From d34f545496a366d720b36ec4b116ba7db04517f2 Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Tue, 12 Jun 2018 17:34:42 +0100 Subject: [PATCH] [Test] Add tests for strict pubkey checking --- .../cases/131_dkim_signing/001_simple.robot | 6 ++ test/functional/configs/dkim.conf | 5 ++ .../configs/dkim_signing/simple.conf | 2 + test/functional/configs/plugins.conf | 57 ++++++++++++------- test/functional/messages/dmarc/fail_none1.eml | 3 + 5 files changed, 52 insertions(+), 21 deletions(-) create mode 100644 test/functional/messages/dmarc/fail_none1.eml diff --git a/test/functional/cases/131_dkim_signing/001_simple.robot b/test/functional/cases/131_dkim_signing/001_simple.robot index 66bcffe37..d5bd56841 100644 --- a/test/functional/cases/131_dkim_signing/001_simple.robot +++ b/test/functional/cases/131_dkim_signing/001_simple.robot @@ -8,6 +8,7 @@ Variables ${TESTDIR}/lib/vars.py *** Variables *** ${CONFIG} ${TESTDIR}/configs/plugins.conf ${MESSAGE} ${TESTDIR}/messages/dmarc/fail_none.eml +${MESSAGE_FAIL} ${TESTDIR}/messages/dmarc/fail_none1.eml ${REDIS_SCOPE} Suite ${RSPAMD_SCOPE} Suite ${URL_TLD} ${TESTDIR}/../lua/unit/test_tld.dat @@ -23,6 +24,11 @@ TEST NOT SIGNED - USERNAME WRONG DOMAIN Check Rspamc ${result} DKIM-Signature: inverse=1 Should Not Contain ${result.stdout} DKIM_SIGNED (1.00) +TEST NOT SIGNED - USERNAME WRONG PUBKEY + ${result} = Scan Message With Rspamc ${MESSAGE_FAIL} -u bob@invalid.za.org + Check Rspamc ${result} DKIM-Signature: inverse=1 + Should Not Contain ${result.stdout} DKIM_SIGNED (1.00) + *** Keywords *** DKIM Signing Setup ${PLUGIN_CONFIG} = Get File ${TESTDIR}/configs/dkim_signing/simple.conf diff --git a/test/functional/configs/dkim.conf b/test/functional/configs/dkim.conf index d3593a12d..f4d7c96fd 100644 --- a/test/functional/configs/dkim.conf +++ b/test/functional/configs/dkim.conf @@ -8,6 +8,11 @@ options = { name = "test._domainkey.example.com"; type = txt; replies = ["k=ed25519; p=yi50DjK5O9pqbFpNHklsv9lqaS0ArSYu02qp1S0DW1Y="]; + }, + { + name = "dkim._domainkey.cacophony.za.org", + type = "txt"; + replies = ["v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXtxBE5IiNRMcq2/lc2zErfdCvDFyQNBnMjbOjBQrPST2k4fdGbtpe5Iu5uS01Met+dAEf94XL8I0hwmYw+n70PP834zfJGi2egwGqrakpaWsCDPvIJZLkxJCJKQRA/zrQ622uEXdvYixVbsEGVw7U4wAGSmT5rU2eU1y63AlOlQIDAQAB"]; }]; } } diff --git a/test/functional/configs/dkim_signing/simple.conf b/test/functional/configs/dkim_signing/simple.conf index d233beff6..2302a0c4f 100644 --- a/test/functional/configs/dkim_signing/simple.conf +++ b/test/functional/configs/dkim_signing/simple.conf @@ -1,3 +1,5 @@ dkim_signing { path = "${TESTDIR}/configs/dkim.key"; + check_pubkey = true; + allow_pubkey_mismatch = false; } diff --git a/test/functional/configs/plugins.conf b/test/functional/configs/plugins.conf index eb7971478..65141d5c0 100644 --- a/test/functional/configs/plugins.conf +++ b/test/functional/configs/plugins.conf @@ -1,31 +1,46 @@ options = { - filters = ["spf", "dkim", "regexp"] - url_tld = "${URL_TLD}" - pidfile = "${TMPDIR}/rspamd.pid" - lua_path = "${INSTALLROOT}/share/rspamd/lib/?.lua" - dns { - nameserver = ["8.8.8.8", "8.8.4.4"]; - retransmits = 10; - timeout = 2s; - } + filters = ["spf", "dkim", "regexp"] + url_tld = "${URL_TLD}" + pidfile = "${TMPDIR}/rspamd.pid" + lua_path = "${INSTALLROOT}/share/rspamd/lib/?.lua" + dns { + nameserver = ["8.8.8.8", "8.8.4.4"]; + retransmits = 10; + timeout = 2s; + fake_records = [{ # ed25519 + name = "test._domainkey.example.com"; + type = txt; + replies = ["k=ed25519; p=yi50DjK5O9pqbFpNHklsv9lqaS0ArSYu02qp1S0DW1Y="]; + }, + { + name = "dkim._domainkey.cacophony.za.org", + type = "txt"; + replies = ["v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXtxBE5IiNRMcq2/lc2zErfdCvDFyQNBnMjbOjBQrPST2k4fdGbtpe5Iu5uS01Met+dAEf94XL8I0hwmYw+n70PP834zfJGi2egwGqrakpaWsCDPvIJZLkxJCJKQRA/zrQ622uEXdvYixVbsEGVw7U4wAGSmT5rU2eU1y63AlOlQIDAQAB"]; + }, + { + name = "dkim._domainkey.invalid.za.org", + type = "txt"; + replies = ["v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEEXmNGQq7PUrr9Mg4UakTFHgXBCy2DOztkrZm+0OrVWtiRzGluxBkbOWTBwuU3/Yw97yTphBMQxzWFN603/f/KPAQcF/Lc1l+6kmIBBxNXjjGuOK/3PYKZVntUdKmqcQBYfnHdzH2Tohbuyx1a7xqnv6VSChqQrZU4CwkeT3+eQIDAQAB"]; + }]; + } } logging = { - type = "file", - level = "debug" - filename = "${TMPDIR}/rspamd.log" + type = "file", + level = "debug" + filename = "${TMPDIR}/rspamd.log" } metric = { - name = "default", - actions = { - reject = 100500, - } - unknown_weight = 1 + name = "default", + actions = { + reject = 100500, + } + unknown_weight = 1 } worker { - type = normal - bind_socket = ${LOCAL_ADDR}:${PORT_NORMAL} - count = 1 - task_timeout = 60s; + type = normal + bind_socket = ${LOCAL_ADDR}:${PORT_NORMAL} + count = 1 + task_timeout = 60s; } worker { type = controller diff --git a/test/functional/messages/dmarc/fail_none1.eml b/test/functional/messages/dmarc/fail_none1.eml new file mode 100644 index 000000000..1579bb71f --- /dev/null +++ b/test/functional/messages/dmarc/fail_none1.eml @@ -0,0 +1,3 @@ +From: Rspamd + +hello -- 2.39.5