2025-05-23 19:09:30 +00:00
|
|
|
import { tap, expect } from '@git.zone/tstest/tapbundle';
|
2025-05-24 00:23:35 +00:00
|
|
|
import * as plugins from '../../../ts/plugins.js';
|
2025-05-23 19:03:44 +00:00
|
|
|
import * as net from 'net';
|
2025-05-24 01:00:30 +00:00
|
|
|
import { startTestServer, stopTestServer } from '../../helpers/server.loader.js'
|
|
|
|
|
import type { ITestServer } from '../../helpers/server.loader.js';
|
2025-05-24 00:23:35 +00:00
|
|
|
|
|
|
|
|
const TEST_PORT = 2525;
|
2025-05-24 01:00:30 +00:00
|
|
|
let testServer: ITestServer;
|
2025-05-23 19:03:44 +00:00
|
|
|
|
2025-05-24 01:00:30 +00:00
|
|
|
tap.test('setup - start test server', async (toolsArg) => {
|
2025-05-24 00:23:35 +00:00
|
|
|
testServer = await startTestServer({ port: TEST_PORT });
|
2025-05-24 01:00:30 +00:00
|
|
|
await toolsArg.delayFor(1000);
|
2025-05-23 19:03:44 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
tap.test('Authorization - Valid sender domain', async (tools) => {
|
|
|
|
|
const done = tools.defer();
|
|
|
|
|
|
|
|
|
|
const socket = net.createConnection({
|
|
|
|
|
host: 'localhost',
|
|
|
|
|
port: TEST_PORT,
|
|
|
|
|
timeout: 30000
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
let dataBuffer = '';
|
|
|
|
|
let step = 'greeting';
|
|
|
|
|
|
|
|
|
|
socket.on('data', (data) => {
|
|
|
|
|
dataBuffer += data.toString();
|
|
|
|
|
console.log('Server response:', data.toString());
|
|
|
|
|
|
|
|
|
|
if (step === 'greeting' && dataBuffer.includes('220 ')) {
|
|
|
|
|
step = 'ehlo';
|
|
|
|
|
socket.write('EHLO localhost\r\n');
|
|
|
|
|
dataBuffer = '';
|
|
|
|
|
} else if (step === 'ehlo' && dataBuffer.includes('250')) {
|
|
|
|
|
step = 'mail';
|
|
|
|
|
// Use valid sender domain (localhost)
|
|
|
|
|
socket.write('MAIL FROM:<test@localhost>\r\n');
|
|
|
|
|
dataBuffer = '';
|
|
|
|
|
} else if (step === 'mail' && dataBuffer.includes('250')) {
|
|
|
|
|
step = 'rcpt';
|
|
|
|
|
socket.write('RCPT TO:<recipient@example.com>\r\n');
|
|
|
|
|
dataBuffer = '';
|
|
|
|
|
} else if (step === 'rcpt') {
|
|
|
|
|
// Valid sender should be accepted
|
|
|
|
|
const accepted = dataBuffer.includes('250');
|
|
|
|
|
console.log(`Valid sender domain ${accepted ? 'accepted' : 'rejected'}`);
|
|
|
|
|
|
2025-05-23 21:20:39 +00:00
|
|
|
expect(accepted).toEqual(true);
|
2025-05-23 19:03:44 +00:00
|
|
|
|
|
|
|
|
socket.write('QUIT\r\n');
|
|
|
|
|
socket.end();
|
|
|
|
|
done.resolve();
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
socket.on('error', (err) => {
|
|
|
|
|
console.error('Socket error:', err);
|
|
|
|
|
done.reject(err);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
await done.promise;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
tap.test('Authorization - External sender domain', async (tools) => {
|
|
|
|
|
const done = tools.defer();
|
|
|
|
|
|
|
|
|
|
const socket = net.createConnection({
|
|
|
|
|
host: 'localhost',
|
|
|
|
|
