From 6c74a6910ab0e9d02175a313828d89447cd11a40 Mon Sep 17 00:00:00 2001
From: korgoth1 <vladislav.stakhov@gmail.com>
Date: Thu, 6 Aug 2020 17:01:26 +0300
Subject: [PATCH] [TEST] PHISH Senders

---
 test/functional/cases/280_rules.robot      | 21 +++++++++++++++++++
 test/functional/messages/phish_sender.eml  | 23 +++++++++++++++++++++
 test/functional/messages/phish_sender2.eml | 24 ++++++++++++++++++++++
 test/functional/messages/phish_sender3.eml | 23 +++++++++++++++++++++
 test/functional/messages/phish_sender4.eml | 24 ++++++++++++++++++++++
 test/functional/messages/phish_sender5.eml | 23 +++++++++++++++++++++
 6 files changed, 138 insertions(+)
 create mode 100644 test/functional/messages/phish_sender.eml
 create mode 100644 test/functional/messages/phish_sender2.eml
 create mode 100644 test/functional/messages/phish_sender3.eml
 create mode 100644 test/functional/messages/phish_sender4.eml
 create mode 100644 test/functional/messages/phish_sender5.eml

diff --git a/test/functional/cases/280_rules.robot b/test/functional/cases/280_rules.robot
index 18e3f3850..b62ed89bc 100644
--- a/test/functional/cases/280_rules.robot
+++ b/test/functional/cases/280_rules.robot
@@ -84,6 +84,27 @@ FROM_NEQ_ENVFROM
   ${result} =  Scan Message With Rspamc  ${MESSAGE8}  --from  test@test.net
   Check Rspamc  ${result}  FROM_NEQ_ENVFROM
 
+PHISH_SENDER_A
+  ${result} =  Scan Message With Rspamc  ${TESTDIR}/messages/phish_sender.eml
+  Should Contain  ${result.stdout}  MULTIPLE_FROM (9.00)[any@attack.com,admin@legitimate.com]
+  Should Contain  ${result.stdout}  MULTIPLE_UNIQUE_HEADERS (7.00)[From]
+
+PHISH_SENDER_B
+  ${result} =  Scan Message With Rspamc  ${TESTDIR}/messages/phish_sender2.eml
+  Should Contain  ${result.stdout}  SOMETHING
+
+PHISH_SENDER_C
+  ${result} =  Scan Message With Rspamc  ${TESTDIR}/messages/phish_sender3.eml
+  Should Contain  ${result.stdout}  SOMETHING
+
+PHISH_SENDER_D
+  ${result} =  Scan Message With Rspamc  ${TESTDIR}/messages/phish_sender4.eml
+  Should Contain  ${result.stdout}  SOMETHING
+
+PHISH_SENDER_E
+  ${result} =  Scan Message With Rspamc  ${TESTDIR}/messages/phish_sender5.eml
+  Should Contain  ${result.stdout}  SOMETHING
+
 
