How to use the haraka-net-utils.ip_in_list function in haraka-net-utils
To help you get started, we’ve selected a few haraka-net-utils examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
haraka / Haraka / smtp_client.js View on Github 
}
if (/^SMTPUTF8/.test(smtp_client.response[line])) {
smtp_client.smtputf8 = true;
}
if (/^STARTTLS/.test(smtp_client.response[line]) && !secured) {
let hostBanned = false
let serverBanned = false
// Check if there are any banned TLS hosts
if (smtp_client.tls_options.no_tls_hosts) {
// If there are check if these hosts are in the blacklist
hostBanned = net_utils.ip_in_list(smtp_client.tls_config.no_tls_hosts, config.host);
serverBanned = net_utils.ip_in_list(smtp_client.tls_config.no_tls_hosts, smtp_client.remote_ip);
}
if (!hostBanned && !serverBanned && config.enable_tls) {
smtp_client.socket.on('secure', on_secured);
smtp_client.secured = false; // have to wait in forward plugin before we can do auth, even if capabilities are there on first EHLO
smtp_client.send_command('STARTTLS');
return;
}
}
let auth_matches = smtp_client.response[line].match(/^AUTH (.*)$/);
if (auth_matches) {
smtp_client.auth_capabilities = [];
auth_matches = auth_matches[1].split(' ');
for (let i = 0; i < auth_matches.length; i++) {
smtp_client.auth_capabilities.push(auth_matches[i].toLowerCase());}
}
if (/^SMTPUTF8/.test(smtp_client.response[line])) {
smtp_client.smtputf8 = true;
}
if (/^STARTTLS/.test(smtp_client.response[line]) && !secured) {
let hostBanned = false
let serverBanned = false
// Check if there are any banned TLS hosts
if (smtp_client.tls_options.no_tls_hosts) {
// If there are check if these hosts are in the blacklist
hostBanned = net_utils.ip_in_list(smtp_client.tls_config.no_tls_hosts, config.host);
serverBanned = net_utils.ip_in_list(smtp_client.tls_config.no_tls_hosts, smtp_client.remote_ip);
}
if (!hostBanned && !serverBanned && config.enable_tls) {
smtp_client.socket.on('secure', on_secured);
smtp_client.secured = false; // have to wait in forward plugin before we can do auth, even if capabilities are there on first EHLO
smtp_client.send_command('STARTTLS');
return;
}
}
let auth_matches = smtp_client.response[line].match(/^AUTH (.*)$/);
if (auth_matches) {
smtp_client.auth_capabilities = [];
auth_matches = auth_matches[1].split(' ');
for (let i = 0; i < auth_matches.length; i++) {// Check for SIZE parameter and limit
matches = r.match(/^SIZE\s+(\d+)$/);
if (matches) {
smtp_properties.max_size = matches[1];
}
// Check for AUTH
matches = r.match(/^AUTH\s+(.+)$/);
if (matches) {
smtp_properties.auth = matches[1].split(/\s+/);
}
}
}
// TLS
if (!net_utils.ip_in_list(tls_cfg.no_tls_hosts, self.todo.domain) &&
!net_utils.ip_in_list(tls_cfg.no_tls_hosts, host) &&
smtp_properties.tls && cfg.enable_tls && !secured)
{
socket.on('secure', function () {
// Set this flag so we don't try STARTTLS again if it
// is incorrectly offered at EHLO once we are secured.
secured = true;
send_command(mx.using_lmtp ? 'LHLO' : 'EHLO', mx.bind_helo);
});
return send_command('STARTTLS');
}
// IMPORTANT: we do STARTTLS before we attempt AUTH for extra security
if (!authenticated && (mx.auth_user && mx.auth_pass)) {
// We have AUTH credentials to send for this domain
if (!(Array.isArray(smtp_properties.auth) && smtp_properties.auth.length)) {
// AUTH not offeredvar matches;
// Check for SIZE parameter and limit
matches = r.match(/^SIZE\s+(\d+)$/);
if (matches) {
smtp_properties.max_size = matches[1];
}
// Check for AUTH
matches = r.match(/^AUTH\s+(.+)$/);
if (matches) {
smtp_properties.auth = matches[1].split(/\s+/);
}
}
}
// TLS
if (!net_utils.ip_in_list(tls_cfg.no_tls_hosts, self.todo.domain) &&
!net_utils.ip_in_list(tls_cfg.no_tls_hosts, host) &&
smtp_properties.tls && cfg.enable_tls && !secured)
{
socket.on('secure', function () {
// Set this flag so we don't try STARTTLS again if it
// is incorrectly offered at EHLO once we are secured.
