ale/docker-compose-hatthieves
2
Fork 0
Código Incidencias Pull Requests Lanzamientos Wiki Actividad

haraka-wildduck

Explorar el Código
Este commit está contenido en:
Your Name
2020-05-27 17:51:39 +00:00
padre 31d55bf967
commit d44513dbd8
Se han modificado 163 ficheros con 8169 adiciones y 0 borrados
Descargar archivo de parche Descargar archivo de diferencias Expandir todos los archivos Contraer todos los archivos

13
production/haraka-wildduck/haraka/config/access.domains Archivo ejecutable
Ver fichero

@@ -0,0 +1,13 @@
# Basic whitelist/blacklist mechanism for domains and e-mail addresses
# add a single domain or e-mail per line
# default behavior for entries is to DENY or blacklist
# reverse behavior by prepending an exclamation point !
# foo.com <-- denied
# !foo.com <-- allowed
#
# More complex/granular behaviors are possible, e.g.
# To block everything claiming to be from aol.com, but still allow a single aol address:
# aol.com
# !friend@aol.com
#
# See full docs for details: http://haraka.github.io/manual/plugins/access.html

6
production/haraka-wildduck/haraka/config/access.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,6 @@
[check]
any=false
conn=true
helo=false
mail=true
rcpt=true

14
production/haraka-wildduck/haraka/config/aliases Archivo ejecutable
Ver fichero

@@ -0,0 +1,14 @@
{
"postmaster@hatthieves.es": {
"action": "alias", "to": ["webmaster@hatthieves.es"]
},
"info@hatthieves.es": {
"action": "alias", "to": ["webmaster@hatthieves.es"]
},
"admin@hatthieves.es": {
"action": "alias", "to": ["webmaster@hatthieves.es"]
},
"root@hatthieves.es": {
"action": "alias", "to": ["webmaster@hatthieves.es"]
}
}

2
production/haraka-wildduck/haraka/config/attachment.ctype.regex Archivo ejecutable
Ver fichero

@@ -0,0 +1,2 @@
executable
partial

1
production/haraka-wildduck/haraka/config/attachment.filename.regex Archivo ejecutable
Ver fichero

@@ -0,0 +1 @@
\.(?:ade|adp|bat|chm|cmd|com|cpl|dll|exe|hta|ins|isp|jar|js|jse|lib|lnk|mde|msc|msp|mst|pif|scr|sct|shb|sys|vb|vbe|vbs|vxd|wsc|wsf|wsh)$

5
production/haraka-wildduck/haraka/config/auth_flat_file.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,5 @@
[core]
methods=CRAM-MD5
[users]
; matt=test

7
production/haraka-wildduck/haraka/config/auth_vpopmaild.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,7 @@
host=127.0.0.6
port=89
;sysadmin=postmaster@example.com:sekret
[example.com]
host=127.0.0.10
;sysadmin=postmaster@example.com:sekret

5
production/haraka-wildduck/haraka/config/avg.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,5 @@
;host=
;port=54322
;tmpdir=/tmp
;connect_timeout=10
;session_timeout=30

13
production/haraka-wildduck/haraka/config/bounce.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,13 @@
[check]
reject_all=false
single_recipient=true
empty_return_path=true
bad_rcpt=true
bounce_spf=true
non_local_msgid=true
[reject]
single_recipient=true
empty_return_path=true
bounce_spf=false
non_local_msgid=false

5
production/haraka-wildduck/haraka/config/clamd.ini Archivo normal
Ver fichero

@@ -0,0 +1,5 @@
clamd_socket = /run/clamav/clamd.sock
[reject]
virus=true
error=false

62
production/haraka-wildduck/haraka/config/data.headers.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,62 @@
; configuration for data.headers plugin
; Requiring a date header will cause the loss of valid mail. The JavaMail
; sender used by some banks, photo processing services, health insurance
; companies, bounce senders, and others send messages without a Date header.
;
; If you can afford to reject some valid mail, please do enforce this, and
; encourage mailers toward RFC adherence. Otherwise, do not require Date.
; Headers that MUST be present (RFC 5322)
; required=From,Date ; <-- RFC 5322 compliant
required=From,Date
; Received
; If you have no outbound, add 'Received' to the required list for an
; aggressive anti-spam measure. It works because all real mail relays will
; add a `Received` header. It may false positive on some bulk mail that
; uses a custom tool to send, but this appears to be fairly rare.
; If the date header is present, and future and/or past days are
; defined, it will be validated. 0 = disabled
date_future_days=2
date_past_days=15
; Headers that MUST be unique if present (RFC 5322)
; singular=Date,From,Sender,Reply-To,To,Cc,Bcc,Message-Id,In-Reply-To,References,Subject (RFC 5322)
singular=Date,From,Sender,Reply-To,To,Cc,Bcc,Message-Id,In-Reply-To,References,Subject
; enable/disable the various header checks
[check]
; duplicate_singular=true
; missing_required=true
; invalid_return_path=true
; invalid_date=true
; user_agent=true
; direct_to_mx=true
; from_match=true
; mailing_list=true
; delivered_to=true
[reject]
; reject switches for each header check
; default are shown. Rejecting based on any of these
; criteria will result in the loss of valid mail.
;
; duplicate_singular=false
; missing_required=false
; invalid_return_path=false
; invalid_date=false
; arriving messages should not have Delivered-To set to the RCPT TO address.
; delivered_to=true
; these 4 do not have reject support, and likely shouldn't.
; user_agent=false
; direct_to_mx=false
; from_match=false
; from_match=true
; mailing_list=false

202
production/haraka-wildduck/haraka/config/data.uribl.excludes Archivo ejecutable
Ver fichero

@@ -0,0 +1,202 @@
# List derived from SpamAssassin
126.com
163.com
2o7.net
4at1.com
5iantlavalamp.com
about.com
adelphia.net
adobe.com
agora-inc.com
agoramedia.com
akamai.net
akamaitech.net
alexa.com
amazon.com
ancestry.com
aol.com
apache.org
apple.com
arcamax.com
ask.com
astrology.com
atdmt.com
att.net
baidu.com
bbc.co.uk
bcentral.com
bellsouth.net
bfi0.com
bing.com
bridgetrack.com
cafe24.com
charter.net
citibank.com
citizensbank.com
cjb.net
classmates.com
clickbank.net
cnet.com
cnn.com
comcast.net
com.com
com.ne.kr
corporate-ir.net
cox.net
craigslist.org
cs.com
custhelp.com
daum.net
dd.se
debian.org
dell.com
directnic.com
directtrack.com
div.tk
domain.com
doubleclick.com
dsbl.org
earthlink.net
ebay.com
ebay.co.uk
ebay.de
ebayimg.com
ebaystatic.com
edgesuite.net
ediets.com
egroups.com
emode.com
example.com
example.net
example.org
excite.com
facebook.com
fedex.com
flickr.com
freebsd.org
free.fr
f-secure.com
gentoo.org
geocities.com
gmail.com
gmx.net
go.com
godaddy.com
googleadservices.com
google.co.in
google.com
google.it
grisoft.com
hallmark.com
hinet.net
hotbar.com
hotmail.com
hotpop.com
hp.com
ibm.com
incredimail.com
investorplace.com
ivillage.com
joingevalia.com
juno.com
kernel.org
li.tk
livejournal.com
lycos.com
m7z.net
mac.com
macromedia.com
mail.com
mail.ru
mailscanner.info
marketwatch.com
mcafee.com
mchsi.com
messagelabs.com
microsoft.com
military.com
mindspring.com
mit.edu
monster.com
mozilla.com
msn.com
myspace.com
nate.com
netflix.com
netscape.com
netscape.net
netzero.net
norman.com
nytimes.com
openoffice.org
openxmlformats.org
optonline.net
osdn.com
overstock.com
pacbell.net
pandasoftware.com
passport.com
paypal.com
peoplepc.com
plaxo.com
prodigy.net
p.tk
radaruol.com.br
real.com
redhat.com
rediff.com
regions.com
regionsnet.com
rogers.com
rr.com
sbcglobal.net
sec.gov
sf.net
shaw.ca
shockwave.com
smithbarney.com
sourceforge.net
spamcop.net
speedera.net
sportsline.com
sun.com
suntrust.com
sympatico.ca
tails.nl
telus.net
terra.com.br
ticketmaster.com
tinyurl.com
tiscali.co.uk
tom.com
tone.co.nz
t-online.de
tux.org
twitter.com
uol.com.br
ups.com
usps.com
verizon.net
w3.org
wamu.com
wanadoo.fr
washingtonpost.com
weatherbug.com
web.de
webshots.com
webtv.net
wordpress.com
wsj.com
xmlsoap.org
yahoo.ca
yahoo.co.jp
yahoo.co.kr
yahoo.com
yahoo.com.br
yahoo.co.uk
yahoogroups.com
yimg.com
yopi.de
yoursite.com
youtube.com
zdnet.com

37
production/haraka-wildduck/haraka/config/data.uribl.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,37 @@
; If DBL not IPv6 compatible set:
; not_ipv6_compatible=1
[dbl.spamhaus.org]
validate=^(?:127|172)
rdns=1
helo=1
envfrom=1
from=1
msgid=1
body=1
no_ip_lookups=1
custom_msg={uri} listed in {zone}; see http://www.spamhaus.org/query/dbl?domain={uri}
[multi.uribl.com]
validate=^(?:127|172)
strip_to_domain=1
; BLACK list only
bitmask=2
body=1
custom_msg={uri} listed in {zone}; see http://lookup.uribl.com/?domain={uri}
[multi.surbl.org]
validate=^(?:127|172)
strip_to_domain=1
body=1
;[fresh15.spameatingmonkey.net]
;validate=^127
;rdns=1
;helo=1
;envfrom=1
;from=1
;msgid=1
;body=1
;no_ip_lookups=1
;custom_msg={uri} domain registered within the last 15 days; see http://spameatingmonkey.com/lookup/{uri}

1
production/haraka-wildduck/haraka/config/databytes Archivo normal
Ver fichero

@@ -0,0 +1 @@
26214400

8
production/haraka-wildduck/haraka/config/delay_deny.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,8 @@
; excluded plugins: a list of denials that are to be excluded (ie, all the immediate rejection)
; Examples: <plugin>
; <plugin>:<hook>
; <plugin>:<hook>:<function name>
;
;excluded_plugins=spf,lookup_rdns_strict
;excluded_plugins=data.uribl:lookup_rdns:hook_lookup_rdns

8
production/haraka-wildduck/haraka/config/dhparams.pem Archivo normal
Ver fichero

@@ -0,0 +1,8 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAojogVOvUcEffntS6DTp5zIMGWPJrFW8ZxZKIvSYUUlGD/QGWk8/T
CV6irXW7PrfGaOqn3DR+gHjwxoDHvz7tv5mBLvGgWDdEn4/4FNfdYIL3tC2E7Uaw
e2OwUCUgwWYh9Uytssrt0TXyjrAR54MEucU2ObS47m0sVkNNnRT1EfJU/LGC+Qtf
MVSL9FsLBZsexdQHJRXdUaInt/PclKgju0+D1gEzWBagqIPojukmuwl/kPSiV/qe
70By3wWp+fVZw5BXnXDKfQZ6Ox5nirNLPEZa4CaOEOfaTIsFhCBzn7wnLPWEp/Y+
VfnMbTRnRTP7HfrPw/MMCB7LYtVZU4JEUwIBAg==
-----END DH PARAMETERS-----

