...
 
Commits (4)
  • Alberto Bertogli's avatar
    smtpsrv: Test too many recipients · a1287516
    Alberto Bertogli authored
    This patch adds a test to make sure we don't allow too many recipients.
    a1287516
  • Alberto Bertogli's avatar
    test: Test permanent hook failure · 45a29440
    Alberto Bertogli authored
    This patch adds a test to make sure we handle correctly the case where a
    hook exits with a permanent failure.
    45a29440
  • Alberto Bertogli's avatar
    test: Test multiline headers in hook output · 6000d07a
    Alberto Bertogli authored
    Hook output is checked to see if it looks like a header, which includes
    the possibility of multi-line headers.
    
    This patch extends the tests to include a multi-line header, to prevent
    accidental regressions.
    6000d07a
  • Alberto Bertogli's avatar
    test: Add SPF integration test · 28cb9169
    Alberto Bertogli authored
    This patch adds a new integration test to cover SPF checks. The main
    goal is not to cover the SPF parsing, since that's handled by the
    library already, but the higher level aspects: that the mails are indeed
    rejected, that the DSN looks reasonable, etc.
    28cb9169
......@@ -19,6 +19,7 @@ cmd/smtp-check/smtp-check
cmd/spf-check/spf-check
cmd/mda-lmtp/mda-lmtp
cmd/dovecot-auth-cli/dovecot-auth-cli
test/util/minidns
# Test binary, generated during coverage tests.
chasquid.test
......
......@@ -270,6 +270,31 @@ func TestRelayForbidden(t *testing.T) {
}
}
func TestTooManyRecipients(t *testing.T) {
c := mustDial(t, ModeSubmission, true)
defer c.Close()
auth := smtp.PlainAuth("", "[email protected]", "testpasswd", "127.0.0.1")
if err := c.Auth(auth); err != nil {
t.Fatalf("Auth: %v", err)
}
if err := c.Mail("[email protected]"); err != nil {
t.Fatalf("Mail: %v", err)
}
for i := 0; i < 101; i++ {
if err := c.Rcpt(fmt.Sprintf("to%[email protected]", i)); err != nil {
t.Fatalf("Rcpt: %v", err)
}
}
err := c.Rcpt("[email protected]")
if err == nil || err.Error() != "452 4.5.3 Too many recipients" {
t.Errorf("Expected too many recipients, got: %v", err)
}
}
var str1MiB string
func sendLargeEmail(tb testing.TB, c *smtp.Client, sizeMiB int) error {
......
......@@ -10,5 +10,12 @@ if [ "$RCPT_TO" == "[email protected]" ]; then
exit 1
fi
if [ "$RCPT_TO" == "[email protected]" ]; then
echo "Nos hacemos la permanente"
exit 20 # permanent
fi
echo "X-Post-Data: success"
echo "X-Post-Data-Multiline: multiline"
echo " header for testing."
......@@ -12,3 +12,4 @@ auth on
user [email protected]
password secretpassword
logfile .logs/msmtp
......@@ -9,6 +9,7 @@ generate_certs_for testserver
add_user [email protected] secretpassword
add_user [email protected] secretpassword
add_user [email protected] secretpassword
add_user [email protected] secretpassword
mkdir -p .logs
chasquid -v=2 --logfile=.logs/chasquid.log --config_dir=config &
......@@ -45,10 +46,24 @@ check "REMOTE_ADDR="
check "SPF_PASS=0"
# Check that a failure in the script results in failing delivery.
# Check that failures in the script result in failing delivery.
# Transient failure.
if run_msmtp [email protected] < content 2>/dev/null; then
fail "ERROR: hook did not block email as expected"
fi
if ! tail -n 1 .logs/msmtp | grep -q "smtpstatus=451"; then
tail -n 1 .logs/msmtp
fail "ERROR: transient hook error not returned correctly"
fi
# Permanent failure.
if run_msmtp [email protected] < content 2>/dev/null; then
fail "ERROR: hook did not block email as expected"
fi
if ! tail -n 1 .logs/msmtp | grep -q "smtpstatus=554"; then
tail -n 1 .logs/msmtp
fail "ERROR: permanent hook error not returned correctly"
fi
# Check that the bad hooks don't prevent delivery.
for i in config/hooks/post-data.bad*; do
......
......@@ -11,7 +11,7 @@ init
export GOTAGS="dnsoverride"
# Launch minidns in the background using our configuration.
minidns --addr=":9053" -zones=zones >> .minidns.log 2>&1 &
minidns_bg --addr=":9053" -zones=zones >> .minidns.log 2>&1
# Two chasquid servers:
......
smtp_address: ":1025"
submission_address: ":1587"
submission_over_tls_address: ":1465"
monitoring_address: ":1099"
mail_delivery_agent_bin: "test-mda"
mail_delivery_agent_args: "%to%"
data_dir: "../.data-A"
mail_log_path: "../.logs-A/mail_log"
smtp_address: ":2025"
submission_address: ":2587"
submission_over_tls_address: ":2465"
monitoring_address: ":2099"
mail_delivery_agent_bin: "test-mda"
mail_delivery_agent_args: "%to%"
data_dir: "../.data-B"
mail_log_path: "../.logs-B/mail_log"
smtp_address: ":1025"
submission_address: ":1587"
submission_over_tls_address: ":1465"
monitoring_address: ":1099"
mail_delivery_agent_bin: "test-mda"
mail_delivery_agent_args: "%to%"
data_dir: "../.data"
mail_log_path: "../.logs/mail_log"
Subject: Prueba desde el test
Crece desde el test el futuro
Crece desde el test
From [email protected]
From: Mail Delivery System <[email protected]>
To: <[email protected]>
Subject: Mail delivery failed: returning message to sender
Message-ID: <chasquid-dsn-*
Date: *
In-Reply-To:
References:
X-Failed-Recipients: [email protected],
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="???????????"
