mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2025-04-04 00:17:06 +00:00
151 lines
4.4 KiB
Bash
151 lines
4.4 KiB
Bash
# -*- indent-tabs-mode: t; tab-width: 4; -*-
|
|
#####
|
|
##### This file is part of Mail-in-a-Box-LDAP which is released under the
|
|
##### terms of the GNU Affero General Public License as published by the
|
|
##### Free Software Foundation, either version 3 of the License, or (at
|
|
##### your option) any later version. See file LICENSE or go to
|
|
##### https://github.com/downtownallday/mailinabox-ldap for full license
|
|
##### details.
|
|
#####
|
|
|
|
|
|
|
|
test_permitted_sender_fail() {
|
|
# a user may not send MAIL FROM someone else, when not permitted
|
|
test_start "permitted-sender-fail"
|
|
# create standard users alice, bob, and mary
|
|
local alice="alice@somedomain.com"
|
|
local bob="bob@anotherdomain.com"
|
|
local mary="mary@anotherdomain.com"
|
|
create_user "$alice" "alice"
|
|
create_user "$bob" "bob"
|
|
create_user "$mary" "mary"
|
|
|
|
# login as mary, send from bob, to alice
|
|
start_log_capture
|
|
record "[Mailing to alice from bob as mary]"
|
|
local output
|
|
output="$($PYMAIL -f $bob -to $alice alice $PRIVATE_IP $mary mary 2>&1)"
|
|
if ! assert_python_failure $? "$output" SMTPRecipientsRefused
|
|
then
|
|
# additional "color"
|
|
test_failure "user should not be permitted to send as another user"
|
|
fi
|
|
|
|
# expect errors, so don't assert
|
|
check_logs
|
|
|
|
delete_user "$alice"
|
|
delete_user "$bob"
|
|
delete_user "$mary"
|
|
test_end
|
|
}
|
|
|
|
|
|
test_permitted_sender_alias() {
|
|
# a user may send MAIL FROM one of their own aliases
|
|
test_start "permitted-sender-alias"
|
|
# create standard users alice and bob
|
|
local alice="alice@somedomain.com"
|
|
local bob="bob@anotherdomain.com"
|
|
local mary="mary@anotherdomain.com"
|
|
local jane="jane@google.com"
|
|
create_user "$alice" "alice"
|
|
create_user "$bob" "bob"
|
|
local bob_dn="$ATTR_DN"
|
|
|
|
# add mary as one of bob's aliases - to bob's 'mail' attribute
|
|
add_alias $bob_dn $mary user
|
|
|
|
# add jane as one of bob's aliases - to jane's alias group
|
|
create_alias_group $jane $bob_dn
|
|
|
|
# login as bob, send from mary, to alice
|
|
start_log_capture
|
|
record "[Mailing to alice from mary as bob]"
|
|
local output
|
|
output="$($PYMAIL -f $mary -to $alice alice $PRIVATE_IP $bob bob 2>&1)"
|
|
if ! assert_python_success $? "$output"; then
|
|
# additional "color"
|
|
test_failure "bob should be permitted to MAIL FROM $mary, his own alias: $(python_error "$output")"
|
|
fi
|
|
|
|
assert_check_logs
|
|
|
|
# login as bob, send from jane, to alice
|
|
start_log_capture
|
|
record "[Mailing to alice from jane as bob]"
|
|
local output
|
|
output="$($PYMAIL -f $jane -to $alice alice $PRIVATE_IP $bob bob 2>&1)"
|
|
if ! assert_python_success $? "$output"; then
|
|
# additional "color"
|
|
test_failure "bob should be permitted to MAIL FROM $jane, his own alias: $(python_error "$output")"
|
|
fi
|
|
|
|
assert_check_logs
|
|
|
|
delete_user "$alice"
|
|
delete_user "$bob"
|
|
delete_alias_group "$jane"
|
|
test_end
|
|
}
|
|
|
|
|
|
test_permitted_sender_explicit() {
|
|
# a user may send MAIL FROM an address that is explicitly allowed
|
|
# by a permitted-senders group
|
|
# a user may not send MAIL FROM an address that has a permitted
|
|
# senders list which they are not a member, even if they are an
|
|
# alias group member
|
|
test_start "permitted-sender-explicit"
|
|
|
|
# create standard users alice and bob
|
|
local alice="alice@somedomain.com"
|
|
local bob="bob@anotherdomain.com"
|
|
create_user "$alice" "alice"
|
|
local alice_dn="$ATTR_DN"
|
|
create_user "$bob" "bob"
|
|
local bob_dn="$ATTR_DN"
|
|
|
|
# create an alias that forwards to bob and alice
|
|
local alias="mary@anotherdomain.com"
|
|
create_alias_group $alias $bob_dn $alice_dn
|
|
|
|
# create a permitted-senders group with only alice in it
|
|
create_permitted_senders_group $alias $alice_dn
|
|
|
|
# login as alice, send from alias to bob
|
|
start_log_capture
|
|
record "[Mailing to bob from alice as alias/mary]"
|
|
local output
|
|
output="$($PYMAIL -f $alias -to $bob bob $PRIVATE_IP $alice alice 2>&1)"
|
|
if ! assert_python_success $? "$output"; then
|
|
test_failure "user should be allowed to MAIL FROM a user for which they are a permitted sender: $(python_error "$output")"
|
|
fi
|
|
assert_check_logs
|
|
|
|
# login as bob, send from alias to alice
|
|
# expect failure because bob is not a permitted-sender
|
|
start_log_capture
|
|
record "[Mailing to alice from bob as alias/mary]"
|
|
output="$($PYMAIL -f $alias -to $alice alice $PRIVATE_IP $bob bob 2>&1)"
|
|
assert_python_failure $? "$output" "SMTPRecipientsRefused" "not owned by user"
|
|
check_logs
|
|
|
|
delete_user $alice
|
|
delete_user $bob
|
|
delete_permitted_senders_group $alias
|
|
create_alias_group $alias
|
|
test_end
|
|
}
|
|
|
|
|
|
|
|
suite_start "mail-from"
|
|
|
|
test_permitted_sender_fail
|
|
test_permitted_sender_alias
|
|
test_permitted_sender_explicit
|
|
|
|
suite_end
|