port: TEST_PORT,
|
|
|
|
|
timeout: 30000
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
let dataBuffer = '';
|
|
|
|
|
let step = 'greeting';
|
|
|
|
|
|
|
|
|
|
socket.on('data', (data) => {
|
|
|
|
|
dataBuffer += data.toString();
|
|
|
|
|
console.log('Server response:', data.toString());
|
|
|
|
|
|
|
|
|
|
if (step === 'greeting' && dataBuffer.includes('220 ')) {
|
|
|
|
|
step = 'ehlo';
|
|
|
|
|
socket.write('EHLO external.com\r\n');
|
|
|
|
|
dataBuffer = '';
|
|
|
|
|
} else if (step === 'ehlo' && dataBuffer.includes('250')) {
|
|
|
|
|
step = 'mail';
|
|
|
|
|
// Use external sender domain
|
|
|
|
|
socket.write('MAIL FROM:<test@external.com>\r\n');
|
|
|
|
|
dataBuffer = '';
|
|
|
|
|
} else if (step === 'mail') {
|
|
|
|
|
if (dataBuffer.includes('250')) {
|
|
|
|
|
step = 'rcpt';
|
|
|
|
|
socket.write('RCPT TO:<recipient@example.com>\r\n');
|
|
|
|
|
dataBuffer = '';
|
|
|
|
|
} else if (dataBuffer.includes('530')) {
|
|
|
|
|
// Authentication required
|
|
|
|
|
console.log('External sender requires authentication');
|
2025-05-23 21:20:39 +00:00
|
|
|
expect(true).toEqual(true);
|
2025-05-23 19:03:44 +00:00
|
|
|
|
|
|
|
|
socket.write('QUIT\r\n');
|
|
|
|
|
socket.end();
|
|
|
|
|
done.resolve();
|
|
|
|
|
} else if (dataBuffer.includes('550') || dataBuffer.includes('553')) {
|
|
|
|
|
// Rejected for policy reasons
|
|
|
|
|
console.log('External sender rejected by policy');
|
2025-05-23 21:20:39 +00:00
|
|
|
expect(true).toEqual(true);
|
2025-05-23 19:03:44 +00:00
|
|
|
|
|
|
|
|
socket.write('QUIT\r\n');
|
|
|
|
|
socket.end();
|
|
|
|
|
done.resolve();
|
|
|
|
|
}
|
|
|
|
|
} else if (step === 'rcpt') {
|
|
|
|
|
// Check response
|
|
|
|
|
const accepted = dataBuffer.includes('250');
|
|
|
|
|
const authRequired = dataBuffer.includes('530');
|
|
|
|
|
const rejected = dataBuffer.includes('550') || dataBuffer.includes('553');
|
|
|
|
|
|
|
|
|
|
console.log(`External sender: accepted=${accepted}, authRequired=${authRequired}, rejected=${rejected}`);
|
2025-05-23 21:20:39 +00:00
|
|
|
expect(accepted || authRequired || rejected).toEqual(true);
|
2025-05-23 19:03:44 +00:00
|
|
|
|
|
|
|
|
socket.write('QUIT\r\n');
|
|
|
|
|
socket.end();
|
|
|
|
|
done.resolve();
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
socket.on('error', (err) => {
|
|
|
|
|
console.error('Socket error:', err);
|
|
|
|
|
done.reject(err);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
await done.promise;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
tap.test('Authorization - Relay attempt rejection', async (tools) => {
|
|
|
|
|
const done = tools.defer();
|
|
|
|
|
|
|
|
|
|
const socket = net.createConnection({
|
|
|
|
|
host: 'localhost',
|
|
|
|
|
port: TEST_PORT,
|
|
|
|
|
timeout: 30000
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
let dataBuffer = '';
|
|
|
|
|
let step = 'greeting';
|
|
|
|
|
|
|
|
|
|
socket.on('data', (data) => {
|
|
|
|
|
