import { tap, expect } from '@git.zone/tstest/tapbundle'; import * as plugins from '../plugins.js'; import * as net from 'net'; import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../../helpers/server.loader.js'; import type { SmtpServer } from '../../../ts/mail/delivery/smtpserver/index.js'; let testServer: SmtpServer; tap.test('setup - start test server', async () => { testServer = await startTestServer(); await plugins.smartdelay.delayFor(1000); }); tap.test('DKIM Processing - Valid DKIM signature', async (tools) => { const done = tools.defer(); const socket = net.createConnection({ host: 'localhost', port: TEST_PORT, timeout: 30000 }); let dataBuffer = ''; let step = 'greeting'; socket.on('data', (data) => { dataBuffer += data.toString(); console.log('Server response:', data.toString()); if (step === 'greeting' && dataBuffer.includes('220 ')) { step = 'ehlo'; socket.write('EHLO testclient\r\n'); dataBuffer = ''; } else if (step === 'ehlo' && dataBuffer.includes('250')) { step = 'mail'; socket.write('MAIL FROM:\r\n'); dataBuffer = ''; } else if (step === 'mail' && dataBuffer.includes('250')) { step = 'rcpt'; socket.write('RCPT TO:\r\n'); dataBuffer = ''; } else if (step === 'rcpt' && dataBuffer.includes('250')) { step = 'data'; socket.write('DATA\r\n'); dataBuffer = ''; } else if (step === 'data' && dataBuffer.includes('354')) { // Generate valid DKIM signature const timestamp = Math.floor(Date.now() / 1000); const dkimSignature = [ 'v=1; a=rsa-sha256; c=relaxed/relaxed;', ' d=example.com; s=default;', ' t=' + timestamp + ';', ' h=from:to:subject:date:message-id;', ' bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;', ' b=AMGNaJ3BliF0KSLD0wTfJd1eJhYbhP8YD2z9BPwAoeh6nKzfQ8wktB9Iwml3GKKj', ' V6zJSGxJClQAoqJnO7oiIzPvHZTMGTbMvV9YBQcw5uvxLa2mRNkRT3FQ5vKFzfVQ', ' OlHnZ8qZJDxYO4JmReCBnHQcC8W9cNJJh9ZQ4A=' ].join(''); const email = [ `DKIM-Signature: ${dkimSignature}`, `Subject: DKIM Test - Valid Signature`, `From: sender@example.com`, `To: recipient@example.com`, `Date: ${new Date().toUTCString()}`, `Message-ID: `, '', 'This is a DKIM test email with a valid signature.', `Timestamp: ${Date.now()}`, '.', '' ].join('\r\n'); socket.write(email); dataBuffer = ''; } else if (dataBuffer.includes('250 ') && dataBuffer.includes('Message accepted')) { console.log('Email with valid DKIM signature accepted'); expect(true).toEqual(true); socket.write('QUIT\r\n'); socket.end(); done.resolve(); } }); socket.on('error', (err) => { console.error('Socket error:', err); done.reject(err); }); await done.promise; }); tap.test('DKIM Processing - Invalid DKIM signature', async (tools) => { const done = tools.defer(); const socket = net.createConnection({ host: 'localhost', port: TEST_PORT, timeout: 30000 }); let dataBuffer = ''; let step = 'greeting'; socket.on('data', (data) => { dataBuffer += data.toString(); console.log('Server response:', data.toString()); if (step === 'greeting' && dataBuffer.includes('220 ')) { step = 'ehlo'; socket.write('EHLO testclient\r\n'); dataBuffer = ''; } else if (step === 'ehlo' && dataBuffer.includes('250')) { step = 'mail'; socket.write('MAIL FROM:\r\n'); dataBuffer = ''; } else if (step === 'mail' && dataBuffer.includes('250')) { step = 'rcpt'; socket.write('RCPT TO:\r\n'); dataBuffer = ''; } else if (step === 'rcpt' && dataBuffer.includes('250')) { step = 'data'; socket.write('DATA\r\n'); dataBuffer = ''; } else if (step === 'data' && dataBuffer.includes('354')) { // Generate invalid DKIM signature (wrong domain, bad signature) const timestamp = Math.floor(Date.now() / 1000); const dkimSignature = [ 'v=1; a=rsa-sha256; c=relaxed/relaxed;', ' d=wrong-domain.com; s=invalid;', ' t=' + timestamp + ';', ' h=from:to:subject:date;', ' bh=INVALID-BODY-HASH;', ' b=INVALID-SIGNATURE-DATA' ].join(''); const email = [ `DKIM-Signature: ${dkimSignature}`, `Subject: DKIM Test - Invalid Signature`, `From: sender@example.com`, `To: recipient@example.com`, `Date: ${new Date().toUTCString()}`, `Message-ID: `, '', 'This is a DKIM test email with an invalid signature.', `Timestamp: ${Date.now()}`, '.', '' ].join('\r\n'); socket.write(email); dataBuffer = ''; } else if (dataBuffer.includes('250 ') || dataBuffer.includes('550 ')) { const accepted = dataBuffer.includes('250'); console.log(`Email with invalid DKIM signature ${accepted ? 'accepted' : 'rejected'}`); // Either response is valid - server may accept and mark as failed, or reject expect(true).toEqual(true); socket.write('QUIT\r\n'); socket.end(); done.resolve(); } }); socket.on('error', (err) => { console.error('Socket error:', err); done.reject(err); }); await done.promise; }); tap.test('DKIM Processing - Missing DKIM signature', async (tools) => { const done = tools.defer(); const socket = net.createConnection({ host: 'localhost', port: TEST_PORT, timeout: 30000 }); let dataBuffer = ''; let step = 'greeting'; socket.on('data', (data) => { dataBuffer += data.toString(); console.log('Server response:', data.toString()); if (step === 'greeting' && dataBuffer.includes('220 ')) { step = 'ehlo'; socket.write('EHLO testclient\r\n'); dataBuffer = ''; } else if (step === 'ehlo' && dataBuffer.includes('250')) { step = 'mail'; socket.write('MAIL FROM:\r\n'); dataBuffer = ''; } else if (step === 'mail' && dataBuffer.includes('250')) { step = 'rcpt'; socket.write('RCPT TO:\r\n'); dataBuffer = ''; } else if (step === 'rcpt' && dataBuffer.includes('250')) { step = 'data'; socket.write('DATA\r\n'); dataBuffer = ''; } else if (step === 'data' && dataBuffer.includes('354')) { // Email without DKIM signature const email = [ `Subject: DKIM Test - No Signature`, `From: sender@example.com`, `To: recipient@example.com`, `Date: ${new Date().toUTCString()}`, `Message-ID: `, '', 'This is a DKIM test email without any signature.', `Timestamp: ${Date.now()}`, '.', '' ].join('\r\n'); socket.write(email); dataBuffer = ''; } else if (dataBuffer.includes('250 ') && dataBuffer.includes('Message accepted')) { console.log('Email without DKIM signature accepted (neutral)'); expect(true).toEqual(true); socket.write('QUIT\r\n'); socket.end(); done.resolve(); } }); socket.on('error', (err) => { console.error('Socket error:', err); done.reject(err); }); await done.promise; }); tap.test('DKIM Processing - Multiple DKIM signatures', async (tools) => { const done = tools.defer(); const socket = net.createConnection({ host: 'localhost', port: TEST_PORT, timeout: 30000 }); let dataBuffer = ''; let step = 'greeting'; socket.on('data', (data) => { dataBuffer += data.toString(); console.log('Server response:', data.toString()); if (step === 'greeting' && dataBuffer.includes('220 ')) { step = 'ehlo'; socket.write('EHLO testclient\r\n'); dataBuffer = ''; } else if (step === 'ehlo' && dataBuffer.includes('250')) { step = 'mail'; socket.write('MAIL FROM:\r\n'); dataBuffer = ''; } else if (step === 'mail' && dataBuffer.includes('250')) { step = 'rcpt'; socket.write('RCPT TO:\r\n'); dataBuffer = ''; } else if (step === 