78
production/haraka-wildduck/haraka/config/dkim/dkim_key_gen.sh Archivo normal
Ver fichero

@@ -0,0 +1,78 @@
#!/bin/sh
usage() {
echo " usage: $0 <example.com> [haraka username]"
echo " "
exit
}
if [ -z "$1" ];
then
usage
fi
DOMAIN=$1
SMTPD=$2
if [ -z "$SMTPD" ];
then
SMTPD="www"
fi
# create a directory for each DKIM signing domain
mkdir -p "$DOMAIN"
cd "$DOMAIN" || exit
# The selector can be any value that is a valid DNS label
# create in the common format: mmmYYYY (apr2014)
date '+%h%Y' | tr "[:upper:]" "[:lower:]" > selector
# generate private and public keys
# key length considerations
# The minimum recommended key length for short duration keys (ones that
# will be replaced within a few months) is 1024. If you are unlikely to
# rotate your keys frequently, choose 2048, at the expense of more CPU.
openssl genrsa -out private 2048
chmod 400 private
openssl rsa -in private -out public -pubout
DNS_NAME="$(tr -d "\n" < selector)._domainkey"
DNS_ADDRESS="v=DKIM1;p=$(grep -v -e '^-' public | tr -d "\n")"
# fold width is arbitrary, any value between 80 and 255 is reasonable.
BIND_SPLIT_ADDRESS="$(echo "$DNS_ADDRESS" | fold -w 110 | sed -e 's/^/ "/g; s/$/"/g')"
# make it really easy to publish the public key in DNS
# by creating a file named 'dns', with instructions
cat > dns <<EO_DKIM_DNS
Add this TXT record to the $DOMAIN DNS zone.
$DNS_NAME IN TXT $DNS_ADDRESS
BIND zone file formatted:
$DNS_NAME IN TXT (
$BIND_SPLIT_ADDRESS
)
Tell the world that the ONLY mail servers that send mail from this domain are DKIM signed and/or bear our MX and A records.
With SPF:
SPF "v=spf1 mx a -all"
TXT "v=spf1 mx a -all"
With DMARC:
_dmarc TXT "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback@$DOMAIN; ruf=mailto:dmarc-feedback@$DOMAIN; pct=100"
For more information about DKIM and SPF policy, the documentation within each plugin contains a longer discussion and links to more detailed information:
haraka -h dkim_sign
haraka -h spf
EO_DKIM_DNS
cd ..

27
production/haraka-wildduck/haraka/config/dkim_private.key Archivo normal
Ver fichero

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAwW/PdLPz9OkDAU57zdV22m7jZdLPfyWzwzmhYOvzcZkxUpFd
5+t7BLY5zt2DzF2iKiAhT2op5/FO2UuPYPms+YGVzrT7IIrHz0+3fDJEC1f/rnwE
JvpoCynx0ae7TiO3ITsioDaoyxtzu0cqB8X86hqdH4uz800qZn0yWUaMK+evW9HE
uvTcnXef854vDOEfQgoPO9sF1P9vVnP/ArhS0PIdtOiZMcvC1hT4Gh07NDPir2//
Ubg534ubaq0vbTctXshoFonACz5Z/3To3gpsmKczWmuJcs+3t66a/OKOQzC9+Qn2
8xI1PMxINJU8nli7okCA5EcrRnstH7CBlFxJHQIDAQABAoIBADhxWrRv6eh1sVXJ
Q+DMv9B++MV2XOt54dk+ULOKRc/I5pZ0KlWI5a17SqTtCA8y5yWpmG6myLGQPPS0
0pJ2aB2pzT+ymXBmbmU0mpKXzDkPJWEReNiyyncvdws5CTOEwmPk8HaVXG1fhkaI
PmBkSic5Os3AovKEerHLKEzag/4vKrfKNnnDuEbjhJRzvwU73SmoeGhyADIo2r7T
xx9R6b7e035PMLcFXNpj/6tSj2hW8gj4DEC8gjAMVVPZJNqFvUEcK5cT75uOK5UA
9uN0h6lzHAfmYt5OJm+3MFuGATTAOQOu7HKDiV4kCNyUFoAEWnYKnB6UoUAS+PoW
1e/1ouECgYEA+qPn0r1WU5ei6cXPYaD+MmP2xPI+b75xwQ6yOkKNy9yWHbjzTLTw
bLe9Xp2j4dNEmALvVtL+q24WgDKB8HDDZG0JTE330UsNz+1rux2aarNCXT22JjMj
RKPYRiBN5H+LiXW3RFMzWv+4AHLk+0Ehyu3raspoeuWUjHhG3pvHuvUCgYEAxZLA
nbFkFkLWmzfG24uFgVza+FjCoxJE1+DG5X52T2ooUjgHrcghhrd6cfakEhuEr5Kt
irmk8QEetwByImHubSo4fh8Hn0PymINBhrCAWfTHVOaGk42gQeU3GvQHqUkbsmEG
vPCl5G4w2SGlt/wv/GmsCGq+hbD3NqC/mCTGzIkCgYAgWcWTWuLomTrq56BT3p7Q
zDxOwWGztKYkIAx7HpoExS0PGw80SGp77d9gdgJwJH/HCyHvV/6NDAGVfG9vJG7j
6Hr5wVqKRiC7RM7R8Qk8WnTnag63sYQM2QUSUBsdsiTFkk8cX4zSYw1R6YKKt6Zv
9fOb7hI8QqPA2clz9DF8fQKBgBNnCgtydEXLYo/ztk+xL/c4SzjAXrzs+l3I8T9w
X+YEotkQL5Ddao10T04JzqsIkMs9OFW7TXtthLqsDIlb3LJTxyB7o5/8aEKaAUFc
6/3pj/nCeczbx7Uw8WxwMqBpUZL+/E5pw6DfQWTRbRjYZ03+gqqA8Rzn+B8hQi+K
zQshAoGAIyLLecmZJu8Z0/6++nKTd5RWuFRSFnbzJc+jRWrpIIy2Zr4MtdjGE8LU
89CX9MZzgjSEqBzg5q2p/rARluNDrdVBKN18txeY5r2kLzjO60blao5f0Cp3GKEC
OB9Gw9Lx1wrpz2Q+Rrq/qMdC/CufQjieTnq7LMVLa2X4OllNAOA=
-----END RSA PRIVATE KEY-----

5
production/haraka-wildduck/haraka/config/dkim_sign.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,5 @@
disabled = false
selector = dkim
domain = hatthieves.es
headers_to_sign = From, Sender, Reply-To, Subject, Date, Message-ID, To, Cc, MIME-Version
dkim.private.key = /secure/dkim_private.key

23
production/haraka-wildduck/haraka/config/dnsbl.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,23 @@
; reject: (default: true)
; denies connections from IPs on any active DNSBL
reject=true
; periodically check each DNSBL, disabling ones that fail checks
periodic_checks = 30
; search: Default (first)
; first: consider first DNSBL response conclusive. End processing.
; all: process all DNSBL results
search=first
; enable_stats (Default: false)
; stores stats in a Redis DB (see plugins/dns_list_base)
;enable_stats=true
; stats_redis_host (Default: localhost)
; zones: a comma separated list of DNSBL zones
; or list DNSBL zones in config/dnsbl.zones
zones=zen.spamhaus.org

11
production/haraka-wildduck/haraka/config/early_talker.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,11 @@
; delay in seconds
pause=5
; terminate the connection? (default: true)
; reject=false
; Whitelist of client IP ranges to skip delay on
[ip_whitelist]
::1
127.0.0.1

14
production/haraka-wildduck/haraka/config/fcrdns.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,14 @@
[reject]
; reject if the IP address has no PTR record
no_rdns=true
; reject if the FCrDNS test fails
no_fcrdns=true
; reject if the PTR points to a hostname without a valid TLD
invalid_tld=false
; reject if the rDNS is generic, examples:
; 1.2.3.4.in.addr.arpa
; c-67-171-0-90.hsd1.wa.comcast.net
generic_rdns=false

43
production/haraka-wildduck/haraka/config/greylist.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,43 @@
; Config for greylisting plugin
; greylisting action text
text = Greylisted. Please come back later.
[redis]
host = 127.0.0.1
; port = 6379
db = 11
[skip]
; skip for DNSWL hosts having high reputation
dnswlorg = true
mailspikewl = true
[period]
# transition path: first_connect --> black (defer) --> grey(allow) --> white (allow) --> expired
# 14 minutes
black = 850
# 25 hours
grey = 90000
# 35 days
white = 3024000
[envelope_whitelist]
# Envelope emails or domains, one per line
[ip_whitelist]
# IP or Subnet, one per line
[recipient_whitelist]
# Recipient emails or domains, one per line
[special_dynamic_domains]
# Put domains that should be always treated as dynamic here.
# Pattern is matched at the end of rdns
# SiteGround VPS service
sgvps.net

57
production/haraka-wildduck/haraka/config/helo.checks.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,57 @@
; disable checks or reject for each test if you are worried about strictness
;dns_timeout=30
[check]
; match_re=true
bare_ip=true
; dynamic=true
; big_company=true
; literal_mismatch: 1 = exact IP match, 2 = IP/24 match, 3 = /24 or RFC1918
; literal_mismatch=2
valid_hostname=true
forward_dns=true
rdns_match=true
; host_mismatch: hostname differs between EHLO invocations
host_mismatch=true
; proto_mismatch: host sent EHLO but then tries to sent HELO or vice-versa
proto_mismatch=true
[reject]
host_mismatch=true
; proto_mismatch=false
proto_mismatch=true
; rdns_match=false
rdns_match=true
; dynamic=false
; bare_ip=false
bare_ip=true
; literal_mismatch=false
; valid_hostname=false
valid_hostname=true
; forward_dns=false
forward_dns=true
; big_company=true
[skip]
; private_ip=true
; relaying=true
; whitelist=true ; TODO
[bigco]
msn.com=msn.com
hotmail.com=hotmail.com
yahoo.com=yahoo.com,yahoo.co.jp
yahoo.co.jp=yahoo.com,yahoo.co.jp
yahoo.co.uk=yahoo.co.uk
excite.com=excite.com,excitenetwork.com
mailexcite.com=excite.com,excitenetwork.com
yahoo.co.jp=yahoo.com,yahoo.co.jp
mailexcite.com=excite.com,excitenetwork.com
aol.com=aol.com
compuserve.com=compuserve.com,adelphia.net
nortelnetworks.com=nortelnetworks.com,nortel.com
earthlink.net=earthlink.net
earthling.net=earthling.net
google.com=google.com
gmail.com=google.com,gmail.com

2
production/haraka-wildduck/haraka/config/host_list Archivo normal
Ver fichero

@@ -0,0 +1,2 @@
# add hosts in here we want to accept mail for
hatthieves.es

6
production/haraka-wildduck/haraka/config/host_list_regex Archivo ejecutable
Ver fichero

@@ -0,0 +1,6 @@
# Add regexes in here we want to accept mail for.
# Specifies the list of regexes that are local to this server. Note
# all these regexes are anchored with ^regex$. One can not choose not to
# anchor with .* and that there is a good potential for bad regexes being
# over permissive if we don't do this.

7
production/haraka-wildduck/haraka/config/http.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,7 @@
; listen: the HTTP address:port(s) to listen on
; default: [::]:80 (port 80 on all IPv4 and IPv6 addresses)
; listen=[::]:80
; docroot: the directory where web content is served from
;docroot=/usr/local/haraka/html

1
production/haraka-wildduck/haraka/config/internalcmd_key Archivo normal
Ver fichero

@@ -0,0 +1 @@
1d1336164e2210ed49371832271103fbc60a4bf6ab38c7ad07b25851290f19af

302
production/haraka-wildduck/haraka/config/karma.ini Archivo normal
Ver fichero

@@ -0,0 +1,302 @@
; karma.ini, see 'haraka -h karma'
; Redis: karma's high speed key/value store for concurrency, IP history,
; and AS history
[redis]
host = 172.200.0.102
port = 6379
db = 1
; karma IP history is expired after this many days. This value is refreshed
; at every connection. Frequent senders may never expire.
expire_days = 60
[asn]
; track karma for AS? (network neighborhood)
enable=true
;report_as=asn
[tarpit]
delay=0
; If you make the remote wait too long, they drop the connection.
; 'max' limits how long to make remotes wait between responses.
max=4
; max_msa: applied for connections to port 587 and 465, when Haraka is acting
; as a Message Submission Agent for roaming users.
; max_msa=1
max_msa=1
[thresholds]
; negative: the threshold below which a connection is denied/rejected
; Be conservative to avoid false positives!
negative=-8
; score above which connections are considered 'good'
positive=2
; karma history = good - bad connections. A negative score means a sender has
; sent more bad than good messages. IPs are not subject to the penalty box
; until they have made > 5 connections and achieved a score lower than this.
history_negative=-3
[deny]
; hooks to disconnect on. When the score is below [threshholds]negative,
; deny the connection on these hooks:
;hooks=connect,unrecognized_command,helo,ehlo,mail,rcpt,data,data_post
hooks=unrecognized_command,data,data_post,queue
;message=very bad karma score: {score}
;message=https://example.com/logs/{uuid}
[deny_excludes]
; karma captures and scores deny requests from other plugins, permitting finer
; control over connection handling. For plugins that should be able to reject
; the connection, add their name to the plugin list:
plugins=send_email, tls, access, helo.checks, data.headers, rspamd, spamassassin, avg, clamd, attachment
; hooks whose DENY rejections should be not be captured.
hooks=rcpt, queue
[spammy_tlds]
; award negative karma to spammy TLDs
; caution, awarding karma > msg_negative_limit may blacklist that TLD
work=-4
rocks=-3
ninja=-3
info=-2
biz=-2
pw=-2
me=-1
us=-5
eu=-4
link=-3
science=-6
top=-4
ru=-2
club=-3
stream=-3
bid=-3
trade=-3
[tls]
; awards based on whether the sender opportunistically encrypted
; spammy senders usually do not. Plenty (~1/4) of ham senders don't either
; use with caution.
set=0
unset=0
; CONNECTION / NOTE AWARDS
;
; NOTICE: Generic awards are mostly deprecated in favor of [asn_awards] and
; [result_awards]. These still exist because there are connection properties
; that can't yet be scored any other way.
;
; karma can award points by inspecting connection objects and notes
; saved by other plugins.
;
; syntax: lo.ca.tion = N [if condition VAL]
;
; location: an object or attribute in the connection or transaction object.
; Use the transaction prefix to check only the transaction note.
; N: a numeric karma score to award: + to praise, - to smite
; VAL: the value to use in the conditional match
;
; conditions:
; if match // performs a case insensitive regex match on VAL
; if equals // performs an === comparison
; if gt // performs a greater-than comparison
; if lt // performs a less-than comparison
; if length (gt|lt) // matches against array length
; if in // matches in arrays
[awards]
relaying = 6
early_talker = -3
; ASN AWARDS
; Award karma points to specific ASNs. This is much shorter than writing
; result_awards and I score many ASNs. I score an ASN by analyzing the
; past 30 days of traffic. An ASN that sends mostly spam would get an
; award sufficient to "tip the scales" of any indetermine message
; towards spam and vise versa for hammy senders.
[asn_awards]
;55286 = -6
;33182 = -4
;46717 = -4
;13332 = -4
;200002 = -4
; RESULT AWARDS
; karma subscribes to each connections result store. Any plugin that saves
; results can thus have those results scored by karma.
;
; Example:
; in a plugin named 'example-pi', a result is saved:
; connection.results.add(plugin, { pass: 'someval' });
;
; in karma.ini, these rules match and assign +1 karma point each:
; 000 = example-pi | pass | eq | someval | 1
; 001 = example-pi | pass | match | omeva | 1
;
; result awards have the folowing syntax:
; unique ID = plugin name | property | operator | value | award | reason | remedy
;
; operators: equal, match, gt, and lt.
; award: any integer (negative values smite, positive values praise)
; reason: an optional human readable reason for the award
[result_awards]
;geoip.too_far = -1
001 = geoip | distance | gt | 4000 | -1 | Geographic distance is unusual for ham
002 = geoip | distance | gt | 8000 | -1 | Geographic distance is unusual for ham
003 = karma | fail | equals | env_user_match | -2 | Envelope sender doesn't match message sender
004 = karma | history | lt | -1 | -1 | IP reputation is poor
005 = karma | history | lt | -3 | -1 | IP reputation is very poor
006 = karma | pass | equals | all_good | 2 | IP reputation is good
007 = karma | fail | equals | all_bad | -2 | IP reputation is spam-only
; based on ASN history
008 = karma | pass | equals | asn | 1 | ASN reputation is good
009 = karma | fail | equals | asn | -1 | ASN reputation is bad
010 = karma | pass | equals | asn_all_good | 2 | ASN reputation is very good
011 = karma | fail | equals | asn_all_bad | -2 | ASN reputation is very bad
012 = karma | fail | equals | rfc5321.MailFrom | -1 | RFC Ignorant MTA | Use a RFC compliant MTA
013 = karma | fail | equals | rfc5321.RcptTo | -1 | RFC Ignorant MTA | Use a RFC compliant MTA
020 = asn | pass | equals | karma | 1 | ASN reputation is good
021 = asn | fail | equals | karma | -1 | ASN reputation is bad
022 = asn | pass | equals | asn_all_good | 2 | ASN reputation is ham-only
023 = asn | fail | equals | asn_all_bad | -2 | ASN reputation is spam-only
;030 = connect.p0f | os_name | match | freebsd | 1 | FreeBSD
031 = connect.p0f | os_name | match | windows | -1 | Windows OS, likely infected by malware | Don't use Windows as MTA
032 = connect.p0f | os_flavor | equals | XP | -2 | Windows XP, likely infected by malware | Upgrade to a supported OS
; give back the point penalized for running windows
080 = fcrdns | fcrdns | match | outlook.com | 1
084 = fcrdns | fail | match | ptr_valid | -4 | FCrDNS has no valid PTR | Set up https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS
085 = fcrdns | fail | match | valid_tld | -6 | FCrDNS has no valid TLD | Set up https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS
086 = fcrdns | fail | equals | has_rdns | -6 | FCrDNS has no rDNS | Set up https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS
087 = fcrdns | ip_in_rdns | equals | true | -1 | FCrDNS has IP in rDNS | Configure proper hostnames for your MTA
088 = fcrdns | generic_rdns | equals | true | -1 | FCrDNS host is generic
; well known senders
089 = fcrdns | fcrdns | match | google.com | 2 | FCrDNS Well Known Sender
090 = fcrdns | fcrdns | match | twitter.com | 2 | FCrDNS Well Known Sender
100 = access | whitelist | equals | true | 9 | Policy Whitelist
101 = access | blacklist | equals | true | -7 | Policy Blacklist | Unsubscribe the user, stop spamming them.
102 = access | pass | equals | connect.rdns_access.whitelist | 8
103 = access | pass | equals | mail_from.access.whitelist | 8
104 = access | pass | equals | rcpt_to.access.whitelist | 8
; Scores for specific DNSBLs
111 = dnsbl | fail | equals | b.barracudacentral.org | -7 | DNS Blacklist | Disinfect your host/network
112 = dnsbl | fail | equals | truncate.gbudb.net | -5 | DNS Blacklist | Disinfect your host/network
113 = dnsbl | fail | equals | psbl.surriel.com | -6 | DNS Blacklist | Disinfect your host/network
114 = dnsbl | fail | equals | bl.spamcop.net | -3 | DNS Blacklist | Disinfect your host/network
115 = dnsbl | fail | equals | dnsbl-1.uceprotect.net | -3 | DNS Blacklist | Disinfect your host/network
116 = dnsbl | fail | equals | zen.spamhaus.org | -5 | DNS Blacklist | Disinfect your host/network
117 = dnsbl | fail | equals | xbl.spamhaus.org | -6 | DNS Blacklist | Disinfect your host/network
118 = dnsbl | fail | equals | cbl.abuseat.org | -5 | DNS Blacklist | Disinfect your host/network
119 = dnsbl | fail | equals | dnsbl.justspam.org | -1 | DNS Blacklist | Disinfect your host/network
130 = helo.checks | fail | match | valid_hostname | -1 | HELO host invalid | Use valid HELO hostname
131 = helo.checks | pass | match | forward_dns | 1 | HELO host has forward DNS
132 = helo.checks | skip | match | forward_dns | -1 | HELO host skipped
133 = helo.checks | fail | match | forward_dns | -1 | HELO host fails forward DNS | Use valid HELO hostname
134 = helo.checks | fail | match | dynamic | -1 | HELO host has dynamic name
135 = helo.checks | fail | match | reverse_dns | -1 | HELO host missing rDNS
; SPF survey in March 2014: over 95% of ham has SPF Pass
; over 60% of spam has SPF Pass
; None, Pass, Fail, SoftFail, Neutral, TempError, PermError
150 = spf | result | equals | Fail | -4 | SPF fail | Update SPF record
151 = spf | result | equals | SoftFail | -3 | SPF soft fail | Maintain DNS properly
152 = spf | result | equals | Neutral | -1 | SPF neutral | Set up SPF records
153 = spf | result | equals | TempError | -2
154 = spf | result | equals | PermError | -2
160 = auth | fail | match | auth | -4 | Authentication failure
161 = auth/auth_base | fail | match | auth | -4 | Authentication failure
162 = auth | pass | match | auth | 9 | Authentication success
; 163 = auth/auth_vpopmaild | success | equals | false | -4 | Authentication failure
168 = mail_from.is_resolvable | fail | length | gt 0 | -8 | Mail From host DNS failure
169 = mail_from.is_resolvable | pass | equals | implicit_mx | -4 | Envelope From host has no MX
170 = rcpt_to.qmail_deliverable | fail | gt | 0 | -1 | Invalid envelope recipient
;171 = rcpt_to.qmail_deliverable | pass | gt | 0 | 1 | Valid Envelope recipient
172 = rcpt_to.in_host_list | fail | gt | 0 | -1 | Invalid envelope recipient
;173 = rcpt_to.in_host_list | pass | gt | 0 | 1 | Valid Envelope recipient
181 = data.headers | fail | match | from_match | -1 | Envelope From does not match Message From:
182 = data.headers | pass | match | from_match | 1 | Envelope From matches Message From:
183 = data.headers | fail | equals | UA | -1 | Uncommon MUA
184 = data.headers | fail | match | direct-to-mx | -1 | Not relayed
185 = data.headers | fail | match | missing | -1 | Missing a required header
190 = data.uribl | fail | equals | fresh15.spameatingmonkey.net | -2 | URI blacklist: fresh15.spameatingmonkey.net
191 = data.uribl | fail | equals | dbl.spamhaus.org | -2 | URI blacklist: dbl.spamhaus.org
192 = data.uribl | fail | equals | multi.uribl.com | -2 | URI blacklist: multi.uribl.com
193 = data.uribl | fail | equals | multi.surbl.org | -2 | URI blacklist: multi.surbl.org
194 = data.uribl | fail | match | rdns | -2 | URI Blacklist | Don't send spam
195 = data.uribl | fail | match | helo | -2 | URI Blacklist | Don't send spam
196 = data.uribl | fail | match | ehlo | -2 | URI Blacklist | Don't send spam
197 = data.uribl | fail | match | envfrom | -2 | URI Blacklist | Don't send spam
198 = data.uribl | fail | match | from | -2 | URI Blacklist | Don't send spam
199 = data.uribl | fail | match | replyto | -2 | URI Blacklist | Don't send spam
200 = data.uribl | fail | match | body | -2 | URI Blacklist | Don't send spam
201 = data.uribl | fail | match | msgid | -2 | URI Blacklist | Don't send spam
205 = bounce | fail | equals | single_recipient | -8 | Invalid bounce
206 = bounce | fail | equals | empty_return_path | -8 | Invalid bounce
207 = bounce | fail | equals | bad_rcpt | -8 | Invalid bounce
210 = clamd | fail | match | executable | -4 | Clam AntiVirus Executable
211 = clamd | fail | match | structured | -2 | Clam AntiVirus Structured
212 = clamd | fail | match | encrypted | -4 | Clam AntiVirus Encrypted Archive
213 = clamd | fail | match | pua | -4 | Clam AntiVirus Potentially Unwanted Application
214 = clamd | fail | match | ole2 | -5 | Clam AntiVirus OLE2
215 = clamd | fail | match | safebrows | -4 | Clam AntiVirus SafeBrowsing
216 = clamd | fail | match | unofficial | -4 | Clam AntiVirus UNOFFICIAL
217 = clamd | fail | match | phish | -3 | Clam AntiVirus Phishing
218 = clamd | fail | match | spam | -2 | Clam AntiVirus Spam
;219 = clamd | pass | equals | clean | 1 | Clam AntiVirus Executable
230 = rspamd | is_spam | equals | true | -2 | rspamd detected as spam
231 = rspamd | action | equals | greylist | -1 | rspamd suggested greylist
232 = rspamd | score | lt | 0 | 1 | rspamd positive score
233 = rspamd | score | gt | 6 | -1 | rspamd moderate score
234 = rspamd | score | gt | 10 | -1 | rspamd high score
235 = rspamd | is_spam | equals | false | 1 | rspamd detected as ham
251 = spamassassin | hits | lt | 0 | 1 |
252 = spamassassin | hits | lt | -2 | 1 |
253 = spamassassin | hits | lt | -5 | 1 |
254 = spamassassin | hits | lt | -10 | 2 |
255 = spamassassin | hits | lt | -20 | 5 |
256 = spamassassin | hits | gt | 1 | -1 |
257 = spamassassin | hits | gt | 2 | -1 |
259 = spamassassin | hits | gt | 3 | -2 |
260 = spamassassin | flag | equals | Yes | -5 | SpamAssassin detected as spam
;261 = spamassassin | hits | gt | 6 | -2 |
;263 = spamassassin | hits | gt | 8 | -2 |
264 = spamassassin | hits | gt | 9 | -2 |
265 = spamassassin | hits | gt | 20 | -10 |
280 = known-senders | pass | length | gt 0 | 5 | Known Sender
281 = limit | fail | length | gt 0 | -3 | Exceeding rate limits