--???????????
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Description: Notification
Content-Transfer-Encoding: 8bit
Delivery of your message to the following recipient(s) failed permanently:
- [email protected]
Technical details:
- "[email protected]" (EMAIL) failed permanently with error:
MAIL+RCPT 550 5.7.23 SPF check failed: matched 'all'
--???????????
Content-Type: message/global-delivery-status
Content-Description: Delivery Report
Content-Transfer-Encoding: 8bit
Reporting-MTA: dns; srv-a
Original-Recipient: utf-8; [email protected]
Final-Recipient: utf-8; [email protected]
Action: failed
Status: 5.0.0
Diagnostic-Code: smtp; MAIL+RCPT 550 5.7.23 SPF check failed: matched 'all'
--???????????
Content-Type: message/rfc822
Content-Description: Undelivered Message
Content-Transfer-Encoding: 8bit
Received: from localhost
by srv-A (chasquid) with ESMTPSA
tls *
(over *
; *
From: [email protected]
Date: *
Subject: Prueba desde el test
Crece desde el test el futuro
Crece desde el test
--???????????--
srv-A localhost
srv-B localhost
account default
host srv-A
port 1587
tls on
tls_trust_file A/certs/srv-A/fullchain.pem
from [email protected]
auth on
user [email protected]
password userA
#!/bin/bash
# Test SPF resolution, which requires overriding DNS server.
# Note this aims at providing some general end to end coverage, as well as the
# main gaps.
set -e
. $(dirname ${0})/../util/lib.sh
init
# Build with the DNS override, so we can fake DNS records.
export GOTAGS="dnsoverride"
# Two chasquid servers:
# A - listens on :1025, hosts srv-A
# B - listens on :2025, hosts srv-B
CONFDIR=A generate_certs_for srv-A
CONFDIR=A add_user [email protected] userA
CONFDIR=B generate_certs_for srv-B
CONFDIR=B add_user [email protected] userB
rm -rf .data-A .data-B .mail .certs
mkdir -p .logs-A .logs-B .mail .certs
# Put public certs in .certs, and use it as our trusted cert dir.
cp A/certs/srv-A/fullchain.pem .certs/srv-a.pem
cp B/certs/srv-B/fullchain.pem .certs/srv-b.pem
export SSL_CERT_DIR=$PWD/.certs/
chasquid -v=2 --logfile=.logs-A/chasquid.log --config_dir=A \
--testing__dns_addr=127.0.0.1:9053 \
--testing__max_received_headers=5 \
--testing__outgoing_smtp_port=2025 &
chasquid -v=2 --logfile=.logs-B/chasquid.log --config_dir=B \
--testing__dns_addr=127.0.0.1:9053 \
--testing__outgoing_smtp_port=1025 &
wait_until_ready 1025
wait_until_ready 2025
function launch_minidns() {
if [ "$MINIDNS" != "" ]; then
kill $MINIDNS
wait $MINIDNS || true
fi
cp $1 .zones
minidns_bg --addr=":9053" -zones=.zones >> .minidns.log 2>&1
wait_until_ready 9053
}
# T0: Successful.
launch_minidns zones.t0
run_msmtp [email protected] < content
wait_for_file .mail/[email protected]
mail_diff content .mail/[email protected]
# T1: A is not permitted to send to B.
# Check that userA got a DSN about it.
rm .mail/*
launch_minidns zones.t1
run_msmtp [email protected] < content
wait_for_file .mail/[email protected]
mail_diff expected_dsn .mail/[email protected]
success
# srv-a zone
srv-a A 127.0.0.1
srv-a AAAA ::1
srv-a MX srv-a
srv-a TXT v=spf1 a
# srv-b zone
srv-b A 127.0.0.1
srv-b AAAA ::1
srv-b MX srv-b
srv-b TXT v=spf1 a
# srv-a is forbidden from sending mail.
# srv-a zone
srv-a A 127.0.0.1
srv-a AAAA ::1
srv-a MX srv-a
srv-a TXT v=spf1 -all
# srv-b zone
srv-b A 127.0.0.1
srv-b AAAA ::1
srv-b MX srv-b
srv-b TXT v=spf1 a
......@@ -112,8 +112,10 @@ function conngen() {
go run ${UTILDIR}/conngen.go "[email protected]"
}
function minidns() {
go run ${UTILDIR}/minidns.go "[email protected]"
function minidns_bg() {
( cd ${UTILDIR}; go build minidns.go )
${UTILDIR}/minidns "[email protected]" &
MINIDNS=$!
}
function success() {
......