serve.zone/dcrouter
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dcrouter/test/suite/smtpserver_security/test.sec-03.dkim-processing.ts
Philipp Kunz 84196f9b13 update
2025-05-25 19:05:43 +00:00

414 lines
13 KiB
TypeScript
Raw Permalink Blame History

import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as plugins from '../../../ts/plugins.js';
import * as net from 'net';
import { startTestServer, stopTestServer } from '../../helpers/server.loader.js'
import type { ITestServer } from '../../helpers/server.loader.js';
const TEST_PORT = 2525;
let testServer: ITestServer;
// Helper to wait for SMTP response
const waitForResponse = (socket: net.Socket, expectedCode?: string, timeout = 5000): Promise<string> => {
return new Promise((resolve, reject) => {
let buffer = '';
const timer = setTimeout(() => {
socket.removeListener('data', handler);
reject(new Error(`Timeout waiting for ${expectedCode || 'any'} response`));
}, timeout);
const handler = (data: Buffer) => {
buffer += data.toString();
const lines = buffer.split('\r\n');
for (const line of lines) {
if (expectedCode) {
if (line.startsWith(expectedCode + ' ')) {
clearTimeout(timer);
socket.removeListener('data', handler);
resolve(buffer);
return;
}
} else {
// Look for any complete response
if (line.match(/^\d{3} /)) {
clearTimeout(timer);
socket.removeListener('data', handler);
resolve(buffer);
return;
}
}
}
};
socket.on('data', handler);
});
};
tap.test('setup - start test server', async (toolsArg) => {
testServer = await startTestServer({ port: TEST_PORT });
await toolsArg.delayFor(1000);
});
tap.test('DKIM Processing - Valid DKIM signature', async (tools) => {
const socket = net.createConnection({
host: 'localhost',
port: TEST_PORT,
timeout: 30000
});
try {
// Wait for greeting
const greeting = await waitForResponse(socket, '220');
console.log('Server response:', greeting);
// Send EHLO
socket.write('EHLO testclient\r\n');
const ehloResponse = await waitForResponse(socket, '250');
console.log('Server response:', ehloResponse);
// Send MAIL FROM
socket.write('MAIL FROM:<sender@example.com>\r\n');
const mailResponse = await waitForResponse(socket, '250');
console.log('Server response:', mailResponse);
// Send RCPT TO
socket.write('RCPT TO:<recipient@example.com>\r\n');
const rcptResponse = await waitForResponse(socket, '250');
console.log('Server response:', rcptResponse);
// Send DATA
socket.write('DATA\r\n');
const dataResponse = await waitForResponse(socket, '354');
console.log('Server response:', dataResponse);
// Generate valid DKIM signature
const timestamp = Math.floor(Date.now() / 1000);
const dkimSignature = [
'v=1; a=rsa-sha256; c=relaxed/relaxed;',
' d=example.com; s=default;',
' t=' + timestamp + ';',
' h=from:to:subject:date:message-id;',
' bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;',
' b=AMGNaJ3BliF0KSLD0wTfJd1eJhYbhP8YD2z9BPwAoeh6nKzfQ8wktB9Iwml3GKKj',
' V6zJSGxJClQAoqJnO7oiIzPvHZTMGTbMvV9YBQcw5uvxLa2mRNkRT3FQ5vKFzfVQ',
' OlHnZ8qZJDxYO4JmReCBnHQcC8W9cNJJh9ZQ4A='
].join('');
const email = [
`DKIM-Signature: ${dkimSignature}`,
`Subject: DKIM Test - Valid Signature`,
`From: sender@example.com`,
`To: recipient@example.com`,
`Date: ${new Date().toUTCString()}`,
`Message-ID: <dkim-valid-${Date.now()}@example.com>`,
'',
'This is a DKIM test email with a valid signature.',
`Timestamp: ${Date.now()}`,
'.',
''
].join('\r\n');
socket.write(email);
const emailResponse = await waitForResponse(socket, '250');
console.log('Server response:', emailResponse);
console.log('Email with valid DKIM signature accepted');
expect(emailResponse).toInclude('250');
expect(emailResponse.startsWith('250')).toEqual(true);
// Send QUIT
socket.write('QUIT\r\n');
await waitForResponse(socket, '221');
} finally {
socket.destroy();
}
});
tap.test('DKIM Processing - Invalid DKIM signature', async (tools) => {
const socket = net.createConnection({
host: 'localhost',
port: TEST_PORT,
timeout: 30000
});
try {
// Wait for greeting
const greeting = await waitForResponse(socket, '220');
