diff --git a/target/scripts/helpers/aliases.sh b/target/scripts/helpers/aliases.sh index 758f9af0..7604fd44 100644 --- a/target/scripts/helpers/aliases.sh +++ b/target/scripts/helpers/aliases.sh @@ -57,5 +57,6 @@ function _handle_postfix_aliases_config() { function _create_aliases() { _handle_postfix_virtual_config _handle_postfix_regexp_config + _handle_postfix_regexp_send_only_config _handle_postfix_aliases_config } diff --git a/test/config/postfix-regexp-send-only.cf b/test/config/postfix-regexp-send-only.cf new file mode 100644 index 00000000..d81f927c --- /dev/null +++ b/test/config/postfix-regexp-send-only.cf @@ -0,0 +1 @@ +/^user3@localhost.localdomain/ user1@localhost.localdomain diff --git a/test/files/emails/auth/added-smtp-auth-spoofed-alias.txt b/test/files/emails/auth/added-smtp-auth-spoofed-from-alias1.txt similarity index 100% rename from test/files/emails/auth/added-smtp-auth-spoofed-alias.txt rename to test/files/emails/auth/added-smtp-auth-spoofed-from-alias1.txt diff --git a/test/files/emails/auth/added-smtp-auth-spoofed.txt b/test/files/emails/auth/added-smtp-auth-spoofed-from-test123.txt similarity index 72% rename from test/files/emails/auth/added-smtp-auth-spoofed.txt rename to test/files/emails/auth/added-smtp-auth-spoofed-from-test123.txt index fd96d401..e5584366 100644 --- a/test/files/emails/auth/added-smtp-auth-spoofed.txt +++ b/test/files/emails/auth/added-smtp-auth-spoofed-from-test123.txt @@ -1,4 +1,4 @@ -From: Not_My_Business +From: test123_alias To: Existing Local User Date: Sat, 22 May 2010 07:43:25 -0400 Subject: Test Message diff --git a/test/files/emails/auth/added-smtp-auth-spoofed-from-user1.txt b/test/files/emails/auth/added-smtp-auth-spoofed-from-user1.txt new file mode 100644 index 00000000..cd3960be --- /dev/null +++ b/test/files/emails/auth/added-smtp-auth-spoofed-from-user1.txt @@ -0,0 +1,5 @@ +From: User 1 +To: Existing Local User +Date: Sat, 22 May 2010 07:43:25 -0400 +Subject: Test Message +This is a test mail. diff --git a/test/files/emails/auth/added-smtp-auth-spoofed-from-user3.txt b/test/files/emails/auth/added-smtp-auth-spoofed-from-user3.txt new file mode 100644 index 00000000..0a2ccdb6 --- /dev/null +++ b/test/files/emails/auth/added-smtp-auth-spoofed-from-user3.txt @@ -0,0 +1,5 @@ +From: User 3 +To: Existing Local User +Date: Sat, 22 May 2010 07:43:25 -0400 +Subject: Test Message +This is a test mail. diff --git a/test/tests/parallel/set2/auth/spoofing.bats b/test/tests/parallel/set2/auth/spoofing.bats new file mode 100644 index 00000000..c673045e --- /dev/null +++ b/test/tests/parallel/set2/auth/spoofing.bats @@ -0,0 +1,103 @@ +load "${REPOSITORY_ROOT}/test/helper/common" +load "${REPOSITORY_ROOT}/test/helper/setup" + +BATS_TEST_NAME_PREFIX='[Postfix] (sender spoofing) ' +CONTAINER_NAME='dms-test_postfix-spoofing' + +function setup_file() { + _init_with_defaults + + local CUSTOM_SETUP_ARGUMENTS=( + --env SPOOF_PROTECTION=1 + --env LOG_LEVEL=trace + --env SSL_TYPE='snakeoil' + ) + + _common_container_setup 'CUSTOM_SETUP_ARGUMENTS' + + _wait_for_service postfix + _wait_for_smtp_port_in_container_to_respond +} + +function teardown_file() { _default_teardown ; } + +# These tests ensure spoofing protection works, and that exceptions are available for aliases. +# user1 has aliases configured for the following accounts: +# - test\d* via /etc/postfix/regexp +# - alias1@localhost via /etc/postfix/virtual +# - user3@localhost via /etc/postfix/regexp-send-only + +@test "allows forging as send-only alias" { + # An authenticated account should be able to send mail from a send-only alias, + # Verifies `main.cf:smtpd_sender_login_maps` includes /etc/postfix/regexp-send-only + _send_email \ + --port 587 -tls --auth PLAIN \ + --auth-user user1@localhost.localdomain \ + --auth-password mypassword \ + --ehlo mail \ + --from user3@localhost.localdomain \ + --data 'auth/added-smtp-auth-spoofed-from-user3.txt' + assert_success + assert_output --partial 'End data with' +} + +@test "allows forging as regular alias" { + # An authenticated account should be able to send mail from an alias, + # Verifies `main.cf:smtpd_sender_login_maps` includes /etc/postfix/virtual + _send_email \ + --port 587 -tls --auth PLAIN \ + --auth-user user1@localhost.localdomain \ + --auth-password mypassword \ + --ehlo mail \ + --from alias1@localhost.localdomain \ + --data 'auth/added-smtp-auth-spoofed-from-alias1.txt' + assert_success + assert_output --partial 'End data with' +} + +@test "allows forging as regular (regex) alias" { + # An authenticated account should be able to send mail from an alias, + # Verifies `main.cf:smtpd_sender_login_maps` includes /etc/postfix/regexp + _send_email \ + --port 587 -tls --auth PLAIN \ + --auth-user user1@localhost.localdomain \ + --auth-password mypassword \ + --ehlo mail \ + --from test123@localhost.localdomain \ + --data 'auth/added-smtp-auth-spoofed-from-test123.txt' + assert_success + assert_output --partial 'End data with' +} + +@test "rejects sender forging" { + # An authenticated user cannot use an envelope sender (MAIL FROM) + # address they do not own according to `main.cf:smtpd_sender_login_maps` lookup + _send_email --expect-rejection \ + --port 587 -tls --auth PLAIN \ + --auth-user user3@localhost.localdomain \ + --auth-password mypassword \ + --ehlo mail \ + --from user1@localhost.localdomain \ + --data 'auth/added-smtp-auth-spoofed-from-user1.txt' + assert_output --partial 'Sender address rejected: not owned by user' +} + +@test "send-only alias does not affect incoming mail" { + _send_email \ + --port 587 -tls --auth PLAIN \ + --auth-user user1@localhost.localdomain \ + --auth-password mypassword \ + --ehlo mail \ + --from user1@localhost.localdomain \ + --to user3@localhost.localdomain \ + --data 'test-email.txt' + assert_success + assert_output --partial 'End data with' + + _wait_for_empty_mail_queue_in_container + + # would have an orig_to if it got forwarded + _service_log_should_contain_string 'mail' ': to=' + assert_output --partial 'status=sent' + _should_output_number_of_lines 1 +} diff --git a/test/tests/serial/tests.bats b/test/tests/serial/tests.bats index eff151df..15e6a6b0 100644 --- a/test/tests/serial/tests.bats +++ b/test/tests/serial/tests.bats @@ -281,39 +281,6 @@ EOF assert_success } -@test "spoofing: rejects sender forging" { - # rejection of spoofed sender - _wait_for_smtp_port_in_container_to_respond - - # An authenticated user cannot use an envelope sender (MAIL FROM) - # address they do not own according to `main.cf:smtpd_sender_login_maps` lookup - _send_email --expect-rejection \ - --port 465 -tlsc --auth PLAIN \ - --auth-user added@localhost.localdomain \ - --auth-password mypassword \ - --ehlo mail \ - --from user2@localhost.localdomain \ - --data 'auth/added-smtp-auth-spoofed.txt' - assert_output --partial 'Sender address rejected: not owned by user' -} - -@test "spoofing: accepts sending as alias" { - # An authenticated account should be able to send mail from an alias, - # Verifies `main.cf:smtpd_sender_login_maps` includes /etc/postfix/virtual - # The envelope sender address (MAIL FROM) is the lookup key - # to each table. Address is authorized when a result that maps to - # the DMS account is returned. - _send_email \ - --port 465 -tlsc --auth PLAIN \ - --auth-user user1@localhost.localdomain \ - --auth-password mypassword \ - --ehlo mail \ - --from alias1@localhost.localdomain \ - --data 'auth/added-smtp-auth-spoofed-alias.txt' - assert_success - assert_output --partial 'End data with' -} - # # Pflogsumm delivery check #