mirror of
https://github.com/chatmail/core.git
synced 2026-05-03 21:36:29 +03:00
Improve tests
This commit is contained in:
Hocuri
@@ -380,79 +380,21 @@ Authentication-Results: gmx.net; dkim=pass header.i=@slack.com";
|
||||
vec![("mx1.riseup.net".to_string(), DkimResult::Passed)]
|
||||
);
|
||||
|
||||
// let bytes = b"Authentication-Results: mx1.messagingengine.com;
|
||||
// x-csa=none;
|
||||
// x-me-sender=none;
|
||||
// x-ptr=pass smtp.helo=nx184.node01.secure-mailgate.com
|
||||
// policy.ptr=nx184.node01.secure-mailgate.com
|
||||
// Authentication-Results: mx1.messagingengine.com;
|
||||
// bimi=skipped (DMARC did not pass)
|
||||
// Authentication-Results: mx1.messagingengine.com;
|
||||
// arc=none (no signatures found)
|
||||
// Authentication-Results: mx1.messagingengine.com;
|
||||
// dkim=none (no signatures found);
|
||||
// dmarc=none policy.published-domain-policy=none
|
||||
// policy.applied-disposition=none policy.evaluated-disposition=none
|
||||
// (p=none,d=none,d.eval=none) policy.policy-from=p
|
||||
// header.from=delta.blinzeln.de;
|
||||
// iprev=pass smtp.remote-ip=89.22.108.184
|
||||
// (nx184.node01.secure-mailgate.com);
|
||||
// spf=none smtp.mailfrom=nami.lefherz@delta.blinzeln.de
|
||||
// smtp.helo=nx184.node01.secure-mailgate.com";
|
||||
// let mail = mailparse::parse_mail(bytes)?;
|
||||
// let actual = parse_authres_headers(&mail.get_headers(), "delta.blinzeln.de");
|
||||
// assert_eq!(actual, vec![("mx1.messagingengine.com".to_string(), false)]);
|
||||
|
||||
// check_parse_authentication_results_combination(
|
||||
// "alice@testrun.org",
|
||||
// // TODO actually the address is alice@gmx.de, but then it doesn't work because `header.d=gmx.net`:
|
||||
// b"From: alice@gmx.net
|
||||
// Authentication-Results: testrun.org;
|
||||
// dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=Gug6p4zD;
|
||||
// dmarc=pass (policy=none) header.from=gmx.de;
|
||||
// spf=pass (testrun.org: domain of alice@gmx.de designates 212.227.17.21 as permitted sender) smtp.mailfrom=alice@gmx.de",
|
||||
// AuthenticationResults::Passed,
|
||||
// )
|
||||
// .await;
|
||||
|
||||
// check_parse_authentication_results_combination(
|
||||
// "alice@testrun.org",
|
||||
// br#"From: hocuri@testrun.org
|
||||
// Authentication-Results: box.hispanilandia.net; dmarc=none (p=none dis=none) header.from=nauta.cu
|
||||
// Authentication-Results: box.hispanilandia.net; spf=pass smtp.mailfrom=adbenitez@nauta.cu
|
||||
// Authentication-Results: testrun.org;
|
||||
// dkim=fail ("body hash did not verify") header.d=nauta.cu header.s=nauta header.b=YrWhU6qk;
|
||||
// dmarc=none;
|
||||
// spf=pass (testrun.org: domain of "test1-bounces+hocuri=testrun.org@hispanilandia.net" designates 51.15.127.36 as permitted sender) smtp.mailfrom="test1-bounces+hocuri=testrun.org@hispanilandia.net"
|
||||
// "#,
|
||||
// AuthenticationResults::Failed,
|
||||
// )
|
||||
// .await;
|
||||
|
||||
// check_parse_authentication_results_combination(
|
||||
|
||||
// // TODO fails because mx.google.com, not google.com
|
||||
// "alice@gmail.com",
|
||||
// br#"From: not-so-fake@hispanilandia.net
|
||||
// Authentication-Results: mx.google.com;
|
||||
// dkim=pass header.i=@hispanilandia.net header.s=mail header.b="Ih5Sz2/P";
|
||||
// spf=pass (google.com: domain of not-so-fake@hispanilandia.net designates 51.15.127.36 as permitted sender) smtp.mailfrom=not-so-fake@hispanilandia.net;
|
||||
// dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=hispanilandia.net"#,
|
||||
// AuthenticationResults::Passed,
|
||||
// )
|
||||
// .await;
|
||||
|
||||
// check_parse_authentication_results_combination(
|
||||
// "alice@nauta.cu",
|
||||
// br#"From: adb <adbenitez@disroot.org>
