serve.zone/dcrouter
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dcrouter/test/suite/smtpserver_security/test.sec-05.dmarc-policy.ts

374 lines
12 KiB
TypeScript
Raw Normal View History

update
2025-05-23 19:09:30 +00:00
import { tap, expect } from '@git.zone/tstest/tapbundle';
update
2025-05-24 00:23:35 +00:00
import * as plugins from '../../../ts/plugins.js';
update
2025-05-23 19:03:44 +00:00
import * as net from 'net';
update
2025-05-24 01:00:30 +00:00
import { startTestServer, stopTestServer } from '../../helpers/server.loader.js'
import type { ITestServer } from '../../helpers/server.loader.js';
update
2025-05-24 00:23:35 +00:00
const TEST_PORT = 2525;
update
2025-05-24 01:00:30 +00:00
let testServer: ITestServer;
update
2025-05-23 19:03:44 +00:00
update
2025-05-24 13:37:19 +00:00
// Helper to wait for SMTP response
const waitForResponse = (socket: net.Socket, expectedCode?: string, timeout = 5000): Promise<string> => {
return new Promise((resolve, reject) => {
let buffer = '';
const timer = setTimeout(() => {
socket.removeListener('data', handler);
reject(new Error(`Timeout waiting for ${expectedCode || 'any'} response`));
}, timeout);
const handler = (data: Buffer) => {
buffer += data.toString();
const lines = buffer.split('\r\n');
for (const line of lines) {
if (expectedCode) {
if (line.startsWith(expectedCode + ' ')) {
clearTimeout(timer);
socket.removeListener('data', handler);
resolve(buffer);
return;
}
} else {
// Look for any complete response
if (line.match(/^\d{3} /)) {
clearTimeout(timer);
socket.removeListener('data', handler);
resolve(buffer);
return;
}
}
}
};
socket.on('data', handler);
});
};
update
2025-05-24 01:00:30 +00:00
tap.test('setup - start test server', async (toolsArg) => {
update
2025-05-24 00:23:35 +00:00
testServer = await startTestServer({ port: TEST_PORT });
update
2025-05-24 01:00:30 +00:00
await toolsArg.delayFor(1000);
update
2025-05-23 19:03:44 +00:00
});
tap.test('DMARC Policy - Reject policy enforcement', async (tools) => {
const socket = net.createConnection({
host: 'localhost',
port: TEST_PORT,
timeout: 30000
});
update
2025-05-24 13:37:19 +00:00
try {
// Wait for greeting
const greeting = await waitForResponse(socket, '220');
console.log('Server response:', greeting);
// Send EHLO
socket.write('EHLO testclient\r\n');
const ehloResponse = await waitForResponse(socket, '250');
console.log('Server response:', ehloResponse);
// Check if server advertises DMARC support
const advertisesDmarc = ehloResponse.toLowerCase().includes('dmarc');
console.log('DMARC advertised:', advertisesDmarc);
// Send MAIL FROM with domain that has reject policy
socket.write('MAIL FROM:<test@dmarc-reject.example.com>\r\n');
const mailResponse = await waitForResponse(socket);
console.log('Server response:', mailResponse);
if (mailResponse.includes('550') || mailResponse.includes('553')) {
// DMARC reject policy enforced at MAIL FROM
console.log('DMARC reject policy enforced at MAIL FROM');
expect(true).toEqual(true);
update
2025-05-23 19:03:44 +00:00
update
2025-05-24 13:37:19 +00:00
socket.write('QUIT\r\n');
await waitForResponse(socket, '221');
} else if (mailResponse.includes('250')) {
// Send RCPT TO
socket.write('RCPT TO:<recipient@example.com>\r\n');
const rcptResponse = await waitForResponse(socket, '250');
console.log('Server response:', rcptResponse);
// Send DATA
update
2025-05-23 19:03:44 +00:00
socket.write('DATA\r\n');
update
2025-05-24 13:37:19 +00:00
const dataResponse = await waitForResponse(socket, '354');
console.log('Server response:', dataResponse);
update
2025-05-23 19:03:44 +00:00
// Send email with DMARC-relevant headers
const email = [
`From: test@dmarc-reject.example.com`,
`To: recipient@example.com`,
`Subject: DMARC Policy Test - Reject`,
`Date: ${new Date().toUTCString()}`,
`Message-ID: <dmarc-reject-${Date.now()}@example.com>`,
`DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dmarc-reject.example.com; s=default;`,
` h=from:to:subject:date; bh=test; b=test`,
'',
'Testing DMARC reject policy enforcement.',
