import { tap, expect } from '@push.rocks/tapbundle'; import * as plugins from '../plugins.js'; import * as net from 'net'; import { startTestServer, stopTestServer, TEST_PORT, sendEmailWithRawSocket } from '../server.loader.js'; let testServer: any; tap.test('setup - start test server', async () => { testServer = await startTestServer(); await plugins.smartdelay.delayFor(1000); }); tap.test('DMARC Policy - Reject policy enforcement', async (tools) => { const done = tools.defer(); const socket = net.createConnection({ host: 'localhost', port: TEST_PORT, timeout: 30000 }); let dataBuffer = ''; let step = 'greeting'; socket.on('data', (data) => { dataBuffer += data.toString(); console.log('Server response:', data.toString()); if (step === 'greeting' && dataBuffer.includes('220 ')) { step = 'ehlo'; socket.write('EHLO testclient\r\n'); dataBuffer = ''; } else if (step === 'ehlo' && dataBuffer.includes('250')) { // Check if server advertises DMARC support const advertisesDmarc = dataBuffer.toLowerCase().includes('dmarc'); console.log('DMARC advertised:', advertisesDmarc); step = 'mail'; // Domain with reject policy socket.write('MAIL FROM:\r\n'); dataBuffer = ''; } else if (step === 'mail') { if (dataBuffer.includes('250')) { step = 'rcpt'; socket.write('RCPT TO:\r\n'); dataBuffer = ''; } else if (dataBuffer.includes('550') || dataBuffer.includes('553')) { console.log('DMARC reject policy enforced at MAIL FROM'); expect(true).toBeTrue(); socket.write('QUIT\r\n'); socket.end(); done.resolve(); } } else if (step === 'rcpt' && dataBuffer.includes('250')) { step = 'data'; socket.write('DATA\r\n'); dataBuffer = ''; } else if (step === 'data' && dataBuffer.includes('354')) { // Send email with DMARC-relevant headers const email = [ `From: test@dmarc-reject.example.com`, `To: recipient@example.com`, `Subject: DMARC Policy Test - Reject`, `Date: ${new Date().toUTCString()}`, `Message-ID: `, `DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dmarc-reject.example.com; s=default;`, ` h=from:to:subject:date; bh=test; b=test`, '', 'Testing DMARC reject policy enforcement.', '.', '' ].join('\r\n'); socket.write(email); dataBuffer = ''; } else if (dataBuffer.includes('250 ') || dataBuffer.includes('550 ')) { const accepted = dataBuffer.includes('250'); const rejected = dataBuffer.includes('550'); console.log(`DMARC reject policy: accepted=${accepted}, rejected=${rejected}`); expect(accepted || rejected).toBeTrue(); socket.write('QUIT\r\n'); socket.end(); done.resolve(); } }); socket.on('error', (err) => { console.error('Socket error:', err); done.reject(err); }); await done.promise; }); tap.test('DMARC Policy - Quarantine policy', async (tools) => { const done = tools.defer(); const socket = net.createConnection({ host: 'localhost', port: TEST_PORT, timeout: 30000 }); let dataBuffer = ''; let step = 'greeting'; socket.on('data', (data) => { dataBuffer += data.toString(); console.log('Server response:', data.toString()); if (step === 'greeting' && dataBuffer.includes('220 ')) { step = 'ehlo'; socket.write('EHLO testclient\r\n'); dataBuffer = ''; } else if (step === 'ehlo' && dataBuffer.includes('250')) { step = 'mail'; // Domain with quarantine policy socket.write('MAIL FROM:\r\n'); dataBuffer = ''; } else if (step === 'mail' && dataBuffer.includes('250')) { step = 'rcpt'; socket.write('RCPT TO:\r\n'); dataBuffer = ''; } else if (step === 'rcpt' && dataBuffer.includes('250')) { step = 'data'; socket.write('DATA\r\n'); dataBuffer = ''; } else if (step === 'data' && dataBuffer.includes('354')) { const email = [ `From: test@dmarc-quarantine.example.com`, `To: recipient@example.com`, `Subject: DMARC Policy Test - Quarantine`, `Date: ${new Date().toUTCString()}`, `Message-ID: `, '', 'Testing DMARC quarantine policy.', '.', '' ].join('\r\n'); socket.write(email); dataBuffer = ''; } else if (dataBuffer.includes('250 ') || dataBuffer.includes('550 ')) { const accepted = dataBuffer.includes('250'); console.log(`DMARC quarantine policy: ${accepted ? 