feat(rust): implement mailer-core and mailer-security crates with CLI

Rust migration Phase 1 — implements real functionality in the previously stubbed mailer-core and mailer-security crates (38 passing tests). mailer-core: Email/EmailAddress/Attachment types, RFC 5322 MIME builder, email format validation with scoring, bounce detection (14 types, 40+ regex patterns), DSN status parsing, retry delay calculation. mailer-security: DKIM signing (RSA-SHA256) and verification, SPF checking, DMARC verification with public suffix list, DNSBL IP reputation checking (10 default servers, parallel queries), all powered by mail-auth 0.7. mailer-bin: Full CLI with validate/bounce/check-ip/verify-email/dkim-sign subcommands plus --management mode for smartrust JSON-over-stdin/stdout IPC.
2026-02-10 16:06:04 +00:00
parent 91b49182bb
commit 199b9b79d2
15 changed files with 3113 additions and 261 deletions
--- a/rust/crates/mailer-security/src/lib.rs
+++ b/rust/crates/mailer-security/src/lib.rs
@@ -1,12 +1,36 @@
-//! mailer-security: DKIM, SPF, and DMARC verification.
+//! mailer-security: DKIM, SPF, DMARC verification, and IP reputation checking.
+
+pub mod dkim;
+pub mod dmarc;
+pub mod error;
+pub mod ip_reputation;
+pub mod spf;
+
+// Re-exports for convenience
+pub use dkim::{dkim_dns_record_value, sign_dkim, verify_dkim, DkimVerificationResult};
+pub use dmarc::{check_dmarc, DmarcPolicy, DmarcResult};
+pub use error::{Result, SecurityError};
+pub use ip_reputation::{
+    check_dnsbl, check_reputation, risk_level, DnsblResult, IpType, ReputationResult, RiskLevel,
+    DEFAULT_DNSBL_SERVERS,
+};
+pub use spf::{check_spf, check_spf_ehlo, received_spf_header, SpfResult};
+
+// Re-export mail-auth's MessageAuthenticator for callers to construct
+pub use mail_auth::MessageAuthenticator;

 pub use mailer_core;

-/// Placeholder for DKIM/SPF/DMARC implementation.
+/// Crate version.
 pub fn version() -> &'static str {
    env!("CARGO_PKG_VERSION")
 }

+/// Create a MessageAuthenticator using Cloudflare DNS over TLS.
+pub fn default_authenticator() -> std::result::Result<MessageAuthenticator, Box<dyn std::error::Error>> {
+    Ok(MessageAuthenticator::new_cloudflare_tls()?)
+}
+
 #[cfg(test)]
 mod tests {
    use super::*;