console.log('Server response:', greeting);
// Send EHLO
socket.write('EHLO testclient\r\n');
const ehloResponse = await waitForResponse(socket, '250');
console.log('Server response:', ehloResponse);
// Send MAIL FROM
socket.write('MAIL FROM:<sender@example.com>\r\n');
const mailResponse = await waitForResponse(socket, '250');
console.log('Server response:', mailResponse);
// Send RCPT TO
socket.write('RCPT TO:<recipient@example.com>\r\n');
const rcptResponse = await waitForResponse(socket, '250');
console.log('Server response:', rcptResponse);
// Send DATA
socket.write('DATA\r\n');
const dataResponse = await waitForResponse(socket, '354');
console.log('Server response:', dataResponse);
// Generate invalid DKIM signature (wrong domain, bad signature)
const timestamp = Math.floor(Date.now() / 1000);
const dkimSignature = [
'v=1; a=rsa-sha256; c=relaxed/relaxed;',
' d=wrong-domain.com; s=invalid;',
' t=' + timestamp + ';',
' h=from:to:subject:date;',
' bh=INVALID-BODY-HASH;',
' b=INVALID-SIGNATURE-DATA'
].join('');
const email = [
`DKIM-Signature: ${dkimSignature}`,
`Subject: DKIM Test - Invalid Signature`,
`From: sender@example.com`,
`To: recipient@example.com`,
`Date: ${new Date().toUTCString()}`,
`Message-ID: <dkim-invalid-${Date.now()}@example.com>`,
'',
'This is a DKIM test email with an invalid signature.',
`Timestamp: ${Date.now()}`,
'.',
''
].join('\r\n');
socket.write(email);
const emailResponse = await waitForResponse(socket);
console.log('Server response:', emailResponse);
const accepted = emailResponse.includes('250');
console.log(`Email with invalid DKIM signature ${accepted ? 'accepted' : 'rejected'}`);
// Either response is valid - server may accept and mark as failed, or reject
expect(emailResponse.match(/250|550/)).toBeTruthy();
// Send QUIT
socket.write('QUIT\r\n');
await waitForResponse(socket, '221');
} finally {
socket.destroy();
}
});
tap.test('DKIM Processing - Missing DKIM signature', async (tools) => {
const socket = net.createConnection({
host: 'localhost',
port: TEST_PORT,
timeout: 30000
});
try {
// Wait for greeting
const greeting = await waitForResponse(socket, '220');
console.log('Server response:', greeting);
// Send EHLO
socket.write('EHLO testclient\r\n');
const ehloResponse = await waitForResponse(socket, '250');
console.log('Server response:', ehloResponse);
// Send MAIL FROM
socket.write('MAIL FROM:<sender@example.com>\r\n');
const mailResponse = await waitForResponse(socket, '250');
console.log('Server response:', mailResponse);
// Send RCPT TO
socket.write('RCPT TO:<recipient@example.com>\r\n');
const rcptResponse = await waitForResponse(socket, '250');
console.log('Server response:', rcptResponse);
// Send DATA
socket.write('DATA\r\n');
const dataResponse = await waitForResponse(socket, '354');
console.log('Server response:', dataResponse);
// Email without DKIM signature
const email = [
`Subject: DKIM Test - No Signature`,
`From: sender@example.com`,
`To: recipient@example.com`,
`Date: ${new Date().toUTCString()}`,
`Message-ID: <dkim-none-${Date.now()}@example.com>`,
'',
'This is a DKIM test email without any signature.',
`Timestamp: ${Date.now()}`,
'.',
''
].join('\r\n');
socket.write(email);
const emailResponse = await waitForResponse(socket, '250');
console.log('Server response:', emailResponse);
console.log('Email without DKIM signature accepted (neutral)');
expect(emailResponse).toInclude('250');
expect(emailResponse.startsWith('250')).toEqual(true);
// Send QUIT
socket.write('QUIT\r\n');
await waitForResponse(socket, '221');
} finally {
socket.destroy();
}
});
tap.test('DKIM Processing - Multiple DKIM signatures', async (tools) => {
const socket = net.createConnection({
host: 'localhost',
port: TEST_PORT,
timeout: 30000
});
try {
// Wait for greeting
const greeting = await waitForResponse(socket, '220');
console.log('Server response:', greeting);
// Send EHLO
socket.write('EHLO testclient\r\n');
const ehloResponse = await waitForResponse(socket, '250');
console.log('Server response:', ehloResponse);
// Send MAIL FROM
socket.write('MAIL FROM:<sender@example.com>\r\n');
const mailResponse = await waitForResponse(socket, '250');
console.log('Server response:', mailResponse);
// Send RCPT TO
socket.write('RCPT TO:<recipient@example.com>\r\n');
const rcptResponse = await waitForResponse(socket, '250');
console.log('Server response:', rcptResponse);
// Send DATA
socket.write('DATA\r\n');
const dataResponse = await waitForResponse(socket, '354');
console.log('Server response:', dataResponse);
// Email with multiple DKIM signatures (common in forwarding)
const timestamp = Math.floor(Date.now() / 1000);
const email = [
'DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;',
' d=example.com; s=selector1;',
' t=' + timestamp + ';',
' h=from:to:subject;',
' bh=first-body-hash;',
' b=first-signature',
'DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;',
' d=forwarder.com; s=selector2;',
' t=' + (timestamp + 60) + ';',
' h=from:to:subject:date:message-id;',
' bh=second-body-hash;',
' b=second-signature',
`Subject: DKIM Test - Multiple Signatures`,
`From: sender@example.com`,
`To: recipient@example.com`,
`Date: ${new Date().toUTCString()}`,
`Message-ID: <dkim-multi-${Date.now()}@example.com>`,
'',
'This email has multiple DKIM signatures.',
'.',
''
].join('\r\n');
socket.write(email);
const emailResponse = await waitForResponse(socket, '250');
console.log('Server response:', emailResponse);
console.log('Email with multiple DKIM signatures accepted');
expect(emailResponse).toInclude('250');
expect(emailResponse.startsWith('250')).toEqual(true);
// Send QUIT
socket.write('QUIT\r\n');
await waitForResponse(socket, '221');
} finally {
socket.destroy();
}
});
tap.test('DKIM Processing - Expired DKIM signature', async (tools) => {
const socket = net.createConnection({
host: 'localhost',
port: TEST_PORT,
timeout: 30000
});
try {
// Wait for greeting
const greeting = await waitForResponse(socket, '220');
console.log('Server response:', greeting);
// Send EHLO
socket.write('EHLO testclient\r\n');
const ehloResponse = await waitForResponse(socket, '250');
console.log('Server response:', ehloResponse);
// Send MAIL FROM
socket.write('MAIL FROM:<sender@example.com>\r\n');
const mailResponse = await waitForResponse(socket, '250');
console.log('Server response:', mailResponse);
// Send RCPT TO
socket.write('RCPT TO:<recipient@example.com>\r\n');
const rcptResponse = await waitForResponse(socket, '250');
console.log('Server response:', rcptResponse);
// Send DATA
socket.write('DATA\r\n');
const dataResponse = await waitForResponse(socket, '354');
console.log('Server response:', dataResponse);
// DKIM signature with expired timestamp
const expiredTimestamp = Math.floor(Date.now() / 1000) - 2592000; // 30 days ago
const expirationTime = expiredTimestamp + 86400; // Expired 29 days ago
const dkimSignature = [
'v=1; a=rsa-sha256; c=relaxed/relaxed;',
' d=example.com; s=default;',
' t=' + expiredTimestamp + '; x=' + expirationTime + ';',
' h=from:to:subject:date;',
' bh=expired-body-hash;',
' b=expired-signature'
].join('');
const email = [
`DKIM-Signature: ${dkimSignature}`,
`Subject: DKIM Test - Expired Signature`,
`From: sender@example.com`,
`To: recipient@example.com`,
`Date: ${new Date().toUTCString()}`,
`Message-ID: <dkim-expired-${Date.now()}@example.com>`,
'',
'This email has an expired DKIM signature.',
'.',
''
].join('\r\n');
socket.write(email);
const emailResponse = await waitForResponse(socket);
console.log('Server response:', emailResponse);
const accepted = emailResponse.includes('250');
console.log(`Email with expired DKIM signature ${accepted ? 'accepted' : 'rejected'}`);
// Either response is valid
expect(emailResponse.match(/250|550/)).toBeTruthy();
// Send QUIT
socket.write('QUIT\r\n');
await waitForResponse(socket, '221');
} finally {
socket.destroy();
}
});
tap.test('cleanup - stop test server', async () => {
await stopTestServer(testServer);
});
export default tap.start();
Reference in New Issue View Git Blame Copy Permalink