# -*- indent-tabs-mode: t; tab-width: 4; -*-
test_permitted_sender_fail() {
# a user may not send MAIL FROM someone else, when not permitted
test_start "permitted-sender-fail"
# create standard users alice, bob, and mary
local alice="alice@somedomain.com"
local bob="bob@anotherdomain.com"
local mary="mary@anotherdomain.com"
create_user "$alice" "alice"
create_user "$bob" "bob"
create_user "$mary" "mary"
# login as mary, send from bob, to alice
start_log_capture
record "[Mailing to alice from bob as mary]"
local output
output="$($PYMAIL -f $bob -to $alice alice $PRIVATE_IP $mary mary 2>&1)"
if ! assert_python_failure $? "$output" SMTPRecipientsRefused
then
# additional "color"
test_failure "user should not be permitted to send as another user"
fi
# expect errors, so don't assert
check_logs
delete_user "$alice"
delete_user "$bob"
delete_user "$mary"
test_end
}
test_permitted_sender_alias() {
# a user may send MAIL FROM one of their own aliases
test_start "permitted-sender-alias"
# create standard users alice and bob
local alice="alice@somedomain.com"
local bob="bob@anotherdomain.com"
local mary="mary@anotherdomain.com"
local jane="jane@google.com"
create_user "$alice" "alice"
create_user "$bob" "bob"
local bob_dn="$ATTR_DN"
# add mary as one of bob's aliases - to bob's 'mail' attribute
add_alias $bob_dn $mary user
# add jane as one of bob's aliases - to jane's alias group
create_alias_group $jane $bob_dn
# login as bob, send from mary, to alice
start_log_capture
record "[Mailing to alice from mary as bob]"
local output
output="$($PYMAIL -f $mary -to $alice alice $PRIVATE_IP $bob bob 2>&1)"
if ! assert_python_success $? "$output"; then
# additional "color"
test_failure "bob should be permitted to MAIL FROM $mary, his own alias: $(python_error "$output")"
fi
assert_check_logs
# login as bob, send from jane, to alice
start_log_capture
record "[Mailing to alice from jane as bob]"
local output
output="$($PYMAIL -f $jane -to $alice alice $PRIVATE_IP $bob bob 2>&1)"
if ! assert_python_success $? "$output"; then
# additional "color"
test_failure "bob should be permitted to MAIL FROM $jane, his own alias: $(python_error "$output")"
fi
assert_check_logs
delete_user "$alice"
delete_user "$bob"
delete_alias_group "$jane"
test_end
}
test_permitted_sender_explicit() {
# a user may send MAIL FROM an address that is explicitly allowed
# by a permitted-senders group
# a user may not send MAIL FROM an address that has a permitted
# senders list which they are not a member, even if they are an
# alias group member
test_start "permitted-sender-explicit"
# create standard users alice and bob
local alice="alice@somedomain.com"
local bob="bob@anotherdomain.com"
create_user "$alice" "alice"
local alice_dn="$ATTR_DN"
create_user "$bob" "bob"
local bob_dn="$ATTR_DN"
# create an alias that forwards to bob and alice
local alias="mary@anotherdomain.com"
create_alias_group $alias $bob_dn $alice_dn
# create a permitted-senders group with only alice in it
create_permitted_senders_group $alias $alice_dn
# login as alice, send from alias to bob
start_log_capture
record "[Mailing to bob from alice as alias/mary]"
local output
output="$($PYMAIL -f $alias -to $bob bob $PRIVATE_IP $alice alice 2>&1)"
if ! assert_python_success $? "$output"; then
test_failure "user should be allowed to MAIL FROM a user for which they are a permitted sender: $(python_error "$output")"
fi
assert_check_logs
# login as bob, send from alias to alice
# expect failure because bob is not a permitted-sender
start_log_capture
record "[Mailing to alice from bob as alias/mary]"
output="$($PYMAIL -f $alias -to $alice alice $PRIVATE_IP $bob bob 2>&1)"
assert_python_failure $? "$output" "SMTPRecipientsRefused" "not owned by user"
check_logs
delete_user $alice
delete_user $bob
delete_permitted_senders_group $alias
create_alias_group $alias
test_end
}
suite_start "mail-from"
test_permitted_sender_fail
test_permitted_sender_alias
test_permitted_sender_explicit
suite_end