7.7.1. Per message
The per-message end-of-DATA script is executed once, when the message is fully received (but not yet accepted).
To relay the message for all recipients, call EODMailMessage.queue() for each $transaction["recipients"] and then Accept().
7.7.1.1. Variables
These are the pre-defined variables available.
Variable |
Type |
Read-only |
Description |
|---|---|---|---|
array |
yes |
Context/hook arguments |
|
array |
yes |
Connection/session bound |
|
array |
yes |
Transaction bound |
|
$context |
any |
no |
Connection bound user-defined (default none) |
7.7.1.1.1. Arguments
Array item |
Type |
Example |
Description |
|---|---|---|---|
An instance of the mail message |
7.7.1.1.2. Connection
Array item |
Type |
Example |
Description |
|---|---|---|---|
id |
string |
“18c190a3-93f-47d7-bd…” |
ID of the connection |
remoteip |
string |
“192.168.1.11” |
IP address of the connected client |
remoteport |
number |
41666 |
TCP port of connected client |
remoteptr |
string |
“mail.example.org” |
Reverse DNS (FCrDNS) for remoteip (not always available) |
remoteuid |
number |
106 |
UNIX socket remote user id (not always available) |
localip |
string |
“10.0.0.1” |
IP address of the server |
localport |
number |
25 |
TCP port of the server |
serverid |
string |
“inbound” |
ID of the server |
array |
HELO information (not always available) |
||
array |
TLS information (if TLS was started) |
||
array |
AUTH information (not always available) |
7.7.1.1.2.1. HELO
Array item |
Type |
Example |
Description |
|---|---|---|---|
verb |
string |
“EHLO” |
HELO or EHLO command |
host |
string |
“mail.example.com” |
HELO hostname |
7.7.1.1.2.2. TLS
Array item |
Type |
Example |
Description |
|---|---|---|---|
protocol |
string |
“TLSv1.3” |
The protocol |
cipher |
string |
“ECDHE-RSA-AES256-SHA384” |
The cipher |
keysize |
number |
256 |
The keysize |
sni |
string |
“example.com” |
The SNI hostname (not always available) |
array |
The peer certificate (if provided by the client) |
7.7.1.1.2.2.1. Peercert
Array item |
Type |
Example |
Description |
|---|---|---|---|
x509 |
X509Resource |
An X509Resource to be used with the |
|
error |
number |
18 |
The peer certificate validation error (see OpenSSLs SSL_get_verify_result(3)) |
7.7.1.1.2.3. AUTH
Array item |
Type |
Example |
Description |
|---|---|---|---|
mechanism |
string |
“PLAIN” |
SASL mechanism (always in uppercase) |
username |
string |
“mailuser” |
SASL username (not always available) |
7.7.1.1.3. Transaction
Array item |
Type |
Example |
Description |
|---|---|---|---|
id |
string |
“18c190a3-93f-47d7-bd…” |
ID of the transaction |
ts |
number |
1575558785.1234 |
Unix time of transaction |
sender |
string |
“test@example.org” |
Sender address (envelope), lowercase |
array |
[“localpart” => “test”…] |
Sender address (envelope) |
|
senderparams |
array |
[“SIZE” => “2048”, … ] |
Sender parameters to the envelope address (keys will always be in uppercase) |
recipients |
array |
[recipient, …] |
List of all accepted recipients (envelope), in order of scanning |
7.7.1.1.3.1. Recipient
Array item |
Type |
Example |
Description |
|---|---|---|---|
recipient |
string |
“test@example.com” |
Recipient address (envelope), lowercase |
array |
[“localpart” => “test”…] |
Recipient address (envelope) |
|
params |
array |
[“NOTIFY” => “NEVER”, .. ] |
Recipient parameters to the envelope address (keys will always be in uppercase) |
transportid |
string |
“inbound” |
Transport ID for recipient |
7.7.1.1.3.2. Address
Array item |
Type |
Example |
Description |
|---|---|---|---|
localpart |
string |
“test” |
Local part of address |
domain |
string |
“example.org” |
Domain part of address |
7.7.1.2. Functions
Logging
History()DATA, MIME and attachments
EODMailMessageMIMEPartEmbedded scanning
ScanDMARC()ScanDLP()
7.7.1.2.1. Actions
- eodonce.Accept([options])
Accept the DATA command (mail data).
- Returns
doesn’t return, script is terminated
The following options are available in the options array.
reason (string or array) The reason to report. The default is a system generated message.
reply_codes (array) The array may contain code (number) and enhanced (array of three numbers). The default is pre-defined.
- eodonce.Reject([reason[, options]])
Reject (550) a message.
- Parameters
reason (string or array) – reject message with reason
options (array) – an options array
- Returns
doesn’t return, script is terminated
The following options are available in the options array.
disconnect (boolean) Disconnect the client. The default is
false.reply_codes (array) The array may contain code (number) and enhanced (array of three numbers). The default is pre-defined.
- eodonce.Defer([reason[, options]])
Defer (421) a message.
- Parameters
reason (string or array) – defer message with reason
options (array) – an options array
- Returns
doesn’t return, script is terminated
The following options are available in the options array.
disconnect (boolean) Disconnect the client. The default is
false.reply_codes (array) The array may contain code (number) and enhanced (array of three numbers). The default is pre-defined.