 *** Keywords ***
 Rules Setup
diff --git a/test/functional/messages/phish_sender.eml b/test/functional/messages/phish_sender.eml
new file mode 100644
index 000000000..813c8d005
--- /dev/null
+++ b/test/functional/messages/phish_sender.eml
@@ -0,0 +1,23 @@
+Received: by mail-lf1-f54.gulugulu.com with SMTP id j14so14439709lfg.9
+        for <test@test.ru>; Mon, 27 Apr 2020 09:54:21 -0700 (PDT)
+From: <any@attack.com>
+From: <admin@legitimate.com>
+Date: Mon, 27 Apr 2020 19:54:10 +0300
+Message-ID: <CA+1S=h4aGimA6vSBJF=t1F+5z-Mua5+Cimf+NU_NDWJk8ZNOcw@mail.gmail.com>
+Subject: Fwd:
+To: <test@test.ru>
+Content-Type: multipart/alternative; boundary="00000000000004de7805a4489190"
+
+--0000000000004bee6805a4484c02
+Content-Type: text/plain; charset="UTF-8"
+Content-Transfer-Encoding: 8bit
+
+bitcoincash:qztslqhavnjcgth9zwu6dw0jjcfy4zahfy7vf0smwp
+
+--0000000000004bee6805a4484c02
+Content-Type: text/html; charset="UTF-8"
+Content-Transfer-Encoding: 8bit
+
+bitcoincash:qztslqhavnjcgth9zwu6dw0jjcfy4zahfy7vf0smwp
+
+--0000000000004bee6805a4484c02--
diff --git a/test/functional/messages/phish_sender2.eml b/test/functional/messages/phish_sender2.eml
new file mode 100644
index 000000000..fa37bd02f
--- /dev/null
+++ b/test/functional/messages/phish_sender2.eml
@@ -0,0 +1,24 @@
+Received: by mail-lf1-f54.gulugulu.com with SMTP id j14so14439709lfg.9
+        for <test@test.ru>; Mon, 27 Apr 2020 09:54:21 -0700 (PDT)
+From
+: <any@attack.com>
+From: <admin@legitimate.com>
+Date: Mon, 27 Apr 2020 19:54:10 +0300
+Message-ID: <CA+1S=h4aGimA6vSBJF=t1F+5z-Mua5+Cimf+NU_NDWJk8ZNOcw@mail.gmail.com>
+Subject: Fwd:
+To: <test@test.ru>
+Content-Type: multipart/alternative; boundary="00000000000004de7805a4489190"
+
+--0000000000004bee6805a4484c02
+Content-Type: text/plain; charset="UTF-8"
+Content-Transfer-Encoding: 8bit
+
+bitcoincash:qztslqhavnjcgth9zwu6dw0jjcfy4zahfy7vf0smwp
+
+--0000000000004bee6805a4484c02
+Content-Type: text/html; charset="UTF-8"
+Content-Transfer-Encoding: 8bit
+
+bitcoincash:qztslqhavnjcgth9zwu6dw0jjcfy4zahfy7vf0smwp
+
+--0000000000004bee6805a4484c02--
diff --git a/test/functional/messages/phish_sender3.eml b/test/functional/messages/phish_sender3.eml
new file mode 100644
index 000000000..90313b94d
--- /dev/null
+++ b/test/functional/messages/phish_sender3.eml
@@ -0,0 +1,23 @@
+Received: by mail-lf1-f54.gulugulu.com with SMTP id j14so14439709lfg.9
+        for <test@test.ru>; Mon, 27 Apr 2020 09:54:21 -0700 (PDT)
+From: <any@attack.com>
+From : <admin@legitimate.com>
+Date: Mon, 27 Apr 2020 19:54:10 +0300
+Message-ID: <CA+1S=h4aGimA6vSBJF=t1F+5z-Mua5+Cimf+NU_NDWJk8ZNOcw@mail.gmail.com>
+Subject: Fwd:
+To: <test@test.ru>
+Content-Type: multipart/alternative; boundary="00000000000004de7805a4489190"
+
+--0000000000004bee6805a4484c02
+Content-Type: text/plain; charset="UTF-8"
+Content-Transfer-Encoding: 8bit
+
+bitcoincash:qztslqhavnjcgth9zwu6dw0jjcfy4zahfy7vf0smwp
+
+--0000000000004bee6805a4484c02
+Content-Type: text/html; charset="UTF-8"
+Content-Transfer-Encoding: 8bit
+
+bitcoincash:qztslqhavnjcgth9zwu6dw0jjcfy4zahfy7vf0smwp
+
+--0000000000004bee6805a4484c02--
diff --git a/test/functional/messages/phish_sender4.eml b/test/functional/messages/phish_sender4.eml
new file mode 100644
index 000000000..9798a0692
--- /dev/null
+++ b/test/functional/messages/phish_sender4.eml
@@ -0,0 +1,24 @@
+Received: by mail-lf1-f54.gulugulu.com with SMTP id j14so14439709lfg.9
+        for <test@test.ru>; Mon, 27 Apr 2020 09:54:21 -0700 (PDT)
+From
+: <any@attack.com>
+Sender: <admin@legitimate.com>
+Date: Mon, 27 Apr 2020 19:54:10 +0300
+Message-ID: <CA+1S=h4aGimA6vSBJF=t1F+5z-Mua5+Cimf+NU_NDWJk8ZNOcw@mail.gmail.com>
+Subject: Fwd:
+To: <test@test.ru>
+Content-Type: multipart/alternative; boundary="00000000000004de7805a4489190"
+
+--0000000000004bee6805a4484c02
+Content-Type: text/plain; charset="UTF-8"
+Content-Transfer-Encoding: 8bit
+
+bitcoincash:qztslqhavnjcgth9zwu6dw0jjcfy4zahfy7vf0smwp
+
+--0000000000004bee6805a4484c02
+Content-Type: text/html; charset="UTF-8"
+Content-Transfer-Encoding: 8bit
+
+bitcoincash:qztslqhavnjcgth9zwu6dw0jjcfy4zahfy7vf0smwp
+
+--0000000000004bee6805a4484c02--
diff --git a/test/functional/messages/phish_sender5.eml b/test/functional/messages/phish_sender5.eml
new file mode 100644
index 000000000..c8cff6c15
--- /dev/null
+++ b/test/functional/messages/phish_sender5.eml
@@ -0,0 +1,23 @@
+Received: by mail-lf1-f54.gulugulu.com with SMTP id j14so14439709lfg.9
+        for <test@test.ru>; Mon, 27 Apr 2020 09:54:21 -0700 (PDT)
+From: <any@attack.com>, <any2@attack.com> 
+Sender: <admin@legitimate.com>
+Date: Mon, 27 Apr 2020 19:54:10 +0300
+Message-ID: <CA+1S=h4aGimA6vSBJF=t1F+5z-Mua5+Cimf+NU_NDWJk8ZNOcw@mail.gmail.com>
+Subject: Fwd:
+To: <test@test.ru>
+Content-Type: multipart/alternative; boundary="00000000000004de7805a4489190"
+
+--0000000000004bee6805a4484c02
+Content-Type: text/plain; charset="UTF-8"
+Content-Transfer-Encoding: 8bit
+
+bitcoincash:qztslqhavnjcgth9zwu6dw0jjcfy4zahfy7vf0smwp
+
+--0000000000004bee6805a4484c02
+Content-Type: text/html; charset="UTF-8"
+Content-Transfer-Encoding: 8bit
+
+bitcoincash:qztslqhavnjcgth9zwu6dw0jjcfy4zahfy7vf0smwp
+
+--0000000000004bee6805a4484c02--
-- 
2.39.5