{"id":15031279,"url":"https://github.com/haraka/haraka","last_synced_at":"2026-06-13T00:01:45.523Z","repository":{"id":508523,"uuid":"1464380","full_name":"haraka/Haraka","owner":"haraka","description":"A fast, highly extensible, and event driven SMTP server","archived":false,"fork":false,"pushed_at":"2026-06-12T19:18:23.000Z","size":9878,"stargazers_count":5579,"open_issues_count":3,"forks_count":704,"subscribers_count":140,"default_branch":"master","last_synced_at":"2026-06-12T21:17:25.461Z","etag":null,"topics":["dkim","haraka","javascript","mta","nodejs","smtp","spf"],"latest_commit_sha":null,"homepage":"https://haraka.github.io","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/haraka.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"msimerson"}},"created_at":"2011-03-10T17:00:20.000Z","updated_at":"2026-06-12T14:11:36.000Z","dependencies_parsed_at":"2026-02-21T01:01:28.579Z","dependency_job_id":null,"html_url":"https://github.com/haraka/Haraka","commit_stats":{"total_commits":3491,"total_committers":214,"mean_commits":"16.313084112149532","dds":0.615869378401604,"last_synced_commit":"c4ee966dc6955113d1cd6a819d88244ec94f3238"},"previous_names":[],"tags_count":108,"template":false,"template_full_name":null,"purl":"pkg:github/haraka/Haraka","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/haraka%2FHaraka","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/haraka%2FHaraka/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/haraka%2FHaraka/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/haraka%2FHaraka/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/haraka","download_url":"https://codeload.github.com/haraka/Haraka/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/haraka%2FHaraka/sbom","scorecard":{"id":455488,"data":{"date":"2025-08-11","repo":{"name":"github.com/haraka/Haraka","commit":"6f6668e71158c343a93c10f67cf1aaa4d96408b6"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.8,"checks":[{"name":"Code-Review","score":4,"reason":"Found 12/30 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":9,"reason":"5 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql.yml:1","Warn: no topLevel permission defined: .github/workflows/coverage.yml:1","Warn: no topLevel permission defined: .github/workflows/release-branch.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/haraka/Haraka/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/haraka/Haraka/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/haraka/Haraka/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/haraka/Haraka/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/codeql.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/haraka/Haraka/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/haraka/Haraka/coverage.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/haraka/Haraka/coverage.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/haraka/Haraka/coverage.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/haraka/Haraka/coverage.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-branch.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/haraka/Haraka/release-branch.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-branch.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/haraka/Haraka/release-branch.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:16: pin your Docker image by updating phusion/baseimage:focal-1.2.0 to phusion/baseimage:focal-1.2.0@sha256:19bafc4157ef042b1a62dd92e9347e3c6bd396ebf00c7dd1a32c9e02fb5d0928","Warn: npmCommand not pinned by hash: Dockerfile:37","Warn: npmCommand not pinned by hash: Dockerfile:41","Warn: npmCommand not pinned by hash: .github/workflows/coverage.yml:22","Warn: npmCommand not pinned by hash: .github/workflows/coverage.yml:25","Warn: npmCommand not pinned by hash: .github/workflows/release-branch.yml:23","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 third-party GitHubAction dependencies pinned","Info:   0 out of   5 npmCommand dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (27) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-19T09:29:13.723Z","repository_id":508523,"created_at":"2025-08-19T09:29:13.723Z","updated_at":"2025-08-19T09:29:13.723Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34266916,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-12T02:00:06.859Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dkim","haraka","javascript","mta","nodejs","smtp","spf"],"created_at":"2024-09-24T20:15:21.361Z","updated_at":"2026-06-13T00:01:45.495Z","avatar_url":"https://github.com/haraka.png","language":"JavaScript","funding_links":["https://github.com/sponsors/msimerson"],"categories":[],"sub_categories":[],"readme":"# Haraka — a Node.js Mail Server\n\n[![Build][ci-img]][ci-url] [![Cover][cov-img]][cov-url] [![Qlty][qlty-img]][qlty-url]\n\nHaraka is a highly scalable [Node.js][1] SMTP server with a modular plugin architecture. It handles thousands of concurrent connections and delivers thousands of messages per second. Haraka and its plugins are written in asynchronous JavaScript, optimised for throughput and low latency.