dataBuffer += data.toString();
|
|
|
|
|
console.log('Server response:', data.toString());
|
|
|
|
|
|
|
|
|
|
if (step === 'greeting' && dataBuffer.includes('220 ')) {
|
|
|
|
|
step = 'ehlo';
|
|
|
|
|
socket.write('EHLO external.com\r\n');
|
|
|
|
|
dataBuffer = '';
|
|
|
|
|
} else if (step === 'ehlo' && dataBuffer.includes('250')) {
|
|
|
|
|
step = 'mail';
|
|
|
|
|
// External sender
|
|
|
|
|
socket.write('MAIL FROM:<test@external.com>\r\n');
|
|
|
|
|
dataBuffer = '';
|
|
|
|
|
} else if (step === 'mail') {
|
|
|
|
|
if (dataBuffer.includes('250')) {
|
|
|
|
|
step = 'rcpt';
|
|
|
|
|
// Try to relay to another external domain (should be rejected)
|
|
|
|
|
socket.write('RCPT TO:<recipient@another-external.com>\r\n');
|
|
|
|
|
dataBuffer = '';
|
|
|
|
|
} else {
|
|
|
|
|
// MAIL FROM already rejected
|
|
|
|
|
console.log('External sender rejected at MAIL FROM');
|
2025-05-23 21:20:39 +00:00
|
|
|
expect(true).toEqual(true);
|
2025-05-23 19:03:44 +00:00
|
|
|
|
|
|
|
|
socket.write('QUIT\r\n');
|
|
|
|
|
socket.end();
|
|
|
|
|
done.resolve();
|
|
|
|
|
}
|
|
|
|
|
} else if (step === 'rcpt') {
|
|
|
|
|
// Relay attempt should be rejected
|
|
|
|
|
const rejected = dataBuffer.includes('550') ||
|
|
|
|
|
dataBuffer.includes('553') ||
|
|
|
|
|
dataBuffer.includes('530') ||
|
|
|
|
|
dataBuffer.includes('554');
|
|
|
|
|
|
|
|
|
|
console.log(`Relay attempt ${rejected ? 'properly rejected' : 'unexpectedly accepted'}`);
|
2025-05-23 21:20:39 +00:00
|
|
|
expect(rejected).toEqual(true);
|
2025-05-23 19:03:44 +00:00
|
|
|
|
|
|
|
|
socket.write('QUIT\r\n');
|
|
|
|
|
socket.end();
|
|
|
|
|
done.resolve();
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
socket.on('error', (err) => {
|
|
|
|
|
console.error('Socket error:', err);
|
|
|
|
|
done.reject(err);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
await done.promise;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
tap.test('Authorization - IP-based restrictions', async (tools) => {
|
|
|
|
|
const done = tools.defer();
|
|
|
|
|
|
|
|
|
|
const socket = net.createConnection({
|
|
|
|
|
host: 'localhost',
|
|
|
|
|
port: TEST_PORT,
|
|
|
|
|
timeout: 30000
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
let dataBuffer = '';
|
|
|
|
|
let step = 'greeting';
|
|
|
|
|
|
|
|
|
|
socket.on('data', (data) => {
|
|
|
|
|
dataBuffer += data.toString();
|
|
|
|
|
console.log('Server response:', data.toString());
|
|
|
|
|
|
|
|
|
|
if (step === 'greeting' && dataBuffer.includes('220 ')) {
|
|
|
|
|
step = 'ehlo';
|
|
|
|
|
// Use IP address in EHLO
|
|
|
|
|
socket.write('EHLO [127.0.0.1]\r\n');
|
|
|
|
|
dataBuffer = '';
|
|
|
|
|
} else if (step === 'ehlo' && dataBuffer.includes('250')) {
|
|
|
|
|
step = 'mail';
|
|
|
|
|
socket.write('MAIL FROM:<test@localhost>\r\n');
|
|
|
|
|
dataBuffer = '';
|
|
|
|
|
} else if (step === 'mail' && dataBuffer.includes('250')) {
|
|
|
|
|
step = 'rcpt';
|
|
|
|
|
socket.write('RCPT TO:<recipient@example.com>\r\n');
|
|
|
|
|
dataBuffer = '';
|
|
|
|
|
} else if (step === 'rcpt') {
|
|
|
|
|
// Localhost IP should typically be accepted
|
|
|
|
|
const accepted = dataBuffer.includes('250');
|
|
|
|
|
const rejected = dataBuffer.includes('550') || dataBuffer.includes('553');
|
|
|
|
|
|
|
|
|
|
console.log(`IP-based authorization: ${accepted ? 'accepted' : 'rejected'}`);
|
2025-05-23 21:20:39 +00:00
|
|
|
expect(accepted || rejected).toEqual(true); // Either is valid based on server config
|
2025-05-23 19:03:44 +00:00
|
|
|
|
|
|
|
|
socket.write('QUIT\r\n');
|
|
|
|
|
socket.end();
|
|
|
|
|
done.resolve();
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
socket.on('error', (err) => {
|
|
|
|
|
console.error('Socket error:', err);
|
|
|
|
|
done.reject(err);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
await done.promise;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
tap.test('Authorization - Case sensitivity in addresses', async (tools) => {
|
|
|
|
|
const done = tools.defer();
|
|
|
|
|
|
|
|
|
|
const socket = net.createConnection({
|
|
|
|
|
host: 'localhost',
|
|
|
|
|
port: TEST_PORT,
|
|
|
|
|
timeout: 30000
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
let dataBuffer = '';
|
|
|
|
|
let step = 'greeting';
|
|
|
|
|
|
|
|
|
|
socket.on('data', (data) => {
|
|
|
|
|
dataBuffer += data.toString();
|
|
|
|
|
console.log('Server response:', data.toString());
|
|
|
|
|
|
|
|
|
|
if (step === 'greeting' && dataBuffer.includes('220 ')) {
|
|
|
|
|
step = 'ehlo';
|
|
|
|
|
socket.write('EHLO localhost\r\n');
|
|
|
|
|
dataBuffer = '';
|
|
|
|
|
} else if (step === 'ehlo' && dataBuffer.includes('250')) {
|
|
|
|
|
step = 'mail';
|
|
|
|
|
// Use mixed case in email address
|
|
|
|
|
socket.write('MAIL FROM:<TeSt@LoCaLhOsT>\r\n');
|
|
|
|
|
dataBuffer = '';
|
|
|
|
|
} else if (step === 'mail' && dataBuffer.includes('250')) {
|
|
|
|
|
step = 'rcpt';
|
|
|
|
|
// Mixed case recipient
|
|
|
|
|
socket.write('RCPT TO:<ReCiPiEnT@ExAmPlE.cOm>\r\n');
|
|
|
|
|
dataBuffer = '';
|
|
|
|
|
} else if (step === 'rcpt') {
|
|
|
|
|
// Email addresses should be case-insensitive
|
|
|
|
|
const accepted = dataBuffer.includes('250');
|
|
|
|
|
console.log(`Mixed case addresses ${accepted ? 'accepted' : 'rejected'}`);
|
|
|
|
|
|
2025-05-23 21:20:39 +00:00
|
|
|
expect(accepted).toEqual(true);
|
2025-05-23 19:03:44 +00:00
|
|
|
|
|
|
|
|
socket.write('QUIT\r\n');
|
|
|
|
|
socket.end();
|
|
|
|
|
done.resolve();
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
socket.on('error', (err) => {
|
|
|
|
|
console.error('Socket error:', err);
|
|
|
|
|
done.reject(err);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
await done.promise;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
tap.test('cleanup - stop test server', async () => {
|
|
|
|
|
await stopTestServer(testServer);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
tap.start();
|