secured = true;
send_command(mx.using_lmtp ? 'LHLO' : 'EHLO', mx.bind_helo);
});
return send_command('STARTTLS');
}
// IMPORTANT: we do STARTTLS before we attempt AUTH for extra security
if (!authenticated && (mx.auth_user && mx.auth_pass)) {
// We have AUTH credentials to send for this domain
if (!(Array.isArray(smtp_properties.auth) && smtp_properties.auth.length)) {set_ehlo_props();
if (secured) return auth_and_mail_phase(); // TLS already negotiated
if (!cfg.enable_tls) return auth_and_mail_phase(); // TLS not enabled
if (!smtp_properties.tls) return auth_and_mail_phase(); // TLS not advertised by remote
if (obtls.cfg === undefined) {
self.logerror(`Oops, TLS config not loaded yet!`);
return auth_and_mail_phase(); // no outbound TLS config
}
// TLS is configured and available
// TLS exclude lists checks for MX host or remote domain
if (net_utils.ip_in_list(obtls.cfg.no_tls_hosts, host)) return auth_and_mail_phase();
if (net_utils.ip_in_list(obtls.cfg.no_tls_hosts, self.todo.domain)) return auth_and_mail_phase();
// Check Redis and skip for hosts that failed past TLS upgrade
return obtls.check_tls_nogo(host,
() => { // Clear to GO
self.logdebug(`Trying TLS for domain: ${self.todo.domain}, host: ${host}`);
socket.on('secure', () => {
// Set this flag so we don't try STARTTLS again if it
// is incorrectly offered at EHLO once we are secured.
secured = true;
send_command(mx.using_lmtp ? 'LHLO' : 'EHLO', mx.bind_helo);
});
return send_command('STARTTLS');
},
(when) => { // No GO
self.loginfo(`TLS disabled for ${host} because it was marked as non-TLS on ${when}`);function process_ehlo_data () {
set_ehlo_props();
if (secured) return auth_and_mail_phase(); // TLS already negotiated
if (!cfg.enable_tls) return auth_and_mail_phase(); // TLS not enabled
if (!smtp_properties.tls) return auth_and_mail_phase(); // TLS not advertised by remote
if (obtls.cfg === undefined) {
self.logerror(`Oops, TLS config not loaded yet!`);
return auth_and_mail_phase(); // no outbound TLS config
}
// TLS is configured and available
// TLS exclude lists checks for MX host or remote domain
if (net_utils.ip_in_list(obtls.cfg.no_tls_hosts, host)) return auth_and_mail_phase();
if (net_utils.ip_in_list(obtls.cfg.no_tls_hosts, self.todo.domain)) return auth_and_mail_phase();
// Check Redis and skip for hosts that failed past TLS upgrade
return obtls.check_tls_nogo(host,
() => { // Clear to GO
self.logdebug(`Trying TLS for domain: ${self.todo.domain}, host: ${host}`);
socket.on('secure', () => {
// Set this flag so we don't try STARTTLS again if it
// is incorrectly offered at EHLO once we are secured.
secured = true;
send_command(mx.using_lmtp ? 'LHLO' : 'EHLO', mx.bind_helo);
});
return send_command('STARTTLS');
},
(when) => { // No GO
Popular haraka-net-utils functions
- haraka-net-utils.get_ipany_re
- haraka-net-utils.get_ips_by_host
- haraka-net-utils.get_public_ip
- haraka-net-utils.ip_in_list
- haraka-net-utils.ip_to_long
- haraka-net-utils.ipv6_bogus
- haraka-net-utils.ipv6_reverse
- haraka-net-utils.is_ip_in_str
- haraka-net-utils.is_ip_literal
- haraka-net-utils.is_local_ip
- haraka-net-utils.is_private_ip
- haraka-net-utils.is_private_ipv4
- haraka-net-utils.load_tls_ini
- haraka-net-utils.same_ipv4_network