'.',
''
].join('\r\n');
socket.write(email);
update
2025-05-24 13:37:19 +00:00
const finalResponse = await waitForResponse(socket);
console.log('Server response:', finalResponse);
const accepted = finalResponse.includes('250');
const rejected = finalResponse.includes('550');
update
2025-05-23 19:03:44 +00:00
console.log(`DMARC reject policy: accepted=${accepted}, rejected=${rejected}`);
update
2025-05-23 21:20:39 +00:00
expect(accepted || rejected).toEqual(true);
update
2025-05-23 19:03:44 +00:00
socket.write('QUIT\r\n');
update
2025-05-24 13:37:19 +00:00
await waitForResponse(socket, '221');
update
2025-05-23 19:03:44 +00:00
}
update
2025-05-24 13:37:19 +00:00
} finally {
socket.destroy();
}
update
2025-05-23 19:03:44 +00:00
});
tap.test('DMARC Policy - Quarantine policy', async (tools) => {
const socket = net.createConnection({
host: 'localhost',
port: TEST_PORT,
timeout: 30000
});
update
2025-05-24 13:37:19 +00:00
try {
// Wait for greeting
const greeting = await waitForResponse(socket, '220');
console.log('Server response:', greeting);
// Send EHLO
socket.write('EHLO testclient\r\n');
const ehloResponse = await waitForResponse(socket, '250');
console.log('Server response:', ehloResponse);
// Send MAIL FROM with domain that has quarantine policy
socket.write('MAIL FROM:<test@dmarc-quarantine.example.com>\r\n');
const mailResponse = await waitForResponse(socket, '250');
console.log('Server response:', mailResponse);
// Send RCPT TO
socket.write('RCPT TO:<recipient@example.com>\r\n');
const rcptResponse = await waitForResponse(socket, '250');
console.log('Server response:', rcptResponse);
// Send DATA
socket.write('DATA\r\n');
const dataResponse = await waitForResponse(socket, '354');
console.log('Server response:', dataResponse);
// Send email with DMARC-relevant headers
const email = [
`From: test@dmarc-quarantine.example.com`,
`To: recipient@example.com`,
`Subject: DMARC Policy Test - Quarantine`,
`Date: ${new Date().toUTCString()}`,
`Message-ID: <dmarc-quarantine-${Date.now()}@example.com>`,
'',
'Testing DMARC quarantine policy.',
'.',
''
].join('\r\n');
socket.write(email);
const finalResponse = await waitForResponse(socket);
console.log('Server response:', finalResponse);
const accepted = finalResponse.includes('250');
console.log(`DMARC quarantine policy: ${accepted ? 'accepted (may be quarantined)' : 'rejected'}`);
expect(true).toEqual(true);
socket.write('QUIT\r\n');
await waitForResponse(socket, '221');
} finally {
socket.destroy();
}
update
2025-05-23 19:03:44 +00:00
});
tap.test('DMARC Policy - None policy', async (tools) => {
const socket = net.createConnection({
host: 'localhost',
port: TEST_PORT,
timeout: 30000
});
update
2025-05-24 13:37:19 +00:00
try {
// Wait for greeting
const greeting = await waitForResponse(socket, '220');
console.log('Server response:', greeting);
// Send EHLO
socket.write('EHLO testclient\r\n');
const ehloResponse = await waitForResponse(socket, '250');
console.log('Server response:', ehloResponse);
// Send MAIL FROM with domain that has none policy (monitoring only)
socket.write('MAIL FROM:<test@dmarc-none.example.com>\r\n');
const mailResponse = await waitForResponse(socket, '250');
console.log('Server response:', mailResponse);
// Send RCPT TO
socket.write('RCPT TO:<recipient@example.com>\r\n');
const rcptResponse = await waitForResponse(socket, '250');
console.log('Server response:', rcptResponse);
// Send DATA
socket.write('DATA\r\n');
const dataResponse = await waitForResponse(socket, '354');
console.log('Server response:', dataResponse);
// Send email with DMARC-relevant headers
const email = [
`From: test@dmarc-none.example.com`,
`To: recipient@example.com`,
`Subject: DMARC Policy Test - None`,
`Date: ${new Date().toUTCString()}`,
`Message-ID: <dmarc-none-${Date.now()}@example.com>`,
'',
'Testing DMARC none policy (monitoring only).',
'.',
''
].join('\r\n');
socket.write(email);
const finalResponse = await waitForResponse(socket, '250');
console.log('Server response:', finalResponse);
