| author | Alberto Bertogli
<albertito@blitiri.com.ar> 2024-03-09 21:51:10 UTC |
| committer | Alberto Bertogli
<albertito@blitiri.com.ar> 2024-03-12 20:43:21 UTC |
| parent | 5eded4edc3c07166074b1ef000d5b23b4048ece2 |
| test/t-15-driusan_dkim/config/chasquid.conf | +0 | -10 |
| test/t-15-driusan_dkim/config/domains/testserver/dkim_selector | +0 | -1 |
| test/t-15-driusan_dkim/config/hooks/post-data | +0 | -19 |
| test/t-15-driusan_dkim/content | +0 | -9 |
| test/t-15-driusan_dkim/hosts | +0 | -1 |
| test/t-15-driusan_dkim/run.sh | +0 | -57 |
| test/t-19-dkimpy/config/chasquid.conf | +0 | -10 |
| test/t-19-dkimpy/config/domains/testserver/dkim_selector | +0 | -1 |
| test/t-19-dkimpy/config/hooks/post-data | +0 | -42 |
| test/t-19-dkimpy/content | +0 | -9 |
| test/t-19-dkimpy/hosts | +0 | -1 |
| test/t-19-dkimpy/run.sh | +0 | -82 |
diff --git a/test/t-15-driusan_dkim/config/chasquid.conf b/test/t-15-driusan_dkim/config/chasquid.conf deleted file mode 100644 index cf76e8a..0000000 --- a/test/t-15-driusan_dkim/config/chasquid.conf +++ /dev/null @@ -1,10 +0,0 @@ -smtp_address: ":1025" -submission_address: ":1587" -submission_over_tls_address: ":1465" -monitoring_address: ":1099" - -mail_delivery_agent_bin: "test-mda" -mail_delivery_agent_args: "%to%" - -data_dir: "../.data" -mail_log_path: "../.logs/mail_log" diff --git a/test/t-15-driusan_dkim/config/domains/testserver/dkim_selector b/test/t-15-driusan_dkim/config/domains/testserver/dkim_selector deleted file mode 100644 index 59ccb93..0000000 --- a/test/t-15-driusan_dkim/config/domains/testserver/dkim_selector +++ /dev/null @@ -1 +0,0 @@ -testselector1 diff --git a/test/t-15-driusan_dkim/config/hooks/post-data b/test/t-15-driusan_dkim/config/hooks/post-data deleted file mode 100755 index 354a849..0000000 --- a/test/t-15-driusan_dkim/config/hooks/post-data +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# If authenticated, sign; otherwise, verify. -# -# It is not recommended that we fail delivery on dkim verification failures, -# but leave it to the MUA to handle verifications. -# https://tools.ietf.org/html/rfc6376#section-2.2 -# -# We do a verification here so we have a stronger integration test (check -# encodings/dot-stuffing/etc. works ok), but it's not recommended for general -# purposes. - -if [ "$AUTH_AS" != "" ]; then - DOMAIN=$( echo "$MAIL_FROM" | cut -d '@' -f 2 ) - exec dkimsign -n -hd -key ../.dkimcerts/private.pem \ - -s $(cat "domains/$DOMAIN/dkim_selector") -d "$DOMAIN" -fi - -exec dkimverify -txt ../.dkimcerts/dns.txt diff --git a/test/t-15-driusan_dkim/content b/test/t-15-driusan_dkim/content deleted file mode 100644 index fa095d3..0000000 --- a/test/t-15-driusan_dkim/content +++ /dev/null @@ -1,9 +0,0 @@ -Subject: Prueba desde el test -To: someone@testserver - -Crece desde el test el futuro -Crece desde el test - -. - -El punto de arriba testea el dot-stuffing, que es importante para DKIM. diff --git a/test/t-15-driusan_dkim/hosts b/test/t-15-driusan_dkim/hosts deleted file mode 100644 index 2b9b623..0000000 --- a/test/t-15-driusan_dkim/hosts +++ /dev/null @@ -1 +0,0 @@ -testserver localhost diff --git a/test/t-15-driusan_dkim/run.sh b/test/t-15-driusan_dkim/run.sh deleted file mode 100755 index 7074eee..0000000 --- a/test/t-15-driusan_dkim/run.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash -# -# Test integration with driusan's DKIM tools. -# https://github.com/driusan/dkim - -set -e -. "$(dirname "$0")/../util/lib.sh" - -init -check_hostaliases - -for binary in dkimsign dkimverify dkimkeygen; do - if ! command -v $binary > /dev/null; then - skip "$binary binary not found" - fi -done - -generate_certs_for testserver -( mkdir -p .dkimcerts; cd .dkimcerts; dkimkeygen ) - -add_user user@testserver secretpassword -add_user someone@testserver secretpassword - -mkdir -p .logs -chasquid -v=2 --logfile=.logs/chasquid.log --config_dir=config & -wait_until_ready 1465 - -# Authenticated: user@testserver -> someone@testserver -# Should be signed. -smtpc --addr=localhost:1465 \ - --server_cert=config/certs/testserver/fullchain.pem \ - --user=user@testserver --password=secretpassword \ - someone@testserver < content -wait_for_file .mail/someone@testserver -mail_diff content .mail/someone@testserver -grep -q "DKIM-Signature:" .mail/someone@testserver - -# Verify the signature manually, just in case. -dkimverify -txt .dkimcerts/dns.txt < .mail/someone@testserver - -# Save the signed mail so we can verify it later. -# Drop the first line ("From blah") so it can be used as email contents. -tail -n +2 .mail/someone@testserver > .signed_content - -# Not authenticated: someone@testserver -> someone@testserver -smtpc --addr=localhost:1025 \ - --from=someone@testserver someone@testserver < .signed_content - -# Check that the signature fails on modified content. -echo "Added content, invalid and not signed" >> .signed_content -if smtpc --addr=localhost:1025 \ - --from=someone@testserver someone@testserver < .signed_content \ - > /dev/null 2>&1 ; then - fail "DKIM verification succeeded on modified content" -fi - -success diff --git a/test/t-19-dkimpy/config/chasquid.conf b/test/t-19-dkimpy/config/chasquid.conf deleted file mode 100644 index cf76e8a..0000000 --- a/test/t-19-dkimpy/config/chasquid.conf +++ /dev/null @@ -1,10 +0,0 @@ -smtp_address: ":1025" -submission_address: ":1587" -submission_over_tls_address: ":1465" -monitoring_address: ":1099" - -mail_delivery_agent_bin: "test-mda" -mail_delivery_agent_args: "%to%" - -data_dir: "../.data" -mail_log_path: "../.logs/mail_log" diff --git a/test/t-19-dkimpy/config/domains/testserver/dkim_selector b/test/t-19-dkimpy/config/domains/testserver/dkim_selector deleted file mode 100644 index 59ccb93..0000000 --- a/test/t-19-dkimpy/config/domains/testserver/dkim_selector +++ /dev/null @@ -1 +0,0 @@ -testselector1 diff --git a/test/t-19-dkimpy/config/hooks/post-data b/test/t-19-dkimpy/config/hooks/post-data deleted file mode 100755 index 1071e3e..0000000 --- a/test/t-19-dkimpy/config/hooks/post-data +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -# If authenticated, sign; otherwise, verify. -# -# It is not recommended that we fail delivery on dkim verification failures, -# but leave it to the MUA to handle verifications. -# https://tools.ietf.org/html/rfc6376#section-2.2 -# -# We do a verification here so we have a stronger integration test (check -# encodings/dot-stuffing/etc. works ok), but it's not recommended for general -# purposes. - -set -e - -TF="$(mktemp --tmpdir post-data-XXXXXXXXXX)" -trap 'rm "$TF"' EXIT - -# Save the message to the temporary file. -cat > "$TF" - -if [ "$AUTH_AS" != "" ]; then - DOMAIN=$( echo "$MAIL_FROM" | cut -d '@' -f 2 ) - - # Call /usr/bin/dkimsign directly to prevent a conflict with - # driusan/dkim, which the integration tests install in ~/go/bin. - /usr/bin/dkimsign \ - "$(cat "domains/$DOMAIN/dkim_selector")" \ - "$DOMAIN" \ - "../.dkimcerts/private.key" \ - < "$TF" > "$TF.dkimout" - # dkimpy doesn't provide a way to just show the new headers, so we - # have to compute the difference. - diff --changed-group-format='%>' \ - --unchanged-group-format='' \ - "$TF" "$TF.dkimout" && exit 1 - rm "$TF.dkimout" -else - # NOTE: This is using driusan/dkim instead of dkimpy, because dkimpy can't be - # overridden to get the DNS information from anywhere else (text file or custom - # DNS