|
||||
// Authentication-Results: box.hispanilandia.net;
|
||||
// dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=disroot.org header.i=@disroot.org header.b="kqh3WUKq";
|
||||
// dkim-atps=neutral
|
||||
// Authentication-Results: box.hispanilandia.net; dmarc=pass (p=quarantine dis=none) header.from=disroot.org
|
||||
// Authentication-Results: box.hispanilandia.net; spf=pass smtp.mailfrom=adbenitez@disroot.org"#,
|
||||
// AuthenticationResults::Passed,
|
||||
// )
|
||||
// .await;
|
||||
let bytes = br#"Authentication-Results: box.hispanilandia.net;
|
||||
dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=disroot.org header.i=@disroot.org header.b="kqh3WUKq";
|
||||
dkim-atps=neutral
|
||||
Authentication-Results: box.hispanilandia.net; dmarc=pass (p=quarantine dis=none) header.from=disroot.org
|
||||
Authentication-Results: box.hispanilandia.net; spf=pass smtp.mailfrom=adbenitez@disroot.org"#;
|
||||
let mail = mailparse::parse_mail(bytes)?;
|
||||
let actual = parse_authres_headers(&mail.get_headers(), "disroot.org");
|
||||
assert_eq!(
|
||||
actual,
|
||||
vec![
|
||||
("box.hispanilandia.net".to_string(), DkimResult::Failed),
|
||||
("box.hispanilandia.net".to_string(), DkimResult::Nothing),
|
||||
("box.hispanilandia.net".to_string(), DkimResult::Nothing),
|
||||
]
|
||||
);
|
||||
|
||||
Ok(())
|
||||
}
|
||||
@@ -524,6 +466,8 @@ Authentication-Results: gmx.net; dkim=pass header.i=@slack.com";
|
||||
"fastmail.com",
|
||||
"mail.de",
|
||||
"outlook.com",
|
||||
"gmx.de",
|
||||
"testrun.org",
|
||||
]
|
||||
.contains(&self_domain.as_str());
|
||||
|
||||
@@ -572,9 +516,13 @@ Authentication-Results: gmx.net; dkim=pass header.i=@slack.com";
|
||||
|
||||
let from_domain = EmailAddress::new(from).unwrap().domain;
|
||||
let dkim_result = dkim_works(&t, &from_domain).await.unwrap();
|
||||
// println!("From {from_domain}: passed {dkim_passed}, known to work {dkim_known_to_work}");
|
||||
let expected_result = from_domain != "delta.blinzeln.de"
|
||||
&& from != "authresadding-attacker@example.com"
|
||||
// delta.blinzeln.de and gmx.de have invalid DKIM, so the DKIM check should fail
|
||||
let expected_result = (from_domain != "delta.blinzeln.de") && (from_domain != "gmx.de")
|
||||
// These are (fictional) forged emails where the attacker added a fake
|
||||
// Authentication-Results before sending the email
|
||||
&& from != "forged-authres-added@example.com"
|
||||
// Other forged emails
|
||||
&& !from.starts_with("forged")
|
||||
&& !entry
|
||||
.path()
|
||||
.to_str()
|
||||
@@ -611,32 +559,4 @@ Authentication-Results: gmx.net; dkim=pass header.i=@slack.com";
|
||||
let mail = mailparse::parse_mail(bytes).unwrap();
|
||||
handle_authres(&t, &mail, "invalidfrom.com").await.unwrap();
|
||||
}
|
||||
|
||||
// async fn check_parse_authentication_results_combination(
|
||||
// self_addr: &str,
|
||||
// header_bytes: &[u8],
|
||||
// expected_result: AuthenticationResults,
|
||||
// ) {
|
||||
// let t = TestContext::new().await;
|
||||
// t.set_primary_self_addr(self_addr).await.unwrap();
|
||||
// let mail = mailparse::parse_mail(body)?;
|
||||
|
||||
// let actual = parse_authentication_results(&t, &mail.get_headers(), &from)?;
|
||||
// //assert_eq!(message.authentication_results, expected_result);
|
||||
// if message.authentication_results != expected_result {
|
||||
// eprintln!(
|
||||
// "EXPECTED {expected_result:?}, GOT {:?}, SELF {}, FROM {:?}",
|
||||
// message.authentication_results,
|
||||
// self_addr,
|
||||
// message.from.first().map(|i| &i.addr),
|
||||
// )
|
||||
// } else {
|
||||
// eprintln!(
|
||||
// "CORRECT {:?}, SELF {}, FROM {:?}",
|
||||
// message.authentication_results,
|
||||
// self_addr,
|
