Release v1.2.0 (#7)

- dnswl: sending OK on helo & mail hooks disabled by default - check_zones: check all zones concurrently (test speedup)
haraka · Apr 13, 2024 · eef9c4d · eef9c4d
1 parent eb1f94d
commit eef9c4d
Show file tree

Hide file tree

Showing 7 changed files with 46 additions and 11 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/).
 
 ### Unreleased
 
+### [1.2.0] - 2024-04-13
+
+- dnswl: sending OK on helo & mail hooks disabled by default
+- check_zones: check all zones concurrently (test speedup)
+
 ### [1.1.0] - 2024-04-10
 
 - feat: imported backscatterer from haraka/Haraka
@@ -29,3 +34,4 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/).
 [1.0.2]: https://github.com/haraka/haraka-plugin-dns-list/releases/tag/v1.0.2
 [1.0.3]: https://github.com/haraka/haraka-plugin-dns-list/releases/tag/v1.0.3
 [1.1.0]: https://github.com/haraka/haraka-plugin-dns-list/releases/tag/v1.1.0
+[1.2.0]: https://github.com/haraka/haraka-plugin-dns-list/releases/tag/v1.2.0
diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
@@ -2,7 +2,7 @@
 
 This handcrafted artisinal software is brought to you by:
 
-| <img height="80" src="https://avatars.githubusercontent.com/u/261635?v=4"><br><a href="https://github.com/msimerson">msimerson</a> (<a href="https://github.com/haraka/haraka-plugin-dns-list/commits?author=msimerson">6</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/203240?v=4"><br><a href="https://github.com/lnedry">lnedry</a> (<a href="https://github.com/haraka/haraka-plugin-dns-list/commits?author=lnedry">1</a>) |
+| <img height="80" src="https://avatars.githubusercontent.com/u/261635?v=4"><br><a href="https://github.com/msimerson">msimerson</a> (<a href="https://github.com/haraka/haraka-plugin-dns-list/commits?author=msimerson">7</a>) | <img height="80" src="https://avatars.githubusercontent.com/u/203240?v=4"><br><a href="https://github.com/lnedry">lnedry</a> (<a href="https://github.com/haraka/haraka-plugin-dns-list/commits?author=lnedry">1</a>) |
 | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: |
 
 <sub>this file is maintained by [.release](https://github.com/msimerson/.release)</sub>
diff --git a/README.md b/README.md
@@ -102,6 +102,15 @@ The exact name of the DNS zone (as specified above in main.zones) may contain se
 - reject=true (default: true) Reject connections from IPs on block lists. Setting this to false makes dnsbl informational. reject=false is best used in conjunction with plugins like [karma](https://github.com/haraka/haraka-plugin-karma) that employ a scoring engine to make choices about message delivery.
 - ipv6=true | false
 
+#### dnswl
+
+```ini
+ok_helo=false
+ok_mail=false
+```
+
+if DNSBL returns OK on the mail hook, it prevents any subsequent mail hooks in other plugins from running. This might include [SPF](haraka-plugin-spf), [known senders](https://github.com/haraka/haraka-plugin-known-senders), [karma](https://github.com/haraka/haraka-plugin-karma), recipient plugins, and any other plugins that want to do transaction initialization on `hook_mail`. It can be dangerous.
+
 [ci-img]: https://github.com/haraka/haraka-plugin-dns-list/actions/workflows/ci.yml/badge.svg
 [ci-url]: https://github.com/haraka/haraka-plugin-dns-list/actions/workflows/ci.yml
 [clim-img]: https://codeclimate.com/github/haraka/haraka-plugin-dns-list/badges/gpa.svg

diff --git a/config/dns-list.ini b/config/dns-list.ini
@@ -94,6 +94,9 @@ loopback_is_rejected=true
 [list.dnswl.org]
 ; https://www.dnswl.org/?page_id=15
 type=allow
+; see docs
+ok_helo=false
+ok_mail=false
 
 
 ; 127.0.{2-20}.{0-3}

diff --git a/index.js b/index.js
@@ -16,11 +16,18 @@ exports.register = function () {
 
   this.register_hook('connect', 'onConnect')
 
-  // IMPORTANT: don't run this on hook_rcpt otherwise we're an open relay...
-  for (const hook of ['ehlo', 'helo', 'mail']) {
-    this.register_hook(hook, 'check_dnswl')
+  if (this.cfg['ips.backscatterer.org'].enable) {
+    this.register_hook('mail', 'check_backscatterer')
+  }
+
+  // IMPORTANT: don't run this on hook_rcpt else we're an open relay...
+  if (this.cfg['list.dnswl.org'].ok_helo) {
+    this.register_hook('helo', 'check_dnswl')
+    this.register_hook('ehlo', 'check_dnswl')
+  }
+  if (this.cfg['list.dnswl.org'].ok_mail) {
+    this.register_hook('mail', 'check_dnswl')
   }
-  this.register_hook('mail', 'check_backscatterer')
 }
 
 exports.load_config = function () {
@@ -33,6 +40,8 @@ exports.load_config = function () {
         '*.ipv6',
         '*.loopback_is_rejected',
         '-ips.backscatterer.org.enable',
+        '-list.dnswl.org.ok_helo',
+        '-list.dnswl.org.ok_mail',
       ],
     },
     () => {
@@ -375,12 +384,15 @@ exports.check_zone = async function (zone) {
 exports.check_zones = async function (interval) {
   if (interval) interval = parseInt(interval)
 
+  const promises = []
   for (const zone of this.cfg.main.zones) {
-    try {
-      await this.check_zone(zone)
-    } catch (err) {
-      console.error(`zone ${zone} err: ${err}`)
-    }
+    promises.push(this.check_zone(zone))
+  }
+
+  try {
+    await Promise.all(promises)
+  } catch (err) {
+    console.error(err)
   }
 
   // Set a timer to re-test

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "haraka-plugin-dns-list",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "Haraka plugin for DNS lists (DNSBL, DNSWL)",
   "main": "index.js",
   "files": [

diff --git a/test/dns-list.js b/test/dns-list.js
@@ -40,26 +40,31 @@ describe('dns-list', function () {
 
 describe('lookup', function () {
   it('Spamcop, test IPv4', async function () {
+    this.timeout=4000
     const a = await this.plugin.lookup('127.0.0.2', 'bl.spamcop.net')
     assert.deepStrictEqual(['127.0.0.2'], a)
   })
 
   it('Spamcop, unlisted IPv6', async function () {
+    this.timeout=4000
     const r = await this.plugin.lookup('::1', 'bl.spamcop.net')
     assert.deepStrictEqual(undefined, r)
   })
 
   it('b.barracudacentral.org, unlisted IPv6', async function () {
+    this.timeout=4000
     const r = await this.plugin.lookup('::1', 'b.barracudacentral.org')
     assert.deepStrictEqual(undefined, r)
   })
 
   it('Spamcop, unlisted IPv4', async function () {
+    this.timeout=4000
     const a = await this.plugin.lookup('127.0.0.1', 'bl.spamcop.net')
     assert.deepStrictEqual(undefined, a)
   })
 
   it('CBL', async function () {
+    this.timeout=4000
     const a = await this.plugin.lookup('127.0.0.2', 'xbl.spamhaus.org')
     assert.deepStrictEqual(a, ['127.0.0.4'])
   })