| #!/usr/bin/perl -T |
| |
| use lib '.'; use lib 't'; |
| use SATest; sa_t_init("spf"); |
| use Test::More; |
| |
| use constant HAS_MAILSPF => eval { require Mail::SPF; }; |
| |
| plan skip_all => "Long running tests disabled" unless conf_bool('run_long_tests'); |
| plan skip_all => "Net tests disabled" unless conf_bool('run_net_tests'); |
| plan skip_all => "Need Mail::SPF" unless HAS_MAILSPF; |
| plan skip_all => "Can't use Net::DNS Safely" unless can_use_net_dns_safely(); |
| |
| plan tests => 72; |
| |
| # --------------------------------------------------------------------------- |
| |
| # ensure all rules will fire |
| tstlocalrules (" |
| score SPF_FAIL 0.001 |
| score SPF_HELO_FAIL 0.001 |
| score SPF_HELO_NEUTRAL 0.001 |
| score SPF_HELO_SOFTFAIL 0.001 |
| score SPF_NEUTRAL 0.001 |
| score SPF_SOFTFAIL 0.001 |
| score SPF_PASS -0.001 |
| score SPF_HELO_PASS -0.001 |
| score USER_IN_DEF_SPF_WL -0.001 |
| score USER_IN_SPF_WHITELIST -0.001 |
| "); |
| |
| %patterns = ( |
| q{ SPF_HELO_PASS }, 'helo_pass', |
| q{ SPF_PASS }, 'pass', |
| ); |
| |
| sarun ("-t < data/nice/spf1", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| %patterns = ( |
| q{ SPF_NEUTRAL }, 'neutral', |
| q{ SPF_HELO_NEUTRAL }, 'helo_neutral', |
| ); |
| |
| sarun ("-t < data/spam/spf1", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| %patterns = ( |
| q{ SPF_SOFTFAIL }, 'softfail', |
| q{ SPF_HELO_SOFTFAIL }, 'helo_softfail', |
| ); |
| |
| sarun ("-t < data/spam/spf2", \&patterns_run_cb); |
| ok_all_patterns(); |
| %patterns = ( |
| q{ SPF_FAIL }, 'fail', |
| q{ SPF_HELO_FAIL }, 'helo_fail', |
| ); |
| |
| sarun ("-t < data/spam/spf3", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| |
| # Test using an assortment of trusted and internal network definitions |
| |
| # 9-10: Trusted networks contain first header. |
| |
| tstprefs(" |
| clear_trusted_networks |
| clear_internal_networks |
| trusted_networks 65.214.43.157 |
| always_trust_envelope_sender 1 |
| "); |
| |
| %patterns = ( |
| q{ SPF_HELO_PASS }, 'helo_pass', |
| q{ SPF_PASS }, 'pass', |
| ); |
| |
| sarun ("-t < data/nice/spf2", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| |
| # 11-12: Internal networks contain first header. |
| # Trusted networks not defined. |
| |
| tstprefs(" |
| clear_trusted_networks |
| clear_internal_networks |
| internal_networks 65.214.43.157 |
| always_trust_envelope_sender 1 |
| "); |
| |
| %patterns = ( |
| q{ SPF_HELO_PASS }, 'helo_pass', |
| q{ SPF_PASS }, 'pass', |
| ); |
| |
| sarun ("-t < data/nice/spf2", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| |
| # 13-14: Internal networks contain first header. |
| # Trusted networks contain some other IP. |
| # jm: commented; this is now an error condition. |
| |
| tstprefs(" |
| clear_trusted_networks |
| clear_internal_networks |
| trusted_networks 1.2.3.4 |
| internal_networks 65.214.43.157 |
| always_trust_envelope_sender 1 |
| "); |
| |
| %patterns = ( |
| q{ SPF_HELO_NEUTRAL }, 'helo_neutral', |
| q{ SPF_NEUTRAL }, 'neutral', |
| ); |
| |
| if (0) { |
| sarun ("-t < data/nice/spf2", \&patterns_run_cb); |
| ok_all_patterns(); |
| } else { |
| ok(1); # skip the tests |
| ok(1); |
| } |
| |
| |
| # 15-16: Trusted+Internal networks contain first header. |
| |
| tstprefs(" |
| clear_trusted_networks |
| clear_internal_networks |
