serve.zone/dcrouter
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dcrouter/test/suite/smtpserver_security/test.sec-07.content-scanning.ts
Philipp Kunz 84196f9b13 update
2025-05-25 19:05:43 +00:00

409 lines
12 KiB
TypeScript
Raw Permalink Blame History

import { tap, expect } from '@git.zone/tstest/tapbundle';
import * as plugins from '../../../ts/plugins.js';
import * as net from 'net';
import { startTestServer, stopTestServer } from '../../helpers/server.loader.js'
import type { ITestServer } from '../../helpers/server.loader.js';
const TEST_PORT = 2525;
let testServer: ITestServer;
// Helper to wait for SMTP response
const waitForResponse = (socket: net.Socket, expectedCode?: string, timeout = 5000): Promise<string> => {
return new Promise((resolve, reject) => {
let buffer = '';
const timer = setTimeout(() => {
socket.removeListener('data', handler);
reject(new Error(`Timeout waiting for ${expectedCode || 'any'} response`));
}, timeout);
const handler = (data: Buffer) => {
buffer += data.toString();
const lines = buffer.split('\r\n');
for (const line of lines) {
if (expectedCode) {
if (line.startsWith(expectedCode + ' ')) {
clearTimeout(timer);
socket.removeListener('data', handler);
resolve(buffer);
return;
}
} else {
// Look for any complete response
if (line.match(/^\d{3} /)) {
clearTimeout(timer);
socket.removeListener('data', handler);
resolve(buffer);
return;
}
}
}
};
socket.on('data', handler);
});
};
tap.test('setup - start test server', async (toolsArg) => {
testServer = await startTestServer({ port: TEST_PORT });
await toolsArg.delayFor(1000);
});
tap.test('Content Scanning - Suspicious content patterns', async (tools) => {
const socket = net.createConnection({
host: 'localhost',
port: TEST_PORT,
timeout: 30000
});
try {
// Wait for greeting
await waitForResponse(socket, '220');
// Send EHLO
socket.write('EHLO testclient\r\n');
await waitForResponse(socket, '250');
// Send MAIL FROM
socket.write('MAIL FROM:<sender@example.com>\r\n');
await waitForResponse(socket, '250');
// Send RCPT TO
socket.write('RCPT TO:<recipient@example.com>\r\n');
await waitForResponse(socket, '250');
// Send DATA
socket.write('DATA\r\n');
await waitForResponse(socket, '354');
// Email with suspicious content
const email = [
`From: sender@example.com`,
`To: recipient@example.com`,
`Subject: Content Scanning Test`,
`Date: ${new Date().toUTCString()}`,
`Message-ID: <content-scan-${Date.now()}@example.com>`,
'',
'This email contains suspicious content that should trigger content scanning:',
'VIRUS_TEST_STRING',
'SUSPICIOUS_ATTACHMENT_PATTERN',
'MALWARE_SIGNATURE_TEST',
'Click here for FREE MONEY!!!',
'Visit http://phishing-site.com/steal-data',
'.',
''
].join('\r\n');
socket.write(email);
const dataResponse = await waitForResponse(socket);
const accepted = dataResponse.startsWith('250');
const rejected = dataResponse.startsWith('550');
console.log(`Suspicious content: accepted=${accepted}, rejected=${rejected}`);
if (rejected) {
console.log('Content scanning active - suspicious content detected');
} else {
console.log('Content scanning operational - email processed');
}
expect(accepted || rejected).toEqual(true);
socket.write('QUIT\r\n');
await waitForResponse(socket, '221').catch(() => {});
} finally {
socket.destroy();
}
});
tap.test('Content Scanning - Malware patterns', async (tools) => {
const socket = net.createConnection({
host: 'localhost',
port: TEST_PORT,
timeout: 30000
});
try {
// Wait for greeting
await waitForResponse(socket, '220');
// Send EHLO
socket.write('EHLO testclient\r\n');
await waitForResponse(socket, '250');
// Send MAIL FROM
socket.write('MAIL FROM:<sender@example.com>\r\n');
await waitForResponse(socket, '250');
// Send RCPT TO
socket.write('RCPT TO:<recipient@example.com>\r\n');
await waitForResponse(socket, '250');
// Send DATA
socket.write('DATA\r\n');
await waitForResponse(socket, '354');
// Email with malware-like patterns
const email = [
`From: sender@example.com`,
`To: recipient@example.com`,
`Subject: Important Security Update`,
`Date: ${new Date().toUTCString()}`,
`Message-ID: <malware-test-${Date.now()}@example.com>`,
'Content-Type: multipart/mixed; boundary="malware-boundary"',
'',
'--malware-boundary',
'Content-Type: text/plain',
'',
'Please run the attached file to update your security software.',
'',
'--malware-boundary',
'Content-Type: application/x-msdownload; name="update.exe"',
'Content-Transfer-Encoding: base64',
'Content-Disposition: attachment; filename="update.exe"',
'',
'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA',
'AAAA4AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v',
'',
'--malware-boundary--',
'.',
''
].join('\r\n');
socket.write(email);
const dataResponse = await waitForResponse(socket);
const accepted = dataResponse.startsWith('250');
const rejected = dataResponse.startsWith('550');
console.log(`Malware pattern email: ${accepted ? 'accepted' : 'rejected'}`);
if (rejected) {
console.log('Content scanning active - malware patterns detected');
} else {
console.log('Content scanning operational - email processed');
}
expect(accepted || rejected).toEqual(true);
socket.write('QUIT\r\n');
await waitForResponse(socket, '221').catch(() => {});
