cqrenet/relay
4
0
Fork 0
mirror of https://github.com/chatmail/relay.git synced 2026-05-18 20:08:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

also test that external addresses fail to be forged

Browse Source
This commit is contained in:
holger krekel
2023-10-18 15:12:14 +02:00
parent 087ae78edc
commit 6dcd686701
3 changed files with 23 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
chatmaild/src/chatmaild/filtermail.py
View File

@@ -80,7 +80,7 @@ def lmtp_handle_DATA(envelope):
_, from_addr = parseaddr(message.get("from").strip().lower()) _, from_addr = parseaddr(message.get("from").strip().lower())
logging.info(f"mime-from: {from_addr} envelope-from: {envelope.mail_from}") logging.info(f"mime-from: {from_addr} envelope-from: {envelope.mail_from}")
if envelope.mail_from != from_addr: if envelope.mail_from != from_addr:
res += [f"500 Invalid FROM <{envelope.mail_from}>"] res += [f"500 Invalid FROM <{from_addr}> for <{envelope.mail_from}>"]
continue continue
if envelope.mail_from == recipient: if envelope.mail_from == recipient:

9
online-tests/conftest.py
View File

@@ -84,6 +84,15 @@ class ImapConn:
assert status == "OK" assert status == "OK"
return results return results
def fetch_all_messages(self):
print("imap-fetch all messages")
results = self.fetch_all()
messages = []
for item in results:
if len(item) == 2:
messages.append(item[1].decode())
return messages
@pytest.fixture @pytest.fixture
def smtp(maildomain): def smtp(maildomain):

21
online-tests/test_0_basic.py
View File

@@ -19,13 +19,19 @@ def test_use_two_chatmailservers(cmfactory, maildomain2):
assert domain1 != domain2 assert domain1 != domain2
def test_reject_internal_forged_from(cmsetup, mailgen, lp, remote): @pytest.mark.parametrize("internal", [True, False])
def test_reject_forged_from(cmsetup, mailgen, lp, remote, internal):
user1, user2, user3 = cmsetup.gen_users(3) user1, user2, user3 = cmsetup.gen_users(3)
lp.sec("send encrypted message with forged from") lp.sec("send encrypted message with forged from")
print("envelope_from", user1.addr) print("envelope_from", user1.addr)
if internal:
user_to_forge = user2.addr
else:
user_to_forge = "someone@example.org"
print("message to inject:") print("message to inject:")
msg = mailgen.get_encrypted(from_addr=user2.addr, to_addr=user3.addr) msg = mailgen.get_encrypted(from_addr=user_to_forge, to_addr=user3.addr)
for line in msg.split("\n")[:4]: for line in msg.split("\n")[:4]:
print(f" {line}") print(f" {line}")
@@ -33,15 +39,14 @@ def test_reject_internal_forged_from(cmsetup, mailgen, lp, remote):
user1.smtp.sendmail(from_addr=user1.addr, to_addrs=[user3.addr], msg=msg) user1.smtp.sendmail(from_addr=user1.addr, to_addrs=[user3.addr], msg=msg)
for line in remote_log: for line in remote_log:
print(line) # print(line)
if "500 invalid from" in line: if "500 invalid from" in line and user3.addr in line:
break break
else: else:
pytest.fail("remote postfix/filtermail failed to reject message") pytest.fail("remote postfix/filtermail failed to reject message")
# also check that the forging-user got a non-delivery notice # also check that the forging-user got a non-delivery notice
for flags, bmsg in user1.imap.fetch_all(): for message in user1.imap.fetch_all_messages():
message = bmsg.decode() if "Invalid FROM" in message and user_to_forge in message:
if "Invalid FROM" in message and user2.addr in message:
return return
pytest.fail("forged From did not cause rejection") pytest.fail(f"forged From={user_to_forge} did not cause non-delivery notice")