| trusted_networks 65.214.43.157 |
| internal_networks 65.214.43.157 |
| always_trust_envelope_sender 1 |
| "); |
| |
| %patterns = ( |
| q{ SPF_HELO_PASS }, 'helo_pass', |
| q{ SPF_PASS }, 'pass', |
| ); |
| |
| sarun ("-t < data/nice/spf2", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| |
| # 17-18: Trusted networks contain first and second header. |
| # Internal networks contain first header. |
| |
| tstprefs(" |
| clear_trusted_networks |
| clear_internal_networks |
| trusted_networks 65.214.43.157 64.142.3.173 |
| internal_networks 65.214.43.157 |
| always_trust_envelope_sender 1 |
| "); |
| |
| %patterns = ( |
| q{ SPF_HELO_PASS }, 'helo_pass', |
| q{ SPF_PASS }, 'pass', |
| ); |
| |
| sarun ("-t < data/nice/spf2", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| |
| # 19-26: Trusted networks contain first and second header. |
| # Internal networks contain first and second header. |
| |
| tstprefs(" |
| clear_trusted_networks |
| clear_internal_networks |
| trusted_networks 65.214.43.157 64.142.3.173 |
| internal_networks 65.214.43.157 64.142.3.173 |
| always_trust_envelope_sender 1 |
| "); |
| |
| %anti_patterns = ( |
| q{ SPF_HELO_PASS }, 'helo_pass', |
| q{ SPF_HELO_FAIL }, 'helo_fail', |
| q{ SPF_HELO_SOFTFAIL }, 'helo_softfail', |
| q{ SPF_HELO_NEUTRAL }, 'helo_neutral', |
| q{ SPF_PASS }, 'pass', |
| q{ SPF_FAIL }, 'fail', |
| q{ SPF_SOFTFAIL }, 'softfail', |
| q{ SPF_NEUTRAL }, 'neutral', |
| ); |
| %patterns = (); |
| |
| sarun ("-t < data/nice/spf2", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| |
| # 27-28: Trusted networks contain first header. |
| # Internal networks contain first and second header. |
| |
| tstprefs(" |
| clear_trusted_networks |
| clear_internal_networks |
| trusted_networks 65.214.43.157 |
| internal_networks 65.214.43.157 64.142.3.173 |
| always_trust_envelope_sender 1 |
| "); |
| |
| %anti_patterns = (); |
| %patterns = ( |
| q{ SPF_HELO_PASS }, 'helo_pass', |
| q{ SPF_PASS }, 'pass', |
| ); |
| |
| sarun ("-t < data/nice/spf2", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| |
| # 29-30: Trusted networks contain top 5 headers. |
| # Internal networks contain first header. |
| |
| tstprefs(" |
| clear_trusted_networks |
| clear_internal_networks |
| trusted_networks 65.214.43.158 64.142.3.173 65.214.43.155 65.214.43.156 65.214.43.157 |
| internal_networks 65.214.43.158 |
| always_trust_envelope_sender 1 |
| "); |
| |
| %anti_patterns = (); |
| %patterns = ( |
| q{ SPF_HELO_PASS }, 'helo_pass', |
| q{ SPF_PASS }, 'pass', |
| ); |
| |
| sarun ("-t < data/nice/spf3", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| |
| # 31-32: Trusted networks contain top 5 headers. |
| # Internal networks contain top 2 headers. |
| |
| tstprefs(" |
| clear_trusted_networks |
| clear_internal_networks |
| trusted_networks 65.214.43.158 64.142.3.173 65.214.43.155 65.214.43.156 65.214.43.157 |
| internal_networks 65.214.43.158 64.142.3.173 |
| always_trust_envelope_sender 1 |
| "); |
| |
| %anti_patterns = (); |
| %patterns = ( |
| q{ SPF_HELO_FAIL }, 'helo_fail', |
| q{ SPF_FAIL }, 'fail', |
| ); |
| |
| sarun ("-t < data/nice/spf3", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| |
| # 33-34: Trusted networks contain top 5 headers. |
| # Internal networks contain top 3 headers. |
| |
| tstprefs(" |
| clear_trusted_networks |
