Commit 54d7fd8d authored by Patrick J Cherry's avatar Patrick J Cherry
Browse files

Added tc_smtp to test package

Added crypt support to dovecot and smtp tests
Updated checkpassword to have a better regex
Updated changelogs for mail and test for new release
parent 78772503
bytemark-vhost-email (20090707175243) stable; urgency=low
* Updated checkpassword to have a better regex
-- Patrick J. Cherry <patrick@bytemark.co.uk> Tue, 07 Jul 2009 17:52:44 +0100
bytemark-vhost-email (20090707161820) stable; urgency=low
* Removed mention of the Bytemark antispam servers
......
......@@ -63,9 +63,9 @@ my($username, $password, $timestamp, $rest) = split(/\0/,$buffer);
my ($local_part, $domain);
if ($username =~ /^(([a-z0-9\-]+\.?)+)@(([a-z0-9\-]+\.?)+)$/) {
if ($username =~ /^([^\.@%!\/\|\s][^@%!\/\|\s]*)@([A-Za-z0-9-][A-Za-z0-9\.-]+)$/) {
$local_part = $1;
$domain = $3;
$domain = $2;
} else {
syslog('err',
......@@ -97,7 +97,7 @@ if ( $real_password ) {
chomp $real_password;
} else {
syslog('err',
'Empty/non-existent password set for username %s for %s service',
'Empty/non-existent password set for username %s from %s for %s service',
$username, $ip, $service);
exit($PERMANENT_ERROR);
......
bytemark-vhost-test (20090707175721) jaunty; urgency=low
* Updated lib/bytemark/vhost/test/mailbox to support crypt'd passwords
* Added crypted password test to tc_dovecot
* Added tc_smtp
-- Patrick J. Cherry <patrick@bytemark.co.uk> Tue, 07 Jul 2009 17:57:21 +0100
bytemark-vhost-test (20090707153244) stable; urgency=low
* Per-Lenny vhost repository, rather than branches
......
......@@ -11,7 +11,7 @@ module Bytemark
module Test
class Mailbox
attr_reader :user, :domain
attr_reader :user, :domain, :uncrypted_password
def initialize(user, domain)
raise ArgumentError, "user must be a string" unless user.is_a?(String)
......@@ -19,6 +19,8 @@ module Bytemark
raise ArgumentError, "domain must be a string" unless domain.is_a?(String)
@domain = domain
@uncrypted_password = nil
end
def username
......@@ -42,6 +44,13 @@ module Bytemark
end
def password=(pw)
@uncrypted_password = pw
Bytemark::Vhost::Test.set_param("password", pw, self.directory)
end
def crypt_password
salt = ["a".."z","A".."Z","0".."9",".","/"].collect{|r| r.to_a}.flatten.values_at(rand(64), rand(64)).join
pw = "{CRYPT}"+@uncrypted_password.crypt(salt)
Bytemark::Vhost::Test.set_param("password", pw, self.directory)
end
......
Format
======
* The first line should be the IP that you want the connection to
originate from.
* Then any line that doesn't consist solely of three digits will be considered
something to be passed as a command or data.
* The file will be read and "exim4 -bh <ip address>"will be used to simulate an
SMTP transaction, and the result of each command will be compared to the three
digit code following the line.
Example
=======
A file containing:
---8<---------------------------------
127.0.0.1
EHLO localhost
250
MAIL FROM:<test@test.com>
250
RCPT TO:<test@test2.com>
250
DATA
330
Blah
Blah
Blah
.
350
QUIT
221
---8<---------------------------------
This will do the following:
* Connect "from" 127.0.0.1
* Wait for the first 220 (this is part of the test and is not configurable)
* Issue "EHLO localhost"
* Expect to get a 250 code back
* Issue "MAIL FROM:<test@test.com>"
* Expect to get a 250 code back
* and so on.
Bugs
====
* No STARTTLS support
* Cannot test to see if the connection has been dropped.
# This file tests a spam email
192.168.0.1
220
EHLO remote.domain
250
MAIL FROM:<anyone@remote.domain>
250
RCPT TO:<local.user@local.domain>
250
DATA
354
Subject: Test spam mail (GTUBE)
From: Sender <anyone@remote.domain>
To: Recipient <local.user@local.domain>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
This is the GTUBE, the
Generic
Test for
Unsolicited
Bulk
Email
If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
You should send this test mail from an account outside of your network.
.
250
RSET
250
QUIT
221
# This file tests a spam email
192.168.0.1
220
EHLO remote.domain
250
MAIL FROM:<anyone@remote.domain>
250
RCPT TO:<local.user@local.domain>
250
DATA
354
Subject: Test spam mail (GTUBE)
From: Sender <anyone@remote.domain>
To: Recipient <local.user@local.domain>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
This is the GTUBE, the
Generic
Test for
Unsolicited
Bulk
Email
If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
You should send this test mail from an account outside of your network.
.
550
RSET
250
QUIT
221
# This file tests a virus-infected email
192.168.0.1
220
EHLO remote.domain
250
MAIL FROM:<anyone@remote.domain>
250
RCPT TO:<local.user@local.domain>
250
DATA
354
Subject: Test spam mail (GTUBE)
From: Sender <anyone@remote.domain>
To: Recipient <local.user@local.domain>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.
250
QUIT
221
# This file tests a virus-infected email
192.168.0.1
220
EHLO remote.domain
250
MAIL FROM:<anyone@remote.domain>
250
RCPT TO:<local.user@local.domain>
250
DATA
354
Subject: Test virus mail (EICAR)
From: Sender <anyone@remote.domain>
To: Recipient <local.user@local.domain>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.
550
QUIT
221
# This file tests a connection from another non-black/whitelisted machine
192.168.1.2
220
EHLO remote.domain
250
# First test mail with a from address of a non-black/whitelisted sender/domain
MAIL FROM:<anyone@remote.domain>
250
# Always accept mail to the postmaster
RCPT TO:<postmaster@local.domain>
250
# We don't want to accept mail from this IP
RCPT TO:<local.user@local.domain>
550 The IP or hostname used when connecting is locally blacklisted.
RSET
250
QUIT
221
# This file tests a connection from another non-black/whitelisted machine
192.168.0.1
220
EHLO remote.domain
250
# First test mail with a from address of a non-black/whitelisted sender/domain
MAIL FROM:<anyone@remote.domain>
250
RCPT TO:<postmaster@local.domain>
250
RCPT TO:<postmaster@other.domain>
250
# Check we won't accept mail for unknown users
RCPT TO:<bogus.user@local.domain>
550 Unknown user
# Should not allow relaying
RCPT TO:<local.user@remote.domain>
550 Relaying not permitted
RSET
250
# Now test from a blacklisted domain
MAIL FROM:<anyone@blacklisted.domain>
250
# Always accept mail to postmaster
RCPT TO:<postmaster@local.domain>
250
# We don't want to accept mail otherwise.
RCPT TO:<local.user@local.domain>
550 Your email address is locally blacklisted.
RSET
250
# Now test from a whitelisted domain in a blacklisted domain
MAIL FROM:<whitelisted@blacklisted.domain>
250
# We want to accept mail from this sender
RCPT TO:<local.user@local.domain>
250
RSET
250
QUIT
221
# This file tests a connection from another non-black/whitelisted machine
192.168.0.1
220
EHLO remote.domain
250
# First test mail with a from address of a non-black/whitelisted sender/domain
MAIL FROM:<anyone@remote.domain>
250
RCPT TO:<postmaster@local.domain>
250
RCPT TO:<postmaster@other.domain>
250
# Check we won't accept mail for unknown users
RCPT TO:<bogus.user@local.domain>
550 Unknown user
# Should not allow relaying
RCPT TO:<local.user@remote.domain>
550 Relaying not permitted
RSET
250
# Now test from a blacklisted domain
MAIL FROM:<anyone@blacklisted.domain>
250
# Always accept mail to postmaster
RCPT TO:<postmaster@local.domain>
250
# We don't want to accept mail otherwise.
RCPT TO:<local.user@local.domain>
550 Your email address is locally blacklisted.
RSET
250
# Now test from a whitelisted domain in a blacklisted domain
MAIL FROM:<whitelisted@blacklisted.domain>
250
# We want to accept mail from this sender
RCPT TO:<local.user@local.domain>
250
RSET
250
QUIT
221
blacklist:
by_ip:
- 192.168.1.2
- 192.168.2.1/24
by_hostname:
- blacklisted.remote.domain
- *.blacklisted.domain
by_sender:
- blacklisted@remote.domain
- *@blacklisted.domain
whitelist:
# All these fall within the ranges defined in the blacklists above
by_ip:
- 192.168.2.2
by_hostname:
- whitelisted.blacklisted.domain
by_sender:
- whitelisted@blacklisted.domain
relay_from_hosts:
- 192.168.3.1
- 192.168.3.1/24
local_ip: 192.168.0.1
local_domains:
- local.domain
- other.domain
- bytemark.co.uk
rewrite_domains:
symlinked.domain: local.domain
remote_ip: 192.168.4.1
remote_domain: remote.domain
local_users:
- username: local.user@local.domain
password: password
- username: other.user@other.domain
password: other.password
- username: crypted.user@local.domain
password: crypted.password
crypt_password: "{CRYPT}a.x6Pi3NvgBSs"
# This file tests a connection from another non-black/whitelisted machine
192.168.2.2
220
EHLO remote.domain
250
# First test mail with a from address of a non-black/whitelisted sender/domain
MAIL FROM:<anyone@remote.domain>
250
# We *do* want to accept mail from this IP
RCPT TO:<local.user@local.domain>
250
RSET
250
QUIT
221
......@@ -13,6 +13,10 @@ class TestDovecot < Test::Unit::TestCase
@mailbox = @domain.add_mailbox("test")
@mailbox.password = Bytemark::Vhost::Test.random_string
@mailbox_crypt = @domain.add_mailbox("test_crypt")
@mailbox_crypt.password = Bytemark::Vhost::Test.random_string
@mailbox_crypt.crypt_password
Net::IMAP.debug = true if $DEBUG
end
......@@ -52,6 +56,15 @@ class TestDovecot < Test::Unit::TestCase
end
end
def test_imap_auth_login_crypt
assert_nothing_raised do
imap = Net::IMAP.new('localhost', 143, false)
imap.authenticate('LOGIN', @mailbox_crypt.username, @mailbox_crypt.uncrypted_password)
imap.logout
imap.disconnect unless imap.disconnected?
end
end
def test_imap_auth_tls
# TODO: not implemented by net/imap library
end
......@@ -74,6 +87,15 @@ class TestDovecot < Test::Unit::TestCase
end
end
def test_pop3_auth_crypt
assert_nothing_raised do
pop = Net::POP.new('localhost', 110)
pop.set_debug_output STDOUT if $DEBUG
pop.start(@mailbox_crypt.username, @mailbox_crypt.uncrypted_password)
pop.finish
end
end
def test_pop3_auth_tls
# TODO: not implemented by net/pop library
end
......
This diff is collapsed.
......@@ -10,4 +10,5 @@ require 'test/unit'
require 'tc_dovecot'
require 'tc_ftp'
require 'tc_http'
require 'tc_smtp'
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment