remote

package
v0.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 18, 2020 License: MIT Imports: 29 Imported by: 0

Documentation

Overview

Package remote implements module which does outgoing message delivery using servers discovered using DNS MX records.

Implemented interfaces: - module.DeliveryTarget

Index

Constants

View Source
const (
	AuthDisabled     = "off"
	AuthMTASTS       = "mtasts"
	AuthDNSSEC       = "dnssec"
	AuthCommonDomain = "common_domain"
)
View Source
const (
	TLSNone TLSLevel = iota
	TLSEncrypted
	TLSAuthenticated

	MXNone MXLevel = iota
	MX_MTASTS
	MX_DNSSEC
)

Variables

This section is empty.

Functions

func New

func New(_, instName string, _, inlineArgs []string) (module.Module, error)

func NewDANEPolicy

func NewDANEPolicy(debug bool) *danePolicy

func NewLocalPolicy

func NewLocalPolicy(cfg *config.Map) (localPolicy, error)

func NewMTASTSPolicy

func NewMTASTSPolicy(r dns.Resolver, debug bool, cfg *config.Map) (*mtastsPolicy, error)

func NewSTSPreloadPolicy

func NewSTSPreloadPolicy(debug bool, client *http.Client, listDownload FuncPreloadList, cfg *config.Map) (*stsPreloadPolicy, error)

Types

type DeliveryPolicy

type DeliveryPolicy interface {
	// PrepareDomain is called before DNS MX lookup and may asynchronously
	// start additional lookups necessary for policy application in CheckMX
	// or CheckConn.
	//
	// If there any errors - they should be deferred to the CheckMX or
	// CheckConn call.
	PrepareDomain(ctx context.Context, domain string)

	// PrepareDomain is called before connection and may asynchronously
	// start additional lookups necessary for policy application in
	// CheckConn.
	//
	// If there any errors - they should be deferred to the CheckConn
	// call.
	PrepareConn(ctx context.Context, mx string)

	// CheckMX is called to check whether the policy permits to use a MX.
	//
	// mxLevel contains the MX security level estabilished by checks
	// executed before.
	//
	// domain is passed to the CheckMX to allow simpler implementation
	// of stateless policy objects.
	//
	// dnssec is true if the MX lookup was performed using DNSSEC-enabled
	// resolver and the zone is signed and its signature is valid.
	CheckMX(ctx context.Context, mxLevel MXLevel, domain, mx string, dnssec bool) (MXLevel, error)

	// CheckConn is called to check whether the policy permits to use this
	// connection.
	//
	// tlsLevel and mxLevel contain the TLS security level estabilished by
	// checks executed before.
	//
	// domain is passed to the CheckConn to allow simpler implementation
	// of stateless policy objects.
	//
	// If tlsState.HandshakeCompleted is false, TLS is not used. If
	// tlsState.VerifiedChains is nil, InsecureSkipVerify was used (no
	// ServerName or PKI check was done).
	CheckConn(ctx context.Context, mxLevel MXLevel, tlsLevel TLSLevel, domain, mx string, tlsState tls.ConnectionState) (TLSLevel, error)

	// Reset cleans the internal object state for use with another message.
	// newMsg may be nil if object is not needed anymore.
	Reset(newMsg *module.MsgMetadata)
}

DeliveryPolicy is an interface of per-delivery object that estabilishes and verifies required and effective security for MX records and TLS connections.

type FuncPreloadList

type FuncPreloadList = func(*http.Client, preload.Source) (*preload.List, error)

type MXLevel

type MXLevel int

func (MXLevel) String

func (l MXLevel) String() string

type Policy

type Policy interface {
	Start(*module.MsgMetadata) DeliveryPolicy
	Close() error
}

Policy is an object that provides security check for outbound connections. It can do one of the following:

- Check effective TLS level or MX level against some configured or discovered value. E.g. local policy.

- Raise the security level if certain condition about used MX or connection is met. E.g. DANE Policy raises TLS level to Authenticated is a matching TLSA record is discovered.

- Reject the connection if certain condition about used MX or connection is _not_ met. E.g. An enforced MTA-STS Policy rejects MX records not matching it.

It is not recommended to mix different types of behavior described above in the same implementation. Specifically, the first type is used mostly for local policies and not really practical.

type PolicyGroup

type PolicyGroup struct {
	L []Policy
	// contains filtered or unexported fields
}

PolicyGroup is a module container for a group of Policy implementations.

It allows to share a set of policy configurations between remote target instances using named configuration blocks (module instances) system.

It is registered globally under the name 'mx_auth'. This is also the name of corresponding remote target configuration directive. The object does not implement any standard module interfaces besides module.Module and is specific to the remote target.

func (*PolicyGroup) Init

func (pg *PolicyGroup) Init(cfg *config.Map) error

func (PolicyGroup) InstanceName

func (pg PolicyGroup) InstanceName() string

func (PolicyGroup) Name

func (PolicyGroup) Name() string

type TLSLevel

type TLSLevel int

func (TLSLevel) String

func (l TLSLevel) String() string

type Target

type Target struct {
	Log log.Logger
	// contains filtered or unexported fields
}

func (*Target) Close

func (rt *Target) Close() error

func (*Target) Init

func (rt *Target) Init(cfg *config.Map) error

func (*Target) InstanceName

func (rt *Target) InstanceName() string

func (*Target) Name

func (rt *Target) Name() string

func (*Target) Start

func (rt *Target) Start(ctx context.Context, msgMeta *module.MsgMetadata, mailFrom string) (module.Delivery, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL