haraka / haraka-plugin-spf Goto Github PK
View Code? Open in Web Editor NEWSPF plugin for Haraka
Home Page: https://www.npmjs.com/package/haraka-plugin-spf
License: MIT License
SPF plugin for Haraka
Home Page: https://www.npmjs.com/package/haraka-plugin-spf
License: MIT License
Hello
There is a bug with this plugin. The SPF is correct, the settings are correct, and the check is from myself, not the sender. All other domains with the same SPF records pass, but this specific plugin denies this one. Any ideas why?
The IP in 'mfrom' is correct (Haraka's self-outbound IP), but for some reason, only for this specific domain does the plugin decide to check with the wrong IP. Although the IP appears correct in the output, it is wrong in the mail failure notification. When the SPF plugin is removed, the email is sent and delivered successfully with an SPF pass.
2024-05-07T20:04:03.170Z [INFO] [ACFFFD10-801B-4FA4-AFA7-E7AE81AB92BE.1] [spf] identity=mfrom ip=15.x.x.x <------------------------- Correct IP domain="some-domain.com" mfrom=<[email protected]> result=Fail
2024-05-07T20:04:03.170Z [INFO] [ACFFFD10-801B-4FA4-AFA7-E7AE81AB92BE.1] [spf] scope: mfrom, result: Fail, domain: some-domain.com
2024-05-07T20:04:03.171Z [INFO] [ACFFFD10-801B-4FA4-AFA7-E7AE81AB92BE.1] [core] hook=mail plugin=spf function=hook_mail params=<[email protected]> retval=DENY msg="[object Object]"
Mail failure (Should not check for this IP, this is the domain MX IP):
host relay.x.com [15.x.x.x]
SMTP error from remote mail server after pipelined MAIL FROM:<[email protected]> SIZE=2560:
550 [ACFFFD@relay] 5.7.1 http://www.openspf.org/Why?s=mfrom&[email protected]&ip=38.x.x.x <----- wrong IP check
HelloTesting email delivery
I can clearly see with the MX toolbox that the SPF is valid.
Basically,
[core] Error
at callback (/Haraka/plugins.js:482:34)
at Plugin.exports.return_results (Haraka/plugins/spf.js:295:20)
at ch_cb (Haraka/plugins/spf.js:214:16)
at mech_chain_caller (Haraka/spf.js:316:28)
at QueryReqWrap.callback (Haraka/spf.js:507:56)
at QueryReqWrap.onresolve [as oncomplete] (dns.js:203:10)
This is happening because of the following events chain:
net_utils.get_mx(domain, (err, mxes) => {
for (let a=0; a<mxes.length; a++) {
dns[resolve_method](mx, (err4, addrs) => {
default: return cb(null, self.SPF_TEMPERROR);
When there are multiple MX, and some of them fail (or maybe even when some fail, some succeed), we invoke CB which doesn't put a stopper on further invocations.
System Info:
2.8.27
[files]
in package.json. Delete .npmignore.node --test
in v18+Haraka | Haraka.js โ Version: 3.0.1 |
---|---|
Node | v18.16.0 |
OS | Linux mx4 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux |
openssl | OpenSSL 1.1.1n 15 Mar 2022 |
Plugin doesn't crash
I've noticed two issues and I suspect that they are related. They happen when the domain does not have an A record for its MX server.
The plugin crashes with a TypeError.
This is all that shows up in the log:
Jun 22 05:39:29 mx4 haraka[868630]: [ERROR] [ED649910-3907-4B08-865B-A764A7617251] [TypeError]
The SPF test tool, as described in this plugin's readme, also fails with this error:
/usr/lib/node_modules/Haraka/node_modules/haraka-plugin-spf/lib/spf.js:504
self.log_debug(`mech_mx: mx=${mx} addresses=${addrs.join(',')}`);
^
TypeError: Cannot read properties of undefined (reading 'join')
at SPF.mech_mx (/usr/lib/node_modules/Haraka/node_modules/haraka-plugin-spf/lib/spf.js:504:59)
at async SPF.check_host (/usr/lib/node_modules/Haraka/node_modules/haraka-plugin-spf/lib/spf.js:290:22)
receive email from a domain that doesn't have an A record for its MX server.
.../haraka-plugin-spf/bin/spf -ip 57.129.0.61 --domain nagomigyouza.com
Hi,
I want to deny incoming messages that violate SPF.
I already have spf
in config/plugins
.
I'm reading the doc, but it's unclear what's the next step.
How to deny incoming messages that violate SPF?
Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.