7.7.1. Per message¶
The per-message end-of-DATA script is executed once, when the message is fully received (but not yet accepted).
To relay the message for all recipients, call EODMailMessage.queue() for each $transaction["recipients"] and then Accept().
7.7.1.1. Variables¶
These are the pre-defined variables available.
| Variable | Type | Read-only | Description |
|---|---|---|---|
| $arguments | array | yes | Context/hook arguments |
| $connection | array | yes | Connection/session bound |
| $transaction | array | yes | Transaction bound |
| $context | any | no | Connection bound user-defined (default none) |
7.7.1.1.1. Arguments¶
| Array item | Type | Example | Description |
|---|---|---|---|
EODMailMessage |
An instance of the mail message |
7.7.1.1.2. Connection¶
| Array item | Type | Example | Description |
|---|---|---|---|
| id | string | “18c190a3-93f-47d7-bd...” | ID of the connection |
| remoteip | string | “192.168.1.11” | IP address of the connected client |
| remoteport | number | 41666 | TCP port of connected client |
| remoteptr | string | “mail.example.org” | Reverse DNS (FCrDNS) for remoteip (not always available) |
| remoteuid | number | 106 | UNIX socket remote user id (not always available) |
| localip | string | “10.0.0.1” | IP address of the server |
| localport | number | 25 | TCP port of the server |
| serverid | string | “inbound” | ID of the server |
| helo | array | HELO information (not always available) | |
| tls | array | TLS information (if TLS was started) | |
| auth | array | AUTH information (not always available) |
7.7.1.1.2.1. HELO¶
| Array item | Type | Example | Description |
|---|---|---|---|
| verb | string | “EHLO” | HELO or EHLO command |
| host | string | “mail.example.com” | HELO hostname |
7.7.1.1.2.2. TLS¶
| Array item | Type | Example | Description |
|---|---|---|---|
| protocol | string | “TLSv1.3” | The protocol |
| cipher | string | “ECDHE-RSA-AES256-SHA384” | The cipher |
| keysize | number | 256 | The keysize |
| peercert | array | The peer certificate (if provided by the client) |
7.7.1.1.2.3. AUTH¶
| Array item | Type | Example | Description |
|---|---|---|---|
| mechanism | string | “PLAIN” | SASL mechanism (always in uppercase) |
| username | string | “mailuser” | SASL username (not always available) |
7.7.1.1.3. Transaction¶
| Array item | Type | Example | Description |
|---|---|---|---|
| id | string | “18c190a3-93f-47d7-bd...” | ID of the transaction |
| ts | number | 1575558785.1234 | Unix time of transaction |
| sender | string | “test@example.org” | Sender address (envelope), lowercase |
| senderaddress | array | [“localpart” => “test”...] | Sender address (envelope) |
| senderparams | array | [“SIZE” => “2048”, ... ] | Sender parameters to the envelope address (keys will always be in uppercase) |
| recipients | array | [recipient, ...] | List of all accepted recipients (envelope), in order of scanning |
7.7.1.1.3.1. Recipient¶
| Array item | Type | Example | Description |
|---|---|---|---|
| recipient | string | “test@example.com” | Recipient address (envelope), lowercase |
| address | array | [“localpart” => “test”...] | Recipient address (envelope) |
| params | array | [“NOTIFY” => “NEVER”, .. ] | Recipient parameters to the envelope address (keys will always be in uppercase) |
| transportid | string | “inbound” | Transport ID for recipient |
7.7.1.1.3.2. Address¶
| Array item | Type | Example | Description |
|---|---|---|---|
| localpart | string | “test” | Local part of address |
| domain | string | “example.org” | Domain part of address |
7.7.1.2. Functions¶
- Actions
Accept()Reject()Defer() - Logging
History() - DATA, MIME and attachments
EODMailMessageMIMEPart - Embedded scanning
ScanDMARC()ScanDLP()
7.7.1.2.1. Actions¶
-
Accept([options])¶ Accept the DATA command (mail data).
Returns: doesn’t return, script is terminated The following options are available in the options array.
- reason (string or array) The reason to report. The default is a system generated message.
- reply_codes (array) The array may contain code (number) and enhanced (array of three numbers). The default is pre-defined.
-
Reject([reason[, options]])¶ Reject (550) a message.
Parameters: - reason (string or array) – reject message with reason
- options (array) – an options array
Returns: doesn’t return, script is terminated
The following options are available in the options array.
- disconnect (boolean) Disconnect the client. The default is
false. - reply_codes (array) The array may contain code (number) and enhanced (array of three numbers). The default is pre-defined.
-
Defer([reason[, options]])¶ Defer (421) a message.
Parameters: - reason (string or array) – defer message with reason
- options (array) – an options array
Returns: doesn’t return, script is terminated
The following options are available in the options array.
- disconnect (boolean) Disconnect the client. The default is
false. - reply_codes (array) The array may contain code (number) and enhanced (array of three numbers). The default is pre-defined.
7.7.1.2.2. Logging¶
-
History(action, recipient[, options])¶ Add an entry to the history database table. This function is only available in the full system distribution (virtual machine) package. For long-term logging in high volume systems, remote logging to an external database such as Elasticsearch is recommended.
Parameters: - action (string) – the logged action; either of REJECT, DELETE, DELIVER, DEFER or ERROR
- recipient (string or array) – the recipient email address, either as a string or an associative array with a
localpartanddomain - options (array) – an options array
Returns: true (or none)
Return type: boolean or none
The following options are available in the options array.
- sender (string or array) the sender email address, either as a string or an associative array with a
localpartanddomain. The default is$transaction["senderaddress"] - metadata (array) add metadata to the history entry, as a key-value pair array of strings
- transportid (string) the transport profile ID
- reason (string) reason message
7.7.1.2.3. DATA, MIME and attachments¶
-
class
EODMailMessage: MailMessage¶
In the EOD once context the MailMessage class has been extended with one additional function; EODMailMessage.queue().
queue(sender, recipient, transportid[, options])¶Queue the message.
Parameters:
- sender (string or array) – the sender email address, either as a string or an associative array with a
localpartanddomain- recipient (string or array) – the recipient email address, either as a string or an associative array with a
localpartanddomain- transportid (string) – the transport profile ID
- options (array) – an options array
Returns: an id object (with
transactionandqueue)Return type: array
The following options are available in the options array.
- metadata (array) Add metadata to the queued message, as a key-value pair array of strings.
- hold (boolean) Put the message in the hold (inactive) queue. The default is
false.- jobid (string) Assign a jobid the message.
- quotas (array) An array of quotas to be associated with the message, for use with
queue_quota().- delay (number) Delay the first delivery attempt, in seconds. The default is
0.- dsn (array) Associative array of
envid(string),ret(string),notify(string) andorcpt(string).
7.7.1.2.4. DKIM¶
These are DKIM-related functions, including DMARC. Other modules, such as ARC, is available in the authentication folder of the script library.
-
ScanDMARC([options])¶ Returns the DMARC policy to apply to the message for the From-address. It will return an associative array containing the domain as result. If the domain cannot be properly extracted or missing an error message will be returned.
Parameters: options (array) – options array Returns: associative array containing the domain and result or an error. Return type: array or string The following options are available in the options array.
- ip (string) Override the client ip for SPF lookup.
- helo (string) Override the helo host for SPF lookup.
- domain (string) Override the mail from domain for SPF lookup.
“permerror” An unknown error occurred (more details may be available in the log) [“example.com” => “temperror”] A temporary error occurred (but the domain was known) [“example.com” => “policy_absent”] No DMARC policy for domain [“example.com” => “pass”] The DMARC passed [“example.com” => “none”] The policy resulted in none [“example.com” => “reject”] The policy resulted in reject [“example.com” => “quarantine”] The policy resulted in quarantine
7.7.1.2.5. Embedded content scanning¶
These functions scan the message file using various engines.
While the DLP engine dlpd is included in all software packages, the embedded anti-spam and anti-virus engines are available in the integrations library.
-
ScanDLP([patterns[, options]])¶ Scan a message using the builtin DLP engine.
Parameters: - patterns (array) – array of pre-configured rules or an array of custom rules
- options (array) – options array
Returns: all patterns found (may include ERR_ rules even if not explicitly given in the patterns argument)
Return type: array
The following options are available in the options array.
- stop_on_match (boolean) processing the mail when one match (of the requested type) is found. The default is
false. - timeout (number) set an approximate timeout time in seconds. The default in no timeout.
- recursion_limit (number) how deep to dig through MIME trees, archive files (such as ZIP), etc. The default is
9. - partid (boolean) return a data structure with the partid where the pattern is found. The default is
false. - extended_result (boolean) Return extended results. The default is
false.
The following results are available in the extended results array.
- rules (array) The rules matched
On error the following items are available.
- error (boolean) Indicates if there was an error during the scanning
The patterns array may either be an array of pre-configured rules by name.
["RULE1", "RULE2", ...]
Or a custom rule with the patterns provided. A custom rule may contain multiple types (eg. filename, sha1hash etc.) with multiple patterns each. The available types may be extracted from the DLP configuration.
["RULE1" => ["filename" => ["/\\.exe$/i", "/\\.zip$/i"], "sha1hash" => ["..."]], ...]
Warning
Do not allow untrusted users to add custom regular expression, since not all regular expressions are safe. All user data should be escaped using
pcre_quote()before compiled into a regular expression.There are some builtin rules which may occur.
Builtin rules Description ERR_UNKNOWN_ERROR An unknown error occurred (more details may be available in the log) ERR_PASSWORD_PROTECTED The archive is password protected ERR_RECURSION_LIMIT The archive is too nested