'rcpt' && dataBuffer.includes('250')) { step = 'data'; socket.write('DATA\r\n'); dataBuffer = ''; } else if (step === 'data' && dataBuffer.includes('354')) { // Email with multiple DKIM signatures (common in forwarding) const timestamp = Math.floor(Date.now() / 1000); const email = [ 'DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;', ' d=example.com; s=selector1;', ' t=' + timestamp + ';', ' h=from:to:subject;', ' bh=first-body-hash;', ' b=first-signature', 'DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;', ' d=forwarder.com; s=selector2;', ' t=' + (timestamp + 60) + ';', ' h=from:to:subject:date:message-id;', ' bh=second-body-hash;', ' b=second-signature', `Subject: DKIM Test - Multiple Signatures`, `From: sender@example.com`, `To: recipient@example.com`, `Date: ${new Date().toUTCString()}`, `Message-ID: `, '', 'This email has multiple DKIM signatures.', '.', '' ].join('\r\n'); socket.write(email); dataBuffer = ''; } else if (dataBuffer.includes('250 ') && dataBuffer.includes('Message accepted')) { console.log('Email with multiple DKIM signatures accepted'); expect(true).toEqual(true); socket.write('QUIT\r\n'); socket.end(); done.resolve(); } }); socket.on('error', (err) => { console.error('Socket error:', err); done.reject(err); }); await done.promise; }); tap.test('DKIM Processing - Expired DKIM signature', async (tools) => { const done = tools.defer(); const socket = net.createConnection({ host: 'localhost', port: TEST_PORT, timeout: 30000 }); let dataBuffer = ''; let step = 'greeting'; socket.on('data', (data) => { dataBuffer += data.toString(); console.log('Server response:', data.toString()); if (step === 'greeting' && dataBuffer.includes('220 ')) { step = 'ehlo'; socket.write('EHLO testclient\r\n'); dataBuffer = ''; } else if (step === 'ehlo' && dataBuffer.includes('250')) { step = 'mail'; socket.write('MAIL FROM:\r\n'); dataBuffer = ''; } else if (step === 'mail' && dataBuffer.includes('250')) { step = 'rcpt'; socket.write('RCPT TO:\r\n'); dataBuffer = ''; } else if (step === 'rcpt' && dataBuffer.includes('250')) { step = 'data'; socket.write('DATA\r\n'); dataBuffer = ''; } else if (step === 'data' && dataBuffer.includes('354')) { // DKIM signature with expired timestamp const expiredTimestamp = Math.floor(Date.now() / 1000) - 2592000; // 30 days ago const expirationTime = expiredTimestamp + 86400; // Expired 29 days ago const dkimSignature = [ 'v=1; a=rsa-sha256; c=relaxed/relaxed;', ' d=example.com; s=default;', ' t=' + expiredTimestamp + '; x=' + expirationTime + ';', ' h=from:to:subject:date;', ' bh=expired-body-hash;', ' b=expired-signature' ].join(''); const email = [ `DKIM-Signature: ${dkimSignature}`, `Subject: DKIM Test - Expired Signature`, `From: sender@example.com`, `To: recipient@example.com`, `Date: ${new Date().toUTCString()}`, `Message-ID: `, '', 'This email has an expired DKIM signature.', '.', '' ].join('\r\n'); socket.write(email); dataBuffer = ''; } else if (dataBuffer.includes('250 ') || dataBuffer.includes('550 ')) { const accepted = dataBuffer.includes('250'); console.log(`Email with expired DKIM signature ${accepted ? 'accepted' : 'rejected'}`); // Either response is valid expect(true).toEqual(true); socket.write('QUIT\r\n'); socket.end(); done.resolve(); } }); socket.on('error', (err) => { console.error('Socket error:', err); done.reject(err); }); await done.promise; }); tap.test('cleanup - stop test server', async () => { await stopTestServer(testServer); }); tap.start();