|
@@ -126,11 +126,30 @@ def test_smtp_authentication(host):
|
|
|
anywhere.
|
|
|
"""
|
|
|
|
|
|
send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')
|
|
|
send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '
|
|
|
'--from john.doe@domain1 --to root@client1 --server parameters-mandatory')
|
|
|
assert send.rc == 0
|
|
|
assert "Ok: queued as" in send.stdout
|
|
|
|
|
|
send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
|
|
|
send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '
|
|
|
'--from john.doe@domain1 --to root@client1 --server parameters-optional')
|
|
|
assert send.rc == 0
|
|
|
assert "Ok: queued as" in send.stdout
|
|
|
|
|
|
|
|
|
def test_smtp_authentication_with_alias_sender(host):
|
|
|
"""
|
|
|
Tests if SMTP authentication works via TLS and allows sending mails to
|
|
|
anywhere while using sender alias.
|
|
|
"""
|
|
|
|
|
|
send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '
|
|
|
'--from postmaster@domain1 --to root@client1 --server parameters-mandatory')
|
|
|
assert send.rc == 0
|
|
|
assert "Ok: queued as" in send.stdout
|
|
|
|
|
|
send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '
|
|
|
'--from postmaster@domain1 --to root@client1 --server parameters-optional')
|
|
|
assert send.rc == 0
|
|
|
assert "Ok: queued as" in send.stdout
|
|
|
|
|
@@ -142,11 +161,13 @@ def test_smtp_authentication_requires_tls(host):
|
|
|
|
|
|
auth_error = 28
|
|
|
|
|
|
send = host.run('swaks --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')
|
|
|
send = host.run('swaks --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '
|
|
|
'--from john.doe@domain1 --to root@client1 --server parameters-mandatory')
|
|
|
assert send.rc == auth_error
|
|
|
assert "Host did not advertise authentication" in send.stderr
|
|
|
|
|
|
send = host.run('swaks --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
|
|
|
send = host.run('swaks --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '
|
|
|
'--from john.doe@domain1 --to root@client1 --server parameters-optional')
|
|
|
assert send.rc == auth_error
|
|
|
assert "Host did not advertise authentication" in send.stderr
|
|
|
|
|
@@ -158,19 +179,23 @@ def test_smtp_authentication_requires_submission_port(host):
|
|
|
|
|
|
auth_error = 28
|
|
|
|
|
|
send = host.run('swaks --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')
|
|
|
send = host.run('swaks --port 25 --auth-user john.doe@domain1 --auth-password johnpassword '
|
|
|
'--from john.doe@domain1 --to root@client1 --server parameters-mandatory')
|
|
|
assert send.rc == auth_error
|
|
|
assert "Host did not advertise authentication" in send.stderr
|
|
|
|
|
|
send = host.run('swaks -tls --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')
|
|
|
send = host.run('swaks -tls --port 25 --auth-user john.doe@domain1 --auth-password johnpassword '
|
|
|
'--from john.doe@domain1 --to root@client1 --server parameters-mandatory')
|
|
|
assert send.rc == auth_error
|
|
|
assert "Host did not advertise authentication" in send.stderr
|
|
|
|
|
|
send = host.run('swaks --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
|
|
|
send = host.run('swaks --port 25 --auth-user john.doe@domain1 --auth-password johnpassword '
|
|
|
'--from john.doe@domain1 --to root@client1 --server parameters-optional')
|
|
|
assert send.rc == auth_error
|
|
|
assert "Host did not advertise authentication" in send.stderr
|
|
|
|
|
|
send = host.run('swaks -tls --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
|
|
|
send = host.run('swaks -tls --port 25 --auth-user john.doe@domain1 --auth-password johnpassword '
|
|
|
'--from john.doe@domain1 --to root@client1 --server parameters-optional')
|
|
|
assert send.rc == auth_error
|
|
|
assert "Host did not advertise authentication" in send.stderr
|
|
|
|
|
@@ -289,11 +314,13 @@ def test_port_forwarding(host):
|
|
|
assert "Ok: queued as" in send.stdout
|
|
|
|
|
|
# Submission port.
|
|
|
send = host.run('swaks -tls --port 26 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')
|
|
|
send = host.run('swaks -tls --port 26 --auth-user john.doe@domain1 --auth-password johnpassword '
|
|
|
'--from john.doe@domain1 --to root@client1 --server parameters-mandatory')
|
|
|
assert send.rc == 0
|
|
|
assert "Ok: queued as" in send.stdout
|
|
|
|
|
|
send = host.run('swaks -tls --port 26 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
|
|
|
send = host.run('swaks -tls --port 26 --auth-user john.doe@domain1 --auth-password johnpassword '
|
|
|
'--from john.doe@domain1 --to root@client1 --server parameters-optional')
|
|
|
assert send.rc == 0
|
|
|
assert "Ok: queued as" in send.stdout
|
|
|
|
|
@@ -318,3 +345,29 @@ def test_dovecot_sieve(host):
|
|
|
command = host.run('echo janepassword | sieve-connect --list -s parameters-optional -p 4190 -u jane.doe@domain1 --password 0 || /bin/false')
|
|
|
assert command.rc != 0
|
|
|
assert "Authentication refused by server" in command.stderr
|
|
|
|
|
|
|
|
|
def test_smtp_sender_forging(host):
|
|
|
"""
|
|
|
Tests if SMTP sender forging is possible.
|
|
|
"""
|
|
|
|
|
|
send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '
|
|
|
'--from jane.doe@domain2 --to root@client1 --server parameters-mandatory')
|
|
|
assert send.rc == 24
|
|
|
assert "Sender address rejected: not owned by user john.doe@domain1" in send.stdout
|
|
|
|
|
|
send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '
|
|
|
'--from jane.doe@domain2 --to root@client1 --server parameters-optional')
|
|
|
assert send.rc == 24
|
|
|
assert "Sender address rejected: not owned by user john.doe@domain1" in send.stdout
|
|
|
|
|
|
send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '
|
|
|
'--from webmaster@domain2 --to root@client1 --server parameters-mandatory')
|
|
|
assert send.rc == 24
|
|
|
assert "Sender address rejected: not owned by user john.doe@domain1" in send.stdout
|
|
|
|
|
|
send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword '
|
|
|
'--from webmaster@domain2 --to root@client1 --server parameters-optional')
|
|
|
assert send.rc == 24
|
|
|
assert "Sender address rejected: not owned by user john.doe@domain1" in send.stdout
|