server). - dkimverify -txt ../.dkimcerts/private.dns < "$TF" -fi diff --git a/test/t-19-dkimpy/content b/test/t-19-dkimpy/content deleted file mode 100644 index fa095d3..0000000 --- a/test/t-19-dkimpy/content +++ /dev/null @@ -1,9 +0,0 @@ -Subject: Prueba desde el test -To: someone@testserver - -Crece desde el test el futuro -Crece desde el test - -. - -El punto de arriba testea el dot-stuffing, que es importante para DKIM. diff --git a/test/t-19-dkimpy/hosts b/test/t-19-dkimpy/hosts deleted file mode 100644 index 2b9b623..0000000 --- a/test/t-19-dkimpy/hosts +++ /dev/null @@ -1 +0,0 @@ -testserver localhost diff --git a/test/t-19-dkimpy/run.sh b/test/t-19-dkimpy/run.sh deleted file mode 100755 index 7d882b3..0000000 --- a/test/t-19-dkimpy/run.sh +++ /dev/null @@ -1,82 +0,0 @@ -#!/bin/bash -# -# Test integration with dkimpy. - -set -e -. "$(dirname "$0")/../util/lib.sh" - -init -check_hostaliases - -# Check if dkimpy tools are installed in /usr/bin, and driusan/dkim is -# installed somewhere else in $PATH. -# -# Unfortunately we need both because dkimpy's dkimverify lacks the features -# needed to use it in integration testing. -# -# We need to run them and check the help because there are other binaries with -# the same name. -# This is really hacky but the most practical way to handle it, since they -# both have the same binary names. -if ! /usr/bin/dkimsign --help 2>&1 | grep -q -- --identity; then - skip "/usr/bin/dkimsign is not dkimpy's" -fi -if ! dkimverify --help 2>&1 < /dev/null | grep -q -- "-txt string"; then - skip "dkimverify is not driusan/dkim's" -fi - -generate_certs_for testserver -( mkdir -p .dkimcerts; cd .dkimcerts; dknewkey private > log 2>&1 ) - -# Some dkimpy versions have a bug where it can't parse the keys generated by -# its own key generator. Detect if that's the case, and if so, skip the test. -# See https://bugs.launchpad.net/dkimpy/+bug/1978835. -if ! /usr/bin/dkimsign \ - testselector1 testserver .dkimcerts/private.key \ - < content 2>&1 | grep -q "DKIM-Signature:" -then - skip "buggy dkimpy version" -fi - -add_user user@testserver secretpassword -add_user someone@testserver secretpassword - -mkdir -p .logs -chasquid -v=2 --logfile=.logs/chasquid.log --config_dir=config & -wait_until_ready 1025 - -# Authenticated: user@testserver -> someone@testserver -# Should be signed. -smtpc --addr=localhost:1465 \ - --server_cert=config/certs/testserver/fullchain.pem \ - --user=user@testserver --password=secretpassword \ - someone@testserver < content -wait_for_file .mail/someone@testserver -mail_diff content .mail/someone@testserver -if ! grep -q "DKIM-Signature:" .mail/someone@testserver; then - fail "mail not signed, DKIM-Signature header missing" -fi - -# Verify the signature manually, just in case. -# NOTE: This is using driusan/dkim instead of dkimpy, because dkimpy can't be -# overridden to get the DNS information from anywhere else (text file or custom -# DNS server). -dkimverify -txt .dkimcerts/private.dns < .mail/someone@testserver - -# Save the signed mail so we can verify it later. -# Drop the first line ("From blah") so it can be used as email contents. -tail -n +2 .mail/someone@testserver > .signed_content - -# Not authenticated: someone@testserver -> someone@testserver -smtpc --addr=localhost:1025 \ - --from=someone@testserver someone@testserver < .signed_content - -# Check that the signature fails on modified content. -echo "Added content, invalid and not signed" >> .signed_content -if smtpc --addr=localhost:1025 \ - --from=someone@testserver someone@testserver < .signed_content \ - > /dev/null 2>&1 ; then - fail "DKIM verification succeeded on modified content" -fi - -success