||||
// message.from.first().map(|i| &i.addr),
|
||||
// )
|
||||
// }
|
||||
// }
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@ Authentication-Results: atlas206.aol.mail.ne1.yahoo.com;
|
||||
dkim=unknown;
|
||||
spf=none smtp.mailfrom=delta.blinzeln.de;
|
||||
dmarc=unknown header.from=delta.blinzeln.de;
|
||||
From: authresadding-attacker@example.com
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
@@ -1,3 +1,3 @@
|
||||
From: authresadding-attacker@example.com
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
@@ -1,3 +1,3 @@
|
||||
From: authresadding-attacker@example.com
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
@@ -1,3 +1,3 @@
|
||||
From: authresadding-attacker@example.com
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: mail2.ecloud.global;
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
@@ -17,6 +17,6 @@ Authentication-Results: mx1.messagingengine.com;
|
||||
(nx184.node01.secure-mailgate.com);
|
||||
spf=none smtp.mailfrom=alice@delta.blinzeln.de
|
||||
smtp.helo=nx184.node01.secure-mailgate.com
|
||||
From: authresadding-attacker@example.com
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
@@ -1,5 +1,5 @@
|
||||
Authentication-Results: mx.google.com;
|
||||
spf=neutral (google.com: 89.22.108.212 is neither permitted nor denied by best guess record for domain of alice@delta.blinzeln.de) smtp.mailfrom=alice@delta.blinzeln.de
|
||||
From: authresadding-attacker@example.com
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
@@ -0,0 +1,3 @@
|
||||
Authentication-Results: gmx.net; dkim=pass header.i=@slack.com
|
||||
Authentication-Results: gmx.net; dkim=pass header.i=@amazonses.com
|
||||
From: alice@slack.com
|
||||
@@ -2,6 +2,6 @@ Authentication-Results: bimi.icloud.com; bimi=skipped reason="insufficient dmarc
|
||||
Authentication-Results: dmarc.icloud.com; dmarc=none header.from=delta.blinzeln.de
|
||||
Authentication-Results: dkim-verifier.icloud.com; dkim=none
|
||||
Authentication-Results: spf.icloud.com; spf=none (spf.icloud.com: alice@delta.blinzeln.de does not designate permitted sender hosts) smtp.mailfrom=alice@delta.blinzeln.de
|
||||
From: authresadding-attacker@example.com
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
@@ -1,5 +1,5 @@
|
||||
Authentication-Results: mx.infomaniak.com; dmarc=none (p=none dis=none) header.from=delta.blinzeln.de
|
||||
From: authresadding-attacker@example.com
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
Authentication-Results: mx.infomaniak.com; spf=none smtp.mailfrom=delta.blinzeln.de
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
@@ -1,4 +1,4 @@
|
||||
Authentication-Results: mxpostfix01.mail.de; dkim=none; dkim-atps=neutral
|
||||
From: authresadding-attacker@example.com
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
@@ -1,3 +1,3 @@
|
||||
Authentication-Results: mxs.mail.ru; spf=none () smtp.mailfrom=alice@delta.blinzeln.de smtp.helo=nx170.node02.secure-mailgate.com
|
||||
From: authresadding-attacker@example.com
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
@@ -1,3 +1,3 @@
|
||||
From: authresadding-attacker@example.com
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
@@ -0,0 +1,8 @@
|
||||
Authentication-Results: box.hispanilandia.net;
|
||||
dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=disroot.org header.i=@disroot.org header.b="kqh3WUKq";
|
||||
dkim-atps=neutral
|
||||
Authentication-Results: box.hispanilandia.net; dmarc=pass (p=quarantine dis=none) header.from=disroot.org
|
||||
Authentication-Results: box.hispanilandia.net; spf=pass smtp.mailfrom=adbenitez@disroot.org
|
||||
From: forged@disroot.org
|
||||
|
||||
This is an email from adb's mailing list that pretends being sent by forged@disroot.org.
