start the path to rust

dist_ts/mail/security/classes.dkimcreator.d.ts

@@ -0,0 +1,68 @@
+import * as plugins from '../../plugins.js';
+import { Email } from '../core/classes.email.js';
+export interface IKeyPaths {
+    privateKeyPath: string;
+    publicKeyPath: string;
+}
+export interface IDkimKeyMetadata {
+    domain: string;
+    selector: string;
+    createdAt: number;
+    rotatedAt?: number;
+    previousSelector?: string;
+    keySize: number;
+}
+export declare class DKIMCreator {
+    private keysDir;
+    private storageManager?;
+    constructor(keysDir?: string, storageManager?: any);
+    getKeyPathsForDomain(domainArg: string): Promise<IKeyPaths>;
+    handleDKIMKeysForDomain(domainArg: string): Promise<void>;
+    handleDKIMKeysForEmail(email: Email): Promise<void>;
+    readDKIMKeys(domainArg: string): Promise<{
+        privateKey: string;
+        publicKey: string;
+    }>;
+    createDKIMKeys(): Promise<{
+        privateKey: string;
+        publicKey: string;
+    }>;
+    storeDKIMKeys(privateKey: string, publicKey: string, privateKeyPath: string, publicKeyPath: string): Promise<void>;
+    createAndStoreDKIMKeys(domain: string): Promise<void>;
+    getDNSRecordForDomain(domainArg: string): Promise<plugins.tsclass.network.IDnsRecord>;
+    /**
+     * Get DKIM key metadata for a domain
+     */
+    private getKeyMetadata;
+    /**
+     * Save DKIM key metadata
+     */
+    private saveKeyMetadata;
+    /**
+     * Check if DKIM keys need rotation
+     */
+    needsRotation(domain: string, selector?: string, rotationIntervalDays?: number): Promise<boolean>;
+    /**
+     * Rotate DKIM keys for a domain
+     */
+    rotateDkimKeys(domain: string, currentSelector?: string, keySize?: number): Promise<string>;
+    /**
+     * Get key paths for a specific selector
+     */
+    getKeyPathsForSelector(domain: string, selector: string): Promise<IKeyPaths>;
+    /**
+     * Read DKIM keys for a specific selector
+     */
+    readDKIMKeysForSelector(domain: string, selector: string): Promise<{
+        privateKey: string;
+        publicKey: string;
+    }>;
+    /**
+     * Get DNS record for a specific selector
+     */
+    getDNSRecordForSelector(domain: string, selector: string): Promise<plugins.tsclass.network.IDnsRecord>;
+    /**
+     * Clean up old DKIM keys after grace period
+     */
+    cleanupOldKeys(domain: string, gracePeriodDays?: number): Promise<void>;
+}

dist_ts/mail/security/classes.dkimverifier.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Result of a DKIM verification
+ */
+export interface IDkimVerificationResult {
+    isValid: boolean;
+    domain?: string;
+    selector?: string;
+    status?: string;
+    details?: any;
+    errorMessage?: string;
+    signatureFields?: Record<string, string>;
+}
+/**
+ * Enhanced DKIM verifier using smartmail capabilities
+ */
+export declare class DKIMVerifier {
+    private verificationCache;
+    private cacheTtl;
+    constructor();
+    /**
+     * Verify DKIM signature for an email
+     * @param emailData The raw email data
+     * @param options Verification options
+     * @returns Verification result
+     */
+    verify(emailData: string, options?: {
+        useCache?: boolean;
+        returnDetails?: boolean;
+    }): Promise<IDkimVerificationResult>;
+    /**
+     * Fetch DKIM public key from DNS
+     * @param domain The domain
+     * @param selector The DKIM selector
+     * @returns The DKIM public key or null if not found
+     */
+    private fetchDkimKey;
+    /**
+     * Clear the verification cache
+     */
+    clearCache(): void;
+    /**
+     * Get the size of the verification cache
+     * @returns Number of cached items
+     */
+    getCacheSize(): number;
+}

