Fixes issue in the outbound local mx check introduced in #3002 (#3010)

* prevent local delivery loop when target exchange resolves to a local hostname * fix mx_lookup call to is_local_host * bumped haraka-net-utils required version to ^1.3.3 Co-authored-by: Matt Simerson <[email protected]>
haraka · Jan 6, 2022 · 4afc7b1 · 4afc7b1
1 parent 786daac
commit 4afc7b1
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 7 deletions.
diff --git a/outbound/mx_lookup.js b/outbound/mx_lookup.js
@@ -24,7 +24,7 @@ exports.lookup_mx = function lookup_mx (domain, cb) {
 
     // default wrap_mx just returns our object with "priority" and "exchange" keys
     let wrap_mx = a => a;
-    function process_dns (err, addresses) {
+    async function process_dns (err, addresses) {
         if (err) {
             if (err.code === 'ENODATA' || err.code === 'ENOTFOUND') {
                 // Most likely this is a hostname with no MX record
@@ -35,7 +35,10 @@ exports.lookup_mx = function lookup_mx (domain, cb) {
         }
         else if (addresses && addresses.length) {
             for (let i=0,l=addresses.length; i < l; i++) {
-                if (obc.cfg.local_mx_ok || !net_utils.is_local_host(addresses[i].exchange)) {
+                if (
+                    obc.cfg.local_mx_ok ||
+                    await net_utils.is_local_host(addresses[i].exchange).catch(() => null) === false
+                ) {
                     const mx = wrap_mx(addresses[i]);
                     mxs.push(mx);
                 }
@@ -49,15 +52,15 @@ exports.lookup_mx = function lookup_mx (domain, cb) {
         return 1;
     }
 
-    net_utils.get_mx(domain, (err, addresses) => {
-        if (process_dns(err, addresses)) return;
+    net_utils.get_mx(domain, async (err, addresses) => {
+        if (await process_dns(err, addresses)) return;
 
         // if MX lookup failed, we lookup an A record. To do that we change
         // wrap_mx() to return same thing as resolveMx() does.
         wrap_mx = a => ({priority:0,exchange:a});
         // IS: IPv6 compatible
-        dns.resolve(domain, (err2, addresses2) => {
-            if (process_dns(err2, addresses2)) return;
+        dns.resolve(domain, async (err2, addresses2) => {
+            if (await process_dns(err2, addresses2)) return;
 
             err2 = new Error("Found nowhere to deliver to");
             err2.code = 'NOMX';

diff --git a/package.json b/package.json
@@ -36,7 +36,7 @@
     "haraka-config"         : "^1.0.20",
     "haraka-constants"      : "^1.0.5",
     "haraka-dsn"            : "^1.0.3",
-    "haraka-net-utils"      : "^1.3.2",
+    "haraka-net-utils"      : "^1.3.3",
     "haraka-notes"          : "^1.0.4",
     "haraka-plugin-redis"   : "^1.0.12",
     "haraka-results"        : "^2.0.3",