Haraka v0.8.0

With a bunch of help, code and prodding in the right direction from someone at a large company currently testing Haraka (who shall remain nameless until they want to talk about it), I’ve pushed Haraka v0.8.0 to NPM.

Also I don’t know if I announced it here or not, but Haraka now has a mailing list (running in Haraka). Email to get on the list.

Some very useful changes in this release:

- Option to add the mail’s UUID (which is in the log lines) to any 5xx or 4xx error message, allowing much better tracking of rejected mail.
- Added regexp support to rcpt_to.in_host_list plugin and removed the allow_subdomains option (this may break your setup – please be careful when upgrading).
- Allow per-plugin timeouts, and ability to set a plugin to never timeout (though connections still will).
- Logging is now pluggable via hook_log()
- Much improved logging with no more “Getting config” filling your logs constantly, and in LOGPROTOCOL level logging, the data portion is not logged (new log level LOGDATA added for that).
- Added a whitelist config option to rdns.regexp plugin.



Addressing the latest Facebook privacy issue

(This is a non-work post, but Disclaimer: I work for Symantec and regularly talk publicly about security issues)

There’s been lots of talk today online about the latest Facebook privacy debacle whereby they have all your cell phone contacts listed on your “Contacts” page.

Here’s the CAUCE page about it (disclaimer, I’m a director at CAUCE), and here’s Sophos’ take on it (which is inaccurate).

Facebook have been trying to quiet the storm, as people are posting to their status updates for people to disable this.

First, to combat some FUD: Facebook is not sharing this information from you with your friends. Your buddies aren’t going to be able to call up your Grandma.

But what Facebook have entirely ignored, and why this is again an issue, is the question of permission.

I have two phones. One is a work phone (BlackBerry), and one is my personal iPhone. The only phone the contacts I had listed on Facebook came from is my BlackBerry, which is good, because I have a lot of random old numbers in my iPhone (don’t ask!).

So what happened here? I believe that the latest BlackBerry Facebook app (which recently underwent a major upgrade) automatically set the preference to sync contacts with Facebook. Now it may very well have been in the multi-page user agreement that I accepted, but yes I admit, I don’t read those things. And those agreements don’t even appear on the iPhone version, because, and here’s the fundamental difference I guess: the iPhone version doesn’t transparently change your preferences.

Facebook needs to stop that. I don’t care if it’s useful, or if you’re not sharing it with anyone else. I don’t want you uploading my contacts to your servers without ASKING me first.

It’s that simple. And this is why there are laws against what they have done in various countries, and why this will probably result in yet another lawsuit against them.

Rant over.


Javascript’s “this” makes OO callbacks a pain

One thing I’ve learned since doing a lot of Javascript coding is that mixing the callback style of coding and OO is a bit of a pain.

When issuing a callback that you want to be a method on this rather than a plain function, you need to copy this into a variable so that it can be a regular closure variable. Here’s a typical example (slightly edited) from haraka:

var self = this;
hmail.on('ready', function() { self.load_queue_files(param1, param2) });

Whereas if you weren’t using OO, you could use a regular function (assuming no params are required):

hmail.on('ready', load_queue_files);

Now I could create some sort of sugar for this, so I could do:

hmail.on('ready', lambdoo(this, "load_queue_files", param1, param2))

However it’s not really that much nicer, and I worry it would confuse the V8 optimizer (though this is a case of my brain doing premature optimisation). This can be implemented as follows:

function lambdoo (object, method) {
var args = [];
for (var i=2; i < arguments.length; i++) {
return function () { object[method].apply(object, args) }

Now that doesn’t deal with any params passed to the outer function (like “err”), but that can be doable too with a bit more usage of “arguments”.

What’s probably needed is some pre-parser sugar that can take something like this:

hmail.on('ready', lambdoo this.load_queue_files(param1, param2)) // just DWIM

I call it “lambdoo” after “lambda” but with an OO context.

I guess this is the kind of thing solved by coffeescript, but I haven’t looked into it too deeply.


Haraka 0.7.0

Just a very quick post to announce Haraka v0.7.0.

A number of bugs were uncovered recently due to a large scale host doing some testing (more on that if they ever get to go public with it). Those are now fixed. I’ve improved the outbound subsystem and added a hook for bouncing mail (at SMTP time) so you can log things or do something when/if that happens.

Haraka now also has a mailing list (running on Haraka, of course). You can subscribe at

Not everything is working with the mailing list just yet, but it’s getting there, and improving all the time.