BREAKING CHANGE(mail): remove DMARC and DKIM verifier implementations and MTA error classes; introduce DkimManager and EmailActionExecutor; simplify SPF verifier and update routing exports and tests
This commit is contained in:
@@ -1,8 +1,4 @@
|
||||
import * as plugins from '../../plugins.js';
|
||||
import { logger } from '../../logger.js';
|
||||
import { SecurityLogger, SecurityLogLevel, SecurityEventType } from '../../security/index.js';
|
||||
import { RustSecurityBridge } from '../../security/classes.rustsecuritybridge.js';
|
||||
import type { Email } from '../core/classes.email.js';
|
||||
|
||||
/**
|
||||
* SPF result qualifiers
|
||||
@@ -127,107 +123,4 @@ export class SpfVerifier {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify SPF for a given email — delegates to Rust bridge
|
||||
*/
|
||||
public async verify(
|
||||
email: Email,
|
||||
ip: string,
|
||||
heloDomain: string
|
||||
): Promise<SpfResult> {
|
||||
const securityLogger = SecurityLogger.getInstance();
|
||||
const mailFrom = email.from || '';
|
||||
const domain = mailFrom.split('@')[1] || '';
|
||||
|
||||
try {
|
||||
const bridge = RustSecurityBridge.getInstance();
|
||||
const result = await bridge.checkSpf({
|
||||
ip,
|
||||
heloDomain,
|
||||
hostname: plugins.os.hostname(),
|
||||
mailFrom,
|
||||
});
|
||||
|
||||
const spfResult: SpfResult = {
|
||||
result: result.result as SpfResult['result'],
|
||||
domain: result.domain,
|
||||
ip: result.ip,
|
||||
explanation: result.explanation ?? undefined,
|
||||
};
|
||||
|
||||
securityLogger.logEvent({
|
||||
level: spfResult.result === 'pass' ? SecurityLogLevel.INFO :
|
||||
(spfResult.result === 'fail' ? SecurityLogLevel.WARN : SecurityLogLevel.INFO),
|
||||
type: SecurityEventType.SPF,
|
||||
message: `SPF ${spfResult.result} for ${spfResult.domain} from IP ${ip}`,
|
||||
domain: spfResult.domain,
|
||||
details: { ip, heloDomain, result: spfResult.result, explanation: spfResult.explanation },
|
||||
success: spfResult.result === 'pass'
|
||||
});
|
||||
|
||||
return spfResult;
|
||||
} catch (error) {
|
||||
logger.log('error', `SPF verification error: ${error.message}`, { domain, ip, error: error.message });
|
||||
|
||||
securityLogger.logEvent({
|
||||
level: SecurityLogLevel.ERROR,
|
||||
type: SecurityEventType.SPF,
|
||||
message: `SPF verification error for ${domain}`,
|
||||
domain,
|
||||
details: { ip, error: error.message },
|
||||
success: false
|
||||
});
|
||||
|
||||
return {
|
||||
result: 'temperror',
|
||||
explanation: `Error verifying SPF: ${error.message}`,
|
||||
domain,
|
||||
ip,
|
||||
error: error.message
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if email passes SPF verification and apply headers
|
||||
*/
|
||||
public async verifyAndApply(
|
||||
email: Email,
|
||||
ip: string,
|
||||
heloDomain: string
|
||||
): Promise<boolean> {
|
||||
const result = await this.verify(email, ip, heloDomain);
|
||||
|
||||
email.headers['Received-SPF'] = `${result.result} (${result.domain}: ${result.explanation || ''}) client-ip=${ip}; envelope-from=${email.getEnvelopeFrom()}; helo=${heloDomain};`;
|
||||
|
||||
switch (result.result) {
|
||||
case 'fail':
|
||||
email.mightBeSpam = true;
|
||||
logger.log('warn', `SPF failed for ${result.domain} from ${ip}: ${result.explanation}`);
|
||||
return false;
|
||||
|
||||
case 'softfail':
|
||||
email.mightBeSpam = true;
|
||||
logger.log('info', `SPF softfailed for ${result.domain} from ${ip}: ${result.explanation}`);
|
||||
return true;
|
||||
|
||||
case 'neutral':
|
||||
case 'none':
|
||||
logger.log('info', `SPF ${result.result} for ${result.domain} from ${ip}: ${result.explanation}`);
|
||||
return true;
|
||||
|
||||
case 'pass':
|
||||
logger.log('info', `SPF passed for ${result.domain} from ${ip}: ${result.explanation}`);
|
||||
return true;
|
||||
|
||||
case 'temperror':
|
||||
case 'permerror':
|
||||
logger.log('error', `SPF error for ${result.domain} from ${ip}: ${result.explanation}`);
|
||||
return true;
|
||||
|
||||
default:
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user