120
production/haraka-wildduck/haraka/config/limit.ini Archivo normal
Ver fichero

@@ -0,0 +1,120 @@
; limits imposed on connection(s)
tarpit_delay=3
; REDIS CONFIG
[redis]
host=172.200.0.102
port=6379
db=4
;
; CONNECTION CONCURRENCY LIMITS
[concurrency]
; enabled=false
max=3
; [concurrency_history]
; History: when enabled, the plugin is one which stores IP history. The history
; plugin results must have a positive integers for good connections negative
; integers for poor / undesirable connections. Karma is one such plugin.
plugin=karma
good=10
bad=1
none=2
; RECIPIENT LIMITS
[recipients]
; enabled=false
; max=20
; max_relaying=100
[recipients_history]
; The same history notes for [concurrency] apply here.
plugin=karma
bad=1
none=5
good=50
; UNRECOGNIZED COMMAND LIMITS
[unrecognized_commands]
; enabled=false
max=10
; ERRORS COMMAND LIMITS
[errors]
; enabled=false
max=10
; CONNECTION RATE LIMITS
[rate_conn]
; enabled=false
; Maximum number of connections from an IP or host over an interval
127=0
; no interval defaults to 60s
default=5
; The history notes for [concurrency] apply here too.
[rate_conn_history]
plugin=karma
bad=1/15m
none=1/5m
good=15/1m
; RECIPIENT RATE LIMITS by HOST
[rate_rcpt_host]
; enabled=false
; Maximum number of recipients from an IP or host over an interval
127=0
; 50 RCPT To: maximum in 5 minutes
default=50/5m
; RECIPIENT RATE LIMITS by Sender
[rate_rcpt_sender]
; enabled=false
; Maximum number of recipients from a sender over an interval
127=0
default=50/5m
; RECIPIENT RATE LIMITS by Recipient
[rate_rcpt]
; enabled=false
; Limit the rate of message attempts over a interval to a recipient
127=0
default=50/5m
[rate_rcpt_null]
; enabled=false
; Limit the number of DSN/MDN messages by recipient
default=1
[outbound]
; Limit outbound concurrency by destination domain name
; enabled=false
; example.com=10

7
production/haraka-wildduck/haraka/config/lmtp.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,7 @@
;[main]
host=127.0.0.1
port=2424
; host=127.0.0.1
; [example.com]

11
production/haraka-wildduck/haraka/config/log.ini Archivo normal
Ver fichero

@@ -0,0 +1,11 @@
[main]
; level=data, protocol, debug, info, notice, warn, error, crit, alert, emerg
level=info
; prepend timestamps to log entries? This setting does NOT affect logs emitted
; by logging plugins (like syslog).
timestamps=false
; format=default, logfmt
format=default

14
production/haraka-wildduck/haraka/config/lookup_rdns.strict.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,14 @@
[general]
nomatch=Please setup matching DNS and rDNS records.
timeout=60
timeout_msg=DNS check timed out.
[forward]
nxdomain=Please setup a forward DNS record.
timeout=60
dnserror=Please setup matching DNS and rDNS records.
[reverse]
nxdomain=Please setup a reverse DNS record.
timeout=60
dnserror=Please setup matching DNS and rDNS records.

1
production/haraka-wildduck/haraka/config/lookup_rdns.strict.timeout Archivo ejecutable
Ver fichero

@@ -0,0 +1 @@
0

6
production/haraka-wildduck/haraka/config/lookup_rdns.strict.whitelist Archivo ejecutable
Ver fichero

@@ -0,0 +1,6 @@
# Hostnames and IPs are matched exactly as written on each line.
127.0.0.1
::1
172.200.0.1
172.200.0.101
82.223.3.135

5
production/haraka-wildduck/haraka/config/lookup_rdns.strict.whitelist_regex Archivo ejecutable
Ver fichero

@@ -0,0 +1,5 @@
# Does the same thing as the whitelist file, but each line is a regex.
# Each line is also anchored for you, meaning '^' + regex + '$' is added for
# you. If you need to get around this restriction, you may use a '.*' at
# either the start or the end of your regex. This should help prevent people
# from writing overly permissive rules on accident.

4
production/haraka-wildduck/haraka/config/mail_from.is_resolvable.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,4 @@
timeout=30
allow_mx_ip=0
reject_no_mx=1
re_bogus_ip=^(?:0\.0\.0\.0|255\.255\.255\.255|127\.)

1
production/haraka-wildduck/haraka/config/max_unrecognized_commands Archivo ejecutable
Ver fichero

@@ -0,0 +1 @@
10

1
production/haraka-wildduck/haraka/config/me Archivo normal
Ver fichero

@@ -0,0 +1 @@
hatthieves.es

18
production/haraka-wildduck/haraka/config/messagesniffer.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,18 @@
;port=9001
;tmpdir=/tmp
;gbudb_report_deny=true
;tag_string=[SPAM]
;[gbudb]
;white=accept
;caution=allow
;black=allow
;truncate=reject
;[message]
;white=allow
;local_white=accept
;caution=allow
;black=allow
;truncate=reject
;nonzero=reject

30
production/haraka-wildduck/haraka/config/mongodb.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,30 @@
; This file must be placed in "config" directory of your Haraka server.
;
; MongoDB Credentials
;
[mongodb]
; user
user=
; password
pass=
; host
host=127.0.0.1
; port
port=27017
; database name
db=haraka
; collection name
[collections]
queue=email_incoming_haraka
delivery=email_delivery_results
; Absolute path to store attachments
[attachments]
path=/home/node/Haraka/attachments
[enable]
queue=yes
delivery=yes

15
production/haraka-wildduck/haraka/config/outbound.bounce_message Archivo ejecutable
Ver fichero

@@ -0,0 +1,15 @@
Received: (Haraka {pid} invoked for bounce); {date}
Date: {date}
From: MAILER-DAEMON@{me}
To: {from}
Subject: failure notice
Message-Id: {msgid}
Hi. This is the Haraka Mailer program at {me}.
I'm afraid I wasn't able to deliver your message
"{subject}"
to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
Intended Recipients: {recipients}
Failure Reason: {reason}

36
production/haraka-wildduck/haraka/config/outbound.bounce_message_html Archivo ejecutable
Ver fichero

@@ -0,0 +1,36 @@
<html>
<head>
<style>
* {
font-family:Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif;
}
</style>
</head>
<body>
<table cellpadding="0" cellspacing="0" class="email-wrapper" style="padding-top:32px;background-color:#ffffff;"><tbody>
<tr><td>
<table cellpadding=0 cellspacing=0><tbody>
<tr><td style="max-width:560px;padding:24px 24px 32px;background-color:#fafafa;border:1px solid #e0e0e0;border-radius:2px">
<img style="padding:0 24px 16px 0;float:left" width=72 height=72 alt="Foutpictogram" src="cid:icon.png">
<table style="min-width:272px;padding-top:8px"><tbody>
<tr><td><h2 style="font-size:20px;color:#212121;font-weight:bold;margin:0">
Message not delivered
</h2></td></tr>
<tr><td style="padding-top:20px;color:#757575;font-size:16px;font-weight:normal;text-align:left">
A problem has occurred when trying to deliver your mail to <a style='color:#212121;text-decoration:none'><b>{recipients}</b></a> . Look below for the technical details.
</td></tr>
</tbody></table>
</td></tr>
</tbody></table>
</td></tr>
<tr style="border:none;background-color:#fff;font-size:12.8px;width:90%">
<td align="left" style="padding:48px 10px">
Reaction of the server: <br/>
<p style="font-family:monospace">
{reason}
</p>
</td>
</tr>
</tbody></table>
</body>
</html>

106
production/haraka-wildduck/haraka/config/outbound.bounce_message_image Archivo ejecutable
Ver fichero

