blob: 98065f75c16b48d7b194e556f8abe8153d068d8b [file] [log] [blame]
#!/usr/bin/perl
# (C) Maxim Dounin
# Tests for nginx mail smtp module.
###############################################################################
use warnings;
use strict;
use Test::More;
use MIME::Base64;
use Socket qw/ CRLF /;
BEGIN { use FindBin; chdir($FindBin::Bin); }
use lib 'lib';
use Test::Nginx;
use Test::Nginx::SMTP;
###############################################################################
select STDERR; $| = 1;
select STDOUT; $| = 1;
local $SIG{PIPE} = 'IGNORE';
my $t = Test::Nginx->new()->has(qw/mail smtp http rewrite/)
->write_file_expand('nginx.conf', <<'EOF');
%%TEST_GLOBALS%%
daemon off;
events {
}
mail {
proxy_pass_error_message on;
auth_http http://127.0.0.1:8080/mail/auth;
xclient off;
server {
listen 127.0.0.1:8025;
protocol smtp;
smtp_auth login plain none cram-md5 external;
}
}
http {
%%TEST_GLOBALS_HTTP%%
server {
listen 127.0.0.1:8080;
server_name localhost;
location = /mail/auth {
set $reply ERROR;
if ($http_auth_smtp_to ~ example.com) {
set $reply OK;
}
set $userpass "$http_auth_user:$http_auth_pass";
if ($userpass ~ '^test@example.com:secret$') {
set $reply OK;
}
set $userpass "$http_auth_user:$http_auth_salt:$http_auth_pass";
if ($userpass ~ '^test@example.com:<.*@.*>:0{32}$') {
set $reply OK;
}
set $userpass "$http_auth_method:$http_auth_user:$http_auth_pass";
if ($userpass ~ '^external:test@example.com:$') {
set $reply OK;
}
add_header Auth-Status $reply;
add_header Auth-Server 127.0.0.1;
add_header Auth-Port %%PORT_8026%%;
add_header Auth-Wait 1;
return 204;
}
}
}
EOF
$t->run_daemon(\&Test::Nginx::SMTP::smtp_test_daemon);
$t->run()->plan(30);
$t->waitforsocket('127.0.0.1:' . port(8026));
###############################################################################
my $s = Test::Nginx::SMTP->new();
$s->check(qr/^220 /, "greeting");
$s->send('EHLO example.com');
$s->check(qr/^250 /, "ehlo");
$s->send('AUTH PLAIN ' . encode_base64("\0test\@example.com\0bad", ''));
$s->check(qr/^5.. /, 'auth plain with bad password');
$s->send('AUTH PLAIN ' . encode_base64("\0test\@example.com\0secret", ''));
$s->authok('auth plain');
# We are talking to backend from this point
$s->send('MAIL FROM:<test@example.com> SIZE=100');
$s->ok('mail from after auth');
$s->send('RSET');
$s->ok('rset');
$s->send('MAIL FROM:<test@xn--e1afmkfd.xn--80akhbyknj4f> SIZE=100');
$s->ok("idn mail from (example.test in russian)");
$s->send('QUIT');
$s->ok("quit");
# Try auth login in simple form
$s = Test::Nginx::SMTP->new();
$s->read();
$s->send('EHLO example.com');
$s->read();
$s->send('AUTH LOGIN');
$s->check(qr/^334 VXNlcm5hbWU6/, 'auth login simple username challenge');
$s->send(encode_base64('test@example.com', ''));
$s->check(qr/^334 UGFzc3dvcmQ6/, 'auth login simple password challenge');
$s->send(encode_base64('secret', ''));
$s->authok('auth login simple');
# Try auth plain with username. Details:
#
# [MS-XLOGIN]: SMTP Protocol AUTH LOGIN Extension Specification
# http://download.microsoft.com/download/5/D/D/5DD33FDF-91F5-496D-9884-0A0B0EE698BB/%5BMS-XLOGIN%5D.pdf
$s = Test::Nginx::SMTP->new();
$s->read();
$s->send('EHLO example.com');
$s->read();
$s->send('AUTH LOGIN ' . encode_base64('test@example.com', ''));
$s->check(qr/^334 UGFzc3dvcmQ6/, 'auth login with username password challenge');
$s->send(encode_base64('secret', ''));
$s->authok('auth login with username');
# Try auth cram-md5
$s = Test::Nginx::SMTP->new();
$s->read();
$s->send('EHLO example.com');
$s->read();
$s->send('AUTH CRAM-MD5');
$s->check(qr/^334 /, 'auth cram-md5 challenge');
$s->send(encode_base64('test@example.com ' . ('0' x 32), ''));
$s->authok('auth cram-md5');
# Try auth external
$s = Test::Nginx::SMTP->new();
$s->read();
$s->send('EHLO example.com');
$s->read();
$s->send('AUTH EXTERNAL');
$s->check(qr/^334 VXNlcm5hbWU6/, 'auth external challenge');
$s->send(encode_base64('test@example.com', ''));
$s->ok('auth external');
# Try auth external with username
$s = Test::Nginx::SMTP->new();
$s->read();
$s->send('EHLO example.com');
$s->read();
$s->send('AUTH EXTERNAL ' . encode_base64('test@example.com', ''));
$s->ok('auth external with username');
# Try auth plain with pipelining
$s = Test::Nginx::SMTP->new();
$s->read();
$s->send('EHLO example.com');
$s->read();
$s->send('INVALID COMMAND WITH ARGUMENTS' . CRLF
. 'RSET');
$s->read();
$s->ok('pipelined rset after invalid command');
$s->send('AUTH PLAIN '
. encode_base64("\0test\@example.com\0bad", '') . CRLF
. 'MAIL FROM:<test@example.com> SIZE=100');
$s->read();
$s->ok('mail from after failed pipelined auth');
$s->send('AUTH PLAIN '
. encode_base64("\0test\@example.com\0secret", '') . CRLF
. 'MAIL FROM:<test@example.com> SIZE=100');
$s->read();
$s->ok('mail from after pipelined auth');
# Try auth none
$s = Test::Nginx::SMTP->new();
$s->read();
$s->send('EHLO example.com');
$s->read();
$s->send('MAIL FROM:<test@example.com> SIZE=100');
$s->ok('auth none - mail from');
$s->send('RCPT TO:<test@example.com>');
$s->ok('auth none - rcpt to');
$s->send('RSET');
$s->ok('auth none - rset, should go to backend');
# Auth none with pipelining
$s = Test::Nginx::SMTP->new();
$s->read();
$s->send('EHLO example.com');
$s->read();
$s->send('MAIL FROM:<test@example.com> SIZE=100' . CRLF
. 'RCPT TO:<test@example.com>' . CRLF
. 'RSET');
$s->ok('pipelined mail from');
$s->ok('pipelined rcpt to');
$s->ok('pipelined rset');
# Connection must stay even if error returned to rcpt to command
$s = Test::Nginx::SMTP->new();
$s->read();
$s->send('EHLO example.com');
$s->read();
$s->send('MAIL FROM:<test@example.com> SIZE=100');
$s->read(); # skip mail from reply
$s->send('RCPT TO:<example.com>');
$s->check(qr/^5.. /, "bad rcpt to");
$s->send('RCPT TO:<test@example.com>');
$s->ok('good rcpt to');
# Make sure command split into many packets processed correctly
$s = Test::Nginx::SMTP->new();
$s->read();
$s->print('HEL');
$s->send('O example.com');
$s->ok('split command');
###############################################################################