| clear_internal_networks |
| trusted_networks 65.214.43.158 64.142.3.173 65.214.43.155 65.214.43.156 65.214.43.157 |
| internal_networks 65.214.43.158 64.142.3.173 65.214.43.155 |
| always_trust_envelope_sender 1 |
| "); |
| |
| %anti_patterns = (); |
| %patterns = ( |
| q{ SPF_HELO_SOFTFAIL }, 'helo_softfail', |
| q{ SPF_SOFTFAIL }, 'softfail', |
| ); |
| |
| sarun ("-t < data/nice/spf3", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| |
| # 35-36: Trusted networks contain top 5 headers. |
| # Internal networks contain top 4 headers. |
| |
| tstprefs(" |
| clear_trusted_networks |
| clear_internal_networks |
| trusted_networks 65.214.43.158 64.142.3.173 65.214.43.155 65.214.43.156 65.214.43.157 |
| internal_networks 65.214.43.158 64.142.3.173 65.214.43.155 65.214.43.156 |
| always_trust_envelope_sender 1 |
| "); |
| |
| %anti_patterns = (); |
| %patterns = ( |
| q{ SPF_HELO_NEUTRAL }, 'helo_neutral', |
| q{ SPF_NEUTRAL }, 'neutral', |
| ); |
| |
| sarun ("-t < data/nice/spf3", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| |
| # 37-40: same as test 1-2 with some spf whitelisting added |
| |
| tstprefs(" |
| whitelist_from_spf newsalerts-noreply\@dnsbltest.spamassassin.org |
| def_whitelist_from_spf *\@dnsbltest.spamassassin.org |
| "); |
| |
| %patterns = ( |
| q{ SPF_HELO_PASS }, 'helo_pass', |
| q{ SPF_PASS }, 'pass', |
| q{ USER_IN_SPF_WHITELIST }, 'spf_whitelist', |
| q{ USER_IN_DEF_SPF_WL }, 'default_spf_whitelist', |
| ); |
| |
| sarun ("-t < data/nice/spf1", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| |
| # 41-44: same as test 1-2 with some spf whitelist entries that don't match |
| |
| tstprefs(" |
| whitelist_from_spf *\@example.com |
| def_whitelist_from_spf nothere\@dnsbltest.spamassassin.org |
| "); |
| |
| %patterns = ( |
| q{ SPF_HELO_PASS }, 'helo_pass', |
| q{ SPF_PASS }, 'pass', |
| ); |
| |
| %anti_patterns = ( |
| q{ USER_IN_SPF_WHITELIST }, 'spf_whitelist', |
| q{ USER_IN_DEF_SPF_WL }, 'default_spf_whitelist', |
| ); |
| |
| sarun ("-t < data/nice/spf1", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| # clear these out before we loop |
| %anti_patterns = (); |
| %patterns = (); |
| |
| |
| # 45-48: same as test 37-40 with whitelist_auth added |
| |
| tstprefs(" |
| whitelist_auth newsalerts-noreply\@dnsbltest.spamassassin.org |
| def_whitelist_auth *\@dnsbltest.spamassassin.org |
| "); |
| |
| %patterns = ( |
| q{ SPF_HELO_PASS }, 'helo_pass', |
| q{ SPF_PASS }, 'pass', |
| q{ USER_IN_SPF_WHITELIST }, 'spf_whitelist', |
| q{ USER_IN_DEF_SPF_WL }, 'default_spf_whitelist', |
| ); |
| |
| sarun ("-t < data/nice/spf1", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| |
| # test usage of Received-SPF headers added by internal relays |
| # the Received-SPF headers shouldn't be used in this test |
| |
| tstprefs(" |
| clear_trusted_networks |
| clear_internal_networks |
| trusted_networks 65.214.43.158 |
| internal_networks 65.214.43.158 |
| always_trust_envelope_sender 1 |
| "); |
| |
| %anti_patterns = (); |
| %patterns = ( |
| q{ SPF_HELO_PASS }, 'helo_pass', |
| q{ SPF_PASS }, 'pass', |
| ); |
| |
| sarun ("-t < data/nice/spf3-received-spf", \&patterns_run_cb); |
| ok_all_patterns(); |
| # Test same with nonfolded headers |
| sarun ("-t < data/nice/spf4-received-spf-nofold", \&patterns_run_cb); |
| ok_all_patterns(); |