@@ -0,0 +1,106 @@
Content-Type: image/png; name="icon.png"
Content-Disposition: attachment; filename="icon.png"
Content-Transfer-Encoding: base64
Content-ID: <icon.png>
iVBORw0KGgoAAAANSUhEUgAAAJAAAACQCAYAAADnRuK4AAAAAXNSR0IArs4c6QAAFi1JREFUeAHt
XUmMHVcVrfo9eYgUWDBsEsAxCQQFFCkSzsQgBQeMQGIBScSwYFoghg0CNoAlhgWjWLBhB0gMYsEO
Z7AgQOwECRRCxBBwOwwLIGwwsdPt7v9/cc6571ZVO2771++q/6uq37N/1Xt3elX3nn9fVfXt6iSJ
LXogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHog
eiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHqgux5Iu3vozRx5dvTo4PRD9909TrIjmOF6zZIm
vx9k6bEDt935g/To0XEzM3fTagRQKW6n7rz19dl49M0ky15eIhfdNP1jspB86KX3PvJgQdzdvQig
EP9Thw/dlWXZd5IsWb4kJNJkI03T9xy8/5EfXlJulzAjgBBogicZZ9/PkmQif0AoSwbpPRFEEzqs
z1+m00duedF4Y/QYwHNllfMEiM4MlhdedeAnJ/9WRa9vsoO+nVCV8+EFM8Dz3arg4RzUkS5sVJmz
b7K7+uRXT9z3AQDh9mmDSt3Vk8feP61+H/QmWvP7cKIXnsPqHXdcOU7P/gV3XM+7kFdpnKb/GWRX
vPSa48fPVNLrifCuzUDjwdNHdwweggAAlK2eAKLqaezKDHT6jbdeNxoOH4ezlqo6bBv5zYXFxRsO
3HviiW34vSXvygw0Ho2+jojWBR6CYynY7C1QtjuxXQeg1TtueTMeGL5pO4dMS6dN2p5Wv6t6uwpA
2Qc/uJQlo682FSza5hxN2W+j3V0FoNXTj38Mt97XNRUI2uYcTdlvo91dcxF96vAtz0/Goz8jyJWe
OFcNGhx6JhksXHvw/pNPVdXtovyuyUBZNv5i0+AhADgH5+oiGKY55l2Rgf76pptvHA7Hv87wI9Bp
nFRVJ02T8eLi4KYXH3v40aq6XZOfiUPn7ZTh5vgbswIPz5Vzcc55n/cs5u89gFbfcPM9WFam/nnX
tEHgnJx7Wv2u6PV6CfvH22/ee/6/4yeQEa6aR0CwlP1j5TmD66760cNr85h/FnP2OgOt/3f8qXmB
h8Hj3DyGWQRyXnP0NgOt3nHb1Vky/FOWZHvn5VzOmybpWposvuya4w/9fZ7H0dTcvc1A43T4lXmD
h0HjMWTp8MtNBXDednuZgU7feevto9HwF/N2bnn+hYXF1xy478Qvy7Q+9HuXgVimOhqNWncLzWPi
sfUBNOVz6N0JWYlpdmP5JNvRz27sY/lrr5aw2spUm0JcD8tfe5WBxsnZz9ZSptoUgFj+ymPsUetN
BmqgTLWpMPeq/LU3GaiBMtWmAMTy1681ZXzWdnsBoKbKVJsKBspfj/Sl/LXzAGq6TLUxEPWk/LXz
AFp98rGP4iffjZWpNgcglL/i2JuyPyu7nb6InlWZalPBgPM7X/7a6Qw0qzLVpgCEzNn58tfOZqBZ
l6k2BaKul792NgPNuky1KQB1vfy1kwA6dfjVd7NktKmgztouz4XnNOt565ivc0vYvMtU63D6xWx0
tfy1cxlo3mWqFwt+HbSulr92KgM1WaZ68IFHKuHg96+/KVlZXKykcznhLpa/dioDsTS0DWWqBMLZ
zfVkczS8HCYq8btY/toZALFMFT9DekeliDQpjDXnf5vnk426QYRz5Lk2eeh12u4EgNpZporVf4zq
HoBoczSqMyZJl8pfOwGgNpapYrnhr+ygfi1LnsZyVm8m6k75a+sBxDLVJEs/V+tXvA5jeHiTN4Do
7OZGvSDCOevc80na2Wk9gFgCim/581vnPqxghqGAJIJoiOVsXM9yxnPuQvlrqwHEMlWE6cOtA8+W
A/InIQAS/hDU2Y36QMRzNx9smbBVg1YDKJR+tvidgwBNSED6syPCUpac26jtFr/15a+tBVAoU+Uf
fWtl87yz5eAIJmEqTc4NN2p5ToSlrNXlr60EUBfKVC3xAEZpnoIMS0QWrof4eWa4mWyMd/6wsc1v
f20lgLpTpkqgADH86LY+ZCCSwBrjOdEzm5s7vrCGqdaWv7YOQCpTzZJP29e5vVtCRk0dAkn/sePz
ISSmsEmZiXCLv+OHjfCJfBOmbcuudQBKsvEXEItGX8Vbh/NxjGhACTs5WAicQAMdjxn1oFHL2Qgg
2sEtvnwC32jaFm1aBSCWqSIi722RfyY7FESXONKHaxcxJBxhA0CRjj+pmawzE2FZm75l7zUfTW+h
bs1WAahLZar8MYZBxkLCa2ktWx4hoYbLmS1pRNUY4Frbwc/OoN66t7+2BkBdK1PltY5SDXHELBPw
5CCyvZiWgXJgIRONpr+wxqytKn9tBYBYpgovf8l93IW9ZSDkIGUaYMiXLlu7AmhymOGUIEg8sYdl
bB23+FNfE8FX8pmZm+u2FQBaP5N9Ev6/aq6eqDq5JRdp4WGfspBhhKDBuMBLYRk0vyaizjoeNg5H
1a+J6Cv6rDA8v97cAcQy1XScfGJ+LphyZoKGIMFaFRKLMowwAgqXMPbZtA9rG4FDHaqTsYa7s9EU
F9b0GX2nCea4mTuA2lSmWj0OQACRIEBY5vGLawGEQHKjBAwGPg54gjp+doZMNKp4i4/ZWvH217kC
qHVlqh7sSfdEAREhEHFvijlsiC8ShRYOgkBQobL+gbw2HCbDqiBqQfnr3ADUzjJVA8Ak2xwKxIVw
xA1v2gWZkgnQHTiedsC1rkkbBnlNRBBVuyaad/nr3AC0+tC974NnW/g21VLsL9Fl0NWIm4AmwkcJ
xxkceBNKMDC0iMonRPxXSGXJBu7OqoEI5a/ypU80233uh1lOy1LNLD37Z6z/rak0PIcHfOdQDJY3
LUvmHndS/mMKEPxCeKCsw6xhYKA+v5UGCtCELvLQ3JBkA5bQt28xjUJLuzTZg985WxgsUOuyDcfy
VJpdce01x4+fuaxwzQJzyUBtLFPdv7SS8JO30nLjNF7wEhp6toy+L0NFCiEnLGFiUj6ghjtTNwr6
HLLZPjBJhyyL9EfZZMsZv4jzKn8NZ2cnMott29+myizEbMRwDgSHMbaFm5R5xLPAi4fMUciUeiUQ
Fngq8WXX4EM0+reZFM7DWVcWl5KF1DkgbN/m8vbXiY5s+2Ouzml7mer+5ZCJmAkEI4Qx4Ich1cqG
0xZkGGTx7DrGQh4AQRkIW9bSwJYnWmX2kg3OYMa5elGTH9mRbpKcn/yaaC7lrzMF0OobXn0Ezmtt
mSpip0YQXbGy7EOLKkeINQHjIGK02Q8sDC38AVWWRQwfUqasA8+0aM8MSJddG0qedjjkr1BPcmFN
39LHbnsW+5kBSGWqWdKZ9yPvX9oTrolCRIWcAB6ByKONfUBRjhVHVc4KNggL8FyTiMz0U1gygrZA
4xKAG22AvYHffh253UsgAyJfo68vIVIra2YA6k6ZauFfLWfLeywpMPCIsYWZnRBwiocuA11uGaMv
Xmnpo2pJqNwXVDCPLYXkmDAhh2IQ3OLjwvoyz4kw43WnnvzdR0pTNNrdevwNTdX1t6nyd73W8OMG
+4k7XEakBM9pBRpYyI2IYPOiNweCwcpv+1PIsvECnYbI5bdYJkOWIziVecCwb7jp+JXWMm/xL3Fh
DemZvf3Vjg8n0GjrSJnqdj64AtdE+xbtFl9wCIFWWD3oUPYAa0kD3TIQpCz+Ms+uDS2vSJ0bdWCd
XUr6Hl2DGYnWbDnb/hYfVvDr4LMpf9Wx+oE1se/L21TpG97es0BeWacUYGYXa0ZkPuKdljILScSF
ZMDBgAuSeNgb6IK2ywRrBCsTFvecQTZoC/0MsssLC9tmIrDHi4uDm1587OFHId5YazwDdalM9XJe
toeNuDsjKCDMwLJp7xvsdZsuMFCOoKE0G8ATLpopnpPJ4oBEAI8f53OYa7MfxAi8S2Ui4pe+p+km
W6MAOnX40F0459ubPIFZ296Hp9V78GGArYWIamChFjACCAw0xSKk23ZX5t7RQX329SHsiiZxB550
mOFM4pIgUvnrobsKS/X3ysdZq/WuvU216jsSH7n1FcoYlkWYZcx9eegNRSUgcNkqFiz1ICM1bgCM
fJkj+MCzZY508rEBwZdDA5XQJNBtt5xhhr+vPDd92VU/enit1gAHY41loE6WqVb0sAfc1ASFosu1
B812xrM8ZPQS4grwBFZILtL3ayYJuc1gWMASuPw50bMvrDHn1U2WvzYCoM6WqSpkVTaMuEedey4t
BA0ziBIDNhZhbi3fYCsSBYM6COxaOrLnQKZFGfQEHOwhR7qadMgjWdrbXhOx/PXU4dc0UnPeCICy
ZPgluHCvn2sf9wqkkJCH1ACBkyVZVMWVgDAWM5D6Fm8TcgJoQVzuchH3naaijMtzHqEHNAoHBT1s
vOCn+IrFeOPLbqvOfe0AUplqkjV64VanA6a1pZgxcgwoGq9ZlHV8HHjKGSG4RJZ3hTJFHsrQMdDR
hhnwrQBD+5yKRBpAh5Z4IS2Lpqw+l9WLXVhD+q4m3v5aK4C6XqaK0FRqCrIjAhHWk2qMLbAGFrId
BOIj8HYnJiTYfMGGZShuQYBxWQg8YsTxRiX1SaNgYHBePUIA9WIgaqL8tVYAdb1M1aJZYcuoWrgB
CoYbH1yPKPBgkWsh9h6G1hVH/YAjYsBYQRaEPBsJPaaSS0FM8wQk+ZzMTtvf4tdf/lobgPRG0TT5
vJ/mrth78BBMe3iIoDILEAriWbhDEoFLSCeL0WegNdQYFO0tCwXvBRscKSuxwwvmQNc8sKM7NdgU
iMgzYzLOTDQuXxMhRnW+/bU2ACXp2c/Aia2pcaavZ9IYLLQ8ZspARrElJQi4EIYKNMdoDHvoCAiC
gWTAY+YhG6AIUugbTRgSVgLkQHZgyn4AFm2fH7IUxG7xFSPESnPWsKkFQCxTxZsnZlZCUMN512OC
AfaEoICFeJPon3CLzYxjpCJDGMmWPAJCoJDBQlQ6VKWwGgUJLn4AHgJKADO7BI/T8kwIkfI1EWNV
19tfawFQ28tUg+fr31ksLUkocLbQWFYJAWeA2YgOgYljfAIgOAJHNnKMhLERMWCjUKkJcLJDYjGH
ZSGSbEnLbUK/BKLayl93DKCulKmWfF9PF5GxxYPAwH9HAfbsFi2MGEnnWaqxMWgWagwdbAEPskl1
6pHGvnZhSRMPG5qmgNBiGU06oGkqitAYBg4iLGW1lL+GQ7UDq7pl6eTq6ccex6F17u+2X3iu/tsY
ZTrOS8HVNUXOsPzCeKkojHHDP4HJFBhPaWrrKYByOR8DRlY8k+Y3WWwbimddhxd1SCaVkmjoF8dG
sLhNsOyI8r3kNYF6KgVZTAdPXHPgVTek3/rWplGrb3eUgVg6iWPqPHjotvy3MUo+9Oc2+hYTFqXg
qcsgKZbYoKMsoZBZ6Gmq4GPgsSfRDEhacoHNvk2DTCJl2ibVVTgIGYg9ZhlaIRmKYSQ6iZIUk+xg
CGNmomE23nH5a3GmmL9K63qZ6nbnWs5EikmIOkOjwDG6IVhug5ycTCL4zBRyLhmmIBmyt/BFsI00
8jSFUZhHdtQnHDTKwRKwYfMbgn0CGSWg2PzaiGP2dQEOWyuLC2cWBkvXHrz/5FMSrLjZQQYafx6H
1vq3qVb0x0UyEQNgH209YqAJG/keMfXJjCEt24QwUhf/7aEjrbFZzmCP8c8BUprHliZKWKMms5Pg
xEkxn/Vp3MaaF0PSacqugTCWMvd2tLjFvxKvlpn6+Z1ZseOaeKvb9tHwDziYHQBw4unmIljORBYG
uAqB8gTBQFh9PL/NDIiipOuiENot8jwJOTtstAvBJMeugQhKcbboGsWglavkXgGXAmF+QoldHSv7
ZAYl8TD2fRBMUJ8/3r+y9/oD9554Ijc7YWcqAOC2/eM4yKl0JzyuuYttvSayEAokiobig2O0UOhg
PfDk533GjtFjUG2vISkKOC2Ybd8Zn0GnPAVtZ91gAwNqaRp2QFYfOpaJjIat7Pi1T3EIZt/18Yxx
cG59/eOSr7jh9JXak0de98Lh5vpfcYKlNxFUMtEpYXtrx7oCzYd5AwRLS42CVnIfusUohwUCC5Ah
cn5NBDVkLpPklmPXU/YhgTTqaY++dzh2tDgNe7+eEZzD0uRGNQeRA3vOd3nOY+bEP7+wnL7k+vt+
80/RJ9xUziKj4dpbdwt46EMrpN/DyNl1h0cdPH7f7Tt/EW87KhibwFYc2VcqoD45BpSCXFYgFU0G
KA0et0FfY/A0BMvsmb54opkBjv1C2uXL+shCK8ON7C2UrtIqAwgHcajKBH2Q5XLGYnp9ixkfxZ2R
s9gSRNbEsC5JFFT6ICkIs+fZJejl+Yri1KEuoqx5iB6MSbLZuJWgAGEg4Jj/qYMOmkASaNQmuHwp
o2FlIWSrsj6y681SrrCpDCAcTGffKlbBL88SZSYSiBQMsBVgC1YhrMhbnAWEAloKO4GAj2sZKApt
Mi3wjDw+EgANIDQdEoKBYEgcKdE24IC+AclEXZOzKAMFvlQ0BTd2JNhWjm1lAKFc4dmV2zy6XdD2
Ly0n+/C78t4Ij+B7xdXoIfBkOAgs+kKOZwi3YYpBljChrAc06CnjkEylYJMsZQ/JeiYxvoAErjKO
m6Yumqmb9oX6AFvl2FYGEED+tB3K7tzuA4gIJEVCEQkbBV4bRtYagmtdbNEXAAg6/HMRCXNAIGiP
vqJcyJBFXRejcY4lAdkty1Fuh+CGBpXYAl065X5Jf5BkZ0148m1lAOFIfj65+X5KcikTiHB6nh0s
wgwraCHajB8DWNyyi7sFCIRB3jz4EguRB5sA4WgLICyVgB7gqHmwISBoMwCDpqQHKuniqU8GD6+k
nyS/oHyVVhlAePT9HR5rlUn6KLtXyxl/Q9WDgrOUVyxE7BNIwgTjGkJHIQaU8bdm3lS9TyAKcFAM
5iTPWWxJQo+64HvmUV8TBkAQudK3PVRNlsdAoyI/W39haenb4aAm3lUG0NXHTq7i0eXUj74nPrIO
CO5bxDWR/5ozgpIHBl2G3zMQT4VjirARAAokg6mOVIs+BfCRSaHI5GiB/9yS9jKqjfTzLCV9SOSs
0AkWyCjr49nUF69/4Fd/4fFVaW61ig7OOUtXDx/6Ns793ZUUeyrMdwc9s4G3duD8GG9/UEhYKB/J
y9iA6QG123UjeBD8Fl4PLGXJLcIOujaiTTQSBK5glH0JGGhs2aKgMSxbFXp59iJ/MPjeDT/99bsw
P4UrtcoZiNY50cEHfvUevMf47TiPSk8uKx1dR4T3IhPt5XMiNIXXg8l4eJyNacFHPyQeUulQfbh0
MWsRdHkkyWMDQToc8oMB4y1VMCVGAXQwEo9yomNPmimSBvsSTf+FWN79yp/95p3TgAcGZZX7qVt2
9HWLp0+cfy3+puPbcJA34sBegMX/hTji/VMb7agiM9Ea/kqzoh3OAYEJF9UWQNzp4F/Z8eDza2wB
zTmUZuPeNWjLaUSGgGaIsynBVsajjtZPGeWAafEc2P8G6194W95vs6WFH99w2/4H06MP7vzvkuuo
4iZ6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6IHogeiB6
IHogeiB6IHogeiB6IHogeiB6IHogemBaD/wfWl0tzAXA/nAAAAAASUVORK5CYII=

