git » spf » next » tree

[next] / testdata / blitirispf-tests.yml

# Simple tests, used for debugging the testing infrastructure; and some
# additional tests for situations not covered by the other files.

---
description: Simple successes
tests:
  test1:
    description: Straightforward sucesss
    helo: example.net
    mailfrom: "foobar@example.net"
    host: 1.2.3.4
    result: pass
  test2:
    description: HELO is set, but expected to be ignored
    helo: blargh
    mailfrom: "foobar@example.net"
    host: 1.2.3.4
    result: pass
zonedata:
  example.net:
    - SPF:  v=spf1 +all
---
description: Simple failures
tests:
  test1:
    description: Straightforward failure
    helo: example.net
    mailfrom: "foobar@example.net"
    host: 1.2.3.4
    result: fail
  test2:
    description: HELO is set, but expected to be ignored
    helo: blargh
    mailfrom: "foobar@example.net"
    host: 1.2.3.4
    result: fail
zonedata:
  example.net:
    - SPF:  v=spf1 -all
---
description: Regexp edge cases for "a", "mx" and "ptr"
tests:
  ipv6-with-a:
    description: |
      Send from an ip6 address that has "a:" inside. If we incorrectly parse
      the "ip6" as "a", this results in a permerror since the host doesn't
      match.
    mailfrom: "foobar@a1.net"
    host: a::a
    result: pass
  bad-a-mask:
    description: |
      If we incorrectly parse the "ip6" as "a", this results in a permerror
      due to an invalid mask.
    mailfrom: "foobar@a2.net"
    host: 2001:db8:ff0:100::2
    result: softfail
  exp-contains-mx:
    description: exp= contains mx:, which should be ignored.
    mailfrom: "foobar@expmx.net"
    host: 1.2.3.4
    result: softfail
  exp-contains-ptr:
    description: |
      exp= contains ptr:, which should be ignored.
      Note this test case involves unusual/invalid domains.
    mailfrom: "foobar@expptr.net"
    host: 1.2.3.4
    result: softfail
zonedata:
  a1.net:
    - SPF: v=spf1 ip6:a::a ~all
  a2.net:
    - SPF: v=spf1 ip6:1a0a:cccc::/29 ~all
  expmx.net:
    - SPF: v=spf1 exp=mx:mymx.com ~all
    - MX: [10, mymx.com]
  mymx.com:
    - A: 1.2.3.4
  expptr.net:
    - SPF: v=spf1 exp=ptr:lalala.com ~all
  4.3.2.1.in-addr.arpa:
    - PTR: ptr:lalala.com.
  ptr:lalala.com:
    - A: 1.2.3.4
---
description: Error on PTR forward resolution
tests:
  broken-ptr-forward:
    description: |
      Check that if during 'ptr' forward resolution we get an error, we skip
      the domain (and consequently fail the check).
    mailfrom: "foo@domain.net"
    host: 1.2.3.4
    result: softfail
zonedata:
  domain.net:
    - SPF: v=spf1 ptr:lalala.com ~all
  4.3.2.1.in-addr.arpa:
    - PTR: lalala.com
  lalala.com:
    - TIMEOUT: true
---
description: Permanent error on 'exists' resolution
tests:
  exists-perm-error:
    description: |
      Check that if, during an 'exists' forward resolution we get an error, we
      return temperror.
    mailfrom: "foo@domain.net"
    host: 1.2.3.4
    result: temperror
zonedata:
  domain.net:
    - SPF: v=spf1 exists:lalala.com ~all
  lalala.com:
    - SERVFAIL: true
---
description: Resolve H macros correctly
tests:
  resolve-h-macros:
    description: |
      Check that '%{h}' macros are correctly resolved to the HELO/EHLO and not
      the sender domain.
    mailfrom: "foo@domain.net"
    helo: holahola
    host: 1.2.3.4
    result: pass
zonedata:
  domain.net:
    - SPF: v=spf1 exists:%{h}.com ~all
  holahola.com:
    - A: 127.0.0.2
---
description: Only include the first 10 PTR results
tests:
  only-first-10-ptr:
    description: |
      Check that if during 'ptr' forward resolution we only consider the first
      10 names, and ignore the rest.
    mailfrom: "foo@domain.net"
    host: 1.2.3.4
    result: softfail
zonedata:
  domain.net:
    - A: 127.0.0.1
    - SPF: v=spf1 ptr ~all
  4.3.2.1.in-addr.arpa:
    - PTR: dom01.com
    - PTR: dom02.com
    - PTR: dom03.com
    - PTR: dom04.com
    - PTR: dom05.com
    - PTR: dom06.com
    - PTR: dom07.com
    - PTR: dom08.com
    - PTR: dom09.com
