3// todo: test delivery with failing spf/dkim/dmarc
4// todo: test delivering a message to multiple recipients, and with some of them failing.
10 cryptorand "crypto/rand"
18 "mime/quotedprintable"
27 "github.com/mjl-/bstore"
29 "github.com/mjl-/mox/config"
30 "github.com/mjl-/mox/dkim"
31 "github.com/mjl-/mox/dmarcdb"
32 "github.com/mjl-/mox/dns"
33 "github.com/mjl-/mox/mlog"
34 "github.com/mjl-/mox/mox-"
35 "github.com/mjl-/mox/queue"
36 "github.com/mjl-/mox/sasl"
37 "github.com/mjl-/mox/smtp"
38 "github.com/mjl-/mox/smtpclient"
39 "github.com/mjl-/mox/store"
40 "github.com/mjl-/mox/subjectpass"
41 "github.com/mjl-/mox/tlsrptdb"
44var ctxbg = context.Background()
47 // Don't make tests slow.
50 unknownRecipientsDelay = 0
53func tcheck(t *testing.T, err error, msg string) {
56 t.Fatalf("%s: %s", msg, err)
60var submitMessage = strings.ReplaceAll(`From: <mjl@mox.example>
61To: <remote@example.org>
63Message-Id: <test@mox.example>
68var deliverMessage = strings.ReplaceAll(`From: <remote@example.org>
71Message-Id: <test@example.org>
76var deliverMessage2 = strings.ReplaceAll(`From: <remote@example.org>
79Message-Id: <test2@example.org>
84type testserver struct {
91 auth func(mechanisms []string, cs *tls.ConnectionState) (sasl.Client, error)
96 tlsmode smtpclient.TLSMode
100const password0 = "te\u0301st \u00a0\u2002\u200a" // NFD and various unicode spaces.
101const password1 = "tést " // PRECIS normalized, with NFC.
103func newTestServer(t *testing.T, configPath string, resolver dns.Resolver) *testserver {
104 limitersInit() // Reset rate limiters.
106 ts := testserver{t: t, cid: 1, resolver: resolver, tlsmode: smtpclient.TLSOpportunistic}
108 if dmarcdb.EvalDB != nil {
109 dmarcdb.EvalDB.Close()
113 log := mlog.New("smtpserver", nil)
115 mox.ConfigStaticPath = configPath
116 mox.MustLoadConfig(true, false)
117 dataDir := mox.ConfigDirPath(mox.Conf.Static.DataDir)
118 os.RemoveAll(dataDir)
121 ts.acc, err = store.OpenAccount(log, "mjl")
122 tcheck(t, err, "open account")
123 err = ts.acc.SetPassword(log, password0)
124 tcheck(t, err, "set password")
126 ts.switchStop = store.Switchboard()
128 tcheck(t, err, "queue init")
130 ts.comm = store.RegisterComm(ts.acc)
135func (ts *testserver) close() {
142 err := ts.acc.Close()
143 tcheck(ts.t, err, "closing account")
148func (ts *testserver) checkCount(mailboxName string, expect int) {
151 q := bstore.QueryDB[store.Mailbox](ctxbg, ts.acc.DB)
152 q.FilterNonzero(store.Mailbox{Name: mailboxName})
154 tcheck(t, err, "get mailbox")
155 qm := bstore.QueryDB[store.Message](ctxbg, ts.acc.DB)
156 qm.FilterNonzero(store.Message{MailboxID: mb.ID})
157 qm.FilterEqual("Expunged", false)
159 tcheck(t, err, "count messages in mailbox")
161 t.Fatalf("messages in mailbox, found %d, expected %d", n, expect)
165func (ts *testserver) run(fn func(helloErr error, client *smtpclient.Client)) {
167 ts.runRaw(func(conn net.Conn) {
171 if auth == nil && ts.user != "" {
172 auth = func(mechanisms []string, cs *tls.ConnectionState) (sasl.Client, error) {
173 return sasl.NewClientPlain(ts.user, ts.pass), nil
177 ourHostname := mox.Conf.Static.HostnameDomain
178 remoteHostname := dns.Domain{ASCII: "mox.example"}
179 opts := smtpclient.Opts{
181 RootCAs: mox.Conf.Static.TLS.CertPool,
183 log := pkglog.WithCid(ts.cid - 1)
184 client, err := smtpclient.New(ctxbg, log.Logger, conn, ts.tlsmode, ts.tlspkix, ourHostname, remoteHostname, opts)
194func (ts *testserver) runRaw(fn func(clientConn net.Conn)) {
199 serverConn, clientConn := net.Pipe()
200 defer serverConn.Close()
201 // clientConn is closed as part of closing client.
202 serverdone := make(chan struct{})
203 defer func() { <-serverdone }()
206 tlsConfig := &tls.Config{
207 Certificates: []tls.Certificate{fakeCert(ts.t)},
209 serve("test", ts.cid-2, dns.Domain{ASCII: "mox.example"}, tlsConfig, serverConn, ts.resolver, ts.submission, false, 100<<20, false, false, ts.requiretls, ts.dnsbls, 0)
216func (ts *testserver) smtpErr(err error, expErr *smtpclient.Error) {
219 var cerr smtpclient.Error
220 if expErr == nil && err != nil || expErr != nil && (err == nil || !errors.As(err, &cerr) || cerr.Permanent != expErr.Permanent || cerr.Code != expErr.Code || cerr.Secode != expErr.Secode) {
221 t.Fatalf("got err:\n%#v (%q)\nexpected:\n%#v", err, err, expErr)
225// Just a cert that appears valid. SMTP client will not verify anything about it
226// (that is opportunistic TLS for you, "better some than none"). Let's enjoy this
227// one moment where it makes life easier.
228func fakeCert(t *testing.T) tls.Certificate {
229 privKey := ed25519.NewKeyFromSeed(make([]byte, ed25519.SeedSize)) // Fake key, don't use this for real!
230 template := &x509.Certificate{
231 SerialNumber: big.NewInt(1), // Required field...
233 localCertBuf, err := x509.CreateCertificate(cryptorand.Reader, template, template, privKey.Public(), privKey)
235 t.Fatalf("making certificate: %s", err)
237 cert, err := x509.ParseCertificate(localCertBuf)
239 t.Fatalf("parsing generated certificate: %s", err)
241 c := tls.Certificate{
242 Certificate: [][]byte{localCertBuf},
249// check expected dmarc evaluations for outgoing aggregate reports.
250func checkEvaluationCount(t *testing.T, n int) []dmarcdb.Evaluation {
252 l, err := dmarcdb.Evaluations(ctxbg)
253 tcheck(t, err, "get dmarc evaluations")
254 tcompare(t, len(l), n)
258// Test submission from authenticated user.
259func TestSubmission(t *testing.T) {
260 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/mox.conf"), dns.MockResolver{})
263 // Set DKIM signing config.
264 dom, _ := mox.Conf.Domain(dns.Domain{ASCII: "mox.example"})