30
production/haraka-wildduck/haraka/config/outbound.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,30 @@
; see http://haraka.github.io/manual/Outbound.html
;
; disabled (default: false)
; disabled=true
; concurrency_max (default: 100)
; concurrency_max=100
; uncomment to disable tls for outbound mail
; enable_tls=false
; maxTempFailures (default: 13)
; ipv6_enabled (default: false)
; load_pid_queue
; flush_queue
; always_split: default: false
; always_split=true
; received_header (default: "Haraka outbound")
; received_header=Haraka outbound
; pool_timeout: default : 300
; pool_timeout=0
; pool_concurrency_max: default: 10
; set to zero to disable pools
; pool_concurrency_max=0

78
production/haraka-wildduck/haraka/config/plugins Archivo normal
Ver fichero

@@ -0,0 +1,78 @@
# This file lists plugins that Haraka will run
#
# Plugin ordering often matters, run 'haraka -o -c /path/to/haraka/config'
# to see the order plugins (and their hooks) will run in.
#
# To see a list of all plugins, run 'haraka -l'
#
# To see the help docs for a particular plugin, run 'haraka -h plugin.name'
#process_title
# Log to syslog (see 'haraka -h syslog')
# syslog
# CONNECT
#toobusy
relay
# control which IPs, rDNS hostnames, HELO hostnames, MAIL FROM addresses, and
# RCPT TO address you accept mail from. See 'haraka -h access'.
access
#p0f
# geoip
# asn
#fcrdns
# block mails from known bad hosts (see config/dnsbl.zones for the DNS zones queried)
#dnsbl
redis
# HELO
#early_talker
# see config/helo.checks.ini for configuration
helo.checks
# see 'haraka -h tls' for config instructions before enabling!
tls
aliases
#
# AUTH plugins require TLS before AUTH is advertised, see
# https://github.com/haraka/Haraka/wiki/Require-SSL-TLS
# auth/flat_file
# auth/auth_proxy
# auth/auth_ldap
# MAIL FROM
# Only accept mail where the MAIL FROM domain is resolvable to an MX record
mail_from.is_resolvable
spf
# RCPT TO
# At least one rcpt_to plugin is REQUIRED for inbound email. The simplest
# plugin is in_host_list, see 'haraka -h rcpt_to.in_host_list' to configure.
rcpt_to.in_host_list
#rcpt_to.qmail_deliverable
#rcpt_to.ldap
#rcpt_to.routes
# DATA
bounce
# Check mail headers are valid
data.headers
#data.uribl
#attachment
#clamd
rspamd
##spamassassin
dkim_sign
karma
limit
# QUEUE
# queues: discard qmail-queue quarantine smtp_forward smtp_proxy
# Queue mail via smtp - see config/smtp_forward.ini for where your mail goes
queue/lmtp
#queue/smtp_forward
# Disconnect client if they spew bad SMTP commands at us
#max_unrecognized_commands
#watch
wildduck

6
production/haraka-wildduck/haraka/config/plugins.bak Archivo normal
Ver fichero

@@ -0,0 +1,6 @@
spf
clamd
rspamd
dkim_verify
wildduck
tls

10
production/haraka-wildduck/haraka/config/rabbitmq.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,10 @@
[rabbitmq]
exchangeName = emailMessages
server_ip = localhost
server_port = 5672
queueName = email
deliveryMode = 2
confirm = true
durable = true
autoDelete = false
exchangeType = direct

12
production/haraka-wildduck/haraka/config/rabbitmq_amqplib.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,12 @@
[rabbitmq]
host = localhost
port = 5672
user = guest
password = guest
exchangeName = email_messages
exchangeType = direct
queueName = emails
deliveryMode = 2
confirm = true
durable = true
autoDelete = false

1
production/haraka-wildduck/haraka/config/rcpt_to.blocklist Archivo ejecutable
Ver fichero

@@ -0,0 +1 @@
# This is a blocklist for the rcpt_to line. One address per line.

