remote

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 23, 2020 License: MIT Imports: 29 Imported by: 0

Documentation

Overview

Package remote implements module which does outgoing message delivery using servers discovered using DNS MX records.

Implemented interfaces: - module.DeliveryTarget

Index

Constants

View Source 
const (
	AuthDisabled     = "off"
	AuthMTASTS       = "mtasts"
	AuthDNSSEC       = "dnssec"
	AuthCommonDomain = "common_domain"
)
View Source 
const (
	TLSNone TLSLevel = iota
	TLSEncrypted
	TLSAuthenticated

	MXNone MXLevel = iota
	MX_MTASTS
	MX_DNSSEC
)

Variables

This section is empty.

Functions

func New 

func New(_, instName string, _, inlineArgs []string) (module.Module, error)

func NewDANEPolicy 

func NewDANEPolicy(debug bool) *danePolicy

func NewLocalPolicy 

func NewLocalPolicy(cfg *config.Map) (localPolicy, error)

func NewMTASTSPolicy 

func NewMTASTSPolicy(r dns.Resolver, debug bool, cfg *config.Map) (*mtastsPolicy, error)

func NewSTSPreloadPolicy 

func NewSTSPreloadPolicy(debug bool, client *http.Client, listDownload FuncPreloadList, cfg *config.Map) (*stsPreloadPolicy, error)

Types

type DeliveryPolicy 

type DeliveryPolicy interface {
	// PrepareDomain is called before DNS MX lookup and may asynchronously
	// start additional lookups necessary for policy application in CheckMX
	// or CheckConn.
	//
	// If there any errors - they should be deferred to the CheckMX or
	// CheckConn call.
	PrepareDomain(ctx context.Context, domain string)

	// PrepareDomain is called before connection and may asynchronously
	// start additional lookups necessary for policy application in
	// CheckConn.
	//
	// If there any errors - they should be deferred to the CheckConn
	// call.
	PrepareConn(ctx context.Context, mx string)

	// CheckMX is called to check whether the policy permits to use a MX.
	//
	// mxLevel contains the MX security level estabilished by checks
	// executed before.
	//
	// domain is passed to the CheckMX to allow simpler implementation
	// of stateless policy objects.
	//
	// dnssec is true if the MX lookup was performed using DNSSEC-enabled
	// resolver and the zone is signed and its signature is valid.
	CheckMX(ctx context.Context, mxLevel MXLevel, domain, mx string, dnssec bool) (MXLevel, error)

	// CheckConn is called to check whether the policy permits to use this
	// connection.
	//
	// tlsLevel and mxLevel contain the TLS security level estabilished by
	// checks executed before.
	//
	// domain is passed to the CheckConn to allow simpler implementation
	// of stateless policy objects.
	//
	// If tlsState.HandshakeCompleted is false, TLS is not used. If
	// tlsState.VerifiedChains is nil, InsecureSkipVerify was used (no
	// ServerName or PKI check was done).
	CheckConn(ctx context.Context, mxLevel MXLevel, tlsLevel TLSLevel, domain, mx string, tlsState tls.ConnectionState) (TLSLevel, error)

	// Reset cleans the internal object state for use with another message.
	// newMsg may be nil if object is not needed anymore.
	Reset(newMsg *module.MsgMetadata)
}

DeliveryPolicy is an interface of per-delivery object that estabilishes and verifies required and effective security for MX records and TLS connections.

type FuncPreloadList 

type FuncPreloadList = func(*http.Client, preload.Source) (*preload.List, error)

type MXLevel 

type MXLevel int

func (MXLevel) String 

func (l MXLevel) String() string

type Policy 

type Policy interface {
	Start(*module.MsgMetadata) DeliveryPolicy
	Close() error
}

Policy is an object that provides security check for outbound connections. It can do one of the following:

- Check effective TLS level or MX level against some configured or discovered value. E.g. local policy.

- Raise the security level if certain condition about used MX or connection is met. E.g. DANE Policy raises TLS level to Authenticated is a matching TLSA record is discovered.

- Reject the connection if certain condition about used MX or connection is _not_ met. E.g. An enforced MTA-STS Policy rejects MX records not matching it.

It is not recommended to mix different types of behavior described above in the same implementation. Specifically, the first type is used mostly for local policies and not really practical.

type PolicyGroup 

type PolicyGroup struct {
	L []Policy
	// contains filtered or unexported fields
}

PolicyGroup is a module container for a group of Policy implementations.

It allows to share a set of policy configurations between remote target instances using named configuration blocks (module instances) system.

It is registered globally under the name 'mx_auth'. This is also the name of corresponding remote target configuration directive. The object does not implement any standard module interfaces besides module.Module and is specific to the remote target.

func (*PolicyGroup) Init 

func (pg *PolicyGroup) Init(cfg *config.Map) error

func (PolicyGroup) InstanceName 

func (pg PolicyGroup) InstanceName() string

func (PolicyGroup) Name 

func (PolicyGroup) Name() string

type TLSLevel 

type TLSLevel int

func (TLSLevel) String 

func (l TLSLevel) String() string

type Target 

type Target struct {
	Log log.Logger
	// contains filtered or unexported fields
}

func (*Target) Close 

func (rt *Target) Close() error

func (*Target) Init 

func (rt *Target) Init(cfg *config.Map) error

func (*Target) InstanceName 

func (rt *Target) InstanceName() string

func (*Target) Name 

func (rt *Target) Name() string

func (*Target) Start 

func (rt *Target) Start(ctx context.Context, msgMeta *module.MsgMetadata, mailFrom string) (module.Delivery, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.