Skip to content

Commit

Permalink
Release v1.2.0 (#55)
Browse files Browse the repository at this point in the history
  • Loading branch information
msimerson authored Dec 31, 2023
1 parent 5b57316 commit 903347c
Show file tree
Hide file tree
Showing 9 changed files with 60 additions and 86 deletions.
39 changes: 7 additions & 32 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,36 +10,11 @@ jobs:
lint:
uses: haraka/.github/.github/workflows/lint.yml@master

test:
needs: get-lts
runs-on: ${{ matrix.os }}
services:
redis:
image: redis
ports:
- 6379:6379
strategy:
matrix:
os:
- ubuntu-latest
# - windows-latest (no redis yet)
node-version: ${{ fromJson(needs.get-lts.outputs.active) }}
fail-fast: false
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
name: Node ${{ matrix.node-version }} on ${{ matrix.os }}
with:
node-version: ${{ matrix.node-version }}
- run: npm install
- run: npm test
ubuntu:
needs: [ lint ]
uses: haraka/.github/.github/workflows/ubuntu.yml@master

get-lts:
needs: lint
runs-on: ubuntu-latest
steps:
- id: get
uses: msimerson/node-lts-versions@v1
outputs:
active: ${{ steps.get.outputs.active }}
lts: ${{ steps.get.outputs.lts }}
windows:
needs: [ lint ]
uses: haraka/.github/.github/workflows/windows.yml@master
if: ${{ false }} # disabled, until Redis for GHA Windows exists
2 changes: 1 addition & 1 deletion .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,4 @@ env:
jobs:
publish:
uses: haraka/.github/.github/workflows/publish.yml@master
secrets: inherit
secrets: inherit
7 changes: 7 additions & 0 deletions Changes.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,12 @@
### Unreleased


### [1.2.0] - 2023-12-27

- disable history by default (match docs)
- ci: use shared workflows


### [1.1.1] - 2022-12-18

- package.json: remove deprecated 'main'
Expand Down Expand Up @@ -62,3 +68,4 @@
[1.0.7]: https://github.com/haraka/haraka-plugin-limit/releases/tag/1.0.7
[1.1.0]: https://github.com/haraka/haraka-plugin-limit/releases/tag/1.1.0
[1.1.1]: https://github.com/haraka/haraka-plugin-limit/releases/tag/1.1.1
[1.2.0]: https://github.com/haraka/haraka-plugin-limit/releases/tag/1.2.0
63 changes: 23 additions & 40 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

[![Tests][ci-img]][ci-url]
[![Code Climate][clim-img]][clim-url]

[![NPM][npm-img]][npm-url]

Apply many types of limits to SMTP connections:
Expand Down Expand Up @@ -32,7 +33,7 @@ echo 'limit' >> config/plugins

Each limit type has values that can be defined in [limit.ini](https://github.com/haraka/haraka-plugin-limit/blob/master/config/limit.ini). See the default [limit.ini](https://github.com/haraka/haraka-plugin-limit) in this packages config directory.

Each limit type is disabled until `enabled=true` is set within it's block in limit.ini.
Each limit type is disabled until `enabled=true` is set within its block in limit.ini.

Haraka's config loader loads the defaults from limit.ini within this plugins installed config directory and applies any overrides found in the limit.ini within your Haraka install/config directory.

Expand All @@ -41,8 +42,7 @@ Haraka's config loader loads the defaults from limit.ini within this plugins ins

- tarpit_delay = seconds *(optional)*

Set this to the length in seconds that you want to delay every SMTP
response to a remote client that has exceeded the rate limits.
Set this to the length in seconds that you want to delay every SMTP response to a remote client that has exceeded the rate limits.


## [redis]
Expand All @@ -60,9 +60,7 @@ If this [redis] section or any values are missing, the defaults from redis.ini a

When `[concurrency]max` is defined, it limits the maximum number of simultaneous connections per IP address. Connection attempts in excess of the limit are optionally delayed before being disconnected.

This works well in conjunction with a history / reputation database, so that
one can assign very low concurrency (1) to bad or unknown senders and higher
limits for reputable mail servers.
This works well in conjunction with a history / reputation database, so that one can assign very low concurrency (1) to bad or unknown senders and higher limits for reputable mail servers.