    - PTR: dom10.com
    # Entries below here should get dropped. They would make it pass.
    - PTR: domain.net
  dom01.com:
    - A: 127.0.0.1
  dom02.com:
    - A: 127.0.0.2
  dom03.com:
    - A: 127.0.0.3
  dom04.com:
    - A: 127.0.0.4
  dom05.com:
    - A: 127.0.0.5
  dom06.com:
    - A: 127.0.0.6
  dom07.com:
    - A: 127.0.0.7
  dom08.com:
    - A: 127.0.0.8
  dom09.com:
    - A: 127.0.0.9
  dom10.com:
    - A: 127.0.0.10
---
description: Resolution limits
tests:
  resolution-with-10-lookups:
    description: |
      Check that a resolution with precisely 10 lookups (the default limit)
      works fine.
    mailfrom: "foo@okay.com"
    host: 1.2.3.4
    result: pass
  resolution-with-11-lookups:
    description: |
      Check that a resolution with precisely 11 lookups (over default limit)
      fails as expected.
    mailfrom: "foo@bad.com"
    host: 1.2.3.4
    result: permerror
zonedata:
  okay.com:
    - SPF: v=spf1 include:d11 include:d12 include:d13
                  include:d14 include:d15 -all
  bad.com:
    - SPF: v=spf1 include:d00
                  include:d11 include:d12 include:d13
                  include:d14 include:d15 -all
  d00:
    - SPF: v=spf1 -all
  d11:
    - SPF: v=spf1 include:d21 ~all
  d12:
    - SPF: v=spf1 include:d22 ~all
  d13:
    - SPF: v=spf1 include:d23 ~all
  d14:
    - SPF: v=spf1 include:d24 ~all
  d15:
    - SPF: v=spf1 include:d25 ~all
  d21:
    - SPF: v=spf1 -all
  d22:
    - SPF: v=spf1 -all
  d23:
    - SPF: v=spf1 -all
  d24:
    - SPF: v=spf1 -all
  d25:
    - SPF: v=spf1 all
---
description: MX resolution limits
tests:
  mx-resolution-10-terms:
    description: |
      Check that a resolution with 10 "mx" terms works, because it's within
      the limit. Each term will resolve to multiple records, but those
      shouldn't be individually counted (there's a limit of 10 MX records per
      MX lookup, but that's tested separately).
    mailfrom: "foo@mx10"
    host: 1.2.3.4
    result: pass
  mx-resolution-11-terms:
    description: |
      Check that a resolution with 11 "mx" terms, causes a permerror due to
      exceeding lookup limits.
    mailfrom: "foo@mx11"
    host: 1.2.3.4
    result: permerror
zonedata:
  mx10:
    - SPF: v=spf1 mx:domain mx:domain mx:domain mx:domain mx:domain
                  mx:domain mx:domain mx:domain mx:domain mx:domain
                  all
  mx11:
    - SPF: v=spf1 mx:domain mx:domain mx:domain mx:domain mx:domain
                  mx:domain mx:domain mx:domain mx:domain mx:domain
                  mx:domain all
  domain:
    - MX: [1, blah1]
    - MX: [2, blah2]
    - MX: [3, blah3]
---
description: NXDOMAIN tests
tests:
  one-mx-not-found:
    description: |
      Check that if one of the MXs is not found, we continue evaluating the
      rest.
    mailfrom: "foo@d00"
    host: 1.2.3.4
    result: pass
  all-mx-not-found:
    description: |
      Check that if none of the MXs is not found, we continue evaluating the
      rest of the terms.
    mailfrom: "foo@d01"
    host: 1.2.3.4
    result: pass
  domain-not-found:
    description: |
      Check if the top-level domain is not found (which is different that it
      existing but having no TXT record).
    mailfrom: "foo@doesnotexist"
    host: 1.2.3.4
    result: none
  include-not-found:
    description: |
      For include, if the recursive check returns None, it should make the
      evaluation return PermError.
    mailfrom: "foo@d02"
    host: 1.2.3.4
    result: permerror
  redirect-not-found:
    description: |
      For redirect, if the recursive check returns None, it should make the
      evaluation return PermError.
    mailfrom: "foo@d03"
    host: 1.2.3.4
    result: permerror
zonedata:
  d00:
    - SPF: v=spf1 mx -all
    - MX: [10, "doesnotexist"]
    - MX: [20, "sender"]
  d01:
    - SPF: v=spf1 mx ip4:1.2.3.4 -all
    - MX: [10, "doesnotexist"]
    - MX: [20, "doesnotexist"]
  d02:
    - SPF: v=spf1 include:doesnotexist all
  d03:
    - SPF: v=spf1 redirect=doesnotexist
  sender:
    - A: 1.2.3.4