7.7.1.2.2. Logging
- eodonce.History(action, recipient[, options])
Add an entry to the history database table. This function is only available in the full system distribution (virtual machine) package. For long-term logging in high volume systems, remote logging to an external database such as Elasticsearch is recommended.
- Parameters
action (string) – the logged action; either of REJECT, DELETE, DELIVER, DEFER or ERROR
recipient (string or array) – the recipient email address, either as a string or an associative array with a
localpartanddomainoptions (array) – an options array
- Returns
true (or none)
- Return type
boolean or none
The following options are available in the options array.
sender (string or array) the sender email address, either as a string or an associative array with a
localpartanddomain. The default is$transaction["senderaddress"]metadata (array) add metadata to the history entry, as a key-value pair array of strings
transportid (string) the transport profile ID
reason (string) reason message
7.7.1.2.3. DATA, MIME and attachments
-
class EODMailMessage : MailMessage
In the EOD once context the MailMessage class has been extended with one additional function; EODMailMessage.queue().
- EODMailMessage.queue(sender, recipient, transportid[, options])
Queue the message.
- Parameters
sender (string or array) – the sender email address, either as a string or an associative array with a
localpartanddomainrecipient (string or array) – the recipient email address, either as a string or an associative array with a
localpartanddomaintransportid (string) – the transport profile ID
options (array) – an options array
- Returns
an id object (with
transactionandqueue)- Return type
array
The following options are available in the options array.
metadata (array) Add metadata to the queued message, as a key-value pair array of strings.
hold (boolean) Put the message in the hold (inactive) queue. The default is
false.jobid (string) Assign a jobid the message.
quotas (array) An array of quotas to be associated with the message, for use with
queue_quota().delay (number) Delay the first delivery attempt, in seconds. The default is
0.dsn (array) Associative array of
envid(string),ret(string),notify(string) andorcpt(string).
7.7.1.2.4. DKIM
These are DKIM-related functions, including DMARC. Other modules, such as ARC, is available in the authentication folder of the script library.
- eodonce.ScanDMARC([options])
Returns the DMARC policy to apply to the message for the From-address. It will return an associative array containing the domain as result. If the domain cannot be properly extracted or missing an error message will be returned.
- Parameters
options (array) – options array
- Returns
associative array containing the domain and result or an error.
- Return type
array or string
The following options are available in the options array.
ip (string) Override the client ip for SPF lookup.
helo (string) Override the helo host for SPF lookup.
domain (string) Override the mail from domain for SPF lookup.
“permerror”
An unknown error occurred (more details may be available in the log)
[“example.com” => “temperror”]
A temporary error occurred (but the domain was known)
[“example.com” => “policy_absent”]
No DMARC policy for domain
[“example.com” => “pass”]
The DMARC passed
[“example.com” => “none”]
The policy resulted in none
[“example.com” => “reject”]
The policy resulted in reject
[“example.com” => “quarantine”]
The policy resulted in quarantine
7.7.1.2.5. Embedded content scanning
These functions scan the message file using various engines.
While the DLP engine dlpd is included in all software packages, the embedded anti-spam and anti-virus engines are available in the integrations library.
- eodonce.ScanDLP([patterns[, options]])
Scan a message using the builtin DLP engine.
- Parameters
patterns (array) – array of pre-configured rules or an array of custom rules
options (array) – options array
- Returns
all patterns found (may include ERR_ rules even if not explicitly given in the patterns argument)
- Return type
array
The following options are available in the options array.
stop_on_match (boolean) processing the mail when one match (of the requested type) is found. The default is
false.timeout (number) set an approximate timeout time in seconds. The default in no timeout.
recursion_limit (number) how deep to dig through MIME trees, archive files (such as ZIP), etc. The default is
9.partid (boolean) return a data structure with the partid where the pattern is found. The default is
false.extended_result (boolean) Return extended results. The default is
false.
The following results are available in the extended results array.
rules (array) The rules matched
On error the following items are available.
error (boolean) Indicates if there was an error during the scanning
The patterns array may either be an array of pre-configured rules by name.
["RULE1", "RULE2", ...]
Or a custom rule with the patterns provided. A custom rule may contain multiple types (eg. filename, sha1hash etc.) with multiple patterns each. The available types may be extracted from the DLP configuration.
["RULE1" => ["filename" => ["/\\.exe$/i", "/\\.zip$/i"], "sha1hash" => ["..."]], ...]
Warning
Do not allow untrusted users to add custom regular expression, since not all regular expressions are safe. All user data should be escaped using
pcre_quote()before compiled into a regular expression.There are some builtin rules which may occur.
Builtin rules
Description
ERR_UNKNOWN_ERROR
An unknown error occurred (more details may be available in the log)
ERR_PASSWORD_PROTECTED
The archive is password protected
ERR_RECURSION_LIMIT
The archive is too nested
7.7.1.3. On script error
On script error Defer() is called.
7.7.1.4. On implicit termination
If not explicitly terminated then Defer() is called and no recipients will be queued.