265 sel := config.Selector{
266 HashEffective: "sha256",
267 HeadersEffective: []string{"From", "To", "Subject"},
268 Key: ed25519.NewKeyFromSeed(make([]byte, ed25519.SeedSize)), // Fake key, don't use for real.
269 Domain: dns.Domain{ASCII: "mox.example"},
271 dom.DKIM = config.DKIM{
272 Selectors: map[string]config.Selector{"testsel": sel},
273 Sign: []string{"testsel"},
275 mox.Conf.Dynamic.Domains["mox.example"] = dom
277 testAuth := func(authfn func(user, pass string, cs *tls.ConnectionState) sasl.Client, user, pass string, expErr *smtpclient.Error) {
280 ts.auth = func(mechanisms []string, cs *tls.ConnectionState) (sasl.Client, error) {
281 return authfn(user, pass, cs), nil
286 ts.run(func(err error, client *smtpclient.Client) {
288 mailFrom := "mjl@mox.example"
289 rcptTo := "remote@example.org"
291 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(submitMessage)), strings.NewReader(submitMessage), false, false, false)
293 var cerr smtpclient.Error
294 if expErr == nil && err != nil || expErr != nil && (err == nil || !errors.As(err, &cerr) || cerr.Code != expErr.Code || cerr.Secode != expErr.Secode) {
295 t.Fatalf("got err:\n%#v (%q)\nexpected:\n%#v", err, err, expErr)
297 checkEvaluationCount(t, 0)
302 testAuth(nil, "", "", &smtpclient.Error{Permanent: true, Code: smtp.C530SecurityRequired, Secode: smtp.SePol7Other0})
303 authfns := []func(user, pass string, cs *tls.ConnectionState) sasl.Client{
304 func(user, pass string, cs *tls.ConnectionState) sasl.Client { return sasl.NewClientPlain(user, pass) },
305 func(user, pass string, cs *tls.ConnectionState) sasl.Client { return sasl.NewClientLogin(user, pass) },
306 func(user, pass string, cs *tls.ConnectionState) sasl.Client { return sasl.NewClientCRAMMD5(user, pass) },
307 func(user, pass string, cs *tls.ConnectionState) sasl.Client {
308 return sasl.NewClientSCRAMSHA1(user, pass, false)
310 func(user, pass string, cs *tls.ConnectionState) sasl.Client {
311 return sasl.NewClientSCRAMSHA256(user, pass, false)
313 func(user, pass string, cs *tls.ConnectionState) sasl.Client {
314 return sasl.NewClientSCRAMSHA1PLUS(user, pass, *cs)
316 func(user, pass string, cs *tls.ConnectionState) sasl.Client {
317 return sasl.NewClientSCRAMSHA256PLUS(user, pass, *cs)
320 for _, fn := range authfns {
321 testAuth(fn, "mjl@mox.example", "test", &smtpclient.Error{Code: smtp.C535AuthBadCreds, Secode: smtp.SePol7AuthBadCreds8}) // Bad (short) password.
322 testAuth(fn, "mjl@mox.example", password0+"test", &smtpclient.Error{Code: smtp.C535AuthBadCreds, Secode: smtp.SePol7AuthBadCreds8}) // Bad password.
323 testAuth(fn, "mjl@mox.example", password0, nil)
324 testAuth(fn, "mjl@mox.example", password1, nil)
325 testAuth(fn, "móx@mox.example", password0, nil)
326 testAuth(fn, "móx@mox.example", password1, nil)
327 testAuth(fn, "mo\u0301x@mox.example", password0, nil)
328 testAuth(fn, "mo\u0301x@mox.example", password1, nil)
332// Test delivery from external MTA.
333func TestDelivery(t *testing.T) {
334 resolver := dns.MockResolver{
335 A: map[string][]string{
336 "example.org.": {"127.0.0.10"}, // For mx check.
338 PTR: map[string][]string{},
340 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/mox.conf"), resolver)
343 ts.run(func(err error, client *smtpclient.Client) {
344 mailFrom := "remote@example.org"
345 rcptTo := "mjl@127.0.0.10"
347 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
349 var cerr smtpclient.Error
350 if err == nil || !errors.As(err, &cerr) || cerr.Code != smtp.C550MailboxUnavail {
351 t.Fatalf("deliver to ip address, got err %v, expected smtpclient.Error with code %d", err, smtp.C550MailboxUnavail)
355 ts.run(func(err error, client *smtpclient.Client) {
356 mailFrom := "remote@example.org"
357 rcptTo := "mjl@test.example" // Not configured as destination.
