => { 174 | // wait until all connections to the SMTP server are closed 175 | log.info(smtpInterface.logName, 'Service closed'); 176 | checkClosed(); 177 | }) 178 | ); 179 | 180 | apiServer.close(() => { 181 | // wait until all connections to the API HTTP are closed 182 | log.info('API', 'Service closed'); 183 | checkClosed(); 184 | }); 185 | 186 | queueServer.close(() => { 187 | // wait until all connections to the API HTTP are closed 188 | log.info('QS', 'Service closed'); 189 | checkClosed(); 190 | }); 191 | queue.stop(); 192 | 193 | // If we were not able to stop other stuff by 10 sec. force close 194 | let forceExitTimer = setTimeout(() => forceStop(code), 10 * 1000); 195 | forceExitTimer.unref(); 196 | }; 197 | 198 | process.on('SIGINT', () => stop()); 199 | process.on('SIGTERM', () => stop()); 200 | 201 | process.on('uncaughtException', err => { 202 | log.error('Process', 'Uncaught exception'); 203 | log.error('Process', err); 204 | stop(4); 205 | }); 206 | 207 | function printLogo() { 208 | let logo = fs 209 | .readFileSync(__dirname + '/logo.txt', 'utf-8') 210 | .replace(/^\n+|\n+$/g, '') 211 | .split('\n'); 212 | 213 | let columnLength = logo.map(l => l.length).reduce((max, val) => (val > max ? val : max), 0); 214 | let versionString = ' ' + packageData.name + '@' + packageData.version + ' '; 215 | let versionPrefix = '-'.repeat(Math.round(columnLength / 2 - versionString.length / 2)); 216 | let versionSuffix = '-'.repeat(columnLength - versionPrefix.length - versionString.length); 217 | 218 | log.info('App', ' ' + '-'.repeat(columnLength)); 219 | log.info('App', ''); 220 | 221 | logo.forEach(line => { 222 | log.info('App', ' ' + line); 223 | }); 224 | 225 | log.info('App', ''); 226 | 227 | log.info('App', ' ' + versionPrefix + versionString + versionSuffix); 228 | log.info('App', ''); 229 | } 230 | -------------------------------------------------------------------------------- /test/fixtures/message1.eml: -------------------------------------------------------------------------------- 1 | Content-Type: multipart/mixed; 2 | boundary="----sinikael-?=_1-14707412835060.25498316106673347" 3 | From: Andris Test 4 | To: andris.reinman@gmail.com 5 | Subject: Nodemailer is unicode friendly =?UTF-8?Q?=E2=9C=94?= 1470741283502 6 | Message-ID: 7 | X-Mailer: nodemailer (2.5.0; +http://nodemailer.com/; SMTP 8 | (pool)/2.7.0[client:2.8.0]) 9 | Date: Tue, 09 Aug 2016 11:14:43 +0000 10 | MIME-Version: 1.0 11 | 12 | ------sinikael-?=_1-14707412835060.25498316106673347 13 | Content-Type: multipart/alternative; 14 | boundary="----sinikael-?=_2-14707412835060.25498316106673347" 15 | 16 | ------sinikael-?=_2-14707412835060.25498316106673347 17 | Content-Type: text/plain 18 | Content-Transfer-Encoding: 7bit 19 | 20 | Hello to myself! 21 | ------sinikael-?=_2-14707412835060.25498316106673347 22 | Content-Type: multipart/related; type="text/html"; 23 | boundary="----sinikael-?=_4-14707412835060.25498316106673347" 24 | 25 | ------sinikael-?=_4-14707412835060.25498316106673347 26 | Content-Type: text/html 27 | Content-Transfer-Encoding: 7bit 28 | 29 |

Hello to myself

30 | ------sinikael-?=_4-14707412835060.25498316106673347 31 | Content-Type: image/png; name=image.png 32 | Content-ID: 33 | Content-Disposition: attachment; filename=image.png 34 | Content-Transfer-Encoding: base64 35 | 36 | iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAQMAAAAlPW0iAAAABlBMVEUAAAD///+l2Z/dAAAAM0lE 37 | QVR4nGP4/5/h/1+G/58ZDrAz3D/McH8yw83NDDeNGe4Ug9C9zwz3gVLMDA/A6P9/AFGGFyjOXZtQ 38 | AAAAAElFTkSuQmCC 39 | ------sinikael-?=_4-14707412835060.25498316106673347-- 40 | 41 | ------sinikael-?=_2-14707412835060.25498316106673347-- 42 | 43 | ------sinikael-?=_1-14707412835060.25498316106673347 44 | Content-Type: text/plain; name=notes.txt 45 | Content-Disposition: attachment; filename=notes.txt 46 | Content-Transfer-Encoding: 7bit 47 | 48 | Some notes about this e-mail 49 | ------sinikael-?=_1-14707412835060.25498316106673347 50 | Content-Type: application/octet-stream; name=attachment.bin 51 | Content-Disposition: attachment; filename=attachment.bin 52 | Content-Transfer-Encoding: base64 53 | 54 | AAAAAAAAAAAAAAAAAAAAAAAAAAD/dRhIixQkSLnA+gMCAQAAAEi4AAAAAAMAAADoAQAAAP80JEiJ 55 | RCQI/3UQSLgAAAAAAQAAAFroAgAAAJBQSLoAAAAAAQAAAEiLfCQQ6AMAAABIi3X4SIkEJEi4AAAA 56 | AD0AAABa6AQAAACQ6w9JO0XAD4QOAAAA6SkAAABIhcAPhSAAAABIi0UQ6AUAAABIi9BIuAAAAAAB 57 | AAAA6AYAAACQSIlFEP91EEi4AAAAAAEAAABa6AcAAACQ6w9JO0XAD4QOAAAA6a0AAABIhcAPjqQA 58 | AAD/dRhIixQkSLnA+gMCAQAAAEi4AAAAAAcAAADoCAAAAP80JEiJRCQI/3UQSLgAAAAAAQAAAFro 59 | CQAAAJBQSLoAAAAABQAAAEiLfCQQ6AoAAABIi3X4SIkEJEi4AAAAAD0AAABa6AsAAACQ6w9JO0XA 60 | D4QOAAAA6SkAAABIhcAPhSAAAABIi0UQ6AwAAABIi9BIuAAAAAABAAAA6A0AAACQSIlFEP91EEi4 61 | AAAAAAMAAABa6A4AAACQUEi4AAAAAAIAAABa6A8AAACQSLsw+wMCAQAAAINDC9F5H1DoEAAAAFhI 62 | uzD7AwIBAAAASboAAAAAABgAAEyJUwfJwhgASYtFqOnE////Dx9AAAAAAAABAAAA+OO/X/9/AADI 63 | BQAEAQAAABAHAAQBAAAAcAcABAEAAADwCAAEAQAAAPAIAAQBAAAA/////wAAAAAAAQAAAAAAAAAA 64 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAQBAAAA8AIABAEAAAAEAAAAAAAAABAFAAQBAAAAaAUA 65 | BAEAAABoBQAEAQAAAAAAAAAAAAAAEAMABAEAAAACAAAAAAAAAAAAAAAAAAAAIAMABAEAAAAEAAAA 66 | AQAAAKgBAAQBAAAAAAAAAAAAAAADAAAAAAAAAEADAAQBAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAA 67 | AAAAEgAAAAAAAADYUgAEAQAAAAAAAAAAAAAAElqHXwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 68 | AABQAwAEAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAA 69 | ABAAAAQBAAAA+AMABAEAAAAEAAAAAAAAACgGAAQBAAAAsBQABAEAAACwFAAEAQAAAAAAAAAAAAAA 70 | GAQABAEAAAACAAAAAQAAAEgCAAQBAAAAsGABBAEAAAAJAAAABQAAAKgBAAQBAAAAAAAAAAQAAAAb 71 | AAAAAAAAAEgEAAQBAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAAAAAAAAAAAAAAA 72 | AAAAAAAAMgIABAEAAAAAAAAAAAAAAEgCAAQBAAAAUAIABAEAAACoEwAEAQAAACASAAQBAAAAkAwA 73 | BAEAAACICwAEAQAAACjiDgEBAAAAOAIABAEAAAAo4g4BAQAAAEgCAAQBAAAAAQAAAAAAAQAAAAAA 74 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAGgFAAQBAAAAYAgABAEAAAD//////////wYAAAAA 75 | AAAA4AQABAEAAAACAAAAAAAAAPAEAAQBAAAAAgAAAAAAAAD4479f/38AAAMAAAAAAAAAAAAAAAAA 76 | AAAAAAAAAAAAAAAAAAAAAAAAAQAAAAEAAAAIBQAEAQAAAAAAAAAAAAAA0GwPAQEAAABIAgAEAQAA 77 | AAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAACYDgAEAQAAAAAAAAAAAAAA 78 | //////////8AAAAAAAAAADDMDgEBAAAASAIABAEAAAACAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAA 79 | AAAAAAAAAABAAAAEAAAAAAAAAAAAAABYBAAEAQAAAP//////////UAMABAEAAAAEAAAAAAAAAMA+ 80 | DwEBAAAAUAMABAEAAAAEAAAACQABACi9AAQBAAAAaGYBBAEAAAAAAAAAAAAAAABAAAAAAAAAEAcA 81 | BAEAAAAoBgAEAQAAAP//////////AAAAAAAAAAABAAAAAQAAANBsDwEBAAAAUAMABAEAAAADAAAA 82 | AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAyAUABAEAAAAAAAAAAAAAAP////// 83 | ////AAAAAAAAAAAABAAAEAAAAJAGAAQBAAAAHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 84 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 85 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAPg8BAQAAAFADAAQBAAAA 86 | BQAAAAkAAQBYSAAEAQAAAIBmAQQBAAAAAAAAAAAAAAAAQAAAAAAAAHAHAAQBAAAAyAUABAEAAAD/ 87 | /////////zAjAAQBAAAAAQAAAAEAAADAPg8BAQAAAFADAAQBAAAABgAAAAkAAQDAJAAEAQAAAJhm 88 | AQQBAAAAAAAAAAAAAAAAQAAAAQAAAPAIAAQBAAAAEAcABAEAAAD//////////wZb7cICAAAAAQAA 89 | AAEAAABQwg4BAQAAAAAAAAAAAAAABwAAAAYAHQAAAAAAAAAAAAAAAAAAAAAABAABAAAAAAAAQAAA 90 | AQAAAPAIAAQBAAAAcAcABAEAAAD//////////0gIAAQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 91 | AAAAAAAAAAAAAABuAJUA/////wAAAAAAAPC/AAAAAAAAAABQwg4BAQAAAEgCAAQBAAAACAAAAAYA 92 | HQCIIwEEAQAAAFBmAQQBAAAABAAAAAAAAAAAQAAA/////1gEAAQBAAAAmA4ABAEAAAD///////// 93 | /wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuAJUAAAAAAAAAAAAAAAAA 94 | AAAAAAAAAADY0w4BAQAAAFADAAQBAAAACQAAAAkAAQCQWAEEAQAAALBmAQQBAAAABAAAAAAAAAAA 95 | QAAAAAAAAEgJAAQBAAAAcAcABAEAAAD//////////wEAAAABAAAAKOIOAQEAAABQAwAEAQAAAAoA 96 | AAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAACgCgAEAQAAAPAIAAQBAAAA//// 97 | //////8GAAAAAAAAADAKAAQBAAAABQAAAAUAAAAYCgAEAQAAAAUAAAAFAAAA+OO/X/9/AAADAAAA 98 | AAAAAMgFAAQBAAAAEAcABAEAAAAAAAAAAQAAAAAAAAAAAAAASAkABAEAAAAAAAAAAQAAAAAAAAAA 99 | AAAASAkABAEAAAABAAAAAAAAAAAAAAABAAAAAgAAAAMAAAAEAAAAAQAAAMgFAAQBAAAAEAcABAEA 100 | AABwBwAEAQAAAPAIAAQBAAAA8AgABAEAAAAAAAAAAAAAAEgJAAQBAAAAAgAAAAAAAAAAAAAAAAAA 101 | AEgJAAQBAAAAAwAAAAAAAABwCgAEAQAAAEgJAAQBAAAABAAAAAAAAADAAg8BAQAAAFADAAQBAAAA 102 | CwAAAAl/IQAAAAAAAAAAAMhmAQQBAAAABAAEAAAAAAAAQAAAAAAAABALAAQBAAAASAkABAEAAAD/ 103 | /////////xAHAAQBAAAAAAoABAEAAACgCgAEAQAAAAAAAAAAAAAAiP4OAQEAAABQAwAEAQAAAAwA 104 | AAAJAGUAAAAAAAAAAADgZgEEAQAAAAQABAAAAAAAAEAAAAEAAACYDQAEAQAAAKAKAAQBAAAA//// 105 | //////8QBwAEAQAAAAMAAAABAAAA+AoABAEAAAAQCwAEAQAAAAAAAAAAAAAAEAAAAAEAAAAQAAAE 106 | AQAAADAMAAQBAAAABAAAAAEAAACIQAAEAQAAAOBGAAQBAAAA4EYABAEAAAAAAAAAAAAAAFAMAAQB 107 | AAAAAgAAAAIAAABQAwAEAQAAAGAMAAQBAAAABAAAAAAAAACoAQAEAQAAAAAAAAByAAAAdwAAAAEA 108 | AACADAAEAQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIAAAABAAAAuDkABAEAAACICwAEAQAA 109 | AAIAAAABAAAAQNUOAQEAAABwGAAEAQAAAIAzAAQBAAAAwEMABAEAAAAAAAAAAAAAAAAAAAAAAAAA 110 | AEAAAAEAAAAAAAAAAAAAALANAAQBAAAADgAAAP////8QAAAEAQAAADgNAAQBAAAABAAAAAAAAABw 111 | QgAEAQAAAOBFAAQBAAAA4EUABAEAAAAAAAAAAAAAAPg7AAQBAAAABQAAAAUAAABQAwAEAQAAAGgN 112 | AAQBAAAABAAAAAAAAACwpgEEAQAAAAAAAABkAAAAbQAAAAAAAACIDQAEAQAAAAQAAAAAAAAAAAAA 113 | AAAAAAAAAAAAAAAAABIAAAAAAAAAaAUABAEAAAABAAAAAQAAAAEAAAAAAAAAAA0ABAEAAAAQGgAE 114 | AQAAACA1AAQBAAAAUAMABAEAAAAAAAAAAAAAAAAAAAAAAAAASAwABAEAAAAAAAAAAQAAAKANAAQB 115 | AAAAUPoOAQEAAABQAwAEAQAAAA0AAAAJAAEAqEEABAEAAAD4ZgEEAQAAAAQABAAAAAAAIEAAAAEA 116 | AADwDQAEAQAAABALAAQBAAAA//////////9IDAAELgAAAABKDwEBAAAAUAMABAEAAAAOAAAABgAd 117 | ALAPAAQBAAAAEGcBBAEAAAAEAAQAAAAAAARgAAAAAAAAKA8ABAEAAACYDQAEAQAAAP////////// 118 | mA0ABAEAAACYDQAEAQAAACkRAAD/fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8A0ABAEAAAAA 119 | AAAAAAAAAGgOAAQBAAAA8A0ABAEAAAABAAAAAAAAAFDCDgEBAAAASAIABAEAAAAPAAAABgAdAIAs 120 | AQQBAAAAOGYBBAEAAAAEAAAAAAAAAABAAAAAAAAAYAgABAEAAAAQBQAEAQAAAP////////////// 121 | //////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG4AlQABAAAAAAAAAAAA8D8AAAAA 122 | AAAAAGg6DwEBAAAAUAMABAEAAAAQAAAABgANAHARAAQBAAAAKGcBBAEAAAAFEAQAAAAAAABAAAAA 123 | AAAA6BAABAEAAADwDQAEAQAAAP//////////8AgABAEAAADwDQAEAQAAAJgOAAQBAAAAAAAABAEA 124 | AACICgAEHlocQRzwChVCMAoZNiECeiYAAAAhDgcVEhUAAAAkHyO0YkG9GnAKGTYxMk0IDR41fjg+ 125 | EQIaJgAAACEOBxUSFQAAACQfI7RiQb0adAoZNjEyTQgNHhECAAAAJQQjQQAAIZIAHwAAAAAAAAAA 126 | AAAAAAAAAABwBwAEAQAAANAHAAQBAAAAYAgABAEAAADwCAAEAQAAAEgJAAQBAAAAoAoABAEAAAAQ 127 | CwAEAQAAAJgNAAQBAAAA8A0ABAEAAACYDgAEAQAAACgPAAQBAAAA6BAABAEAAACwFAAEAQAAAOgV 128 | AAQBAAAAMBUABAEAAABAFgAEAQAAAPgWAAQBAAAAGBsABAEAAACoHAAEAQAAAEgcAAQBAAAAAB4A 129 | BAEAAACgHQAEAQAAANgjAAQBAAAAQCMABAEAAADYJAAEAQAAADAkAAQBAAAAMCUABAEAAACoLg8B 130 | AQAAAFADAAQBAAAAEQAAAAYADQBIKQAEAQAAAEBnAQQBAAAABSQEAAAAAAAAQAAAAAAAALAUAAQB 131 | AAAAKA8ABAEAAAD///////////AIAAQBAAAAKA8ABAEAAACYDgAEAQAAAAAAAP8AAAAAmA8ABAEA 132 | AADoEAAEAQAAAAAAAAABAAAAAAAAAAAAAADoEAAEAQAAAAEAAAABAAAAyA8ABAEAAADoEAAEAQAA 133 | AAIAAAABAAAAAAAAAAAAAAD4EQAEAQAAAAUAAAAFAAAAAAAAAAAAAAAFAAAABAAAAAEAAAAAAAAA 134 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAD4479f/38AAMgFAAQBAAAAEAcABAEAAABw 135 | BwAEAQAAAPAIAAQBAAAA8AgABAEAAAAMAAAAAAAAABAAAAQBAAAAyBIABAEAAAAEAAAAAAAAAOgV 136 | AAQBAAAAGBsABAEAAAAYGwAEAQAAAAAAAAAAAAAA6BIABAEAAAACAAAAAQAAAFADAAQBAAAA+BIA 137 | BAEAAAAEAAAAAgAAAKgBAAQBAAAAAAAAAFQAAABfAAAAAAAAABgTAAQBAAAABAAAAAAAAAAAAAAA 138 | AAAAAAAAAAAAAAAAcjwRAQEAAAAAAAAAAAAAAAAAAAAAAAAAaAUABAEAAAAAAAAAAQAAAFADAAQB 139 | AAAAsDsRAQEAAAAQGgAEAQAAAHAYAAQBAAAAaAUABAEAAAAAAAAAAQAAAAAAAAAAAAAA4CMABAEA 140 | AAAAAAAAAAAAAIATAAQBAAAABQAAAAUAAAAAAAAAAAAAAAUAAAAEAAAAAQAAAAAAAAAAAAAAAAAA 141 | AAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAAAPjjv1//fwAAyAUABAEAAAAQBwAEAQAAAHAHAAQBAAAA 142 | 8AgABAEAAADwCAAEAQAAAAIAAAAAAAAAEAAABAEAAABQFAAEAQAAAAQAAAAAAAAA2CMABAEAAABA 143 | IwAEAQAAAEAjAAQBAAAAAAAAAAAAAABwFAAEAQAAAAIAAAABAAAAUAMABAEAAAA= 144 | ------sinikael-?=_1-14707412835060.25498316106673347-- 145 | -------------------------------------------------------------------------------- /test/address-tools-test.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | let addressTools = require('../lib/address-tools'); 4 | let Headers = require('mailsplit').Headers; 5 | 6 | module.exports['#parseAddressses, no names'] = test => { 7 | let parsed = addressTools.parseAddressses(['andris1@kreata.ee, , Andris3 ', 'Andris4 ']); 8 | 9 | test.deepEqual(['andris1@kreata.ee', 'andris2@kreata.ee', 'andris3@kreata.ee'], parsed); 10 | 11 | test.done(); 12 | }; 13 | 14 | module.exports['#parseAddressses, with names'] = test => { 15 | let parsed = addressTools.parseAddressses(['andris1@kreata.ee, , Andris3 ', 'Andris4 '], true); 16 | 17 | test.deepEqual( 18 | [ 19 | { 20 | name: '', 21 | address: 'andris1@kreata.ee' 22 | }, 23 | { 24 | name: 'Andris4', 25 | address: 'andris2@kreata.ee' 26 | }, 27 | { 28 | name: 'Andris3', 29 | address: 'andris3@kreata.ee' 30 | } 31 | ], 32 | parsed 33 | ); 34 | 35 | test.done(); 36 | }; 37 | 38 | module.exports['#parseAddressses, group with names'] = test => { 39 | let parsed = addressTools.parseAddressses( 40 | ['andris1@kreata.ee, Disclosed:, Andris3 ;', 'Andris4 '], 41 | true 42 | ); 43 | 44 | test.deepEqual( 45 | [ 46 | { 47 | name: '', 48 | address: 'andris1@kreata.ee' 49 | }, 50 | { 51 | name: 'Andris4', 52 | address: 'andris2@kreata.ee' 53 | }, 54 | { 55 | name: 'Andris3', 56 | address: 'andris3@kreata.ee' 57 | } 58 | ], 59 | parsed 60 | ); 61 | 62 | test.done(); 63 | }; 64 | 65 | module.exports['#validateAddress'] = test => { 66 | let headers = new Headers([ 67 | { 68 | key: 'x-prev', 69 | line: 'X-Prev: previous line' 70 | }, 71 | { 72 | key: 'from', 73 | line: 'From: andris1@kreata.ee, Disclosed:, Andris3 ;' 74 | }, 75 | { 76 | key: 'x-mid', 77 | line: 'X-Mid: middle line' 78 | }, 79 | { 80 | key: 'from', 81 | line: 'From: Andris4 ' 82 | }, 83 | { 84 | key: 'x-next', 85 | line: 'X-Next: next line' 86 | } 87 | ]); 88 | 89 | let parsed = addressTools.validateAddress(headers, 'from'); 90 | 91 | test.deepEqual(parsed.addresses, [ 92 | { 93 | name: '', 94 | address: 'andris1@kreata.ee' 95 | }, 96 | { 97 | name: 'Andris4', 98 | address: 'andris2@kreata.ee' 99 | }, 100 | { 101 | name: 'Andris3', 102 | address: 'andris3@kreata.ee' 103 | } 104 | ]); 105 | 106 | parsed.set('Juhan Liiv '); 107 | 108 | test.deepEqual(headers.getList(), [ 109 | { 110 | key: 'x-prev', 111 | line: 'X-Prev: previous line' 112 | }, 113 | { 114 | key: 'from', 115 | line: 'from: Juhan Liiv ' 116 | }, 117 | { 118 | key: 'x-mid', 119 | line: 'X-Mid: middle line' 120 | }, 121 | { 122 | key: 'x-next', 123 | line: 'X-Next: next line' 124 | } 125 | ]); 126 | 127 | test.done(); 128 | }; 129 | 130 | module.exports['#validateAddress, multiple'] = test => { 131 | let headers = new Headers([ 132 | { 133 | key: 'x-prev', 134 | line: 'X-Prev: previous line' 135 | }, 136 | { 137 | key: 'to', 138 | line: 'To: andris1@kreata.ee, Disclosed:, Andris3 ;' 139 | }, 140 | { 141 | key: 'x-mid', 142 | line: 'X-Mid: middle line' 143 | }, 144 | { 145 | key: 'to', 146 | line: 'To: Andris4 ' 147 | }, 148 | { 149 | key: 'x-next', 150 | line: 'X-Next: next line' 151 | } 152 | ]); 153 | 154 | let parsed = addressTools.validateAddress(headers, 'to'); 155 | 156 | test.deepEqual(parsed.addresses, [ 157 | { 158 | name: '', 159 | address: 'andris1@kreata.ee' 160 | }, 161 | { 162 | name: 'Andris4', 163 | address: 'andris2@kreata.ee' 164 | }, 165 | { 166 | name: 'Andris3', 167 | address: 'andris3@kreata.ee' 168 | } 169 | ]); 170 | 171 | parsed.set('Juhan Liiv , Jõgeva , andris3@kreata.ee', { 172 | name: 'Andris3', 173 | address: 'andris4@kreata.ee' 174 | }); 175 | 176 | test.deepEqual(headers.getList(), [ 177 | { 178 | key: 'x-prev', 179 | line: 'X-Prev: previous line' 180 | }, 181 | { 182 | key: 'to', 183 | line: 'to: Juhan Liiv , =?UTF-8?Q?J=C3=B5geva?=\r\n , andris3@kreata.ee, Andris3 ' 184 | }, 185 | { 186 | key: 'x-mid', 187 | line: 'X-Mid: middle line' 188 | }, 189 | { 190 | key: 'x-next', 191 | line: 'X-Next: next line' 192 | } 193 | ]); 194 | 195 | test.done(); 196 | }; 197 | 198 | module.exports['#divideLoad equal'] = test => { 199 | let allEqual = [ 200 | { 201 | id: 1 202 | }, 203 | { 204 | id: 2 205 | }, 206 | { 207 | id: 3 208 | }, 209 | { 210 | id: 3 211 | } 212 | ]; 213 | 214 | let divided = addressTools.divideLoad(allEqual); 215 | 216 | test.deepEqual( 217 | [ 218 | { 219 | id: 1, 220 | ratio: 0.25 221 | }, 222 | { 223 | id: 2, 224 | ratio: 0.25 225 | }, 226 | { 227 | id: 3, 228 | ratio: 0.25 229 | }, 230 | { 231 | id: 3, 232 | ratio: 0.25 233 | } 234 | ], 235 | divided 236 | ); 237 | 238 | test.done(); 239 | }; 240 | 241 | module.exports['#divideLoad single half'] = test => { 242 | let allEqual = [ 243 | { 244 | id: 1 245 | }, 246 | { 247 | id: 2, 248 | ratio: 0.5 249 | }, 250 | { 251 | id: 3 252 | } 253 | ]; 254 | 255 | let divided = addressTools.divideLoad(allEqual); 256 | 257 | test.deepEqual( 258 | [ 259 | { 260 | id: 1, 261 | ratio: 0.25 262 | }, 263 | { 264 | id: 2, 265 | ratio: 0.5 266 | }, 267 | { 268 | id: 2, 269 | ratio: 0.5 270 | }, 271 | { 272 | id: 3, 273 | ratio: 0.25 274 | } 275 | ], 276 | divided 277 | ); 278 | 279 | test.done(); 280 | }; 281 | 282 | module.exports['#divideLoad single small'] = test => { 283 | let allEqual = [ 284 | { 285 | id: 1 286 | }, 287 | { 288 | id: 2, 289 | ratio: 0.1 290 | }, 291 | { 292 | id: 3 293 | }, 294 | { 295 | id: 4 296 | } 297 | ]; 298 | 299 | let divided = addressTools.divideLoad(allEqual); 300 | 301 | test.deepEqual( 302 | [ 303 | { 304 | id: 1, 305 | ratio: 0.3 306 | }, 307 | { 308 | id: 1, 309 | ratio: 0.3 310 | }, 311 | { 312 | id: 1, 313 | ratio: 0.3 314 | }, 315 | { 316 | id: 2, 317 | ratio: 0.1 318 | }, 319 | { 320 | id: 3, 321 | ratio: 0.3 322 | }, 323 | { 324 | id: 3, 325 | ratio: 0.3 326 | }, 327 | { 328 | id: 3, 329 | ratio: 0.3 330 | }, 331 | { 332 | id: 4, 333 | ratio: 0.3 334 | }, 335 | { 336 | id: 4, 337 | ratio: 0.3 338 | }, 339 | { 340 | id: 4, 341 | ratio: 0.3 342 | } 343 | ], 344 | divided 345 | ); 346 | 347 | test.done(); 348 | }; 349 | 350 | module.exports['#divideLoad single result'] = test => { 351 | let allEqual = [ 352 | { 353 | id: 1 354 | }, 355 | { 356 | id: 2, 357 | ratio: 1 358 | }, 359 | { 360 | id: 3 361 | } 362 | ]; 363 | 364 | let divided = addressTools.divideLoad(allEqual); 365 | 366 | test.deepEqual( 367 | [ 368 | { 369 | id: 2, 370 | ratio: 1 371 | } 372 | ], 373 | divided 374 | ); 375 | 376 | test.done(); 377 | }; 378 | -------------------------------------------------------------------------------- /lib/mail-drop.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const config = require('wild-config'); 4 | const log = require('npmlog'); 5 | const MessageParser = require('./message-parser'); 6 | const PassThrough = require('stream').PassThrough; 7 | const LineEnds = require('./line-ends'); 8 | const DkimRelaxedBody = require('./dkim-relaxed-body'); 9 | const plugins = require('./plugins'); 10 | const mailsplit = require('mailsplit'); 11 | const util = require('util'); 12 | const libmime = require('libmime'); 13 | const StreamHash = require('./stream-hash'); 14 | 15 | // Processes a message stream and stores it to queue 16 | 17 | class MailDrop { 18 | constructor(queue) { 19 | this.queue = queue; 20 | } 21 | 22 | add(envelope, source, callback) { 23 | if (!this.queue) { 24 | return setImmediate(() => callback(new Error('Queue not yet initialized'))); 25 | } 26 | 27 | envelope = envelope || {}; 28 | 29 | if (typeof source === 'string') { 30 | let messageBuf = Buffer.from(source); 31 | source = new PassThrough(); 32 | source.once('error', err => callback(err)); 33 | source.end(messageBuf); 34 | } else if (Buffer.isBuffer(source)) { 35 | let messageBuf = source; 36 | source = new PassThrough(); 37 | source.once('error', err => callback(err)); 38 | source.end(messageBuf); 39 | } 40 | 41 | let id = envelope.id; 42 | 43 | let messageInfo = { 44 | 'message-id': '<>', 45 | from: envelope.from || '<>', 46 | to: [].concat(envelope.to || []).join(',') || '<>', 47 | src: envelope.origin, 48 | format() { 49 | let values = []; 50 | Object.keys(this).forEach(key => { 51 | if (typeof this[key] === 'function' || typeof this[key] === 'undefined') { 52 | return; 53 | } 54 | values.push(util.format('%s=%s', key, !/^"/.test(this[key]) && /\s/.test(this[key]) ? JSON.stringify(this[key]) : this[key])); 55 | }); 56 | return values.join(' '); 57 | }, 58 | keys() { 59 | let data = {}; 60 | Object.keys(this).forEach(key => { 61 | if (typeof this[key] === 'function' || typeof this[key] === 'undefined') { 62 | return; 63 | } 64 | data[key] = this[key]; 65 | }); 66 | return data; 67 | } 68 | }; 69 | 70 | let message = new MessageParser(); 71 | message.onHeaders = (headers, next) => { 72 | envelope.headers = headers; 73 | 74 | headers 75 | .getDecoded('received') 76 | .reverse() 77 | .find(header => { 78 | let match = (header.value || '').match(/\(Authenticated sender:\s*([^)]+)\)/i); 79 | if (match) { 80 | messageInfo.auth = match[1]; 81 | return true; 82 | } 83 | }); 84 | 85 | let subject = envelope.headers.getFirst('subject'); 86 | try { 87 | subject = libmime.decodeWords(subject); 88 | } catch (E) { 89 | // ignore 90 | } 91 | subject = subject.replace(/[\x00-\x1F]+/g, '_').trim(); //eslint-disable-line no-control-regex 92 | if (subject.length > 128) { 93 | subject = subject.substr(0, 128) + '...[+' + (subject.length - 128) + 'B]'; 94 | } 95 | messageInfo.subject = subject; 96 | 97 | plugins.handler.runHooks('message:headers', [envelope, messageInfo], err => { 98 | if (envelope.envelopeFromHeader) { 99 | messageInfo.from = envelope.from || '<>'; 100 | messageInfo.to = [].concat(envelope.to || []).join(',') || '<>'; 101 | } 102 | 103 | if (err) { 104 | return setImmediate(() => next(err)); 105 | } 106 | setImmediate(next); 107 | }); 108 | }; 109 | 110 | let raw = new PassThrough(); 111 | let splitter = new mailsplit.Splitter({ 112 | ignoreEmbedded: true 113 | }); 114 | let streamer = new PassThrough({ 115 | objectMode: true 116 | }); 117 | 118 | envelope.dkim = envelope.dkim || {}; 119 | envelope.dkim.hashAlgo = envelope.dkim.hashAlgo || config.dkim.hashAlgo || 'sha256'; 120 | envelope.dkim.debug = envelope.dkim.hasOwnProperty('debug') ? envelope.dkim.debug : config.dkim.debug; 121 | 122 | let dkimStream = new DkimRelaxedBody(envelope.dkim); 123 | let lineEnds = new LineEnds(); 124 | dkimStream.on('hash', bodyHash => { 125 | // store relaxed body hash for signing 126 | envelope.dkim.bodyHash = bodyHash; 127 | envelope.bodySize = dkimStream.byteLength; 128 | messageInfo.body = envelope.bodySize || 0; 129 | }); 130 | 131 | plugins.handler.runAnalyzerHooks(envelope, source, raw); 132 | raw.pipe(splitter); 133 | plugins.handler.runRewriteHooks(envelope, splitter, streamer); 134 | plugins.handler.runStreamHooks(envelope, streamer, message); 135 | message.pipe(lineEnds).pipe(dkimStream); 136 | 137 | raw.once('error', err => { 138 | splitter.emit('error', err); 139 | }); 140 | 141 | message.once('error', err => { 142 | dkimStream.emit('error', err); 143 | }); 144 | 145 | plugins.handler.runHooks('message:store', [envelope, dkimStream], err => { 146 | if (err) { 147 | if (dkimStream.readable) { 148 | dkimStream.resume(); // let the original stream to end normally before displaying the error message 149 | } 150 | return setImmediate(() => callback(err)); 151 | } 152 | 153 | let messageHashStream = new StreamHash({ 154 | algo: 'md5' 155 | }); 156 | 157 | dkimStream.pipe(messageHashStream); 158 | dkimStream.once('error', err => { 159 | messageHashStream.emit('error', err); 160 | }); 161 | 162 | messageHashStream.on('hash', data => { 163 | envelope.sourceMd5 = data.hash; 164 | messageInfo.md5 = (data.hash || '?').substr(0, 12); 165 | }); 166 | 167 | // store stream to db 168 | this.queue.store(id, messageHashStream, err => { 169 | if (err) { 170 | if (source.readable) { 171 | source.resume(); // let the original stream to end normally before displaying the error message 172 | } 173 | if (/Error$/.test(err.name)) { 174 | log.error('Queue/' + process.pid, '%s NOQUEUE store "%s" (%s)', id, err.message, messageInfo.format()); 175 | let keys = messageInfo.keys(); 176 | ['interface', 'originhost', 'transhost', 'transtype', 'user'].forEach(key => { 177 | if (envelope[key] && !(key in keys)) { 178 | keys[key] = envelope[key]; 179 | } 180 | }); 181 | keys.error = err.message; 182 | plugins.handler.remotelog(id, false, 'NOQUEUE', keys); 183 | return this.queue.removeMessage(id, () => callback(err)); 184 | } 185 | return callback(err); 186 | } 187 | 188 | plugins.handler.runHooks('message:queue', [envelope, messageInfo], err => { 189 | if (err) { 190 | return setImmediate(() => this.queue.removeMessage(id, () => callback(err))); 191 | } 192 | 193 | let headerFrom = envelope.headers 194 | .getDecoded('from') 195 | .reverse() 196 | .map(entry => entry.value) 197 | .join(' '); 198 | 199 | // convert headers object to a serialized array 200 | envelope.headers = envelope.headers ? envelope.headers.getList() : []; 201 | 202 | // inject message headers to the stored stream 203 | this.queue.setMeta(id, envelope, err => { 204 | if (err) { 205 | log.error('Queue/' + process.pid, '%s NOQUEUE meta "%s" (%s)', id, err.message, messageInfo.format()); 206 | let keys = messageInfo.keys(); 207 | ['interface', 'originhost', 'transhost', 'transtype', 'user'].forEach(key => { 208 | if (envelope[key] && !(key in keys)) { 209 | keys[key] = envelope[key]; 210 | } 211 | }); 212 | keys.headerFrom = headerFrom; 213 | keys.error = err.message; 214 | plugins.handler.remotelog(id, false, 'NOQUEUE', keys); 215 | return this.queue.removeMessage(id, () => callback(err)); 216 | } 217 | 218 | // push delivery data 219 | this.queue.push(id, envelope, err => { 220 | let keys = messageInfo.keys(); 221 | ['interface', 'originhost', 'transhost', 'transtype', 'user'].forEach(key => { 222 | if (envelope[key] && !(key in keys)) { 223 | keys[key] = envelope[key]; 224 | } 225 | }); 226 | keys.headerFrom = headerFrom; 227 | if (err) { 228 | log.error('Queue/' + process.pid, '%s NOQUEUE push "%s" (%s)', id, err.message, messageInfo.format()); 229 | keys.error = err.message; 230 | plugins.handler.remotelog(id, false, 'NOQUEUE', keys); 231 | return this.queue.removeMessage(id, () => callback(err)); 232 | } 233 | 234 | log.info('Queue/' + process.pid, '%s QUEUED (%s)', id, messageInfo.format()); 235 | plugins.handler.remotelog(id, false, 'QUEUED', keys); 236 | return setImmediate(() => callback(null, 'Message queued as ' + id)); 237 | }); 238 | }); 239 | }); 240 | }); 241 | }); 242 | } 243 | } 244 | 245 | module.exports = MailDrop; 246 | -------------------------------------------------------------------------------- /lib/receiver/smtp-proxy.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const config = require('wild-config'); 4 | const net = require('net'); 5 | const tls = require('tls'); 6 | const fs = require('fs'); 7 | const log = require('npmlog'); 8 | const crypto = require('crypto'); 9 | const punycode = require('punycode/'); 10 | const child_process = require('child_process'); 11 | const plugins = require('../plugins'); 12 | const tlsOptions = require('smtp-server/lib/tls-options'); 13 | 14 | class SMTPProxy { 15 | constructor(smtpInterface, options) { 16 | this.name = smtpInterface; 17 | this.options = options || {}; 18 | this.children = new Set(); 19 | this.processes = this.options.processes || 1; 20 | this.selector = false; 21 | 22 | this.interface = smtpInterface; 23 | 24 | this.keyFiles = false; 25 | 26 | this.defaultSecureContext = false; 27 | 28 | config.on('reload', () => { 29 | this.children.forEach(child => { 30 | try { 31 | child.kill('SIGHUP'); 32 | } catch (E) { 33 | //ignore 34 | } 35 | }); 36 | }); 37 | } 38 | 39 | spawnReceiver() { 40 | if (this.children.size >= this.processes) { 41 | return false; 42 | } 43 | 44 | let childId = crypto.randomBytes(10).toString('hex'); 45 | let child = child_process.fork( 46 | __dirname + '/../../services/receiver.js', 47 | ['--interfaceName=' + this.name, '--interfaceId=' + childId].concat(process.argv.slice(2)), 48 | { 49 | env: process.env 50 | } 51 | ); 52 | let pid = child.pid; 53 | 54 | child.on('close', (code, signal) => { 55 | this.children.delete(child); 56 | if (!this.closing) { 57 | log.error('SMTP/' + this.name + '/' + pid, 'Reciver process %s for %s exited with %s', childId, this.name, code || signal); 58 | 59 | // Respawn after 5 seconds 60 | setTimeout(() => this.spawnReceiver(), 5 * 1000).unref(); 61 | } 62 | }); 63 | 64 | this.children.add(child); 65 | if (this.children.size < this.processes) { 66 | setImmediate(() => this.spawnReceiver()); 67 | } 68 | } 69 | 70 | socketEnd(socket, message) { 71 | let writeToSocket = () => { 72 | try { 73 | socket.end(message + '\r\n'); 74 | } catch (E) { 75 | // ignore, probably socket already closed 76 | } 77 | }; 78 | 79 | if (!this.options.secure) { 80 | return writeToSocket(); 81 | } 82 | 83 | this.upgrade(socket, (err, tlsSocket) => { 84 | if (err) { 85 | log.error('SMTP/' + this.name, 'Failed setting up TLS. %s', err.message); 86 | } 87 | if (tlsSocket) { 88 | try { 89 | tlsSocket.end(message + '\r\n'); 90 | } catch (E) { 91 | // ignore, probably socket already closed 92 | } 93 | } 94 | }); 95 | } 96 | 97 | upgrade(socket, callback) { 98 | let returned = false; 99 | 100 | // we have a TLS client on the line, upgrade connection and return error message 101 | let socketOptions = { 102 | isServer: true, 103 | secureContext: this.defaultSecureContext, 104 | 105 | SNICallback: (servername, cb) => { 106 | let data = { socket }; 107 | 108 | try { 109 | servername = punycode.toUnicode((servername || '').toString().trim()).toLowerCase(); 110 | } catch (E) { 111 | this.logger.error( 112 | { 113 | tnx: 'punycode' 114 | }, 115 | 'Failed to process punycode domain "%s". error=%s', 116 | servername, 117 | E.message 118 | ); 119 | } 120 | 121 | plugins.handler.runHooks('smtp:sni', [servername, data], err => { 122 | if (err) { 123 | this.logger.error( 124 | { 125 | tnx: 'sni', 126 | servername, 127 | err 128 | }, 129 | 'Failed to fetch SNI context for servername %s', 130 | servername 131 | ); 132 | } 133 | 134 | return cb(null, data.context || this.defaultSecureContext); 135 | }); 136 | } 137 | }; 138 | 139 | let remoteAddress = socket.remoteAddress; 140 | 141 | let onError = err => { 142 | if (returned) { 143 | return; 144 | } 145 | returned = true; 146 | 147 | if (err && /SSL[23]*_GET_CLIENT_HELLO|ssl[23]*_read_bytes|ssl_bytes_to_cipher_list/i.test(err.message)) { 148 | let message = err.message; 149 | err.message = 'Failed to establish TLS session'; 150 | err.code = err.code || 'TLSError'; 151 | err.meta = { 152 | protocol: 'smtp', 153 | stage: 'connect', 154 | message, 155 | remoteAddress 156 | }; 157 | } 158 | if (!err || !err.message) { 159 | err = new Error('Socket closed while initiating TLS'); 160 | err.code = 'SocketError'; 161 | err.report = false; 162 | err.meta = { 163 | protocol: 'smtp', 164 | stage: 'connect', 165 | remoteAddress 166 | }; 167 | } 168 | 169 | callback(err || new Error('Socket closed unexpectedly')); 170 | }; 171 | 172 | // remove all listeners from the original socket besides the error handler 173 | socket.once('error', onError); 174 | 175 | // upgrade connection 176 | let tlsSocket = new tls.TLSSocket(socket, socketOptions); 177 | 178 | let onCloseError = hadError => { 179 | if (hadError) { 180 | return onError(); 181 | } 182 | }; 183 | 184 | tlsSocket.once('close', onCloseError); 185 | tlsSocket.once('error', onError); 186 | tlsSocket.once('_tlsError', onError); 187 | tlsSocket.once('clientError', onError); 188 | tlsSocket.once('tlsClientError', onError); 189 | 190 | tlsSocket.on('secure', () => { 191 | socket.removeListener('error', onError); 192 | tlsSocket.removeListener('close', onCloseError); 193 | tlsSocket.removeListener('error', onError); 194 | tlsSocket.removeListener('_tlsError', onError); 195 | tlsSocket.removeListener('clientError', onError); 196 | tlsSocket.removeListener('tlsClientError', onError); 197 | if (returned) { 198 | try { 199 | tlsSocket.end(); 200 | } catch (E) { 201 | // 202 | } 203 | return; 204 | } 205 | returned = true; 206 | return callback(null, tlsSocket); 207 | }); 208 | } 209 | 210 | connection(socket) { 211 | // find a child to process connection 212 | if (!this.children.size) { 213 | return this.socketEnd(socket, '421 No free process to handle connection'); 214 | } 215 | 216 | if (!this.selector) { 217 | this.selector = this.children.values(); 218 | } 219 | let value = this.selector.next(); 220 | if (value.done) { 221 | this.selector = this.children.values(); 222 | value = this.selector.next(); 223 | } 224 | if (value.done) { 225 | return this.socketEnd(socket, '421 No free process to handle connection'); 226 | } 227 | 228 | let child = value.value; 229 | 230 | // Here be dragons! 231 | // https://github.com/nodejs/node/issues/8353#issuecomment-244092209 232 | // if we do not explicitly stop reading from the socket then we might 233 | // accidentally have some data in buffer that is not available for the child process 234 | socket._handle.readStop(); 235 | let res; 236 | try { 237 | res = child.send('socket', socket); 238 | } catch (err) { 239 | log.error(this.logName, err); 240 | try { 241 | socket._handle.readStart(); 242 | } catch (err) { 243 | log.error(this.logName, err); 244 | } 245 | return this.socketEnd(socket, '421 Failed to assign connection to child process'); 246 | } 247 | return res; 248 | } 249 | 250 | start(callback) { 251 | let key; 252 | let ca; 253 | let cert; 254 | 255 | /** 256 | * Fetches file contents by file path or returns the file value if it seems 257 | * like its already file contents and not file path 258 | * 259 | * @param {String/Buffer/false} file Either file contents or a path 260 | * @param {Function} done Returns the file contents or false 261 | */ 262 | let getFile = (file, done) => { 263 | if (!file) { 264 | return setImmediate(done); 265 | } 266 | // if the value seems like file contents, return it as is 267 | if (Buffer.isBuffer(file) || /\n/.test(file)) { 268 | return done(null, file); 269 | } 270 | // otherwise try to load contents from a file path 271 | fs.readFile(file, done); 272 | }; 273 | 274 | let getKeyfiles = done => { 275 | getFile(this.options.key, (err, file) => { 276 | if (!err && file) { 277 | key = file; 278 | } 279 | getFile(this.options.cert, (err, file) => { 280 | if (!err && file) { 281 | cert = file; 282 | } 283 | 284 | let caFiles = [].concat(this.options.ca || []); 285 | let caPos = 0; 286 | let getCaCerts = () => { 287 | if (caPos >= caFiles.length) { 288 | return done(); 289 | } 290 | getFile(caFiles[caPos++], (err, file) => { 291 | if (!err && file) { 292 | if (!ca) { 293 | ca = []; 294 | } 295 | ca.push(file); 296 | } 297 | getCaCerts(); 298 | }); 299 | }; 300 | getCaCerts(); 301 | }); 302 | }); 303 | }; 304 | 305 | getKeyfiles(() => { 306 | if (this.options.secure) { 307 | this.keyFiles = { key, ca, cert }; 308 | 309 | let defaultTlsOptions = tlsOptions( 310 | Object.assign({}, this.options, { 311 | key: this.keyFiles.key, 312 | ca: [].concat(this.keyFiles.ca || []), 313 | cert: this.keyFiles.cert 314 | }) 315 | ); 316 | 317 | this.defaultSecureContext = tls.createSecureContext(defaultTlsOptions); 318 | } else { 319 | this.keyFiles = {}; 320 | } 321 | 322 | this.server = net.createServer(socket => this.connection(socket)); 323 | 324 | let returned = false; 325 | this.server.once('error', err => { 326 | if (returned) { 327 | log.error(this.logName, err); 328 | return; 329 | } 330 | returned = true; 331 | callback(err); 332 | }); 333 | 334 | // start listening 335 | this.server.listen(this.options.port, this.options.host, () => { 336 | if (returned) { 337 | return; 338 | } 339 | returned = true; 340 | callback(null, true); 341 | }); 342 | }); 343 | } 344 | 345 | close(callback) { 346 | this.closing = true; 347 | if (!this.server) { 348 | return setImmediate(() => callback()); 349 | } 350 | this.server.close(callback); 351 | } 352 | } 353 | 354 | module.exports = SMTPProxy; 355 | -------------------------------------------------------------------------------- /LICENSE_ET: -------------------------------------------------------------------------------- 1 | EUROOPA LIIDU TARKVARA VABA KASUTUSE LITSENTS v. 1.2 2 | EUPL © Euroopa Liit 2007, 2016 3 | Euroopa Liidu tarkvara vaba kasutuse litsents („EUPL“) kehtib allpool määratletud teose suhtes, mida levitatakse vastavalt käesoleva litsentsi tingimustele. Teost on keelatud kasutada muul viisil kui vastavalt käesoleva litsentsi tingimustele niivõrd, kuivõrd sellise kasutamise suhtes kehtivad teose autoriõiguse omaja õigused). Teost levitatakse vastavalt käesoleva litsentsi tingimustele, kui allpool määratletud litsentsiandja paneb vahetult teose autoriõiguse märke järele järgmise märke: 4 | Litsentsitud EUPL alusel 5 | või on muul viisil väljendanud soovi litsentsida originaalteos EUPL alusel. 6 | 7 | 1.Mõisted 8 | Käesolevas litsentsis kasutatakse järgmisi mõisteid: 9 | — „litsents“–käesolev litsents; 10 | — „originaalteos“–teos või tarkvara, mida litsentsiandja käesoleva litsentsi alusel levitab või edastab ning mis on kättesaadav lähtekoodina ja teatavatel juhtudel ka täitmiskoodina; 11 | — „tuletatud teos“–teos või tarkvara, mida litsentsisaajal on olnud võimalik luua tuginedes originaalteosele või selle muudetud versioonile. Käesolevas litsentsis ei määratleta muudatuse ulatust või sõltuvust originaalteosest, mis on vajalik selleks, et klassifitseerida teos tuletatud teoseks; selline ulatus määratakse kindlaks vastavalt artiklis 15 nimetatud riigis kehtivatele autoriõigust käsitlevatele õigusaktidele; 12 | — „teos“–originaalteos või sellest tuletatud teosed; 13 | — „lähtekood“–teose inimloetav vorm, mida inimestel on kõige lihtsam uurida ja muuta; 14 | — „täitmiskood“–igasugune kood, mille on tavaliselt koostanud arvuti ja mis on mõeldud arvuti poolt programmina tõlgendamiseks; 15 | — „litsentsiandja“–füüsiline või juriidiline isik, kes levitab või edastab teost litsentsi alusel; 16 | — „edasiarendaja“–füüsiline või juriidiline isik, kes muudab teost litsentsi alusel või osaleb muul moel tuletatud teose loomises; 17 | — „litsentsisaaja“ või „Teie“–iga füüsiline või juriidiline isik, kes kasutab teost ükskõik mis moel vastavalt litsentsi tingimustele; 18 | — „levitamine“ või „edastamine“–teose koopiate müümine, teisele isikule andmine, laenutamine, rentimine, levitamine, edastamine, ülekandmine või teose koopiate või selle oluliste funktsioonide muul viisil teistele füüsilistele või juriidilistele isikutele kättesaadavaks tegemine võrgus või võrguväliselt. 19 | 20 | 2.Litsentsiga antavate õiguste ulatus 21 | Käesolevaga annab litsentsiandja Teile ülemaailmse, tasuta, all-litsentsi andmise õigusega lihtlitsentsi, mille alusel võite teha originaalteose autoriõiguse kehtivusaja jooksul järgmist: 22 | — kasutada teost mis tahes eesmärgil ja mis tahes viisil, 23 | — teost reprodutseerida, 24 | — teost muuta ja luua teosel põhinevaid tuletatud teoseid, 25 | — teost või selle koopiaid üldsusele edastada, sealhulgas neid kättesaadavaks teha või eksponeerida, samuti avalikult esitada, 26 | — teost või selle koopiaid levitada, 27 | — teost või selle koopiaid laenutada ja rentida, 28 | — anda all-litsentse teose või selle koopiate suhtes kehtivate õiguste kohta. 29 | Neid õigusi võib teostada mistahes praegu tuntud või hiljem leiutatud keskkonnas, toel või formaadis, ja sellises ulatuses, nagu lubab kohaldatav õigus. Riikides, kus kehtivad isiklikud õigused, loobub litsentsiandja seadusega lubatud ulatuses oma õigusest teostada isiklikke õigusi, et oleks võimalik eespool loetletud varalisi õigusi litsentsida. Litsentsiandja annab litsentsisaajale tasuta lihtlitsentsi kõigi litsentsiandjale kuuluvate patentide kasutamiseks ulatuses, mis on vajalik teose suhtes käesoleva litsentsiga antud õiguste kasutamiseks. 30 | 31 | 3.Lähtekoodi edastamine 32 | Litsentsiandja võib teose kättesaadavaks teha kas lähtekoodi või täitmiskoodi kujul. Kui teos tehakse kättesaadavaks täitmiskoodi kujul, lisab litsentsiandja igale tema poolt levitatavale teose koopiale lähtekoodi masinloetava koopia või näitab teose autoriõiguse märke järele lisatud märkega ära hoidla, kust lähtekood on kergesti ja tasuta kättesaadav seni, kuni litsentsiandja jätkab teose levitamist või edastamist. 