} finally {
socket.destroy();
}
});
tap.test('Content Scanning - Spam keywords', async (tools) => {
const socket = net.createConnection({
host: 'localhost',
port: TEST_PORT,
timeout: 30000
});
try {
// Wait for greeting
await waitForResponse(socket, '220');
// Send EHLO
socket.write('EHLO testclient\r\n');
await waitForResponse(socket, '250');
// Send MAIL FROM
socket.write('MAIL FROM:<sender@example.com>\r\n');
await waitForResponse(socket, '250');
// Send RCPT TO
socket.write('RCPT TO:<recipient@example.com>\r\n');
await waitForResponse(socket, '250');
// Send DATA
socket.write('DATA\r\n');
await waitForResponse(socket, '354');
// Email with spam keywords
const email = [
`From: sender@example.com`,
`To: recipient@example.com`,
`Subject: URGENT!!! Act NOW!!! Limited Time OFFER!!!`,
`Date: ${new Date().toUTCString()}`,
`Message-ID: <spam-test-${Date.now()}@example.com>`,
'',
'CONGRATULATIONS!!! You have WON!!!',
'FREE FREE FREE!!!',
'VIAGRA CIALIS CHEAP MEDS!!!',
'MAKE $$$ FAST!!!',
'WORK FROM HOME!!!',
'NO CREDIT CHECK!!!',
'GUARANTEED WINNER!!!',
'CLICK HERE NOW!!!',
'This is NOT SPAM!!!',
'.',
''
].join('\r\n');
socket.write(email);
const dataResponse = await waitForResponse(socket);
const accepted = dataResponse.startsWith('250');
const rejected = dataResponse.startsWith('550');
console.log(`Spam keyword email: ${accepted ? 'accepted' : 'rejected (spam detected)'}`);
if (rejected) {
console.log('Content scanning active - spam keywords detected');
} else {
console.log('Content scanning operational - email processed');
}
expect(accepted || rejected).toEqual(true);
socket.write('QUIT\r\n');
await waitForResponse(socket, '221').catch(() => {});
} finally {
socket.destroy();
}
});
tap.test('Content Scanning - Clean legitimate email', async (tools) => {
const socket = net.createConnection({
host: 'localhost',
port: TEST_PORT,
timeout: 30000
});
try {
// Wait for greeting
await waitForResponse(socket, '220');
// Send EHLO
socket.write('EHLO testclient\r\n');
await waitForResponse(socket, '250');
// Send MAIL FROM
socket.write('MAIL FROM:<sender@example.com>\r\n');
await waitForResponse(socket, '250');
// Send RCPT TO
socket.write('RCPT TO:<recipient@example.com>\r\n');
await waitForResponse(socket, '250');
// Send DATA
socket.write('DATA\r\n');
await waitForResponse(socket, '354');
// Clean legitimate email
const email = [
`From: sender@example.com`,
`To: recipient@example.com`,
`Subject: Meeting Tomorrow`,
`Date: ${new Date().toUTCString()}`,
`Message-ID: <clean-email-${Date.now()}@example.com>`,
'',
'Hi,',
'',
'Just wanted to confirm our meeting for tomorrow at 2 PM.',
'Please let me know if you need to reschedule.',
'',
'Best regards,',
'John',
'.',
''
].join('\r\n');
socket.write(email);
const dataResponse = await waitForResponse(socket, '250');
console.log('Clean email accepted - content scanning allows legitimate emails');
expect(dataResponse.startsWith('250')).toEqual(true);
socket.write('QUIT\r\n');
await waitForResponse(socket, '221').catch(() => {});
} finally {
socket.destroy();
}
});
tap.test('Content Scanning - Large attachment', async (tools) => {
const socket = net.createConnection({
host: 'localhost',
port: TEST_PORT,
timeout: 30000
});
try {
// Wait for greeting
await waitForResponse(socket, '220');
// Send EHLO
socket.write('EHLO testclient\r\n');
await waitForResponse(socket, '250');
// Send MAIL FROM
socket.write('MAIL FROM:<sender@example.com>\r\n');
await waitForResponse(socket, '250');
// Send RCPT TO
socket.write('RCPT TO:<recipient@example.com>\r\n');
await waitForResponse(socket, '250');
// Send DATA
socket.write('DATA\r\n');
await waitForResponse(socket, '354');
// Email with large attachment pattern
const largeData = 'A'.repeat(10000); // 10KB of data
const email = [
`From: sender@example.com`,
`To: recipient@example.com`,
`Subject: Large Attachment Test`,
`Date: ${new Date().toUTCString()}`,
`Message-ID: <large-attach-${Date.now()}@example.com>`,
'Content-Type: multipart/mixed; boundary="boundary123"',
'',
'--boundary123',
'Content-Type: text/plain',
'',
'Please find the attached file.',
'',
'--boundary123',
'Content-Type: application/octet-stream; name="largefile.dat"',
'Content-Transfer-Encoding: base64',
'Content-Disposition: attachment; filename="largefile.dat"',
'',
Buffer.from(largeData).toString('base64'),
'',
'--boundary123--',
'.',
''
].join('\r\n');
socket.write(email);
const dataResponse = await waitForResponse(socket);
const accepted = dataResponse.startsWith('250');
const rejected = dataResponse.startsWith('550') || dataResponse.startsWith('552');
console.log(`Large attachment: ${accepted ? 'accepted' : 'rejected (size or content issue)'}`);
if (rejected) {
console.log('Content scanning active - large attachment blocked');
} else {
console.log('Content scanning operational - email processed');
}
expect(accepted || rejected).toEqual(true);
socket.write('QUIT\r\n');
await waitForResponse(socket, '221').catch(() => {});
} finally {
socket.destroy();
}
});
tap.test('cleanup - stop test server', async () => {
await stopTestServer(testServer);
});
export default tap.start();
Reference in New Issue View Git Blame Copy Permalink