how to block incoming emails?

[ghost]

Hi,
So I was read the read.me file, and I'm trying to block some domain
example.com,gmail.com... etc..

i tried this settings
[check]
any=true
conn=false
helo=false
mail=false
rcpt=false

and this
[check]
any=false
conn=false
helo=false
mail=true
rcpt=false

I add the domain to access.domains and to mail_from.access.blacklist.

the plugin is active in config/plugins

but still, with no success, I have missed something??

[msimerson]

Sounds about right, are there any log entries?

[ghost]

yes, get getting logs from dkim_verify/spf/...
but I don't get logs from access for some reason ..
I need the karma plugin? for executing the reject? or some other plugin?
can I connect with you via email?

[msimerson]

If you have the access plugin enabled and a couple of [check] options enabled, you should get log entries like this in your log files:

Jun  9 00:12:32 haraka haraka[96278]: [INFO] [-] [core] Loading plugin: access
Jun  9 00:12:32 haraka haraka[96278]: [INFO] [-] [access] skipping connect.rdns_access.whitelist
Jun  9 00:12:32 haraka haraka[96278]: [INFO] [-] [access] skipping mail_from.access.blacklist
Jun  9 00:12:32 haraka haraka[96278]: [INFO] [-] [access] skipping rcpt_to.access.blacklist
Jun  9 00:12:32 haraka haraka[96278]: [INFO] [-] [access] skipping connect.rdns_access.whitelist_regex
Jun  9 00:12:32 haraka haraka[96278]: [INFO] [-] [access] skipping mail_from.access.whitelist
Jun  9 00:12:32 haraka haraka[96278]: [INFO] [-] [access] skipping rcpt_to.access.whitelist_regex
Jun  9 00:12:32 haraka haraka[96278]: [INFO] [-] [access] skipping connect.rdns_access.blacklist
Jun  9 00:12:32 haraka haraka[96278]: [INFO] [-] [access] skipping mail_from.access.blacklist_regex
Jun  9 00:12:32 haraka haraka[96278]: [INFO] [-] [access] skipping rcpt_to.access.whitelist
Jun  9 00:12:32 haraka haraka[96278]: [INFO] [-] [access] skipping helo.checks.regexps
Jun  9 00:12:32 haraka haraka[96278]: [INFO] [-] [access] skipping connect.rdns_access.blacklist_regex
Jun  9 00:12:32 haraka haraka[96278]: [INFO] [-] [access] skipping mail_from.access.whitelist_regex
Jun  9 00:12:32 haraka haraka[96278]: [INFO] [-] [access] skipping rcpt_to.access.blacklist_regex
Jun  9 00:12:46 haraka haraka[96277]: [INFO] [B27C3572-BE62-41D8-A6A9-C5121CC19AEE] [access] fail:invalid domain: NXDOMAIN, invalid domain: User
Jun  9 00:13:13 haraka haraka[96278]: [INFO] [3CA583FB-3AC0-4ADE-B374-394C9CED59BC] [access] fail:invalid domain: NXDOMAIN, invalid domain: User
Jun  9 00:14:12 haraka haraka[96278]: [INFO] [892C6A9E-BD31-430B-A853-620AEEC96354] [access] msg:unlisted(connect:any), fail:invalid domain: PC-100, invalid domain: PC-100
Jun  9 00:14:22 haraka haraka[96277]: [INFO] [1E3B86DF-1135-4BAA-BA7F-19791D303CCF] [access] fail:invalid domain: NXDOMAIN

[ghost]

what im missing??

[msimerson]

the plugin name is 'access', not ' access' (removing the leading space).

[ghost]

I removed the space from 'access' and installed the cluster again, but nothing change. So there is maybe a setting that I have missed? smtp.ini ?

[ghost]

or npm version?

[ghost]

When I run 'haraka -l' the access plugin doesn't appear on the list.
So I installed the plugin in node_module/Haraka/node_modules/ like all the plugins...

[msimerson]

The access plugin is an optional dependency and is installed by default. I'm not sure why it isn't working for you.

[Infern1]

Seeing the same

 haraka -l
*global
plugins/
	avg
	backscatterer
	block_me
	bounce
	clamd
	data.headers
	data.signatures
	data.uribl
	delay_deny
	dkim_sign
	dkim_verify
	dns_list_base
	dnsbl
	dnswl
	early_talker
	esets
	graph
	greylist
	helo.checks
	mail_from.is_resolvable
	messagesniffer
	prevent_credential_leaks
	process_title
	profile
	rcpt_to.host_list_base
	rcpt_to.in_host_list
	rcpt_to.ldap
	rcpt_to.max_count
	record_envelope_addresses
	relay
	relay_all
	reseed_rng
	spamassassin
	status
	tarpit
	tls
	toobusy
	xclient

plugins/auth/
	auth_base
	auth_bridge
	auth_ldap
	auth_proxy
	auth_vpopmaild
	flat_file

plugins/queue/
	deliver
	discard
	lmtp
	qmail-queue
	quarantine
	rabbitmq
	rabbitmq_amqplib
	smtp_bridge
	smtp_forward
	smtp_proxy
	test