33 | 34 | 4.Autoriõiguse piiramine 35 | Käesolev litsents ei võta litsentsisaajalt võimalusi, mis tulenevad teose õiguste omaja ainuõiguste suhtes kehtestatud eranditest või ainuõiguste piiramisest, nende õiguste ammendumisest või muudest nende õiguste suhtes kohaldatavatest piirangutest. 36 | 37 | 5.Litsentsisaaja kohustused 38 | Eespool nimetatud õigused antakse litsentsisaajale tingimusel, et ta peab kinni teatavatest piirangutest ja täidab teatavaid talle pandud kohustusi. Need kohustused on järgmised: 39 | 40 | Õigus autorsusele. Litsentsisaaja hoiab puutumatuna kõik autoriõiguse, patentide ja kaubamärkide kohta käivad märked ja kõik märked, mis viitavad litsentsile ja garantii puudumisele. Litsentsisaaja peab teose iga tema poolt levitatavale või edastatavale koopiale lisama nimetatud märgete koopiad ja litsentsi koopia. Litsentsisaaja peab tagama, et iga tuletatud teos kannab selget märget selle kohta, et teost on muudetud ja muutmise kuupäeva. 41 | 42 | Klausel vaba kasutamise tagamise kohta (copyleft). Kui litsentsisaaja levitab või edastab originaalteose või tuletatud teoste koopiaid, toimub see levitamine või edastamine vastavalt käesoleva litsentsi tingimustele või käesoleva litsentsi hilisema versiooni tingimustele, välja arvatud juhul, kui originaalteost levitatakse ainult vastavalt litsentsi käesolevale versioonile (näiteks märkides „ainult EUPL v.1.2“). Litsentsisaaja ei tohi (litsentsiandjaks saades) teosele või tuletatud teosele lisada ega kehtestada mingeid lisatingimusi, mis muudavad või piiravad litsentsi tingimusi. 43 | 44 | Ühilduvuse klausel. Kui litsentsisaaja levitab või edastab tuletatud teoseid või nende koopiaid, mis põhinevad nii teosel kui ka teisel, käesoleva litsentsiga ühilduva litsentsi alusel litsentsitud teosel, võib see levitamine või edastamine toimuda vastavalt nimetatud ühilduva litsentsi tingimustele. Käesolevas klauslis tähendab „ühilduv litsents“ käesoleva litsentsi lisas loetletud litsentse. Kui litsentsisaaja ühilduvale litsentsile vastavad kohustused on vastuolus tema kohustustega vastavalt käesolevale litsentsile, loetakse kehtivaks ühilduva litsentsi kohased kohustused. 45 | 46 | Lähtekoodi lisamine. Teose koopiate levitamisel või edastamisel lisab litsentsisaaja igale koopiale lähtekoodi masinloetava koopia või näitab ära hoidla, kust lähtekood on kergesti ja tasuta kättesaadav seni, kuni litsentsisaaja jätkab teose levitamist või edastamist. 47 | 48 | Õiguskaitse. Käesoleva litsentsiga ei anta luba kasutada litsentsiandja ärinimesid, kaubamärke, teenindusmärke või nimesid, välja arvatud juhul, kui see on vajalik mõistlikuks ja tavapäraseks kasutamiseks teose päritolu kirjeldamisel ja autoriõiguse märke sisu reprodutseerimisel. 49 | 50 | 6.Autorsuse ahel 51 | Esialgne litsentsiandja tagab, et käesoleva litsentsiga antav autoriõigus originaalteosele kuulub talle või on talle litsentsitud ja et tal on õigus seda litsentsiga edasi anda. Iga edasiarendaja tagab, et autoriõigus tema poolt teosele tehtavatele muudatustele kuulub talle või on talle litsentsitud ja et tal on õigus litsentsi anda. Iga kord, kui Te võtate vastu litsentsi, annavad esialgne litsentsiandja ja hilisemad edasiarendajad Teile litsentsi nende osaluse kasutamiseks teoses vastavalt käesoleva litsentsi tingimustele. 52 | 53 | 7.Garantii puudumine 54 | Teos on veel pooleli ja arvukad edasiarendajad parendavad seda järjepidevalt. See ei ole lõpetatud teos ja võib seetõttu sisaldada defekte ja programmivigu, mis on omased seda liiki arendustegevusele. Seetõttu levitatakse teost litsentsi alusel „sellisena, nagu see on“ ilma teose suhtes kehtiva garantiita, muu hulgas garantiita kaubandusliku kvaliteedi kohta, garantiita sobivuse kohta mingi kindla eesmärgi jaoks, garantiita defektide ja vigade puudumise kohta, garantiita täpsuse kohta ja selle kohta, et ei ole rikutud muid intellektuaalse omandi õigusi peale käesoleva litsentsi artiklis 6 nimetatud autoriõiguse. Käesolev garantii puudumise klausel on litsentsi oluline osa ja teosele õiguste andmise eeltingimus. 55 | 56 | 8.Vastutuse välistamine 57 | Välja arvatud tahtliku õiguserikkumise või füüsilistele isikutele tekitatud otsese kahju puhul, ei vastuta litsentsiandja mitte mingil juhul litsentsi või teose kasutamise tagajärjel tekkinud mistahes otsese või kaudse, varalise või moraalse kahju eest, muu hulgas maineväärtuse langusest tekkinud kahju, tööseisakute, arvutirikke ja talitlushäirete, andmete kadumise ja ärikahju eest, isegi juhul kui litsentsiandjat on sellise kahju tekkimise võimalikkusest teavitatud. Litsentsiandja vastutab siiski vastavalt tootevastutust käsitlevatele õigusaktidele niivõrd, kuivõrd need õigusaktid on teose suhtes kohaldatavad. 58 | 59 | 9.Lisakokkulepped 60 | Teose levitamisel võite Te sõlmida lisakokkuleppe, milles määratakse kindlaks käesoleva litsentsiga vastavuses olevad kohustused või teenused. Kuid kui olete nõus võtma kohustusi, võite Te tegutseda ainult iseenda nimel ja vastutusel, mitte esialgse litsentsiandja või teiste edasiarendajate nimel, ja ainult juhul, kui Te nõustute vabastama edasiarendajad vastutusest, kaitsma ja hoidma neid kahju tekkimise eest vastutuse või nõuete osas, mida nende vastu võidakse esitada selle tagajärjel, et Teie pakute garantiid või võtate lisavastutuse. 61 | 62 | 10.Litsentsiga nõustumine 63 | Käesoleva litsentsi sätetega saab nõustuda, klõpsates ikoonile „Nõustun“ litsentsi teksti näitava akna all või väljendades nõusolekut muul sarnasel viisil vastavalt kehtivatele õigusaktidele. Sellele ikoonile klõpsates väljendate selgelt ja pöördumatult oma nõusolekut käesoleva litsentsi ja kõigi selle tingimuste suhtes. Samuti nõustute pöördumatult käesoleva litsentsi ja kõigi selle tingimustega, kui teostate Teile käesoleva litsentsi artikliga 2 antud õigusi, näiteks kasutate teost, loote tuletatud teose või levitate või edastate teost või selle koopiaid. 64 | 65 | 11.Üldsuse teavitamine 66 | Juhul, kui Te kasutate teose levitamiseks või edastamiseks elektroonilisi sidevahendeid (näiteks võimaldate teose allalaadimist veebisaidilt), tuleb levitamiskanalil või andmekandjal (näiteks veebisaidil) teha üldsusele kättesaadavaks vähemalt kohaldatava õiguse alusel kohustuslik teave litsentsiandja ja litsentsi kohta ning selle kohta, kuidas see on litsentsisaajale kättesaadav, litsentsilepingu sõlmimise kohta ja selle kohta, kuidas litsentsisaaja saab litsentsi säilitada ja reprodutseerida. 67 | 68 | 12.Litsentsi lõppemine 69 | Litsents ja sellega antud õigused lõppevad automaatselt juhul, kui litsentsisaaja rikub litsentsi tingimusi. Sellise lõppemise korral ei lõpe ühegi sellise isiku litsents, kes sai teose litsentsisaajalt vastavalt litsentsi tingimustele, juhul kui see isik täidab jätkuvalt litsentsi tingimusi. 70 | 71 | 13.Muud sätted 72 | Ilma et see piiraks litsentsi artikli 9 kohaldamist, sisaldab litsents kogu kokkulepet, mis osapoolte vahel seose teosega on. Kui mõni litsentsi säte on vastavalt kohaldatavatele õigusaktidele kehtetu või seda ei ole võimalik jõustada, ei mõjuta see litsentsi kui terviku kehtivust ega jõustatavust. Sellist sätet tõlgendatakse või muudetakse nii nagu vaja, et see kehtiks ja saaks tagada selle täitmise. Euroopa Komisjon võib avaldada käesoleva litsentsi muid keeleversioone või uusi versioone või lisa uuendatud versioone, kuivõrd see on vajalik ja mõistlik, vähendamata sellega litsentsiga antavate õiguste ulatust. Litsentsi uued versioonid avaldatakse kordumatu versiooninumbriga. Käesoleva litsentsi kõik keeleversioonid, mille Euroopa Komisjon on heaks kiitnud, on võrdväärsed. Osapooled võivad kasutada enda valitud keeleversiooni. 73 | 74 | 14.Kohtualluvus 75 | Ilma et see piiraks konkreetse osapooltevahelise kokkuleppe kohaldamist, 76 | — kuuluvad käesoleva litsentsi tõlgendamisest tulenevad kohtuvaidlused Euroopa Liidu institutsioonide, organite, büroode või asutuste kui litsentsiandja ja mistahes litsentsisaaja vahel Euroopa Liidu Kohtu pädevusse, nagu on sätestatud Euroopa Liidu toimimise lepingu artiklis 272, 77 | — kuuluvad käesoleva litsentsi tõlgendamisest tulenevad kohtuvaidlused muude osapoolte vahel selle pädeva kohtu ainupädevusse, kelle tööpiirkonnas asub litsentsiandja elukoht või peamine tegevuskoht. 