### History
Expand All @@ -79,8 +77,7 @@ When `[recipients]max` is defined, each connection is limited to that number of

When `[unrecognized_commands]max` is set, a connection that exceeeds the limit is disconnected.

Unrecognized commands are normally SMTP verbs invalidly issued by the client.
Examples:
Unrecognized commands are normally SMTP verbs invalidly issued by the client. Examples:

* issuing AUTH when we didn't advertise AUTH extension
* issuing STARTTLS when we didn't advertise STARTTLS
Expand All @@ -89,10 +86,7 @@ Examples:

### Limitations

The unrecognized_command hook is used by the `tls` and `auth` plugins, so
running this plugin before those would result in valid operations getting
counted against that connections limits. The solution is simple: list
`limit` in config/plugins after those.
The unrecognized_command hook is used by the `tls` and `auth` plugins, so running this plugin before those would result in valid operations getting counted against that connections limits. The solution is simple: list `limit` in config/plugins after those.


## errors
Expand All @@ -116,16 +110,13 @@ They all use a common configuration format:

- \<lookup\> = \<limit\>[/time[unit]] *(optional)*

'lookup' is based upon the limit being enforced and is either an IP
address, rDNS name, sender address or recipient address either in full
or part.
The lookup order is as follows and the first match in this order is
returned and is used as the record key in Redis (except for 'default'
which always uses the full lookup for that test as the record key):
'lookup' is based upon the limit being enforced and is either an IP address, rDNS name, sender address or recipient address either in full or part.

The lookup order is as follows and the first match in this order is returned and is used as the record key in Redis (except for 'default' which always uses the full lookup for that test as the record key):

**IPv4/IPv6 address or rDNS hostname:**
**IPv4/IPv6 address or rDNS hostname:**

<pre>
````
fe80:0:0:0:202:b3ff:fe1e:8329
fe80:0:0:0:202:b3ff:fe1e
fe80:0:0:0:202:b3ff
Expand All @@ -143,28 +134,25 @@ They all use a common configuration format:
domain.com
com
default
</pre>
````

**Sender or Recipient address:**
**Sender or Recipient address:**

<pre>
```
user@host.sub.part.domain.com
host.sub.part.domain.com
sub.part.domain.com
part.domain.com
domain.com
com
default
</pre>
````
In all tests 'default' is used to specify a default limit if nothing else has
matched.
In all tests 'default' is used to specify a default limit if nothing else has matched.
'limit' specifies the limit for this lookup. Specify 0 (zero) to disable
limits on a matching lookup.
'limit' specifies the limit for this lookup. Specify 0 (zero) to disable limits on a matching lookup.
'time' is optional and if missing defaults to 60 seconds. You can optionally
specify the following time units (case-insensitive):
'time' is optional and if missing defaults to 60 seconds. You can optionally specify the following time units (case-insensitive):
- s (seconds)
- m (minutes)
Expand All @@ -174,40 +162,35 @@ They all use a common configuration format:
### [rate_conn]
This section limits the number of connections per interval from a given host
or set of hosts.
This section limits the number of connections per interval from a given host or set of hosts.
IP and rDNS names are looked up by this test.
### [rate_rcpt_host]
This section limits the number of recipients per interval from a given host or
set of hosts.
This section limits the number of recipients per interval from a given host or set of hosts.
IP and rDNS names are looked up by this test.
### [rate_rcpt_sender]
This section limits the number of recipients per interval from a sender or
sender domain.
This section limits the number of recipients per interval from a sender or sender domain.
The sender is looked up by this test.
### [rate_rcpt]
This section limits the rate which a recipient or recipient domain can
receive messages over an interval.
This section limits the rate which a recipient or recipient domain can receive messages over an interval.
Each recipient is looked up by this test.
### [rate_rcpt_null]
This section limits the rate at which a recipient can receive messages from
a null sender (e.g. DSN, MDN etc.) over an interval.
This section limits the rate at which a recipient can receive messages from a null sender (e.g. DSN, MDN etc.) over an interval.
Each recipient is looked up by this test.
Expand Down
5 changes: 4 additions & 1 deletion config/limit.ini
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,11 @@ database=4
max=3


; [concurrency_history]
[concurrency_history]
; History: when enabled, the plugin is one which stores IP history. The history
; plugin results must have a positive integers for good connections negative
; integers for poor / undesirable connections. Karma is one such plugin.
; enabled=false
plugin=karma
good=10
bad=1
Expand All @@ -36,6 +37,7 @@ none=2

[recipients_history]
; The same history notes for [concurrency] apply here.
; enabled=false
plugin=karma
bad=1
none=5
Expand Down Expand Up @@ -68,6 +70,7 @@ default=5

; The history notes for [concurrency] apply here too.
[rate_conn_history]
; enabled=false
plugin=karma
bad=1/15m
none=1/5m
Expand Down
12 changes: 7 additions & 5 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -68,8 +68,7 @@ exports.register = function () {
}

exports.load_limit_ini = function () {
const plugin = this;
plugin.cfg = plugin.config.get('limit.ini', {
this.cfg = this.config.get('limit.ini', {
booleans: [
'-outbound.enabled',
'-recipients.enabled',
Expand All @@ -80,10 +79,13 @@ exports.load_limit_ini = function () {
'-rate_rcpt_host.enabled',
'-rate_rcpt_sender.enabled',
'-rate_rcpt_null.enabled',
'-concurrency_history.enabled',
'-recipients_history.enabled',
'-rate_conn_history.enabled'
]
},
function () {
plugin.load_limit_ini();
() => {
this.load_limit_ini();
});

if (!this.cfg.concurrency) { // no config file
Expand Down Expand Up @@ -144,7 +146,7 @@ exports.max_recipients = function (next, connection, params) {
exports.get_history_limit = function (type, connection) {

const history_cfg = `${type}_history`;
if (!this.cfg[history_cfg]) return;
if (!this.cfg[history_cfg] || !this.cfg[history_cfg].enabled) return;

const history_plugin = this.cfg[history_cfg].plugin;
if (!history_plugin) return;
Expand Down
12 changes: 6 additions & 6 deletions package.json
Original file line number Diff line number Diff line change
@@ -1,22 +1,22 @@
{
"name": "haraka-plugin-limit",
"version": "1.1.1",
"version": "1.2.0",
"description": "enforce various types of limits on remote MTAs",
"directories": {
"test": "test"
},
"dependencies": {
"haraka-constants": "*",
"haraka-plugin-redis": "2",
"ipaddr.js": "^2.0.1",
"redis": "4"
"haraka-plugin-redis": "^2.0.6",
"ipaddr.js": "^2.1.0",
"redis": "^4.6.12"
},
"devDependencies": {
"address-rfc2821": "*",
"eslint": "8",
"eslint": "^8.56.0",
"eslint-plugin-haraka": "*",
"haraka-test-fixtures": "*",
"mocha": "9"
"mocha": "^10.2.0"
},
"scripts": {
"lint": "npx eslint *.js test",
Expand Down
5 changes: 4 additions & 1 deletion test/config.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,18 @@ const default_config = {
main: { tarpit_delay: 0 },
outbound: { enabled: false },
recipients: { enabled: false },
recipients_history: { enabled: false },
unrecognized_commands: { enabled: false },
errors: { enabled: false },
rate_conn: { '127': 0, enabled: false, default: 5 },
rate_conn_history: { enabled: false },
rate_rcpt: { '127': 0, enabled: false, default: '50/5m' },
rate_rcpt_host: { '127': 0, enabled: false, default: '50/5m' },
rate_rcpt_sender: { '127': 0, enabled: false, default: '50/5m' },
rate_rcpt_null: { enabled: false, default: 1 },
redis: { database: 4, socket: { host: '127.0.0.1', port: '6379' } },
concurrency: { plugin: 'karma', good: 10, bad: 1, none: 2 }
concurrency: { plugin: 'karma', good: 10, bad: 1, none: 2 },
concurrency_history: { enabled: false },
};

describe('plugin_setup', function () {
Expand Down
1 change: 1 addition & 0 deletions test/history.js
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ describe('get_history_limit', function () {
this.plugin.register();

this.plugin.cfg.concurrency_history = {
enabled: true,
plugin: 'karma',
good: 5,
bad: 1,
Expand Down

0 comments on commit 903347c

Please sign in to comment.