[root@haraka:/data/node_modules/haraka-plugin-access] 127 # ls -la
total 83
drwxr-xr-x    5 root  wheel     13 Oct  3 22:44 .
drwxr-xr-x  154 root  wheel    155 Oct  3 22:44 ..
-rw-r--r--    1 root  wheel    347 Oct  3 22:44 .codeclimate.yml
-rw-r--r--    1 root  wheel    299 Oct  3 22:44 .eslintrc.yaml
drwxr-xr-x    3 root  wheel      4 Oct  3 22:44 .github
-rw-r--r--    1 root  wheel     85 Oct  3 22:44 .gitmodules
-rw-r--r--    1 root  wheel    730 Oct  3 22:44 Changes.md
-rw-r--r--    1 root  wheel   1063 Oct  3 22:44 LICENSE
-rw-r--r--    1 root  wheel   7288 Oct  3 22:44 README.md
drwxr-xr-x    2 root  wheel     16 Oct  3 22:44 config
-rw-r--r--    1 root  wheel  18023 Oct  3 22:44 index.js
-rw-r--r--    1 root  wheel    932 Oct  3 22:44 package.json
drwxr-xr-x    3 root  wheel      4 Oct  3 22:44 test

[root@haraka:/usr/local/lib/node_modules/Haraka/node_modules/haraka-plugin-access] # ls -la
total 91
drwxr-xr-x    5 root  wheel     13 Jul 25 11:00 .
drwxr-xr-x  286 root  wheel    286 Jul 25 11:00 ..
-rw-r--r--    1 root  wheel    347 Jul 25 11:00 .codeclimate.yml
-rw-r--r--    1 root  wheel    299 Jul 25 11:00 .eslintrc.yaml
drwxr-xr-x    3 root  wheel      4 Jul 25 11:00 .github
-rw-r--r--    1 root  wheel     85 Jul 25 11:00 .gitmodules
-rw-r--r--    1 root  wheel    730 Jul 25 11:00 Changes.md
-rw-r--r--    1 root  wheel   1063 Jul 25 11:00 LICENSE
-rw-r--r--    1 root  wheel   7288 Jul 25 11:00 README.md
drwxr-xr-x    2 root  wheel     16 Jul 25 11:00 config
-rw-r--r--    1 root  wheel  18023 Jul 25 11:00 index.js
-rw-r--r--    1 root  wheel    932 Jul 25 11:00 package.json
drwxr-xr-x    3 root  wheel      4 Jul 25 11:00 test
[root@haraka:/usr/local/lib/node_modules/Haraka/node_modules/haraka-plugin-access] # pwd
/usr/local/lib/node_modules/Haraka/node_modules/haraka-plugin-access
[root@haraka:/usr/local/lib/node_modules/Haraka/node_modules/haraka-plugin-access] #

It seems it is somewhat loading, because this is coming from access

#service haraka restart
loaded TLD files:
  1=1470
  2=9768
  3=5119
loaded 9105 Public Suffixes
loaded TLD files:
  1=1470
  2=9768
  3=5119
loaded 9027 Public Suffixes
[root@haraka:/usr/local/lib/node_modules/Haraka/node_modules/haraka-plugin-access] #

[Infern1]

More output:

[INFO] [-] [core] Loading plugin: access
[DEBUG] [-] [core] no timeout in access.timeout
[DEBUG] [-] [core] no timeout in plugin_timeout
[DEBUG] [-] [core] plugin access timeout is: 30s
[DEBUG] [-] [access] skipping helo.checks.regexps
[DEBUG] [-] [core] registered hook connect to access.rdns_access priority 0
[DEBUG] [-] [core] registered hook mail to access.mail_from_access priority 0
[DEBUG] [-] [core] registered hook rcpt to access.rcpt_to_access priority 0
[DEBUG] [-] [core] registered hook connect to access.any priority 0
[DEBUG] [-] [core] registered hook helo to access.any priority 0
[DEBUG] [-] [core] registered hook ehlo to access.any priority 0
[DEBUG] [-] [core] registered hook mail to access.any priority 0
[DEBUG] [-] [core] registered hook rcpt to access.any priority 0
[DEBUG] [-] [core] registered hook data_post to access.data_any priority 0

Seems to give some output now

[DEBUG] [7458E507-957B-425F-A6D8-76206D42EE3A] [access] checking 162.142.125.217 against connect.rdns_access.whitelist
[DEBUG] [7458E507-957B-425F-A6D8-76206D42EE3A] [access] checking 162.142.125.217 against connect.rdns_access.whitelist_regex
[DEBUG] [-] [access] empty file: connect.rdns_access.whitelist_regex
[DEBUG] [7458E507-957B-425F-A6D8-76206D42EE3A] [access] checking scanner-05.ch1.censys-scanner.com against connect.rdns_access.whitelist
[DEBUG] [7458E507-957B-425F-A6D8-76206D42EE3A] [access] checking scanner-05.ch1.censys-scanner.com against connect.rdns_access.whitelist_regex
[DEBUG] [-] [access] empty file: connect.rdns_access.whitelist_regex
[DEBUG] [7458E507-957B-425F-A6D8-76206D42EE3A] [access] checking 162.142.125.217 against connect.rdns_access.blacklist
[DEBUG] [7458E507-957B-425F-A6D8-76206D42EE3A] [access] checking 162.142.125.217 against connect.rdns_access.blacklist_regex
[DEBUG] [-] [access] empty file: connect.rdns_access.blacklist_regex
[DEBUG] [7458E507-957B-425F-A6D8-76206D42EE3A] [access] checking scanner-05.ch1.censys-scanner.com against connect.rdns_access.blacklist
[DEBUG] [7458E507-957B-425F-A6D8-76206D42EE3A] [access] checking scanner-05.ch1.censys-scanner.com against connect.rdns_access.blacklist_regex
[DEBUG] [-] [access] empty file: connect.rdns_access.blacklist_regex