npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

haraka-plugin-headers

v1.0.4

Published

Haraka plugin that performs tests on email headers

Downloads

6,236

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tnpitnpimsimersonmsimerson

Keywords

harakapluginharaka-plugin-headers

Readme

CI Tests Code Climate

NPM

haraka-plugin-headers

This plugin performs a variety of mail header inspections.

INSTALL

cd /path/to/local/haraka
npm install haraka-plugin-headers
echo "headers" >> config/plugins
service haraka restart

Configuration

If the default configuration is not sufficient, copy the config file from the distribution into your haraka config dir and then modify it:

cp node_modules/haraka-plugin-headers/config/headers.ini config/headers.ini
$EDITOR config/headers.ini

RFC 5322 Section 3.6:

All messages MUST have a 'Date' and 'From' header and a message may not contain more than one 'Date', 'From', 'Sender', 'Reply-To', 'To', 'Cc', 'Bcc', 'Message-Id', 'In-Reply-To', 'References' or 'Subject' header.

The next two tests encompass the RFC 5322 checks:

duplicate_singular

Assure that all the singular headers are present only once. The list of headers can be adjusted in config/headers.ini:

* singular=Date,From,Sender,Reply-To,To,Cc,Bcc,Message-Id,In-Reply-To,References,Subject

missing_required

Assuring that all the required headers are present. The list of required headers can be altered in config/headers.ini:

required=From,Date

invalid_return_path

Messages arriving via the internet should not have a Return-Path header set. This checks for that header (unless connection.relaying is set).

invalid_date

Checks the date header and makes sure it's somewhat sane. By default, the date cannot be more than 2 days in the future nor 15 days in the past. These can be adjusted in config/headers.ini:

date_future_days=2
date_past_days=15

user_agent

Attempt to determine the User-Agent that generated the email. A UA is determinable on about 70% of hammy messages.

direct_to_mx

Counts the received headers. If there aren't at least two, then the MUA is attempting direct delivery to us instead of via their outbound SMTP server. This is typical of spam, our own users sending outbound email (which bypasses this test), and machine generated messages like Facebook/Twitter notifications.

from_match

See if the header From domain matches the envelope FROM domain. There are many legit reasons to not match, but matching domains are far more frequent in ham.

mailing_list

Attempt to determine if this message was sent via an email list. This is very rudimentary at present and only detects the most common email lists.

Forwarders, of which email lists are a special type, constitutes the majority of the minority (~10%) of ham which fails SPF and DKIM tests. This MLM detector is a building block in the ability to detect mail from forwarders and assess their reputability.

from_phish

A common form of phishing is spamming the From display name with the domain name of the popular entity whose accounts they're phishing for. This tests the domains in the [phish_domains] configuration section. If that domains appears in the From header, it must also appear in the envelope sender address.

Configuration

The headers.ini file can contain [check] and [reject] sections.

[check]

To turn on User Agent detection and turn off Mailing List detection: Each key is the test/check name and a boolean value that enables or disables the check.

[check]
duplicate_singular=true
missing_required=true
invalid_return_path=true
invalid_date=true
user_agent=true
direct_to_mx=true
from_match=true
mailing_list=true

[reject]

Turning off reject for a check lets it be enabled (for data collection) without interrupting mail flow. To prevent a missing header from causing messages to be rejected:

[reject]
missing_required=false