haraka-plugin-wildduck - npm Package Compare versions

Comparing version 1.0.4 to 1.0.5

index.js

@@ -10,2 +10,3 @@ /* eslint-env es6 */
 const punycode = require('punycode');
+const SRS = require('srs.js');
 
@@ -35,2 +36,6 @@ exports.register = function() {
 
+    plugin.srsRewriter = new SRS({
+        secret: plugin.cfg.srs.secret
+    });
+
     MongoClient.connect(plugin.cfg.mongo.url, (err, database) => {
@@ -48,2 +53,16 @@ if (err) {
 exports.normalize_address = function(address) {
+    let domain = address.host.toLowerCase().trim();
+
+    if (/^SRS\d+=/i.test(address.user)) {
+        // Try to fix case-mangled addresses where the intermediate MTA converts user part to lower case
+        // and thus breaks hash verification
+        let localAddress = address.user
+            // ensure that address starts with uppercase SRS
+            .replace(/^SRS\d+=/i, val => val.toUpperCase())
+            // ensure that the first entity that looks like timestamp is uppercase
+            .replace(/([-=+][0-9a-f]{4})(=[A-Z2-7]{2}=)/i, (str, sig, ts) => sig + ts.toUpperCase());
+
+        return localAddress + '@' + punycode.toUnicode(domain);
+    }
+
     let user = address.user
@@ -57,4 +76,2 @@ // just in case it is an unicode username
 
-    let domain = address.host.toLowerCase().trim();
-
     return user + '@' + punycode.toUnicode(domain);
@@ -83,2 +100,25 @@ };
 
+    if (/^SRS\d+=/.test(address)) {
+        let reversed = false;
+        try {
+            reversed = plugin.srsRewriter.reverse(address);
+            let toDomain = punycode.toASCII((reversed[1] || '').toString().toLowerCase().trim());
+
+            if (!toDomain) {
+                plugin.logerror('SRS check failed for ' + address + '. Missing domain');
+                return next(DENY, DSN.no_such_user());
+            }
+
+            reversed = reversed.join('@');
+        } catch (E) {
+            plugin.logerror('SRS check failed for ' + address + '. ' + E.message);
+            return next(DENY, DSN.no_such_user());
+        }
+
+        if (reversed) {
+            // accept SRS rewritten address
+            return next(OK);
+        }
+    }
+
     // check if address exists
@@ -85,0 +125,0 @@ plugin.usersdb.collection('addresses').findOne({

package.json

 {
     "name": "haraka-plugin-wildduck",
-    "version": "1.0.4",
+    "version": "1.0.5",
     "description": "Haraka plugin for processing incoming messages for Wild Duck IMAP server",
@@ -13,3 +13,11 @@ "main": "index.js",
     },
-    "keywords": ["MX", "SMTP", "Haraka", "Wild", "Duck", "IMAP", "LMTP"],
+    "keywords": [
+        "MX",
+        "SMTP",
+        "Haraka",
+        "Wild",
+        "Duck",
+        "IMAP",
+        "LMTP"
+    ],
     "author": "Andris Reinman",
@@ -22,3 +30,3 @@ "license": "EUPL-1.1",
     "devDependencies": {
-        "eslint": "^4.3.0",
+        "eslint": "^4.5.0",
         "eslint-config-nodemailer": "^1.2.0",
@@ -30,4 +38,5 @@ "grunt": "^1.0.1",
     "dependencies": {
-        "mongodb": "^2.2.30"
+        "mongodb": "^2.2.31",
+        "srs.js": "^0.1.0"
     }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

31419

increased by5.34%

Lines of code

444

increased by8.03%

Worsened metrics

Dependency count

2

increased by100%

Dependency changes

• + Addedsrs.js@^0.1.0

• + Addedsrs.js@0.1.0(transitive)

• Updatedmongodb@^2.2.31