serve.zone/dcrouter
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dcrouter/test/suite/smtpclient_security/test.csec-04.spf-compliance.ts
Philipp Kunz a3721f7a74 update
2025-05-26 14:50:55 +00:00

163 lines
4.3 KiB
TypeScript
Raw Blame History

import { tap, expect } from '@git.zone/tstest/tapbundle';
import { startTestServer, stopTestServer, type ITestServer } from '../../helpers/server.loader.js';
import { createTestSmtpClient } from '../../helpers/smtp.client.js';
import { Email } from '../../../ts/mail/core/classes.email.js';
import * as dns from 'dns';
import { promisify } from 'util';
const resolveTxt = promisify(dns.resolveTxt);
let testServer: ITestServer;
tap.test('setup test SMTP server', async () => {
testServer = await startTestServer({
port: 2564,
tlsEnabled: false,
authRequired: false
});
expect(testServer).toBeTruthy();
expect(testServer.port).toBeGreaterThan(0);
});
tap.test('CSEC-04: SPF record parsing', async () => {
// Test SPF record parsing
const testSpfRecords = [
{
domain: 'example.com',
record: 'v=spf1 ip4:192.168.1.0/24 ip6:2001:db8::/32 include:_spf.google.com ~all',
description: 'Standard SPF with IP ranges and include'
},
{
domain: 'strict.com',
record: 'v=spf1 mx a -all',
description: 'Strict SPF with MX and A records'
},
{
domain: 'softfail.com',
record: 'v=spf1 ip4:10.0.0.1 ~all',
description: 'Soft fail SPF'
}
];
console.log('SPF Record Analysis:\n');
for (const test of testSpfRecords) {
console.log(`Domain: ${test.domain}`);
console.log(`Record: ${test.record}`);
console.log(`Description: ${test.description}`);
// Parse SPF mechanisms
const mechanisms = test.record.match(/(\+|-|~|\?)?(\w+)(:[^\s]+)?/g);
if (mechanisms) {
console.log('Mechanisms found:', mechanisms.length);
}
console.log('');
}
});
tap.test('CSEC-04: SPF alignment check', async () => {
const smtpClient = createTestSmtpClient({
host: testServer.hostname,
port: testServer.port,
secure: false,
connectionTimeout: 5000,
debug: true
});
// Test SPF alignment scenarios
const alignmentTests = [
{
name: 'Aligned',
from: 'sender@example.com',
expectedAlignment: true
},
{
name: 'Different domain',
from: 'sender@otherdomain.com',
expectedAlignment: false
}
];
for (const test of alignmentTests) {
console.log(`\nTesting SPF alignment: ${test.name}`);
console.log(` From: ${test.from}`);
const email = new Email({
from: test.from,
to: ['recipient@example.com'],
subject: `SPF Alignment Test: ${test.name}`,
text: 'Testing SPF alignment'
});
const result = await smtpClient.sendMail(email);
expect(result.success).toBeTruthy();
console.log(` Email sent successfully`);
}
await smtpClient.close();
});
tap.test('CSEC-04: SPF lookup simulation', async () => {
// Simulate SPF record lookups
const testDomains = ['gmail.com'];
console.log('\nSPF Record Lookups:\n');
for (const domain of testDomains) {
console.log(`Domain: ${domain}`);
try {
const txtRecords = await resolveTxt(domain);
const spfRecords = txtRecords
.map(record => record.join(''))
.filter(record => record.startsWith('v=spf1'));
if (spfRecords.length > 0) {
console.log(`SPF Record found: ${spfRecords[0].substring(0, 50)}...`);
// Count mechanisms
const includes = (spfRecords[0].match(/include:/g) || []).length;
console.log(` Include count: ${includes}`);
} else {
console.log(' No SPF record found');
}
} catch (error) {
console.log(` Lookup failed: ${error.message}`);
}
console.log('');
}
});
tap.test('CSEC-04: SPF best practices', async () => {
// Test SPF best practices
const bestPractices = [
{
practice: 'Use -all instead of ~all',
good: 'v=spf1 include:_spf.example.com -all',
bad: 'v=spf1 include:_spf.example.com ~all'
},
{
practice: 'Avoid +all',
good: 'v=spf1 ip4:192.168.1.0/24 -all',
bad: 'v=spf1 +all'
}
];
console.log('\nSPF Best Practices:\n');
for (const bp of bestPractices) {
console.log(`${bp.practice}:`);
console.log(` ✓ Good: ${bp.good}`);
console.log(` ✗ Bad: ${bp.bad}`);
console.log('');
}
});
tap.test('cleanup test SMTP server', async () => {
if (testServer) {
await stopTestServer(testServer);
}
});
tap.start();
Reference in New Issue View Git Blame Copy Permalink