|
||||
@@ -1,5 +1,5 @@
|
||||
Authentication-Results: posteo.de; dmarc=none (p=none dis=none) header.from=delta.blinzeln.de
|
||||
Authentication-Results: posteo.de; spf=tempfail smtp.mailfrom=delta.blinzeln.de
|
||||
From: authresadding-attacker@example.com
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
@@ -1,3 +1,3 @@
|
||||
From: authresadding-attacker@example.com
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
@@ -0,0 +1,10 @@
|
||||
ARC-Authentication-Results: i=1;
|
||||
testrun.org;
|
||||
dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=Gug6p4zD;
|
||||
dmarc=pass (policy=none) header.from=gmx.de;
|
||||
spf=pass (testrun.org: domain of alice@gmx.de designates 212.227.17.21 as permitted sender) smtp.mailfrom=alice@gmx.de
|
||||
Authentication-Results: testrun.org;
|
||||
dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=Gug6p4zD;
|
||||
dmarc=pass (policy=none) header.from=gmx.de;
|
||||
spf=pass (testrun.org: domain of alice@gmx.de designates 212.227.17.21 as permitted sender) smtp.mailfrom=alice@gmx.de
|
||||
From: alice@gmx.de
|
||||
@@ -0,0 +1,14 @@
|
||||
Authentication-Results: box.hispanilandia.net; dmarc=none (p=none dis=none) header.from=nauta.cu
|
||||
Authentication-Results: box.hispanilandia.net; spf=pass smtp.mailfrom=adbenitez@nauta.cu
|
||||
ARC-Authentication-Results: i=1;
|
||||
testrun.org;
|
||||
dkim=fail ("body hash did not verify") header.d=nauta.cu header.s=nauta header.b=YrWhU6qk;
|
||||
dmarc=none;
|
||||
spf=pass (testrun.org: domain of "test1-bounces+hocuri=testrun.org@hispanilandia.net" designates 51.15.127.36 as permitted sender) smtp.mailfrom="test1-bounces+hocuri=testrun.org@hispanilandia.net"
|
||||
Authentication-Results: testrun.org;
|
||||
dkim=fail ("body hash did not verify") header.d=nauta.cu header.s=nauta header.b=YrWhU6qk;
|
||||
dmarc=none;
|
||||
spf=pass (testrun.org: domain of "test1-bounces+hocuri=testrun.org@hispanilandia.net" designates 51.15.127.36 as permitted sender) smtp.mailfrom="test1-bounces+hocuri=testrun.org@hispanilandia.net"
|
||||
From: forged@nauta.cu
|
||||
|
||||
This is an email from adb's mailing list that pretends being from forged@nauta.cu.
|
||||
@@ -2,5 +2,5 @@ Authentication-Results: atlas324.free.mail.ne1.yahoo.com;
|
||||
dkim=unknown;
|
||||
spf=none smtp.mailfrom=delta.blinzeln.de;
|
||||
dmarc=unknown header.from=delta.blinzeln.de;
|
||||
From: authresadding-attacker@example.com
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
@@ -1,2 +1,2 @@
|
||||
From: authresadding-attacker@example.com
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
@@ -1,4 +1,4 @@
|
||||
Authentication-Results: mx.zohomail.eu;
|
||||
From: authresadding-attacker@example.com
|
||||
From: forged-authres-added@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
Authentication-Results: aaa.com; dkim=pass header.i=@example.com
|
||||
@@ -1,6 +1,6 @@
|
||||
# This is a small script which helped me write the atuhresadding-attacker@example.com emails
|
||||
# I still did quite some things manually.
|
||||
# cd dkimchecks-2022-09-28; for d in *; do cd $d ; python3 ../../create-authresadding-attacker.py >authresadding-attacker@example.com; cd $HOME/deltachat-android/jni/deltachat-core-rust/test-data/message/dkimchecks-2022-09-28; done
|
||||
# cd dkimchecks-2022-09-28; for d in *; do cd $d ; python3 ../../create-forged-authres-added.py >forged-authres-added@example.com; cd $HOME/deltachat-android/jni/deltachat-core-rust/test-data/message/dkimchecks-2022-09-28; done
|
||||
|
||||
with open("nami.lefherz@delta.blinzeln.de", "r") as f:
|
||||
inheader = False
|
||||
@@ -16,7 +16,7 @@ with open("nami.lefherz@delta.blinzeln.de", "r") as f:
|
||||
print(l, end='')
|
||||
inheader=True
|
||||
if l.startswith("From:"):
|
||||
print("From: authresadding-attacker@example.com");
|
||||
print("From: forged-authres-added@example.com");
|
||||
if l.startswith("Authentication-Results-Original"):
|
||||
print("TO BE DELETED")
|
||||
print(f"Authentication-Results: aaa.com; dkim=pass header.i=@example.com")
|
||||
|
||||
Reference in New Issue
Block a user