Commit 28cb9169 authored by Alberto Bertogli's avatar Alberto Bertogli

test: Add SPF integration test

This patch adds a new integration test to cover SPF checks. The main
goal is not to cover the SPF parsing, since that's handled by the
library already, but the higher level aspects: that the mails are indeed
rejected, that the DSN looks reasonable, etc.
parent 6000d07a
Pipeline #100097625 passed with stages
in 8 minutes and 22 seconds
......@@ -19,6 +19,7 @@ cmd/smtp-check/smtp-check
cmd/spf-check/spf-check
cmd/mda-lmtp/mda-lmtp
cmd/dovecot-auth-cli/dovecot-auth-cli
test/util/minidns
# Test binary, generated during coverage tests.
chasquid.test
......
......@@ -11,7 +11,7 @@ init
export GOTAGS="dnsoverride"
# Launch minidns in the background using our configuration.
minidns --addr=":9053" -zones=zones >> .minidns.log 2>&1 &
minidns_bg --addr=":9053" -zones=zones >> .minidns.log 2>&1
# Two chasquid servers:
......
smtp_address: ":1025"
submission_address: ":1587"
submission_over_tls_address: ":1465"
monitoring_address: ":1099"
mail_delivery_agent_bin: "test-mda"
mail_delivery_agent_args: "%to%"
data_dir: "../.data-A"
mail_log_path: "../.logs-A/mail_log"
smtp_address: ":2025"
submission_address: ":2587"
submission_over_tls_address: ":2465"
monitoring_address: ":2099"
mail_delivery_agent_bin: "test-mda"
mail_delivery_agent_args: "%to%"
data_dir: "../.data-B"
mail_log_path: "../.logs-B/mail_log"
smtp_address: ":1025"
submission_address: ":1587"
submission_over_tls_address: ":1465"
monitoring_address: ":1099"
mail_delivery_agent_bin: "test-mda"
mail_delivery_agent_args: "%to%"
data_dir: "../.data"
mail_log_path: "../.logs/mail_log"
Subject: Prueba desde el test
Crece desde el test el futuro
Crece desde el test
From [email protected]
From: Mail Delivery System <[email protected]>
To: <[email protected]>
Subject: Mail delivery failed: returning message to sender
Message-ID: <chasquid-dsn-*
Date: *
In-Reply-To:
References:
X-Failed-Recipients: [email protected],
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="???????????"
--???????????
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Description: Notification
Content-Transfer-Encoding: 8bit
Delivery of your message to the following recipient(s) failed permanently:
- [email protected]
Technical details:
- "[email protected]" (EMAIL) failed permanently with error:
MAIL+RCPT 550 5.7.23 SPF check failed: matched 'all'
--???????????
Content-Type: message/global-delivery-status
Content-Description: Delivery Report
Content-Transfer-Encoding: 8bit
Reporting-MTA: dns; srv-a
Original-Recipient: utf-8; [email protected]
Final-Recipient: utf-8; [email protected]
Action: failed
Status: 5.0.0
Diagnostic-Code: smtp; MAIL+RCPT 550 5.7.23 SPF check failed: matched 'all'
--???????????
Content-Type: message/rfc822
Content-Description: Undelivered Message
Content-Transfer-Encoding: 8bit
Received: from localhost
by srv-A (chasquid) with ESMTPSA
tls *
(over *
; *
From: [email protected]
Date: *
Subject: Prueba desde el test
Crece desde el test el futuro
Crece desde el test
--???????????--
srv-A localhost
srv-B localhost
account default
host srv-A
port 1587
tls on
tls_trust_file A/certs/srv-A/fullchain.pem
from [email protected]
auth on
user [email protected]
password userA
#!/bin/bash
# Test SPF resolution, which requires overriding DNS server.
# Note this aims at providing some general end to end coverage, as well as the
# main gaps.
set -e
. $(dirname ${0})/../util/lib.sh
init
# Build with the DNS override, so we can fake DNS records.
export GOTAGS="dnsoverride"
# Two chasquid servers:
# A - listens on :1025, hosts srv-A
# B - listens on :2025, hosts srv-B
CONFDIR=A generate_certs_for srv-A
CONFDIR=A add_user [email protected] userA
CONFDIR=B generate_certs_for srv-B
CONFDIR=B add_user [email protected] userB
rm -rf .data-A .data-B .mail .certs
mkdir -p .logs-A .logs-B .mail .certs
# Put public certs in .certs, and use it as our trusted cert dir.
cp A/certs/srv-A/fullchain.pem .certs/srv-a.pem
cp B/certs/srv-B/fullchain.pem .certs/srv-b.pem
export SSL_CERT_DIR=$PWD/.certs/
chasquid -v=2 --logfile=.logs-A/chasquid.log --config_dir=A \
--testing__dns_addr=127.0.0.1:9053 \
--testing__max_received_headers=5 \
--testing__outgoing_smtp_port=2025 &
chasquid -v=2 --logfile=.logs-B/chasquid.log --config_dir=B \
--testing__dns_addr=127.0.0.1:9053 \
--testing__outgoing_smtp_port=1025 &
wait_until_ready 1025
wait_until_ready 2025
function launch_minidns() {
if [ "$MINIDNS" != "" ]; then
kill $MINIDNS
wait $MINIDNS || true
fi
cp $1 .zones
minidns_bg --addr=":9053" -zones=.zones >> .minidns.log 2>&1
wait_until_ready 9053
}
# T0: Successful.
launch_minidns zones.t0
run_msmtp [email protected] < content
wait_for_file .mail/[email protected]
mail_diff content .mail/[email protected]
# T1: A is not permitted to send to B.
# Check that userA got a DSN about it.
rm .mail/*
launch_minidns zones.t1
run_msmtp [email protected] < content
wait_for_file .mail/[email protected]
mail_diff expected_dsn .mail/[email protected]
success
# srv-a zone
srv-a A 127.0.0.1
srv-a AAAA ::1
srv-a MX srv-a
srv-a TXT v=spf1 a
# srv-b zone
srv-b A 127.0.0.1
srv-b AAAA ::1
srv-b MX srv-b
srv-b TXT v=spf1 a
# srv-a is forbidden from sending mail.
# srv-a zone
srv-a A 127.0.0.1
srv-a AAAA ::1
srv-a MX srv-a
srv-a TXT v=spf1 -all
# srv-b zone
srv-b A 127.0.0.1
srv-b AAAA ::1
srv-b MX srv-b
srv-b TXT v=spf1 a
......@@ -112,8 +112,10 @@ function conngen() {
go run ${UTILDIR}/conngen.go "[email protected]"
}
function minidns() {
go run ${UTILDIR}/minidns.go "[email protected]"
function minidns_bg() {
( cd ${UTILDIR}; go build minidns.go )
${UTILDIR}/minidns "[email protected]" &
MINIDNS=$!
}
function success() {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment