serve.zone/dcrouter
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Philipp Kunz
2025-05-23 21:20:39 +00:00
parent 9629329bc2
commit 0907949f8a
86 changed files with 654 additions and 569 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/suite/security/test.authentication.ts
View File

@ -1,6 +1,6 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import { startTestServer, stopTestServer, type ITestServer } from '../../helpers/server.loader.js';
import { connectToSmtp, waitForGreeting, sendSmtpCommand, closeSmtpConnection } from '../../helpers/test.utils.js';
import { connectToSmtp, waitForGreeting, sendSmtpCommand, closeSmtpConnection } from '../../helpers/utils.js';
let testServer: ITestServer;

18
test/suite/security/test.authorization.ts
View File

@ -1,7 +1,7 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as plugins from '../plugins.js';
import * as net from 'net';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../server.loader.js';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../../helpers/server.loader.js';
import type { SmtpServer } from '../../../ts/mail/delivery/smtpserver/index.js';
let testServer: SmtpServer;
@ -45,7 +45,7 @@ tap.test('Authorization - Valid sender domain', async (tools) => {
const accepted = dataBuffer.includes('250');
console.log(`Valid sender domain ${accepted ? 'accepted' : 'rejected'}`);
expect(accepted).toBeTrue();
expect(accepted).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -94,7 +94,7 @@ tap.test('Authorization - External sender domain', async (tools) => {
} else if (dataBuffer.includes('530')) {
// Authentication required
console.log('External sender requires authentication');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -102,7 +102,7 @@ tap.test('Authorization - External sender domain', async (tools) => {
} else if (dataBuffer.includes('550') || dataBuffer.includes('553')) {
// Rejected for policy reasons
console.log('External sender rejected by policy');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -115,7 +115,7 @@ tap.test('Authorization - External sender domain', async (tools) => {
const rejected = dataBuffer.includes('550') || dataBuffer.includes('553');
console.log(`External sender: accepted=${accepted}, authRequired=${authRequired}, rejected=${rejected}`);
expect(accepted || authRequired || rejected).toBeTrue();
expect(accepted || authRequired || rejected).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -165,7 +165,7 @@ tap.test('Authorization - Relay attempt rejection', async (tools) => {
} else {
// MAIL FROM already rejected
console.log('External sender rejected at MAIL FROM');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -179,7 +179,7 @@ tap.test('Authorization - Relay attempt rejection', async (tools) => {
dataBuffer.includes('554');
console.log(`Relay attempt ${rejected ? 'properly rejected' : 'unexpectedly accepted'}`);
expect(rejected).toBeTrue();
expect(rejected).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -230,7 +230,7 @@ tap.test('Authorization - IP-based restrictions', async (tools) => {
const rejected = dataBuffer.includes('550') || dataBuffer.includes('553');
console.log(`IP-based authorization: ${accepted ? 'accepted' : 'rejected'}`);
expect(accepted || rejected).toBeTrue(); // Either is valid based on server config
expect(accepted || rejected).toEqual(true); // Either is valid based on server config
socket.write('QUIT\r\n');
socket.end();
@ -281,7 +281,7 @@ tap.test('Authorization - Case sensitivity in addresses', async (tools) => {
const accepted = dataBuffer.includes('250');
console.log(`Mixed case addresses ${accepted ? 'accepted' : 'rejected'}`);
expect(accepted).toBeTrue();
expect(accepted).toEqual(true);
socket.write('QUIT\r\n');
socket.end();

18
test/suite/security/test.bounce-management.ts
View File

@ -1,7 +1,7 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as plugins from '../plugins.js';
import * as net from 'net';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../server.loader.js';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../../helpers/server.loader.js';
import type { SmtpServer } from '../../../ts/mail/delivery/smtpserver/index.js';
let testServer: SmtpServer;
@ -43,7 +43,7 @@ tap.test('Bounce Management - Invalid recipient domain', async (tools) => {
} else if (step === 'rcpt') {
if (dataBuffer.includes('550') || dataBuffer.includes('551') || dataBuffer.includes('553')) {
console.log('Bounce management active - invalid recipient properly rejected');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -73,7 +73,7 @@ tap.test('Bounce Management - Invalid recipient domain', async (tools) => {
dataBuffer = '';
} else if (dataBuffer.includes('250 ') && dataBuffer.includes('Message accepted')) {
console.log('Email accepted for processing - bounce will be generated');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -122,7 +122,7 @@ tap.test('Bounce Management - Empty return path (null sender)', async (tools) =>
dataBuffer = '';
} else {
console.log('Null sender rejected');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -153,7 +153,7 @@ tap.test('Bounce Management - Empty return path (null sender)', async (tools) =>
dataBuffer = '';
} else if (dataBuffer.includes('250 ') && dataBuffer.includes('Message accepted')) {
console.log('Bounce message with null sender accepted');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -222,7 +222,7 @@ tap.test('Bounce Management - DSN headers', async (tools) => {
dataBuffer = '';
} else if (dataBuffer.includes('250 ') && dataBuffer.includes('Message accepted')) {
console.log('Email with DSN headers accepted');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -271,7 +271,7 @@ tap.test('Bounce Management - Bounce loop prevention', async (tools) => {
} else if (step === 'rcpt') {
if (dataBuffer.includes('550') || dataBuffer.includes('553')) {
console.log('Bounce loop prevented - mailer-daemon recipient rejected');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -302,7 +302,7 @@ tap.test('Bounce Management - Bounce loop prevention', async (tools) => {
} else if (dataBuffer.includes('250 ') || dataBuffer.includes('550 ')) {
const result = dataBuffer.includes('250') ? 'accepted' : 'rejected';
console.log(`Bounce loop test: ${result}`);
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -368,7 +368,7 @@ tap.test('Bounce Management - Valid email (control test)', async (tools) => {
dataBuffer = '';
} else if (dataBuffer.includes('250 ') && dataBuffer.includes('Message accepted')) {
console.log('Valid email accepted - no bounce expected');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();

12
test/suite/security/test.content-scanning.ts
View File

@ -1,7 +1,7 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as plugins from '../plugins.js';
import * as net from 'net';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../server.loader.js';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../../helpers/server.loader.js';
import type { SmtpServer } from '../../../ts/mail/delivery/smtpserver/index.js';
let testServer: SmtpServer;
@ -76,7 +76,7 @@ tap.test('Content Scanning - Suspicious content patterns', async (tools) => {
console.log('Content scanning operational - email processed');
}
expect(accepted || rejected).toBeTrue();
expect(accepted || rejected).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -159,7 +159,7 @@ tap.test('Content Scanning - Malware patterns', async (tools) => {
const rejected = dataBuffer.includes('550');
console.log(`Malware pattern email: ${accepted ? 'accepted' : 'rejected'}`);
expect(accepted || rejected).toBeTrue();
expect(accepted || rejected).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -236,7 +236,7 @@ tap.test('Content Scanning - Spam keywords', async (tools) => {
const rejected = dataBuffer.includes('550');
console.log(`Spam keyword email: ${accepted ? 'accepted' : 'rejected (spam detected)'}`);
expect(accepted || rejected).toBeTrue();
expect(accepted || rejected).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -308,7 +308,7 @@ tap.test('Content Scanning - Clean legitimate email', async (tools) => {
dataBuffer = '';
} else if (dataBuffer.includes('250 ') && dataBuffer.includes('Message accepted')) {
console.log('Clean email accepted - content scanning allows legitimate emails');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -392,7 +392,7 @@ tap.test('Content Scanning - Large attachment', async (tools) => {
const rejected = dataBuffer.includes('550') || dataBuffer.includes('552');
console.log(`Large attachment: ${accepted ? 'accepted' : 'rejected (size or content issue)'}`);
expect(accepted || rejected).toBeTrue();
expect(accepted || rejected).toEqual(true);
socket.write('QUIT\r\n');
socket.end();

12
test/suite/security/test.dkim-processing.ts
View File

@ -1,7 +1,7 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as plugins from '../plugins.js';
import * as net from 'net';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../server.loader.js';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../../helpers/server.loader.js';
import type { SmtpServer } from '../../../ts/mail/delivery/smtpserver/index.js';
let testServer: SmtpServer;
@ -75,7 +75,7 @@ tap.test('DKIM Processing - Valid DKIM signature', async (tools) => {
dataBuffer = '';
} else if (dataBuffer.includes('250 ') && dataBuffer.includes('Message accepted')) {
console.log('Email with valid DKIM signature accepted');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -155,7 +155,7 @@ tap.test('DKIM Processing - Invalid DKIM signature', async (tools) => {
const accepted = dataBuffer.includes('250');
console.log(`Email with invalid DKIM signature ${accepted ? 'accepted' : 'rejected'}`);
// Either response is valid - server may accept and mark as failed, or reject
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -222,7 +222,7 @@ tap.test('DKIM Processing - Missing DKIM signature', async (tools) => {
dataBuffer = '';
} else if (dataBuffer.includes('250 ') && dataBuffer.includes('Message accepted')) {
console.log('Email without DKIM signature accepted (neutral)');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -302,7 +302,7 @@ tap.test('DKIM Processing - Multiple DKIM signatures', async (tools) => {
dataBuffer = '';
} else if (dataBuffer.includes('250 ') && dataBuffer.includes('Message accepted')) {
console.log('Email with multiple DKIM signatures accepted');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -383,7 +383,7 @@ tap.test('DKIM Processing - Expired DKIM signature', async (tools) => {
const accepted = dataBuffer.includes('250');
console.log(`Email with expired DKIM signature ${accepted ? 'accepted' : 'rejected'}`);
// Either response is valid
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();

14
test/suite/security/test.dmarc-policy.ts
View File

@ -1,7 +1,7 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as plugins from '../plugins.js';
import * as net from 'net';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../server.loader.js';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../../helpers/server.loader.js';
import type { SmtpServer } from '../../../ts/mail/delivery/smtpserver/index.js';
let testServer: SmtpServer;
@ -47,7 +47,7 @@ tap.test('DMARC Policy - Reject policy enforcement', async (tools) => {
dataBuffer = '';
} else if (dataBuffer.includes('550') || dataBuffer.includes('553')) {
console.log('DMARC reject policy enforced at MAIL FROM');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -80,7 +80,7 @@ tap.test('DMARC Policy - Reject policy enforcement', async (tools) => {
const rejected = dataBuffer.includes('550');
console.log(`DMARC reject policy: accepted=${accepted}, rejected=${rejected}`);
expect(accepted || rejected).toBeTrue();
expect(accepted || rejected).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -147,7 +147,7 @@ tap.test('DMARC Policy - Quarantine policy', async (tools) => {
} else if (dataBuffer.includes('250 ') || dataBuffer.includes('550 ')) {
const accepted = dataBuffer.includes('250');
console.log(`DMARC quarantine policy: ${accepted ? 'accepted (may be quarantined)' : 'rejected'}`);
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -213,7 +213,7 @@ tap.test('DMARC Policy - None policy', async (tools) => {
dataBuffer = '';
} else if (dataBuffer.includes('250 ') && dataBuffer.includes('Message accepted')) {
console.log('DMARC none policy: email accepted (monitoring only)');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -283,7 +283,7 @@ tap.test('DMARC Policy - Alignment testing', async (tools) => {
} else if (dataBuffer.includes('250 ') || dataBuffer.includes('550 ')) {
const result = dataBuffer.includes('250') ? 'accepted' : 'rejected';
console.log(`DMARC alignment test: ${result}`);
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -350,7 +350,7 @@ tap.test('DMARC Policy - Percentage testing', async (tools) => {
} else if (dataBuffer.includes('250 ') || dataBuffer.includes('550 ')) {
const result = dataBuffer.includes('250') ? 'accepted' : 'rejected';
console.log(`DMARC percentage policy: ${result} (may vary based on percentage)`);
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();

12
test/suite/security/test.header-injection-prevention.ts
View File

@ -1,7 +1,7 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as plugins from '../plugins.js';
import * as net from 'net';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../server.loader.js';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../../helpers/server.loader.js';
import type { SmtpServer } from '../../../ts/mail/delivery/smtpserver/index.js';
let testServer: SmtpServer;
@ -70,7 +70,7 @@ tap.test('Header Injection Prevention - CRLF injection in headers', async (tools
console.log('Header injection prevention active - malicious headers detected');
}
expect(accepted || rejected).toBeTrue();
expect(accepted || rejected).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -118,7 +118,7 @@ tap.test('Header Injection Prevention - Command injection in MAIL FROM', async (
dataBuffer.includes('500');
console.log('Command injection attempt handled');
expect(properResponse).toBeTrue();
expect(properResponse).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -191,7 +191,7 @@ tap.test('Header Injection Prevention - HTML/Script injection in body', async (t
} else if (dataBuffer.includes('250 ') || dataBuffer.includes('550 ')) {
const accepted = dataBuffer.includes('250');
console.log(`HTML/Script content: ${accepted ? 'accepted (may be sanitized)' : 'rejected'}`);
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -239,7 +239,7 @@ tap.test('Header Injection Prevention - Null byte injection', async (tools) => {
dataBuffer.includes('550');
console.log('Null byte injection attempt handled');
expect(handled).toBeTrue();
expect(handled).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -308,7 +308,7 @@ tap.test('Header Injection Prevention - Unicode and encoding attacks', async (to
} else if (dataBuffer.includes('250 ') || dataBuffer.includes('550 ')) {
const result = dataBuffer.includes('250') ? 'accepted' : 'rejected';
console.log(`Unicode/encoding attack: ${result}`);
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();

16
test/suite/security/test.ip-reputation.ts
View File

@ -1,7 +1,7 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as plugins from '../plugins.js';
import * as net from 'net';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../server.loader.js';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../../helpers/server.loader.js';
import type { SmtpServer } from '../../../ts/mail/delivery/smtpserver/index.js';
let testServer: SmtpServer;
@ -35,7 +35,7 @@ tap.test('IP Reputation - Suspicious hostname in EHLO', async (tools) => {
const rejected = dataBuffer.includes('550') || dataBuffer.includes('521');
console.log(`Suspicious hostname: accepted=${accepted}, rejected=${rejected}`);
expect(accepted || rejected).toBeTrue();
expect(accepted || rejected).toEqual(true);
if (rejected) {
console.log('IP reputation check working - suspicious host rejected at EHLO');
@ -88,7 +88,7 @@ tap.test('IP Reputation - Blacklisted sender domain', async (tools) => {
dataBuffer = '';
} else if (dataBuffer.includes('550') || dataBuffer.includes('553')) {
console.log('Blacklisted sender rejected - IP reputation check working');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -99,7 +99,7 @@ tap.test('IP Reputation - Blacklisted sender domain', async (tools) => {
const rejected = dataBuffer.includes('550') || dataBuffer.includes('553');
console.log(`Blacklisted domain at RCPT: accepted=${accepted}, rejected=${rejected}`);
expect(accepted || rejected).toBeTrue();
expect(accepted || rejected).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -146,7 +146,7 @@ tap.test('IP Reputation - Known good sender', async (tools) => {
dataBuffer = '';
} else if (step === 'rcpt' && dataBuffer.includes('250')) {
console.log('Good sender accepted - IP reputation allows legitimate senders');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -198,7 +198,7 @@ tap.test('IP Reputation - Multiple connections from same IP', async (tools) => {
completedConnections++;
if (completedConnections === totalConnections) {
console.log('All connections completed');
expect(true).toBeTrue();
expect(true).toEqual(true);
done.resolve();
}
});
@ -264,7 +264,7 @@ tap.test('IP Reputation - Suspicious patterns in email', async (tools) => {
dataBuffer = '';
} else if (dataBuffer.includes('452') || dataBuffer.includes('550')) {
console.log('Multiple recipients limited - reputation control active');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -291,7 +291,7 @@ tap.test('IP Reputation - Suspicious patterns in email', async (tools) => {
} else if (dataBuffer.includes('250 ') || dataBuffer.includes('550 ')) {
const result = dataBuffer.includes('250') ? 'accepted' : 'rejected';
console.log(`Suspicious content email ${result}`);
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();

10
test/suite/security/test.rate-limiting.ts
View File

@ -108,7 +108,7 @@ tap.test('Rate Limiting - should limit rapid consecutive connections', async (to
// Note: We consider the test passed if rate limiting is either working OR not configured
// Many SMTP servers don't have rate limiting, which is also valid
expect(true).toBeTrue();
expect(true).toEqual(true);
} finally {
done.resolve();
@ -219,11 +219,11 @@ tap.test('Rate Limiting - should allow connections after rate limit period', asy
} catch (error) {
console.log('Retry connection failed:', error);
// Some servers might have longer rate limit periods
expect(true).toBeTrue();
expect(true).toEqual(true);
}
} else {
console.log('Rate limiting not triggered or not configured');
expect(true).toBeTrue();
expect(true).toEqual(true);
}
} finally {
@ -309,7 +309,7 @@ tap.test('Rate Limiting - should limit rapid MAIL FROM commands', async (tools)
socket.end();
// Test passes regardless - rate limiting is optional
expect(true).toBeTrue();
expect(true).toEqual(true);
} finally {
done.resolve();
@ -318,7 +318,7 @@ tap.test('Rate Limiting - should limit rapid MAIL FROM commands', async (tools)
tap.test('cleanup - stop SMTP server', async () => {
await stopTestServer(testServer);
expect(true).toBeTrue();
expect(true).toEqual(true);
});
tap.start();

20
test/suite/security/test.spf-checking.ts
View File

@ -1,7 +1,7 @@
import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as plugins from '../plugins.js';
import * as net from 'net';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../server.loader.js';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../../helpers/server.loader.js';
import type { SmtpServer } from '../../../ts/mail/delivery/smtpserver/index.js';
let testServer: SmtpServer;
@ -44,7 +44,7 @@ tap.test('SPF Checking - Authorized IP from local domain', async (tools) => {
dataBuffer = '';
} else if (dataBuffer.includes('550') || dataBuffer.includes('553')) {
console.log('Local domain sender rejected (SPF fail)');
expect(true).toBeTrue(); // Either result shows SPF processing
expect(true).toEqual(true); // Either result shows SPF processing
socket.write('QUIT\r\n');
socket.end();
@ -52,7 +52,7 @@ tap.test('SPF Checking - Authorized IP from local domain', async (tools) => {
}
} else if (step === 'rcpt' && dataBuffer.includes('250')) {
console.log('Email accepted - SPF likely passed or neutral');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -101,7 +101,7 @@ tap.test('SPF Checking - External domain sender', async (tools) => {
dataBuffer = '';
} else if (dataBuffer.includes('550') || dataBuffer.includes('553')) {
console.log('External domain sender rejected (SPF fail)');
expect(true).toBeTrue(); // Shows SPF is working
expect(true).toEqual(true); // Shows SPF is working
socket.write('QUIT\r\n');
socket.end();
@ -112,7 +112,7 @@ tap.test('SPF Checking - External domain sender', async (tools) => {
const rejected = dataBuffer.includes('550') || dataBuffer.includes('553');
console.log(`External domain: accepted=${accepted}, rejected=${rejected}`);
expect(accepted || rejected).toBeTrue();
expect(accepted || rejected).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -161,7 +161,7 @@ tap.test('SPF Checking - Known SPF fail domain', async (tools) => {
dataBuffer = '';
} else if (dataBuffer.includes('550') || dataBuffer.includes('553')) {
console.log('SPF fail domain properly rejected');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -170,7 +170,7 @@ tap.test('SPF Checking - Known SPF fail domain', async (tools) => {
} else if (step === 'rcpt') {
// Either accepted or rejected is valid
const response = dataBuffer.includes('250') || dataBuffer.includes('550') || dataBuffer.includes('553');
expect(response).toBeTrue();
expect(response).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -217,7 +217,7 @@ tap.test('SPF Checking - IPv4 literal in HELO', async (tools) => {
const rejected = dataBuffer.includes('550') || dataBuffer.includes('553');
console.log(`IP literal sender: accepted=${accepted}, rejected=${rejected}`);
expect(accepted || rejected).toBeTrue();
expect(accepted || rejected).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -266,7 +266,7 @@ tap.test('SPF Checking - Subdomain sender', async (tools) => {
dataBuffer = '';
} else if (dataBuffer.includes('550') || dataBuffer.includes('553')) {
console.log('Subdomain sender rejected');
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();
@ -275,7 +275,7 @@ tap.test('SPF Checking - Subdomain sender', async (tools) => {
} else if (step === 'rcpt') {
const accepted = dataBuffer.includes('250');
console.log(`Subdomain SPF test: ${accepted ? 'passed' : 'failed'}`);
expect(true).toBeTrue();
expect(true).toEqual(true);
socket.write('QUIT\r\n');
socket.end();