78 | 79 | 15.Kohaldatav õigus 80 | Ilma et see piiraks konkreetse osapooltevahelise kokkuleppe kohaldamist, 81 | — kohaldatakse käesoleva litsentsi suhtes selle Euroopa Liidu liikmesriigi õigust, kus paikneb litsentsiandja peakorter, elukoht või asukoht, 82 | — kohaldatakse litsentsi suhtes Belgia õigust, kui litsentsiandja peakorter, elukoht või asukoht asub väljaspool Euroopa Liidu liikmesriike. 83 | 84 | Liide 85 | Euroopa Liidu tarkvara vaba kasutuse litsentsi artiklis 5 osutatud „ühilduvad litsentsid“ on järgmised: 86 | — GNU General Public License (GPL) v. 2, v. 3 87 | — GNU Affero General Public License (AGPL) v. 3 88 | — Open Software License (OSL) v. 2.1, v. 3.0 89 | — Eclipse Public License (EPL) v. 1.0 90 | — CeCILL v. 2.0, v. 2.1 91 | — Mozilla Public Licence (MPL) v. 2 92 | — GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3 93 | — Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) muude teoste puhul peale tarkvara 94 | — European Union Public Licence (EUPL) v. 1.1, v. 1.2 95 | — Québec Free and Open-Source Licence – Reciprocity (LiLiQ-R) or Strong Reciprocity (LiLiQ-R+). 96 | Euroopa Komisjon võib käesolevat lisa ajakohastada loetletud litsentside hilisemate versioonidega ilma, et peaks selleks koostama EUPLi uue versiooni, eeldusel et nende litsentsidega tagatakse käesoleva litsentsi artiklis 2 sätestatud õigused ja kaitstakse hõlmatud lähtekoodi eksklusiivse omastamise eest. 97 | Kõigi muude käesoleva liite muudatuste või täienduste jaoks on vaja koostada EUPLi uus versioon. 98 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | EUROPEAN UNION PUBLIC LICENCE v. 1.2 2 | EUPL © the European Union 2007, 2016 3 | 4 | This European Union Public Licence (the ‘EUPL’) applies to the Work (as defined below) which is provided under the 5 | terms of this Licence. Any use of the Work, other than as authorised under this Licence is prohibited (to the extent such 6 | use is covered by a right of the copyright holder of the Work). 7 | The Work is provided under the terms of this Licence when the Licensor (as defined below) has placed the following 8 | notice immediately following the copyright notice for the Work: 9 | Licensed under the EUPL 10 | or has expressed by any other means his willingness to license under the EUPL. 11 | 12 | 1.Definitions 13 | In this Licence, the following terms have the following meaning: 14 | — ‘The Licence’:this Licence. 15 | — ‘The Original Work’:the work or software distributed or communicated by the Licensor under this Licence, available 16 | as Source Code and also as Executable Code as the case may be. 17 | — ‘Derivative Works’:the works or software that could be created by the Licensee, based upon the Original Work or 18 | modifications thereof. This Licence does not define the extent of modification or dependence on the Original Work 19 | required in order to classify a work as a Derivative Work; this extent is determined by copyright law applicable in 20 | the country mentioned in Article 15. 21 | — ‘The Work’:the Original Work or its Derivative Works. 22 | — ‘The Source Code’:the human-readable form of the Work which is the most convenient for people to study and 23 | modify. 24 | — ‘The Executable Code’:any code which has generally been compiled and which is meant to be interpreted by 25 | a computer as a program. 26 | — ‘The Licensor’:the natural or legal person that distributes or communicates the Work under the Licence. 27 | — ‘Contributor(s)’:any natural or legal person who modifies the Work under the Licence, or otherwise contributes to 28 | the creation of a Derivative Work. 29 | — ‘The Licensee’ or ‘You’:any natural or legal person who makes any usage of the Work under the terms of the 30 | Licence. 31 | — ‘Distribution’ or ‘Communication’:any act of selling, giving, lending, renting, distributing, communicating, 32 | transmitting, or otherwise making available, online or offline, copies of the Work or providing access to its essential 33 | functionalities at the disposal of any other natural or legal person. 34 | 35 | 2.Scope of the rights granted by the Licence 36 | The Licensor hereby grants You a worldwide, royalty-free, non-exclusive, sublicensable licence to do the following, for 37 | the duration of copyright vested in the Original Work: 38 | — use the Work in any circumstance and for all usage, 39 | — reproduce the Work, 40 | — modify the Work, and make Derivative Works based upon the Work, 41 | — communicate to the public, including the right to make available or display the Work or copies thereof to the public 42 | and perform publicly, as the case may be, the Work, 43 | — distribute the Work or copies thereof, 44 | — lend and rent the Work or copies thereof, 45 | — sublicense rights in the Work or copies thereof. 46 | Those rights can be exercised on any media, supports and formats, whether now known or later invented, as far as the 47 | applicable law permits so. 48 | In the countries where moral rights apply, the Licensor waives his right to exercise his moral right to the extent allowed 49 | by law in order to make effective the licence of the economic rights here above listed. 50 | The Licensor grants to the Licensee royalty-free, non-exclusive usage rights to any patents held by the Licensor, to the 51 | extent necessary to make use of the rights granted on the Work under this Licence. 52 | 53 | 3.Communication of the Source Code 54 | The Licensor may provide the Work either in its Source Code form, or as Executable Code. If the Work is provided as 55 | Executable Code, the Licensor provides in addition a machine-readable copy of the Source Code of the Work along with 56 | each copy of the Work that the Licensor distributes or indicates, in a notice following the copyright notice attached to 57 | the Work, a repository where the Source Code is easily and freely accessible for as long as the Licensor continues to 58 | distribute or communicate the Work. 59 | 60 | 4.Limitations on copyright 61 | Nothing in this Licence is intended to deprive the Licensee of the benefits from any exception or limitation to the 62 | exclusive rights of the rights owners in the Work, of the exhaustion of those rights or of other applicable limitations 63 | thereto. 64 | 65 | 5.Obligations of the Licensee 66 | The grant of the rights mentioned above is subject to some restrictions and obligations imposed on the Licensee. Those 67 | obligations are the following: 68 | 69 | Attribution right: The Licensee shall keep intact all copyright, patent or trademarks notices and all notices that refer to 70 | the Licence and to the disclaimer of warranties. The Licensee must include a copy of such notices and a copy of the 71 | Licence with every copy of the Work he/she distributes or communicates. The Licensee must cause any Derivative Work 72 | to carry prominent notices stating that the Work has been modified and the date of modification. 73 | 74 | Copyleft clause: If the Licensee distributes or communicates copies of the Original Works or Derivative Works, this 75 | Distribution or Communication will be done under the terms of this Licence or of a later version of this Licence unless 76 | the Original Work is expressly distributed only under this version of the Licence — for example by communicating 77 | ‘EUPL v. 1.2 only’. The Licensee (becoming Licensor) cannot offer or impose any additional terms or conditions on the 78 | Work or Derivative Work that alter or restrict the terms of the Licence. 79 | 80 | Compatibility clause: If the Licensee Distributes or Communicates Derivative Works or copies thereof based upon both 81 | the Work and another work licensed under a Compatible Licence, this Distribution or Communication can be done 82 | under the terms of this Compatible Licence. For the sake of this clause, ‘Compatible Licence’ refers to the licences listed 83 | in the appendix attached to this Licence. Should the Licensee's obligations under the Compatible Licence conflict with 84 | his/her obligations under this Licence, the obligations of the Compatible Licence shall prevail. 85 | 86 | Provision of Source Code: When distributing or communicating copies of the Work, the Licensee will provide 87 | a machine-readable copy of the Source Code or indicate a repository where this Source will be easily and freely available 88 | for as long as the Licensee continues to distribute or communicate the Work. 89 | Legal Protection: This Licence does not grant permission to use the trade names, trademarks, service marks, or names 90 | of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and 91 | reproducing the content of the copyright notice. 92 | 93 | 6.Chain of Authorship 94 | The original Licensor warrants that the copyright in the Original Work granted hereunder is owned by him/her or 95 | licensed to him/her and that he/she has the power and authority to grant the Licence. 96 | Each Contributor warrants that the copyright in the modifications he/she brings to the Work are owned by him/her or 97 | licensed to him/her and that he/she has the power and authority to grant the Licence. 98 | Each time You accept the Licence, the original Licensor and subsequent Contributors grant You a licence to their contributions 99 | to the Work, under the terms of this Licence. 100 | 101 | 7.Disclaimer of Warranty 102 | The Work is a work in progress, which is continuously improved by numerous Contributors. It is not a finished work 103 | and may therefore contain defects or ‘bugs’ inherent to this type of development. 104 | For the above reason, the Work is provided under the Licence on an ‘as is’ basis and without warranties of any kind 105 | concerning the Work, including without limitation merchantability, fitness for a particular purpose, absence of defects or 106 | errors, accuracy, non-infringement of intellectual property rights other than copyright as stated in Article 6 of this 107 | Licence. 108 | This disclaimer of warranty is an essential part of the Licence and a condition for the grant of any rights to the Work. 109 | 110 | 8.Disclaimer of Liability 111 | Except in the cases of wilful misconduct or damages directly caused to natural persons, the Licensor will in no event be 112 | liable for any direct or indirect, material or moral, damages of any kind, arising out of the Licence or of the use of the 113 | Work, including without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, loss 114 | of data or any commercial damage, even if the Licensor has been advised of the possibility of such damage. However, 115 | the Licensor will be liable under statutory product liability laws as far such laws apply to the Work. 116 | 117 | 9.Additional agreements 118 | While distributing the Work, You may choose to conclude an additional agreement, defining obligations or services 119 | consistent with this Licence. However, if accepting obligations, You may act only on your own behalf and on your sole 120 | responsibility, not on behalf of the original Licensor or any other Contributor, and only if You agree to indemnify, 121 | defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against such Contributor by 122 | the fact You have accepted any warranty or additional liability. 123 | 124 | 10.Acceptance of the Licence 125 | The provisions of this Licence can be accepted by clicking on an icon ‘I agree’ placed under the bottom of a window 126 | displaying the text of this Licence or by affirming consent in any other similar way, in accordance with the rules of 127 | applicable law. Clicking on that icon indicates your clear and irrevocable acceptance of this Licence and all of its terms 128 | and conditions. 129 | Similarly, you irrevocably accept this Licence and all of its terms and conditions by exercising any rights granted to You 130 | by Article 2 of this Licence, such as the use of the Work, the creation by You of a Derivative Work or the Distribution 131 | or Communication by You of the Work or copies thereof. 132 | 133 | 11.Information to the public 134 | In case of any Distribution or Communication of the Work by means of electronic communication by You (for example, 135 | by offering to download the Work from a remote location) the distribution channel or media (for example, a website) 136 | must at least provide to the public the information requested by the applicable law regarding the Licensor, the Licence 137 | and the way it may be accessible, concluded, stored and reproduced by the Licensee. 138 | 139 | 12.Termination of the Licence 140 | The Licence and the rights granted hereunder will terminate automatically upon any breach by the Licensee of the terms 141 | of the Licence. 142 | Such a termination will not terminate the licences of any person who has received the Work from the Licensee under 143 | the Licence, provided such persons remain in full compliance with the Licence. 144 | 145 | 13.Miscellaneous 146 | Without prejudice of Article 9 above, the Licence represents the complete agreement between the Parties as to the 147 | Work. 148 | If any provision of the Licence is invalid or unenforceable under applicable law, this will not affect the validity or 149 | enforceability of the Licence as a whole. Such provision will be construed or reformed so as necessary to make it valid 150 | and enforceable. 151 | The European Commission may publish other linguistic versions or new versions of this Licence or updated versions of 152 | the Appendix, so far this is required and reasonable, without reducing the scope of the rights granted by the Licence. 153 | New versions of the Licence will be published with a unique version number. 154 | All linguistic versions of this Licence, approved by the European Commission, have identical value. Parties can take 155 | advantage of the linguistic version of their choice. 156 | 157 | 14.Jurisdiction 158 | Without prejudice to specific agreement between parties, 159 | — any litigation resulting from the interpretation of this License, arising between the European Union institutions, 160 | bodies, offices or agencies, as a Licensor, and any Licensee, will be subject to the jurisdiction of the Court of Justice 161 | of the European Union, as laid down in article 272 of the Treaty on the Functioning of the European Union, 162 | — any litigation arising between other parties and resulting from the interpretation of this License, will be subject to 163 | the exclusive jurisdiction of the competent court where the Licensor resides or conducts its primary business. 164 | 165 | 15.Applicable Law 166 | Without prejudice to specific agreement between parties, 167 | — this Licence shall be governed by the law of the European Union Member State where the Licensor has his seat, 168 | resides or has his registered office, 169 | — this licence shall be governed by Belgian law if the Licensor has no seat, residence or registered office inside 170 | a European Union Member State. 171 | 172 | 173 | Appendix 174 | 175 | ‘Compatible Licences’ according to Article 5 EUPL are: 176 | — GNU General Public License (GPL) v. 2, v. 3 177 | — GNU Affero General Public License (AGPL) v. 3 178 | — Open Software License (OSL) v. 2.1, v. 3.0 179 | — Eclipse Public License (EPL) v. 1.0 180 | — CeCILL v. 2.0, v. 2.1 181 | — Mozilla Public Licence (MPL) v. 2 182 | — GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3 183 | — Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for works other than software 184 | — European Union Public Licence (EUPL) v. 1.1, v. 1.2 185 | — Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) or Strong Reciprocity (LiLiQ-R+). 186 | 187 | The European Commission may update this Appendix to later versions of the above licences without producing 188 | a new version of the EUPL, as long as they provide the rights granted in Article 2 of this Licence and protect the 189 | covered Source Code from exclusive appropriation. 190 | All other changes or additions to this Appendix require the production of a new EUPL version. 191 | 192 | --------------------------------------------------------------------------------