dist_ts/mail/security/classes.dmarcverifier.d.ts

@@ -0,0 +1,123 @@
+import type { Email } from '../core/classes.email.js';
+/**
+ * DMARC policy types
+ */
+export declare enum DmarcPolicy {
+    NONE = "none",
+    QUARANTINE = "quarantine",
+    REJECT = "reject"
+}
+/**
+ * DMARC alignment modes
+ */
+export declare enum DmarcAlignment {
+    RELAXED = "r",
+    STRICT = "s"
+}
+/**
+ * DMARC record fields
+ */
+export interface DmarcRecord {
+    version: string;
+    policy: DmarcPolicy;
+    subdomainPolicy?: DmarcPolicy;
+    pct?: number;
+    adkim?: DmarcAlignment;
+    aspf?: DmarcAlignment;
+    reportInterval?: number;
+    failureOptions?: string;
+    reportUriAggregate?: string[];
+    reportUriForensic?: string[];
+}
+/**
+ * DMARC verification result
+ */
+export interface DmarcResult {
+    hasDmarc: boolean;
+    record?: DmarcRecord;
+    spfDomainAligned: boolean;
+    dkimDomainAligned: boolean;
+    spfPassed: boolean;
+    dkimPassed: boolean;
+    policyEvaluated: DmarcPolicy;
+    actualPolicy: DmarcPolicy;
+    appliedPercentage: number;
+    action: 'pass' | 'quarantine' | 'reject';
+    details: string;
+    error?: string;
+}
+/**
+ * Class for verifying and enforcing DMARC policies
+ */
+export declare class DmarcVerifier {
+    private dnsManager?;
+    constructor(dnsManager?: any);
+    /**
+     * Parse a DMARC record from a TXT record string
+     * @param record DMARC TXT record string
+     * @returns Parsed DMARC record or null if invalid
+     */
+    parseDmarcRecord(record: string): DmarcRecord | null;
+    /**
+     * Check if domains are aligned according to DMARC policy
+     * @param headerDomain Domain from header (From)
+     * @param authDomain Domain from authentication (SPF, DKIM)
+     * @param alignment Alignment mode
+     * @returns Whether the domains are aligned
+     */
+    private isDomainAligned;
+    /**
+     * Extract domain from an email address
+     * @param email Email address
+     * @returns Domain part of the email
+     */
+    private getDomainFromEmail;
+    /**
+     * Check if DMARC verification should be applied based on percentage
+     * @param record DMARC record
+     * @returns Whether DMARC verification should be applied
+     */
+    private shouldApplyDmarc;
+    /**
+     * Determine the action to take based on DMARC policy
+     * @param policy DMARC policy
+     * @returns Action to take
+     */
+    private determineAction;
+    /**
+     * Verify DMARC for an incoming email
+     * @param email Email to verify
+     * @param spfResult SPF verification result
+     * @param dkimResult DKIM verification result
+     * @returns DMARC verification result
+     */
+    verify(email: Email, spfResult: {
+        domain: string;
+        result: boolean;
+    }, dkimResult: {
+        domain: string;
+        result: boolean;
+    }): Promise<DmarcResult>;
+    /**
+     * Apply DMARC policy to an email
+     * @param email Email to apply policy to
+     * @param dmarcResult DMARC verification result
+     * @returns Whether the email should be accepted
+     */
+    applyPolicy(email: Email, dmarcResult: DmarcResult): boolean;
+    /**
+     * End-to-end DMARC verification and policy application
+     * This method should be called after SPF and DKIM verification
+     * @param email Email to verify
+     * @param spfResult SPF verification result
+     * @param dkimResult DKIM verification result
+     * @returns Whether the email should be accepted
+     */
+    verifyAndApply(email: Email, spfResult: {
+        domain: string;
+        result: boolean;
+    }, dkimResult: {
+        domain: string;
+        result: boolean;
+    }): Promise<boolean>;
+}

dist_ts/mail/security/classes.spfverifier.d.ts

@@ -0,0 +1,103 @@
+import type { Email } from '../core/classes.email.js';
+/**
+ * SPF result qualifiers
+ */
+export declare enum SpfQualifier {
+    PASS = "+",
+    NEUTRAL = "?",
+    SOFTFAIL = "~",
+    FAIL = "-"
+}
+/**
+ * SPF mechanism types
+ */
+export declare enum SpfMechanismType {
+    ALL = "all",
+    INCLUDE = "include",
+    A = "a",
+    MX = "mx",
+    IP4 = "ip4",
+    IP6 = "ip6",
+    EXISTS = "exists",
+    REDIRECT = "redirect",
+    EXP = "exp"
+}
+/**
+ * SPF mechanism definition
+ */
+export interface SpfMechanism {
+    qualifier: SpfQualifier;
+    type: SpfMechanismType;
+    value?: string;
+}
+/**
+ * SPF record parsed data
+ */
+export interface SpfRecord {
+    version: string;
+    mechanisms: SpfMechanism[];
+    modifiers: Record<string, string>;
+}
+/**
+ * SPF verification result
+ */
+export interface SpfResult {
+    result: 'pass' | 'neutral' | 'softfail' | 'fail' | 'temperror' | 'permerror' | 'none';
+    explanation?: string;
+    domain: string;
+    ip: string;
+    record?: string;
+    error?: string;
+}
+/**
+ * Class for verifying SPF records
+ */
+export declare class SpfVerifier {
+    private dnsManager?;
+    private lookupCount;
+    constructor(dnsManager?: any);
+    /**
+     * Parse SPF record from TXT record
+     * @param record SPF TXT record
+     * @returns Parsed SPF record or null if invalid
+     */
+    parseSpfRecord(record: string): SpfRecord | null;
+    /**
+     * Check if IP is in CIDR range
+     * @param ip IP address to check
+     * @param cidr CIDR range
+     * @returns Whether the IP is in the CIDR range
+     */
+    private isIpInCidr;
+    /**
+     * Check if a domain has the specified IP in its A or AAAA records
+     * @param domain Domain to check
+     * @param ip IP address to check
+     * @returns Whether the domain resolves to the IP
+     */
+    private isDomainResolvingToIp;
+    /**
+     * Verify SPF for a given email with IP and helo domain
+     * @param email Email to verify
+     * @param ip Sender IP address
+     * @param heloDomain HELO/EHLO domain used by sender
+     * @returns SPF verification result
+     */
+    verify(email: Email, ip: string, heloDomain: string): Promise<SpfResult>;
+    /**
+     * Check SPF record against IP address
+     * @param spfRecord Parsed SPF record
+     * @param domain Domain being checked
+     * @param ip IP address to check
+     * @returns SPF result
+     */
+    private checkSpfRecord;
+    /**
+     * Check if email passes SPF verification
+     * @param email Email to verify
+     * @param ip Sender IP address
+     * @param heloDomain HELO/EHLO domain used by sender
+     * @returns Whether email passes SPF
+     */
+    verifyAndApply(email: Email, ip: string, heloDomain: string): Promise<boolean>;
+}

dist_ts/mail/security/index.d.ts

@@ -0,0 +1,4 @@
+export * from './classes.dkimcreator.js';
+export * from './classes.dkimverifier.js';
+export * from './classes.dmarcverifier.js';
+export * from './classes.spfverifier.js';

dist_ts/mail/security/index.js

@@ -0,0 +1,6 @@
+// Email security components
+export * from './classes.dkimcreator.js';
+export * from './classes.dkimverifier.js';
+export * from './classes.dmarcverifier.js';
+export * from './classes.spfverifier.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9tYWlsL3NlY3VyaXR5L2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLDRCQUE0QjtBQUM1QixjQUFjLDBCQUEwQixDQUFDO0FBQ3pDLGNBQWMsMkJBQTJCLENBQUM7QUFDMUMsY0FBYyw0QkFBNEIsQ0FBQztBQUMzQyxjQUFjLDBCQUEwQixDQUFDIn0=