| # Test same with crlf line endings |
| sarun ("-t < data/nice/spf5-received-spf-crlf", \&patterns_run_cb); |
| ok_all_patterns(); |
| # Test same with crlf line endings (bug 7785) |
| sarun ("-t < data/nice/spf6-received-spf-crlf2", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| |
| # test usage of Received-SPF headers added by internal relays |
| # the Received-SPF headers shouldn't be used in this test |
| |
| tstprefs(" |
| clear_trusted_networks |
| clear_internal_networks |
| trusted_networks 65.214.43.158 64.142.3.173 |
| internal_networks 65.214.43.158 64.142.3.173 |
| always_trust_envelope_sender 1 |
| ignore_received_spf_header 1 |
| "); |
| |
| %anti_patterns = (); |
| %patterns = ( |
| q{ SPF_HELO_FAIL }, 'helo_fail_ignore_header', |
| q{ SPF_FAIL }, 'fail_ignore_header', |
| ); |
| |
| sarun ("-t < data/nice/spf3-received-spf", \&patterns_run_cb); |
| ok_all_patterns(); |
| # Test same with nonfolded headers |
| sarun ("-t < data/nice/spf4-received-spf-nofold", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| |
| # test usage of Received-SPF headers added by internal relays |
| # the bottom 2 Received-SPF headers should be used in this test |
| |
| tstprefs(" |
| clear_trusted_networks |
| clear_internal_networks |
| trusted_networks 65.214.43.158 64.142.3.173 |
| internal_networks 65.214.43.158 64.142.3.173 |
| always_trust_envelope_sender 1 |
| "); |
| |
| %anti_patterns = (); |
| %patterns = ( |
| q{ SPF_HELO_SOFTFAIL }, 'helo_softfail_from_header', |
| q{ SPF_NEUTRAL }, 'neutral_from_header', |
| ); |
| |
| sarun ("-t < data/nice/spf3-received-spf", \&patterns_run_cb); |
| ok_all_patterns(); |
| # Test same with nonfolded headers |
| sarun ("-t < data/nice/spf4-received-spf-nofold", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| |
| # test usage of Received-SPF headers added by internal relays |
| # the top 2 Received-SPF headers should be used in this test |
| |
| tstprefs(" |
| clear_trusted_networks |
| clear_internal_networks |
| trusted_networks 65.214.43.158 64.142.3.173 |
| internal_networks 65.214.43.158 64.142.3.173 |
| use_newest_received_spf_header 1 |
| always_trust_envelope_sender 1 |
| "); |
| |
| %anti_patterns = (); |
| %patterns = ( |
| q{ SPF_HELO_SOFTFAIL }, 'helo_softfail_from_header', |
| q{ SPF_FAIL }, 'fail_from_header', |
| ); |
| |
| sarun ("-t < data/nice/spf3-received-spf", \&patterns_run_cb); |
| ok_all_patterns(); |
| # Test same with nonfolded headers |
| sarun ("-t < data/nice/spf4-received-spf-nofold", \&patterns_run_cb); |
| ok_all_patterns(); |
| |
| |
| # test unwhitelist_auth and unwhitelist_from_spf |
| |
| tstprefs(" |
| whitelist_auth newsalerts-noreply\@dnsbltest.spamassassin.org |
| def_whitelist_auth newsalerts-noreply\@dnsbltest.spamassassin.org |
| unwhitelist_auth newsalerts-noreply\@dnsbltest.spamassassin.org |
| |
| whitelist_from_spf *\@dnsbltest.spamassassin.org |
| def_whitelist_from_spf *\@dnsbltest.spamassassin.org |
| unwhitelist_from_spf *\@dnsbltest.spamassassin.org |
| "); |
| |
| %patterns = ( |
| q{ SPF_HELO_PASS }, 'helo_pass', |
| q{ SPF_PASS }, 'pass', |
| ); |
| |
| %anti_patterns = ( |
| q{ USER_IN_SPF_WHITELIST }, 'spf_whitelist', |
| q{ USER_IN_DEF_SPF_WL }, 'default_spf_whitelist', |
| ); |
| |
| sarun ("-t < data/nice/spf1", \&patterns_run_cb); |
| ok_all_patterns(); |
| |