import { tap, expect } from '@git.zone/tstest/tapbundle'; import * as plugins from '../../../ts/plugins.js'; import * as net from 'net'; import { startTestServer, stopTestServer } from '../../helpers/server.loader.js' import type { ITestServer } from '../../helpers/server.loader.js'; const TEST_PORT = 2525; let testServer: ITestServer; // Helper to wait for SMTP response const waitForResponse = (socket: net.Socket, expectedCode?: string, timeout = 5000): Promise => { return new Promise((resolve, reject) => { let buffer = ''; const timer = setTimeout(() => { socket.removeListener('data', handler); reject(new Error(`Timeout waiting for ${expectedCode || 'any'} response`)); }, timeout); const handler = (data: Buffer) => { buffer += data.toString(); const lines = buffer.split('\r\n'); for (const line of lines) { if (expectedCode) { if (line.startsWith(expectedCode + ' ')) { clearTimeout(timer); socket.removeListener('data', handler); resolve(buffer); return; } } else { // Look for any complete response if (line.match(/^\d{3} /)) { clearTimeout(timer); socket.removeListener('data', handler); resolve(buffer); return; } } } }; socket.on('data', handler); }); }; tap.test('setup - start test server', async (toolsArg) => { testServer = await startTestServer({ port: TEST_PORT }); await toolsArg.delayFor(1000); }); tap.test('DKIM Processing - Valid DKIM signature', async (tools) => { const socket = net.createConnection({ host: 'localhost', port: TEST_PORT, timeout: 30000 }); try { // Wait for greeting const greeting = await waitForResponse(socket, '220'); console.log('Server response:', greeting); // Send EHLO socket.write('EHLO testclient\r\n'); const ehloResponse = await waitForResponse(socket, '250'); console.log('Server response:', ehloResponse); // Send MAIL FROM socket.write('MAIL FROM:\r\n'); const mailResponse = await waitForResponse(socket, '250'); console.log('Server response:', mailResponse); // Send RCPT TO socket.write('RCPT TO:\r\n'); const rcptResponse = await waitForResponse(socket, '250'); console.log('Server response:', rcptResponse); // Send DATA socket.write('DATA\r\n'); const dataResponse = await waitForResponse(socket, '354'); console.log('Server response:', dataResponse); // Generate valid DKIM signature const timestamp = Math.floor(Date.now() / 1000); const dkimSignature = [ 'v=1; a=rsa-sha256; c=relaxed/relaxed;', ' d=example.com; s=default;', ' t=' + timestamp + ';', ' h=from:to:subject:date:message-id;', ' bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;', ' b=AMGNaJ3BliF0KSLD0wTfJd1eJhYbhP8YD2z9BPwAoeh6nKzfQ8wktB9Iwml3GKKj', ' V6zJSGxJClQAoqJnO7oiIzPvHZTMGTbMvV9YBQcw5uvxLa2mRNkRT3FQ5vKFzfVQ', ' OlHnZ8qZJDxYO4JmReCBnHQcC8W9cNJJh9ZQ4A=' ].join(''); const email = [ `DKIM-Signature: ${dkimSignature}`, `Subject: DKIM Test - Valid Signature`, `From: sender@example.com`, `To: recipient@example.com`, `Date: ${new Date().toUTCString()}`, `Message-ID: `, '', 'This is a DKIM test email with a valid signature.', `Timestamp: ${Date.now()}`, '.', '' ].join('\r\n'); socket.write(email); const emailResponse = await waitForResponse(socket, '250'); console.log('Server response:', emailResponse); console.log('Email with valid DKIM signature accepted'); expect(emailResponse).toInclude('250'); expect(emailResponse.startsWith('250')).toEqual(true); // Send QUIT socket.write('QUIT\r\n'); await waitForResponse(socket, '221'); } finally { socket.destroy(); } }); tap.test('DKIM Processing - Invalid DKIM signature', async (tools) => { const socket = net.createConnection({ host: 'localhost', port: TEST_PORT, timeout: 30000 }); try { // Wait for greeting const greeting = await waitForResponse(socket, '220'); console.log('Server response:', greeting); // Send EHLO socket.write('EHLO testclient\r\n'); const ehloResponse = await waitForResponse(socket, '250'); console.log('Server response:', ehloResponse); // Send MAIL FROM socket.write('MAIL FROM:\r\n'); const mailResponse = await waitForResponse(socket, '250'); console.log('Server response:', mailResponse); // Send RCPT TO socket.write('RCPT TO:\r\n'); const rcptResponse = await waitForResponse(socket, '250'); console.log('Server response:', rcptResponse); // Send DATA socket.write('DATA\r\n'); const dataResponse = await waitForResponse(socket, '354'); console.log('Server response:', dataResponse); // Generate invalid DKIM signature (wrong domain, bad signature) const timestamp = Math.floor(Date.now() / 1000); const dkimSignature = [ 'v=1; a=rsa-sha256; c=relaxed/relaxed;', ' d=wrong-domain.com; s=invalid;', ' t=' + timestamp + ';', ' h=from:to:subject:date;', ' bh=INVALID-BODY-HASH;', ' b=INVALID-SIGNATURE-DATA' ].join(''); const email = [ `DKIM-Signature: ${dkimSignature}`, `Subject: DKIM Test - Invalid Signature`, `From: sender@example.com`, `To: recipient@example.com`, `Date: ${new Date().toUTCString()}`, `Message-ID: `, '', 'This is a DKIM test email with an invalid signature.', `Timestamp: ${Date.now()}`, '.', '' ].join('\r\n'); socket.write(email); const emailResponse = await waitForResponse(socket); console.log('Server response:', emailResponse); const accepted = emailResponse.includes('250'); console.log(`Email with invalid DKIM signature ${accepted ? 'accepted' : 'rejected'}`); // Either response is valid - server may accept and mark as failed, or reject expect(emailResponse.match(/250|550/)).toBeTruthy(); // Send QUIT socket.write('QUIT\r\n'); await waitForResponse(socket, '221'); } finally { socket.destroy(); } }); tap.test('DKIM Processing - Missing DKIM signature', async (tools) => { const socket = net.createConnection({ host: 'localhost', port: TEST_PORT, timeout: 30000 }); try { // Wait for greeting const greeting = await waitForResponse(socket, '220'); console.log('Server response:', greeting); // Send EHLO socket.write('EHLO testclient\r\n'); const ehloResponse = await waitForResponse(socket, '250'); console.log('Server response:', ehloResponse); // Send MAIL FROM socket.write('MAIL FROM:\r\n'); const mailResponse = await waitForResponse(socket, '250'); console.log('Server response:', mailResponse); // Send RCPT TO socket.write('RCPT TO:\r\n'); const rcptResponse = await waitForResponse(socket, '250'); console.log('Server response:', rcptResponse); // Send DATA socket.write('DATA\r\n'); const dataResponse = await waitForResponse(socket, '354'); console.log('Server response:', dataResponse); // Email without DKIM signature const email = [ `Subject: DKIM Test - No Signature`, `From: sender@example.com`, `To: recipient@example.com`, `Date: ${new Date().toUTCString()}`, `Message-ID: `, '', 'This is a DKIM test email without any signature.', `Timestamp: ${Date.now()}`, '.', '' ].join('\r\n'); socket.write(email); const emailResponse = await waitForResponse(socket, '250'); console.log('Server response:', emailResponse); console.log('Email without DKIM signature accepted (neutral)'); expect(emailResponse).toInclude('250'); expect(emailResponse.startsWith('250')).toEqual(true); // Send QUIT socket.write('QUIT\r\n'); await waitForResponse(socket, '221'); } finally { socket.destroy(); } }); tap.test('DKIM Processing - Multiple DKIM signatures', async (tools) => { const socket = net.createConnection({ host: 'localhost', port: TEST_PORT, timeout: 30000 }); try { // Wait for greeting const greeting = await waitForResponse(socket, '220'); console.log('Server response:', greeting); // Send EHLO socket.write('EHLO testclient\r\n'); const ehloResponse = await waitForResponse(socket, '250'); console.log('Server response:', ehloResponse); // Send MAIL FROM socket.write('MAIL FROM:\r\n'); const mailResponse = await waitForResponse(socket, '250'); console.log('Server response:', mailResponse); // Send RCPT TO socket.write('RCPT TO:\r\n'); const rcptResponse = await waitForResponse(socket, '250'); console.log('Server response:', rcptResponse); // Send DATA socket.write('DATA\r\n'); const dataResponse = await waitForResponse(socket, '354'); console.log('Server response:', dataResponse); // Email with multiple DKIM signatures (common in forwarding) const timestamp = Math.floor(Date.now() / 1000); const email = [ 'DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;', ' d=example.com; s=selector1;', ' t=' + timestamp + ';', ' h=from:to:subject;', ' bh=first-body-hash;', ' b=first-signature', 'DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;', ' d=forwarder.com; s=selector2;', ' t=' + (timestamp + 60) + ';', ' h=from:to:subject:date:message-id;', ' bh=second-body-hash;', ' b=second-signature', `Subject: DKIM Test - Multiple Signatures`, `From: sender@example.com`, `To: recipient@example.com`, `Date: ${new Date().toUTCString()}`, `Message-ID: `, '', 'This email has multiple DKIM signatures.', '.', '' ].join('\r\n'); socket.write(email); const emailResponse = await waitForResponse(socket, '250'); console.log('Server response:', emailResponse); console.log('Email with multiple DKIM signatures accepted'); expect(emailResponse).toInclude('250'); expect(emailResponse.startsWith('250')).toEqual(true); // Send QUIT socket.write('QUIT\r\n'); await waitForResponse(socket, '221'); } finally { socket.destroy(); } }); tap.test('DKIM Processing - Expired DKIM signature', async (tools) => { const socket = net.createConnection({ host: 'localhost', port: TEST_PORT, timeout: 30000 }); try { // Wait for greeting const greeting = await waitForResponse(socket, '220'); console.log('Server response:', greeting); // Send EHLO socket.write('EHLO testclient\r\n'); const ehloResponse = await waitForResponse(socket, '250'); console.log('Server response:', ehloResponse); // Send MAIL FROM socket.write('MAIL FROM:\r\n'); const mailResponse = await waitForResponse(socket, '250'); console.log('Server response:', mailResponse); // Send RCPT TO socket.write('RCPT TO:\r\n'); const rcptResponse = await waitForResponse(socket, '250'); console.log('Server response:', rcptResponse); // Send DATA socket.write('DATA\r\n'); const dataResponse = await waitForResponse(socket, '354'); console.log('Server response:', dataResponse); // DKIM signature with expired timestamp const expiredTimestamp = Math.floor(Date.now() / 1000) - 2592000; // 30 days ago const expirationTime = expiredTimestamp + 86400; // Expired 29 days ago const dkimSignature = [ 'v=1; a=rsa-sha256; c=relaxed/relaxed;', ' d=example.com; s=default;', ' t=' + expiredTimestamp + '; x=' + expirationTime + ';', ' h=from:to:subject:date;', ' bh=expired-body-hash;', ' b=expired-signature' ].join(''); const email = [ `DKIM-Signature: ${dkimSignature}`, `Subject: DKIM Test - Expired Signature`, `From: sender@example.com`, `To: recipient@example.com`, `Date: ${new Date().toUTCString()}`, `Message-ID: `, '', 'This email has an expired DKIM signature.', '.', '' ].join('\r\n'); socket.write(email); const emailResponse = await waitForResponse(socket); console.log('Server response:', emailResponse); const accepted = emailResponse.includes('250'); console.log(`Email with expired DKIM signature ${accepted ? 'accepted' : 'rejected'}`); // Either response is valid expect(emailResponse.match(/250|550/)).toBeTruthy(); // Send QUIT socket.write('QUIT\r\n'); await waitForResponse(socket, '221'); } finally { socket.destroy(); } }); tap.test('cleanup - stop test server', async () => { await stopTestServer(testServer); }); export default tap.start();