2
production/haraka-wildduck/haraka/config/rcpt_to.in_host_list Archivo normal
Ver fichero

@@ -0,0 +1,2 @@
;[main]
host_list=hatthieves.es

0
production/haraka-wildduck/haraka/config/rdns.allow_regexps Archivo ejecutable
Ver fichero

0
production/haraka-wildduck/haraka/config/rdns.deny_regexps Archivo ejecutable
Ver fichero

14
production/haraka-wildduck/haraka/config/redis.ini Archivo normal
Ver fichero

@@ -0,0 +1,14 @@
[server]
host=172.200.0.102
port=6379
db=2
[pubsub]
; host=127.0.0.1
; port=6379
[opts]
; db=0
; password=dontUseThisOne

3
production/haraka-wildduck/haraka/config/relay.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,3 @@
[relay]
all=false
acl=true

2
production/haraka-wildduck/haraka/config/relay_dest_domains.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,2 @@
[domains]
hatthieves.es = { "action": "continue" }

30
production/haraka-wildduck/haraka/config/rspamd.ini Archivo normal
Ver fichero

@@ -0,0 +1,30 @@
host = localhost
port = 11333
add_headers = always
[dkim]
enabled = true
[header]
bar = X-Rspamd-Bar
report = X-Rspamd-Report
score = X-Rspamd-Score
spam = X-Rspamd-Spam
[check]
authenticated = true
private_ip = true
[reject]
spam = false
[soft_reject]
enabled = true
[rmilter_headers]
enabled = true
[spambar]
positive = +
negative = -
neutral = /

47
production/haraka-wildduck/haraka/config/smtp.ini Archivo normal
Ver fichero

@@ -0,0 +1,47 @@
; address to listen on (default: all IPv6 and IPv4 addresses, port 25)
; use "[::0]:25" to listen on IPv6 and IPv4 (not all OSes)
; listen=[::0]:25
; Note you can listen on multiple IPs/ports using commas:
;listen=127.0.0.1:2529,127.0.0.2:2529,127.0.0.3:2530
; public IP address (default: none)
; If your machine is behind a NAT, some plugins (SPF, GeoIP) gain features
; if they know the servers public IP. If 'stun' is installed, Haraka will
; try to figure it out. If that doesn't work, set it here.
;public_ip=N.N.N.N
public_ip=82.223.3.135
; Time in seconds to let sockets be idle with no activity
;inactivity_timeout=300
; Drop privileges to this user/group
;user=smtp
;group=smtp
; Don't stop Haraka if plugins fail to compile
;ignore_bad_plugins=0
; Run using cluster to fork multiple backend processes
;nodes=cpus
nodes=4
; Daemonize
;daemonize=true
;daemon_log_file=/var/log/haraka.log
;daemon_pid_file=/var/run/haraka.pid
; Spooling
; Save memory by spooling large messages to disk
;spool_dir=/var/spool/haraka
; Specify -1 to never spool to disk
; Specify 0 to always spool to disk
; Otherwise specify a size in bytes, once reached the
; message will be spooled to disk to save memory.
;spool_after=
; Force Shutdown Timeout
; - Haraka tries to close down gracefully, but if everything is shut down
; after this time it will hard close. 30s is usually long enough to
; wait for outbound connections to finish.
;force_shutdown_timeout=30

4
production/haraka-wildduck/haraka/config/smtp_bridge.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,4 @@
host=localhost
#port=
#auth_type=
#priority=10

23
production/haraka-wildduck/haraka/config/smtp_forward.ini.orig Archivo ejecutable
Ver fichero

@@ -0,0 +1,23 @@
; host to connect to
host=localhost
;
; port to connect to
port=2555
;
; timeout backend connection from pool
;timeout=300
;
; max connections in pool
;max_connections=1000
;
; uncomment to enable TLS to the backend SMTP server
;enable_tls=true
;
; for messages that have multiple RCPT, send a separate message for each RCPT
; when forwarding.
;one_message_per_rcpt=true
;
; uncomment to use smtp client authorization
;auth_type=plain
;auth_user=
;auth_pass=

19
production/haraka-wildduck/haraka/config/smtp_proxy.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,19 @@
; host to connect to
host=localhost
;
; port to connect to
port=2555
;
; timeout backend connection from pool
;timeout=300
;
; max connections in pool
;max_connections=1000
;
; uncomment to enable TLS to the backend SMTP server
; enable_tls=1
;
; uncomment to use smtp client authorization
;auth_type=plain
;auth_user=
;auth_pass=

1
production/haraka-wildduck/haraka/config/smtpgreeting Archivo normal
Ver fichero

@@ -0,0 +1 @@
Wildduck Mail MX

41
production/haraka-wildduck/haraka/config/spamassassin.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,41 @@
; How does Haraka connect to the SpamAssassin spamd daemon?
; TCP/IP: 127.0.0.1:783
; socket: /var/run/spamd/spamd.sock
spamd_socket=127.0.0.1:783
; the username we tell spamd the message is to (default: default)
;spamd_user=first-recipient (see docs)
;spamd_user=
; messages larger than this are not scored by SA
max_size=500000
; Munge the subject of messages with a score higher than..
; munge_subject_threshold=5
subject_prefix=*** SPAM ***
; what to do with incoming messages with X-Spam-* headers
; options are: rename, drop, keep
old_headers_action=rename
; use the SpamAssassin 3.0+ syntax in X-Spam-Status header
; modern: No, score=0.8 required=8.0 tests=...
; legacy: No, hits=0.8 required=8.0 tests=...
modern_status_syntax=1
; Reject all messages with more than this many hits
; reject_threshold=10
; when a connection has relay privileges, the rejection limit
; relay_reject_threshold=7
; How long should we wait for SpamAssassin to answer the socket
; in seconds (default: 30)
;connect_timeout=
; How long should we wait for a result from SpamAssassin
; in seconds (default: 300)
;results_timeout=
; Merge SpamAssassin's headers into the message
;add_headers=true

3
production/haraka-wildduck/haraka/config/spf.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,3 @@
; See 'haraka -h spf' for options
[relay]
context=sender

1
production/haraka-wildduck/haraka/config/tarpit.timeout Archivo ejecutable
Ver fichero

@@ -0,0 +1 @@
0

34
production/haraka-wildduck/haraka/config/tls.ini Archivo normal
Ver fichero

@@ -0,0 +1,34 @@
; See 'haraka -h tls'
key=/secure/privkey.pem
cert=/secure/fullchain.pem
; dhparam=dhparams.pem
; ciphers: a list of permitted ciphers
; The default cipher list is provided by node.js and is considered secure at
; the time of that versions release. If you have problems with the default cipher
; list, try enabling this "kinda high but more compatible" setting.
ciphers=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
; honorCipherOrder=false
; rejectUnauthorized=false
; requestCert=true
; requestOCSP=false
[redis]
; options in this block require redis to be enabled in config/plugins.
; remember when a remote fails STARTTLS. The next time they connect,
; don't offer STARTTLS option (so message gets delivered).
; pro: increases mail reliability
; con: reduces security
; default: false
; disable_for_failed_hosts=true
; no_tls_hosts - disable TLS for servers with broken TLS.
[no_tls_hosts]
; 127.0.0.1
; 192.168.1.1
; 172.16.0.0/16

75
production/haraka-wildduck/haraka/config/tls/tls_cert.pem Archivo normal
Ver fichero

@@ -0,0 +1,75 @@
-----BEGIN CERTIFICATE-----
MIIIVjCCBz6gAwIBAgISA8Jo2I+wm6HN874pZXaJJ2joMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTAzMjQxMTEyNDFaFw0x
OTA2MjIxMTEyNDFaMBgxFjAUBgNVBAMTDWhhdHRoaWV2ZXMuZXMwggIiMA0GCSqG
SIb3DQEBAQUAA4ICDwAwggIKAoICAQDHIrop2jO4CgPl6wtswTN7q0hCpddL1B0I
ucZwhDE8HsxqIqBLU6mbxqxB8Fy8sOPeiGkjpd0T4PXZf0XeChVMyevNw1pLac6x
ORcEZXyjwcglwlk2iAkzqJTLbDlMBM2ngv9zVe1tN9h1cPCbGu5o/LSQd0pxPY0z
7vAQynWXxAFDiFQ9LK0Cii05mxTJwQ6kWWZvuMvaSyxCP4yEQxtLrm9XN7MdwrJW
ufYXE92jXPdWDrADuUjnlvvwBsKLKEnvOqU+Dzc6y/M55qIH4jz008n7IJ65BwGW
yAgYaVAZMRGEPoSQi3uZmk5tqitxRBCPJIDDkr79FO7S7uPxVexQgtG263Z3E8IO
NI1n9RtxrMel1enYqIqXf/1v6FK1XyAaeIGluPJvPdD5tVO7FdGa8Winu5uBSC3g
KYXnxACrQ6HMb9R1EO0mH02PcsJlsqXpwYk3l6tuxgQ2gc61MuvnfJf0s8rdqjI1
Dy0Hyyd1DKQ6yq1mclzLXRqafHHhR1p3IkZsbCMfJX9sEViD0suDCO4T7pkfgoHH
Ru1XPsAqj1HyqGZ+qvqvfrtEGUVRe07TJjrZm7MQeOCGK3oeQ+HSQHP6gc8c8bEK
VysUEDm34lWU+YoGmoSgPkq696LfFow932H0l/8GbpeW1379cMOmqNRtjcKldqs+
bQ+j2yjUfwIDAQABo4IEZjCCBGIwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSZfil2
ea+w5jutRfuqQ2PfUHrcajAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86js
oTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14
My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14
My5sZXRzZW5jcnlwdC5vcmcvMIICGgYDVR0RBIICETCCAg2CGGFwaS1tdXJkb3Qu
aGF0dGhpZXZlcy5lc4IPZGVmYXVsdGRyb3AubmV0ghRkb2NrZXIuaGF0dGhpZXZl
cy5lc4ITZ2l0ZWEuaGF0dGhpZXZlcy5lc4IUaGFkb29wLmhhdHRoaWV2ZXMuZXOC
DWhhdHRoaWV2ZXMuZXOCFGhpZGRlbi5oYXR0aGlldmVzLmVzghJpbWFwLmhhdHRo
aWV2ZXMuZXOCFWplbmtpbnMuaGF0dGhpZXZlcy5lc4ITbGFiLmRlZmF1bHRkcm9w
Lm5ldIIYbGFuZ29zdGluby5oYXR0aGlldmVzLmVzghJtYWlsLmhhdHRoaWV2ZXMu
ZXOCGG11bWJsZS13ZWIuaGF0dGhpZXZlcy5lc4IUbXVyZG90LmhhdHRoaWV2ZXMu
ZXOCEG13LmhhdHRoaWV2ZXMuZXOCEXBhZC5oYXR0aGlldmVzLmVzghFwaWcuaGF0
dGhpZXZlcy5lc4ISc210cC5oYXR0aGlldmVzLmVzghNzb25hci5oYXR0aGlldmVz
LmVzghNzdGF0cy5oYXR0aGlldmVzLmVzghV0bHItYXBpLmhhdHRoaWV2ZXMuZXOC
EXRsci5oYXR0aGlldmVzLmVzghV3ZWJtYWlsLmhhdHRoaWV2ZXMuZXOCEXd3dy5o
YXR0aGlldmVzLmVzghJ5YWN5LmhhdHRoaWV2ZXMuZXMwTAYDVR0gBEUwQzAIBgZn
gQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5s
ZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgB0ftqDMa0z
EJEhnM4lT0Jwwr/9XkIgCMY3NXnmEHvMVgAAAWmvngBDAAAEAwBHMEUCIHpwbOHw
Y5kBY2d6fwrNIaLTRGiSgUvYVQ0LRYhOMhxRAiEA3+pzWzTRxEhh7HTm5FZxPhoN
F/uSR2+tvzT7gLaQy2cAdgBj8tvN6DvMLM8LcoQnV2szpI1hd4+9daY4scdoVEvY
jQAAAWmvngDNAAAEAwBHMEUCIQCG5JuVO7PeKpILRgABsLVvAER+8s4TNMJ+d7KU
IajDMwIgOZi3G0uF0tfp8maGqkwiyLIGbBEKiJiHguMNEbyIwrswDQYJKoZIhvcN
AQELBQADggEBAHYgte/aNIn/F1VoXGDDWsHKteyP/BsPLudYvrciqOYLfoEESM/T
q+vdn/UKpV35B3hzCT7rX7GvkrYP6GAJBgR3CBfMKBcKTU1nipU1Ptol93vssTbk
2NP2TphIxw5zMdO5E0/qMErfV+RXuvzOW7LCHs+NFdw9//K2yYL2KCGpoK9EI1ul
/gu9oD3AE3fN7epbZqfwVIt+OBohqZj8BSpHyUMRTjSmG/vBzv1VggLcMLF1y4tM
7mbO15306U/s1G/g53+Z0+1U6RwVvsBXAvOzKBppo0pIUD6kl37T5f27qTnlbkQI
ksSqqZsZuVcfjar/F4wctnbR+9zyIzDrR88=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