14
test/suite/security/test.tls-certificate-validation.ts
View File

@ -2,7 +2,7 @@ import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as plugins from '../plugins.js';
import * as net from 'net';
import * as tls from 'tls';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../server.loader.js';
import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../../helpers/server.loader.js';
import type { SmtpServer } from '../../../ts/mail/delivery/smtpserver/index.js';
let testServer: SmtpServer;
@ -78,7 +78,7 @@ tap.test('TLS Certificate Validation - STARTTLS certificate check', async (tools
const isValid = now >= validFrom && now <= validTo;
console.log('Certificate currently valid:', isValid);
expect(true).toBeTrue(); // Certificate present
expect(true).toEqual(true); // Certificate present
}
// Test EHLO over TLS
@ -91,7 +91,7 @@ tap.test('TLS Certificate Validation - STARTTLS certificate check', async (tools
if (response.includes('250')) {
console.log('EHLO over TLS successful');
expect(true).toBeTrue();
expect(true).toEqual(true);
tlsSocket.write('QUIT\r\n');
tlsSocket.end();
@ -133,7 +133,7 @@ tap.test('TLS Certificate Validation - Direct TLS connection', async (tools) =>
const cert = socket.getPeerCertificate();
if (cert && Object.keys(cert).length > 0) {
console.log('Certificate found on direct TLS connection');
expect(true).toBeTrue();
expect(true).toEqual(true);
}
socket.end();
@ -143,7 +143,7 @@ tap.test('TLS Certificate Validation - Direct TLS connection', async (tools) =>
socket.on('error', (err) => {
// Direct TLS might not be supported, try plain connection
console.log('Direct TLS not supported, this is expected for STARTTLS servers');
expect(true).toBeTrue();
expect(true).toEqual(true);
done.resolve();
});
@ -205,7 +205,7 @@ tap.test('TLS Certificate Validation - Certificate verification with strict mode
console.log('Authorization error:', tlsSocket.authorizationError);
}
expect(true).toBeTrue(); // Connection established
expect(true).toEqual(true); // Connection established
tlsSocket.write('QUIT\r\n');
tlsSocket.end();
done.resolve();
@ -213,7 +213,7 @@ tap.test('TLS Certificate Validation - Certificate verification with strict mode
tlsSocket.on('error', (err) => {
console.log('Certificate verification error (expected for self-signed):', err.message);
expect(true).toBeTrue(); // Error is expected for self-signed certificates
expect(true).toEqual(true); // Error is expected for self-signed certificates
socket.end();
done.resolve();
});