majic-ansible-roles File Diff

@@ -126,11 +126,30 @@ def test_smtp_authentication(host):

    anywhere.

"""

    send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')

    send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '

                    '--from john.doe@domain1 --to root@client1 --server parameters-mandatory')

    assert send.rc == 0

    assert "Ok: queued as" in send.stdout

    send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')

    send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '

                    '--from john.doe@domain1 --to root@client1 --server parameters-optional')

    assert send.rc == 0

    assert "Ok: queued as" in send.stdout

def test_smtp_authentication_with_alias_sender(host):

"""

    Tests if SMTP authentication works via TLS and allows sending mails to

    anywhere while using sender alias.

"""

    send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '

                    '--from postmaster@domain1 --to root@client1 --server parameters-mandatory')

    assert send.rc == 0

    assert "Ok: queued as" in send.stdout

    send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '

                    '--from postmaster@domain1 --to root@client1 --server parameters-optional')

    assert send.rc == 0

    assert "Ok: queued as" in send.stdout

@@ -142,11 +161,13 @@ def test_smtp_authentication_requires_tls(host):

    auth_error = 28

    send = host.run('swaks --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')

    send = host.run('swaks --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '

                    '--from john.doe@domain1 --to root@client1 --server parameters-mandatory')

    assert send.rc == auth_error

    assert "Host did not advertise authentication" in send.stderr

    send = host.run('swaks --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')

    send = host.run('swaks --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '

                    '--from john.doe@domain1 --to root@client1 --server parameters-optional')

    assert send.rc == auth_error

    assert "Host did not advertise authentication" in send.stderr

@@ -158,19 +179,23 @@ def test_smtp_authentication_requires_submission_port(host):

    auth_error = 28

    send = host.run('swaks --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')

    send = host.run('swaks --port 25 --auth-user john.doe@domain1 --auth-password johnpassword '

                    '--from john.doe@domain1 --to root@client1 --server parameters-mandatory')

    assert send.rc == auth_error

    assert "Host did not advertise authentication" in send.stderr

    send = host.run('swaks -tls --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')

    send = host.run('swaks -tls --port 25 --auth-user john.doe@domain1 --auth-password johnpassword '

                    '--from john.doe@domain1 --to root@client1 --server parameters-mandatory')

    assert send.rc == auth_error

    assert "Host did not advertise authentication" in send.stderr

    send = host.run('swaks --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')

    send = host.run('swaks --port 25 --auth-user john.doe@domain1 --auth-password johnpassword '

                    '--from john.doe@domain1 --to root@client1 --server parameters-optional')

    assert send.rc == auth_error

    assert "Host did not advertise authentication" in send.stderr

    send = host.run('swaks -tls --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')

    send = host.run('swaks -tls --port 25 --auth-user john.doe@domain1 --auth-password johnpassword '

                    '--from john.doe@domain1 --to root@client1 --server parameters-optional')

    assert send.rc == auth_error

    assert "Host did not advertise authentication" in send.stderr

@@ -289,11 +314,13 @@ def test_port_forwarding(host):

    assert "Ok: queued as" in send.stdout

    # Submission port.

    send = host.run('swaks -tls --port 26 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')

    send = host.run('swaks -tls --port 26 --auth-user john.doe@domain1 --auth-password johnpassword '

                    '--from john.doe@domain1 --to root@client1 --server parameters-mandatory')

    assert send.rc == 0

    assert "Ok: queued as" in send.stdout

    send = host.run('swaks -tls --port 26 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')

    send = host.run('swaks -tls --port 26 --auth-user john.doe@domain1 --auth-password johnpassword '

                    '--from john.doe@domain1 --to root@client1 --server parameters-optional')

    assert send.rc == 0

    assert "Ok: queued as" in send.stdout

@@ -318,3 +345,29 @@ def test_dovecot_sieve(host):

    command = host.run('echo janepassword | sieve-connect --list -s parameters-optional -p 4190 -u jane.doe@domain1 --password 0 || /bin/false')

    assert command.rc != 0

    assert "Authentication refused by server" in command.stderr

def test_smtp_sender_forging(host):

"""

    Tests if SMTP sender forging is possible.

"""

    send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '

                    '--from jane.doe@domain2 --to root@client1 --server parameters-mandatory')

    assert send.rc == 24

    assert "Sender address rejected: not owned by user john.doe@domain1" in send.stdout

    send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '

                    '--from jane.doe@domain2 --to root@client1 --server parameters-optional')

    assert send.rc == 24

    assert "Sender address rejected: not owned by user john.doe@domain1" in send.stdout

    send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '

                    '--from webmaster@domain2 --to root@client1 --server parameters-mandatory')

    assert send.rc == 24

    assert "Sender address rejected: not owned by user john.doe@domain1" in send.stdout

    send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '

                    '--from webmaster@domain2 --to root@client1 --server parameters-optional')

    assert send.rc == 24

    assert "Sender address rejected: not owned by user john.doe@domain1" in send.stdout