console.log('DMARC none policy: email accepted (monitoring only)');
expect(true).toEqual(true);
socket.write('QUIT\r\n');
await waitForResponse(socket, '221');
} finally {
socket.destroy();
}
update
2025-05-23 19:03:44 +00:00
});
tap.test('DMARC Policy - Alignment testing', async (tools) => {
const socket = net.createConnection({
host: 'localhost',
port: TEST_PORT,
timeout: 30000
});
update
2025-05-24 13:37:19 +00:00
try {
// Wait for greeting
const greeting = await waitForResponse(socket, '220');
console.log('Server response:', greeting);
// Send EHLO
socket.write('EHLO testclient\r\n');
const ehloResponse = await waitForResponse(socket, '250');
console.log('Server response:', ehloResponse);
// Send MAIL FROM with envelope domain
socket.write('MAIL FROM:<test@envelope-domain.com>\r\n');
const mailResponse = await waitForResponse(socket, '250');
console.log('Server response:', mailResponse);
// Send RCPT TO
socket.write('RCPT TO:<recipient@example.com>\r\n');
const rcptResponse = await waitForResponse(socket, '250');
console.log('Server response:', rcptResponse);
// Send DATA
socket.write('DATA\r\n');
const dataResponse = await waitForResponse(socket, '354');
console.log('Server response:', dataResponse);
// Send email with different header From (tests alignment)
const email = [
`From: test@header-domain.com`,
`To: recipient@example.com`,
`Subject: DMARC Alignment Test`,
`Date: ${new Date().toUTCString()}`,
`Message-ID: <dmarc-align-${Date.now()}@example.com>`,
`DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=header-domain.com; s=default;`,
` h=from:to:subject:date; bh=test; b=test`,
'',
'Testing DMARC domain alignment (envelope vs header From).',
'.',
''
].join('\r\n');
socket.write(email);
const finalResponse = await waitForResponse(socket);
console.log('Server response:', finalResponse);
const result = finalResponse.includes('250') ? 'accepted' : 'rejected';
console.log(`DMARC alignment test: ${result}`);
expect(true).toEqual(true);
socket.write('QUIT\r\n');
await waitForResponse(socket, '221');
} finally {
socket.destroy();
}
update
2025-05-23 19:03:44 +00:00
});
tap.test('DMARC Policy - Percentage testing', async (tools) => {
const socket = net.createConnection({
host: 'localhost',
port: TEST_PORT,
timeout: 30000
});
update
2025-05-24 13:37:19 +00:00
try {
// Wait for greeting
const greeting = await waitForResponse(socket, '220');
console.log('Server response:', greeting);
// Send EHLO
socket.write('EHLO testclient\r\n');
const ehloResponse = await waitForResponse(socket, '250');
console.log('Server response:', ehloResponse);
// Send MAIL FROM with domain that has percentage-based DMARC policy
socket.write('MAIL FROM:<test@dmarc-pct.example.com>\r\n');
const mailResponse = await waitForResponse(socket, '250');
console.log('Server response:', mailResponse);
// Send RCPT TO
socket.write('RCPT TO:<recipient@example.com>\r\n');
const rcptResponse = await waitForResponse(socket, '250');
console.log('Server response:', rcptResponse);
// Send DATA
socket.write('DATA\r\n');
const dataResponse = await waitForResponse(socket, '354');
console.log('Server response:', dataResponse);
// Send email with DMARC-relevant headers
const email = [
`From: test@dmarc-pct.example.com`,
`To: recipient@example.com`,
`Subject: DMARC Percentage Test`,
`Date: ${new Date().toUTCString()}`,
`Message-ID: <dmarc-pct-${Date.now()}@example.com>`,
'',
'Testing DMARC with percentage-based policy application.',
'.',
''
].join('\r\n');
socket.write(email);
const finalResponse = await waitForResponse(socket);
console.log('Server response:', finalResponse);
const result = finalResponse.includes('250') ? 'accepted' : 'rejected';
console.log(`DMARC percentage policy: ${result} (may vary based on percentage)`);
expect(true).toEqual(true);
socket.write('QUIT\r\n');
await waitForResponse(socket, '221');
} finally {
socket.destroy();
}
update
2025-05-23 19:03:44 +00:00
});
tap.test('cleanup - stop test server', async () => {
await stopTestServer(testServer);
});
tap.start();
Reference in New Issue Copy Permalink