51
production/haraka-wildduck/haraka/config/tls/tls_key.pem Archivo normal
Ver fichero

@@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAxyK6KdozuAoD5esLbMEze6tIQqXXS9QdCLnGcIQxPB7MaiKg
S1Opm8asQfBcvLDj3ohpI6XdE+D12X9F3goVTMnrzcNaS2nOsTkXBGV8o8HIJcJZ
NogJM6iUy2w5TATNp4L/c1XtbTfYdXDwmxruaPy0kHdKcT2NM+7wEMp1l8QBQ4hU
PSytAootOZsUycEOpFlmb7jL2kssQj+MhEMbS65vVzezHcKyVrn2FxPdo1z3Vg6w
A7lI55b78AbCiyhJ7zqlPg83OsvzOeaiB+I89NPJ+yCeuQcBlsgIGGlQGTERhD6E
kIt7mZpObaorcUQQjySAw5K+/RTu0u7j8VXsUILRtut2dxPCDjSNZ/UbcazHpdXp
2KiKl3/9b+hStV8gGniBpbjybz3Q+bVTuxXRmvFop7ubgUgt4CmF58QAq0OhzG/U
dRDtJh9Nj3LCZbKl6cGJN5erbsYENoHOtTLr53yX9LPK3aoyNQ8tB8sndQykOsqt
ZnJcy10amnxx4UdadyJGbGwjHyV/bBFYg9LLgwjuE+6ZH4KBx0btVz7AKo9R8qhm
fqr6r367RBlFUXtO0yY62ZuzEHjghit6HkPh0kBz+oHPHPGxClcrFBA5t+JVlPmK
BpqEoD5Kuvei3xaMPd9h9Jf/Bm6Xltd+/XDDpqjUbY3CpXarPm0Po9so1H8CAwEA
AQKCAgA6F/B1azmxVAKlHXfcx1QsnOBcySLQ9VVvCTtR8c6nOljqEaXvs72EO2Zf
ai6zwWsIrYT2qFmhhfxS8iVAzHJAT5viED6UR47L9tq3JqBA6bRpB5SdKvx8PI8D
9VOV0MTqPHYngIbeWO9l+4fFyAqLSEWo65QlCw7ZerhAPcAmgUDZIblpi1IBrqvY
5VwgK5kI6yfOKfwWd922ifGFWEprPr0ulYpEgVsjn+ah/uKm2OUzDt/chj41ib9/
24j/rcY760DvpOK43WzclGLqp96ekfaXs4F6ewfEpCBwdrCuWLlCejaUMIzjV7fP
mFhKF9A44i5KX9Il5OhzUsveyPFCW7ahdn5Yj4GweStGi+359+WZltcUE1dtLpsV
Q7cXHtzVrx1jgqEEEqN+1qN7gyWQdxzGRl4EV4B9FkVyijKTf2lX4kSsVFCj6Y51
Q497pGVYV5gQkS13O6Oy1Qothh2DFf1ixwBYbmGWAheoTbK340qjuZE4If7YOrQs
aZT5F8Qpste7yUs00rP+Xi8bAgiMGVue+z4XCtukiDyW4IByTV2LLvM5cmklhIWr
1pLHmus9imc7ArnNW5YUU+hz+ITTc5G9dcwezl9uQhPlpEVomHwvgKq4mdNted1D
ub8PoPwfY945Uf8yCDPO6B2qIv0Jmw2sTEDW4EfVcFq0UOs4YQKCAQEA7H8WTRgp
+r1+O8ADikRi0td/UY0LIYe5eDjhcZ/ryRET/rQBQO0VjYcYVhwWgDmy8K2MdSDd
vMpU6NvixJZxV8A44XYg8jPvbw0hgzbPaDtFi6dWBaS/lJ7ahHnBG2Lpvbvx3PRe
PYnumo8OulgdpQjRYUnQi78K5GJO42gtCimigvnGmUdxn9/lx+0D/eXZC/sYahMo
Ya9oIir/K5OZMyq6b2jpq943W+ylIHpBn/7vjg+yvjqOBsIvLl4I7XsbxU8A7L/E
RCEhMHF3EX1l75ALLDkPwQWNZHwDemoBxXowXd7rb4CNbX0XJ3b8HJ0DTe3xabts
5sbK7oM/GqrBLwKCAQEA147hFsWu6Y+aQdVxfxeEmmVReqVdCKvoI6RQx4qX6Rpb
8ZZw9TxHhfSsrmMXQn7AgdiBYlpOax8kD3nmJv5jgqcV8CIsa1qVr8cv36eprkcs
4ZaFZEJe5I17ePksDrXzlt8ACRoETwaB7/tjbf1Jlhbn5w2gfUPxe/65Zco2wMu+
m/yAUYM1ryyZSNnoxAuYebghMs3kQzzh6QMb7TWpgRx10pRpvSiMQH1kvHooguoe
yD23zBEEvKdfVKsul1FbQDoF+Vr2yrH6ua0f0yM/3C+ZZzPWeqR7EsID6wjv9Gcj
2ohV60hBxBaWZdSjcaV40HxrYK6or9S8Oa7BmhwtsQKCAQEA4ee728S7ROKBlH2k
ZA1TAOgMnE/IVC0bw3VCFJGYXyZLHT/A+s39ioWDf62w6Kc1AKYmxzOv28jCNvTj
trmmZxYcv3Fhozps+n1mh7pxgLUth2s+xoFK56KeRXEwPwLLGAxRyqg65Tm+jDEe
9m15U84Kg45JAVRqCSLHDH7UlyKSM954EK6oIPl0uvbymzNVkxY1ig3mwvkU1Z6Q
xIVnD/M+x3FF1ICeDNcOHOnrifOxzNe9++xfAqG3A+mbSY4RRvZigcPkrNegpm+c
Nz67gozrv0B6hfzRxSyY/fQI4SQI04I/DvGTJwUYewAzbvmk0Gn78u2v5vn5msAQ
JV76zQKCAQBo5kJJx7gAN38VLJ8H/1TrogTNz61/q9DTj4I0KREWQlqeLd0YqtYP
rWtfjh9in7ZlOgx05Yel/8iXs3W6Yi/hBBjb/HVrZPDVUvTMPZaIlmCUA6E0kkwF
o4iD7ZZwLkG1mR42T6/rGTqgo9DWVN27qbf/LBV/AFKDSgnFLGwK1NwUowN7J4Q3
lFegKVNqHE5+ZYnaZHIB+p3hvD6Z6HRtvYDlEo6GnDXsqFkek8AlPXPvdIF+UIXi
nPz6gjexMclbbyE7IPZa29QtCcAkCtJn/84CeCqXEnZGQZ6QgY/se0jqb1CIqGhA
2dElCx7jDmjF5NaIfVbgAoH6/D2BFtdxAoIBAQDdmdZTq0ya4+v15gzmuiuPyw50
dY1St/FQkJEHB3pbIKtpyKc7L+chsEvYklTI+SjVCVZENZKWtgDjPx29GNSGNyf+
zTbs8kxuH/a6gP4YZ1PfWSL1mCEybDwyErRfKpfoV0kqeVytkq2XnMSs5kkzBwfZ
dOXCZa6EzkuTjA78n/FKB924fWHrHT5JR1MFi078H2AXwfEZ+bFlsa3D2KCCbrgk
033CJE2hAyGjovCgU+xCMkjPF9jct0o9qO+4Tts06kW/ET0asrHjr9OyJOQ5D4pO
hMF0wOyktFBPj1W63AWv8I6N6mRbWG/jSqATaPucv2VAT6e9J4BUi+SCVVY9
-----END RSA PRIVATE KEY-----

12
production/haraka-wildduck/haraka/config/watch.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,12 @@
; watch - a web interface for viewing Haraka activity
; Sampling:Limit display to 1 connection per second (Default: false)
; sampling=false
[wss]
; url (Default: same URL as HTTP client used)
; The WebSocket client will attempt to connect via the same URI (changing only
; the scheme) as the initial HTTP connection. WSS is stricter than typical
; HTTP so the scheme and hostname *must* match else it silently fails.
;
; url=wss://mail.example.com/

92
production/haraka-wildduck/haraka/config/wildduck.ini Archivo ejecutable
Ver fichero

@@ -0,0 +1,92 @@
## Connect to a master instance or Redis
redis:
port: 6379
host: '172.200.0.102'
db: 3
# password: ""
## Or alternatively, connect to Redis Sentinel
# redis:
# name: "mymaster"
# password: ""
# db: 3
# sentinels:
# - host: "1.2.3.4"
# port: 26379
# - host: "1.2.3.5"
# port: 26379
# - host: "1.2.3.6"
# port: 26379
mongo:
# connection string for main messages database
url: 'mongodb://172.200.0.103:27017/wildduck'
## database name or connection string for the users db
users: 'mongodb://172.200.0.103:27017/wildduck'
## database name or connection string for the attachments db
gridfs: 'mongodb://172.200.0.103:27017/wildduck'
## database name or connection string for the outbound queue
sender: 'mongodb://172.200.0.103:27017/zone-mta'
sender:
# Push messages to ZoneMTA queue for delivery
# if `false` then no messages are sent
enabled: true
# which ZoneMTA queue to use by default. This mostly affects forwarded messages
zone: 'default'
# Collection name for GridFS storage
gfs: 'mail'
# Collection name for the queue
# see [dbs].sender option for choosing correct database to use for ZoneMTA queues
# by default the main wildduck database is used
collection: 'zone-queue'
srs:
# must be shared with ZoneMTA SRS config, otherwise messages sent from ZoneMTA are not recognized by Haraka
secret: 'asecretcat'
attachments:
type: 'gridstore'
bucket: 'attachments'
decodeBase64: true
log:
authlogExpireDays: 30
limits:
windowSize: 3600 # 1 hour
rcptIp: 100 # allowed messages for the same recipient from same IP during window size
rcptWindowSize: 60 # 1 minute
rcpt: 60 # allowed messages for the same recipient during window size
gelf:
enabled: false
component: 'mx'
options:
graylogPort: 12201
graylogHostname: '127.0.0.1'
connection: 'lan'
rspamd:
# do not process forwarding addresses for messages with the following spam score
forwardSkip: 10
# if a message has one of the tags listed here with positive score, the message will be rejected
blacklist:
- DMARC_POLICY_REJECT
# if a message has one of the tags listed here with positive score, the message will be soft rejected
softlist:
- RBL_ZONE
# define special responses
responses:
DMARC_POLICY_REJECT: 'Unauthenticated email from {host} is not accepted due to domain''s DMARC policy'
RBL_ZONE: '[{host}] was found from Zone RBL'

2
production/haraka-wildduck/haraka/config/xclient.hosts Archivo ejecutable
Ver fichero

@@ -0,0 +1,2 @@
# List of IP addresses that are allowed to use XCLIENT
127.0.0.1