\n\nHaraka offers strong spam protection (see [Plugins.md][plugins]) and is widely deployed as a filtering [MTA][3] or as a [MSA][5] on port 465 (and legacy 587) with the auth and [DKIM][6] plugins enabled.\n\nHaraka is not a mail store, an [LDA][7], or an IMAP server. It is designed to work **alongside** those systems. A scalable outbound delivery engine is built in: mail flagged as `relaying` (for example, by an auth plugin) is queued for\noutbound delivery automatically.\n\n## Plugin Architecture\n\nHaraka's defining feature is its plugin system. Every SMTP transaction is a sequence of well-defined hooks — `connect`, `helo`, `mail`, `rcpt`, `data`, `data_post`, `queue`, and more — and each hook can be extended with a few lines of JavaScript. Plugins are asynchronous by default, so a slow lookup against DNS, Redis, or an HTTP API never blocks the server.\n\nThe result is that behaviours which would require a custom MTA elsewhere are typically a small file in Haraka. For example, accepting qmail-style tagged addresses (`user-anything@domain.com`) and rewriting them to `user@domain.com` before forwarding to an Exchange or IMAP backend looks roughly like this:\n\n```js\nexports.hook_rcpt = (next, connection, params) =\u003e {\n  const rcpt = params[0]\n  const [user] = rcpt.user.split('-')\n  rcpt.user = user\n  next()\n}\n```\n\nA comprehensive registry of community and core plugins — auth, DNSBLs, DKIM, SpamAssassin, rspamd, Redis, ClamAV, queue backends, and many others — lives in [Plugins.md][plugins]. To write your own, see the [plugin tutorial][tutorial].\n\n## Documentation\n\n- [Plugins.md][plugins] — plugin registry and configuration reference\n- [docs/][docs] — core documentation (Connection, Transaction, Outbound, …)\n- [Tutorial][tutorial] — step-by-step getting started guide\n- [CHANGELOG.md][changelog] — release notes\n- [SECURITY.md][security] — security policy and reporting\n\n## Getting Help\n\n- [GitHub Issues][issues]\n- [Mailing list][mailing-list] (implemented as a Haraka plugin)\n- [Screencast: Getting started with Haraka][screencast]\n\n## Installation\n\nHaraka requires [Node.js][1]. Install via [npm][npm]:\n\n```sh\nnpm install -g Haraka\n```\n\nCreate a service directory:\n\n```sh\nharaka -i /path/to/haraka_test\n```\n\nThis creates `haraka_test` with `config/` and `plugins/` subdirectories and sets the host name from `hostname(1)`. Edit `config/host_list` to add the domains for which Haraka should accept mail.\n\nStart Haraka:\n\n```sh\nharaka -c /path/to/haraka_test\n```\n\n## Configuration\n\nEdit `config/plugins` to select active plugins. By default, mail addressed to domains in `config/host_list` is accepted and forwarded via the `smtp-forward` plugin (configured in `config/smtp_forward.ini`).\n\nPer-plugin documentation is available via:\n\n```sh\nharaka -h plugins/\u003cname\u003e\n```\n\nSee [Plugins.md][plugins] for the full registry.\n\n## Running from Source\n\n```sh\ngit clone https://github.com/haraka/Haraka.git\ncd Haraka\nnpm install\nnode haraka.js\n```\n\n## Authorship and Maintenance\n\nHaraka was created by [Matt Sergeant][matt-sergeant] (`baudehlo`), formerly project leader of [SpamAssassin][spamassassin] and a contributor to [Qpsmtpd][qpsmtpd]. The project is currently maintained by\n[Matt Simerson][msimerson] (`msimerson`).\n\nHaraka is the work of many hands. See [CONTRIBUTORS.md][contributors] for the full list of people who have contributed code, documentation, and plugins.\n\n## License\n\nHaraka is released under the MIT License. See [LICENSE][license] for details.\n\n[1]: https://nodejs.org/\n[3]: https://en.wikipedia.org/wiki/Message_transfer_agent\n[5]: https://en.wikipedia.org/wiki/Message_submission_agent\n[6]: https://github.com/haraka/haraka-plugin-dkim\n[7]: https://en.wikipedia.org/wiki/Mail_delivery_agent\n[npm]: https://www.npmjs.com/package/Haraka\n[plugins]: https://github.com/haraka/Haraka/blob/master/Plugins.md\n[docs]: https://github.com/haraka/Haraka/tree/master/docs\n[tutorial]: https://github.com/haraka/Haraka/blob/master/docs/Tutorial.md\n[changelog]: https://github.com/haraka/Haraka/blob/master/CHANGELOG.md\n[security]: https://github.com/haraka/Haraka/blob/master/SECURITY.md\n[contributors]: https://github.com/haraka/Haraka/blob/master/CONTRIBUTORS.md\n[license]: https://github.com/haraka/Haraka/blob/master/LICENSE\n[issues]: https://github.com/haraka/Haraka/issues\n[mailing-list]: mailto:haraka-sub@harakamail.com\n[screencast]: https://youtu.be/6twKXMAsPsw\n[matt-sergeant]: https://github.com/baudehlo\n[msimerson]: https://github.com/msimerson\n[spamassassin]: https://spamassassin.apache.org/\n[qpsmtpd]: https://github.com/smtpd/qpsmtpd/\n[ci-img]: https://github.com/haraka/Haraka/actions/workflows/ci.yml/badge.svg\n[ci-url]: https://github.com/haraka/Haraka/actions/workflows/ci.yml\n[cov-img]: https://codecov.io/github/haraka/Haraka/coverage.svg\n[cov-url]: https://codecov.io/github/haraka/Haraka\n[qlty-img]: https://qlty.sh/gh/haraka/projects/Haraka/maintainability.svg\n[qlty-url]: https://qlty.sh/gh/haraka/projects/Haraka\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharaka%2Fharaka","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fharaka%2Fharaka","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharaka%2Fharaka/lists"}