'accepted (may be quarantined)' : 'rejected'}`); expect(true).toBeTrue(); socket.write('QUIT\r\n'); socket.end(); done.resolve(); } }); socket.on('error', (err) => { console.error('Socket error:', err); done.reject(err); }); await done.promise; }); tap.test('DMARC Policy - None policy', async (tools) => { const done = tools.defer(); const socket = net.createConnection({ host: 'localhost', port: TEST_PORT, timeout: 30000 }); let dataBuffer = ''; let step = 'greeting'; socket.on('data', (data) => { dataBuffer += data.toString(); console.log('Server response:', data.toString()); if (step === 'greeting' && dataBuffer.includes('220 ')) { step = 'ehlo'; socket.write('EHLO testclient\r\n'); dataBuffer = ''; } else if (step === 'ehlo' && dataBuffer.includes('250')) { step = 'mail'; // Domain with none policy (monitoring only) socket.write('MAIL FROM:\r\n'); dataBuffer = ''; } else if (step === 'mail' && dataBuffer.includes('250')) { step = 'rcpt'; socket.write('RCPT TO:\r\n'); dataBuffer = ''; } else if (step === 'rcpt' && dataBuffer.includes('250')) { step = 'data'; socket.write('DATA\r\n'); dataBuffer = ''; } else if (step === 'data' && dataBuffer.includes('354')) { const email = [ `From: test@dmarc-none.example.com`, `To: recipient@example.com`, `Subject: DMARC Policy Test - None`, `Date: ${new Date().toUTCString()}`, `Message-ID: `, '', 'Testing DMARC none policy (monitoring only).', '.', '' ].join('\r\n'); socket.write(email); dataBuffer = ''; } else if (dataBuffer.includes('250 ') && dataBuffer.includes('Message accepted')) { console.log('DMARC none policy: email accepted (monitoring only)'); expect(true).toBeTrue(); socket.write('QUIT\r\n'); socket.end(); done.resolve(); } }); socket.on('error', (err) => { console.error('Socket error:', err); done.reject(err); }); await done.promise; }); tap.test('DMARC Policy - Alignment testing', async (tools) => { const done = tools.defer(); const socket = net.createConnection({ host: 'localhost', port: TEST_PORT, timeout: 30000 }); let dataBuffer = ''; let step = 'greeting'; socket.on('data', (data) => { dataBuffer += data.toString(); console.log('Server response:', data.toString()); if (step === 'greeting' && dataBuffer.includes('220 ')) { step = 'ehlo'; socket.write('EHLO testclient\r\n'); dataBuffer = ''; } else if (step === 'ehlo' && dataBuffer.includes('250')) { step = 'mail'; // Envelope From domain socket.write('MAIL FROM:\r\n'); dataBuffer = ''; } else if (step === 'mail' && dataBuffer.includes('250')) { step = 'rcpt'; socket.write('RCPT TO:\r\n'); dataBuffer = ''; } else if (step === 'rcpt' && dataBuffer.includes('250')) { step = 'data'; socket.write('DATA\r\n'); dataBuffer = ''; } else if (step === 'data' && dataBuffer.includes('354')) { // Header From different from envelope (tests alignment) const email = [ `From: test@header-domain.com`, `To: recipient@example.com`, `Subject: DMARC Alignment Test`, `Date: ${new Date().toUTCString()}`, `Message-ID: `, `DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=header-domain.com; s=default;`, ` h=from:to:subject:date; bh=test; b=test`, '', 'Testing DMARC domain alignment (envelope vs header From).', '.', '' ].join('\r\n'); socket.write(email); dataBuffer = ''; } else if (dataBuffer.includes('250 ') || dataBuffer.includes('550 ')) { const result = dataBuffer.includes('250') ? 'accepted' : 'rejected'; console.log(`DMARC alignment test: ${result}`); expect(true).toBeTrue(); socket.write('QUIT\r\n'); socket.end(); done.resolve(); } }); socket.on('error', (err) => { console.error('Socket error:', err); done.reject(err); }); await done.promise; }); tap.test('DMARC Policy - Percentage testing', async (tools) => { const done = tools.defer(); const socket = net.createConnection({ host: 'localhost', port: TEST_PORT, timeout: 30000 }); let dataBuffer = ''; let step = 'greeting'; socket.on('data', (data) => { dataBuffer += data.toString(); console.log('Server response:', data.toString()); if (step === 'greeting' && dataBuffer.includes('220 ')) { step = 'ehlo'; socket.write('EHLO testclient\r\n'); dataBuffer = ''; } else if (step === 'ehlo' && dataBuffer.includes('250')) { step = 'mail'; // Domain with percentage-based DMARC policy socket.write('MAIL FROM:\r\n'); dataBuffer = ''; } else if (step === 'mail' && dataBuffer.includes('250')) { step = 'rcpt'; socket.write('RCPT TO:\r\n'); dataBuffer = ''; } else if (step === 'rcpt' && dataBuffer.includes('250')) { step = 'data'; socket.write('DATA\r\n'); dataBuffer = ''; } else if (step === 'data' && dataBuffer.includes('354')) { const email = [ `From: test@dmarc-pct.example.com`, `To: recipient@example.com`, `Subject: DMARC Percentage Test`, `Date: ${new Date().toUTCString()}`, `Message-ID: `, '', 'Testing DMARC with percentage-based policy application.', '.', '' ].join('\r\n'); socket.write(email); dataBuffer = ''; } else if (dataBuffer.includes('250 ') || dataBuffer.includes('550 ')) { const result = dataBuffer.includes('250') ? 'accepted' : 'rejected'; console.log(`DMARC percentage policy: ${result} (may vary based on percentage)`); expect(true).toBeTrue(); socket.write('QUIT\r\n'); socket.end(); done.resolve(); } }); socket.on('error', (err) => { console.error('Socket error:', err); done.reject(err); }); await done.promise; }); tap.test('cleanup - stop test server', async () => { await stopTestServer(testServer); }); tap.start();