359 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
361 var cerr smtpclient.Error
362 if err == nil || !errors.As(err, &cerr) || cerr.Code != smtp.C550MailboxUnavail {
363 t.Fatalf("deliver to unknown domain, got err %v, expected smtpclient.Error with code %d", err, smtp.C550MailboxUnavail)
367 ts.run(func(err error, client *smtpclient.Client) {
368 mailFrom := "remote@example.org"
369 rcptTo := "unknown@mox.example" // User unknown.
371 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
373 var cerr smtpclient.Error
374 if err == nil || !errors.As(err, &cerr) || cerr.Code != smtp.C550MailboxUnavail {
375 t.Fatalf("deliver to unknown user for known domain, got err %v, expected smtpclient.Error with code %d", err, smtp.C550MailboxUnavail)
379 ts.run(func(err error, client *smtpclient.Client) {
380 mailFrom := "remote@example.org"
381 rcptTo := "mjl@mox.example"
383 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
385 var cerr smtpclient.Error
386 if err == nil || !errors.As(err, &cerr) || cerr.Code != smtp.C451LocalErr {
387 t.Fatalf("deliver from user without reputation, valid iprev required, got err %v, expected smtpclient.Error with code %d", err, smtp.C451LocalErr)
391 // Set up iprev to get delivery from unknown user to be accepted.
392 resolver.PTR["127.0.0.10"] = []string{"example.org."}
394 // Only ascii o@ is configured, not the greek and cyrillic lookalikes.
395 ts.run(func(err error, client *smtpclient.Client) {
396 mailFrom := "remote@example.org"
397 rcptTo := "ο@mox.example" // omicron \u03bf, looks like the configured o@
398 msg := strings.ReplaceAll(deliverMessage, "mjl@mox.example", rcptTo)
400 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(msg)), strings.NewReader(msg), false, true, false)
402 var cerr smtpclient.Error
403 if err == nil || !errors.As(err, &cerr) || cerr.Code != smtp.C550MailboxUnavail {
404 t.Fatalf("deliver to omicron @ instead of ascii o @, got err %v, expected smtpclient.Error with code %d", err, smtp.C550MailboxUnavail)
408 ts.run(func(err error, client *smtpclient.Client) {
409 recipients := []string{
411 "o@mox.example", // ascii o, as configured
412 "\u2126@mox.example", // ohm sign, as configured
413 "ω@mox.example", // lower-case omega, we match case-insensitively and this is the lowercase of ohm (!)
414 "\u03a9@mox.example", // capital omega, also lowercased to omega.
415 "móx@mox.example", // NFC
416 "mo\u0301x@mox.example", // not NFC, but normalized as móx@, see https://go.dev/blog/normalization
419 for _, rcptTo := range recipients {
420 // Ensure SMTP RCPT TO and message address headers are the same, otherwise the junk
421 // filter treats us more strictly.
422 msg := strings.ReplaceAll(deliverMessage, "mjl@mox.example", rcptTo)
424 mailFrom := "remote@example.org"
426 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(msg)), strings.NewReader(msg), false, true, false)
428 tcheck(t, err, "deliver to remote")
430 changes := make(chan []store.Change)
432 changes <- ts.comm.Get()
435 timer := time.NewTimer(time.Second)
440 t.Fatalf("no delivery in 1s")
445 checkEvaluationCount(t, 0)
448func tinsertmsg(t *testing.T, acc *store.Account, mailbox string, m *store.Message, msg string) {
449 mf, err := store.CreateMessageTemp(pkglog, "queue-dsn")
450 tcheck(t, err, "temp message")
451 defer os.Remove(mf.Name())
453 _, err = mf.Write([]byte(msg))
454 tcheck(t, err, "write message")
455 err = acc.DeliverMailbox(pkglog, mailbox, m, mf)
456 tcheck(t, err, "deliver message")
458 tcheck(t, err, "close message")
461func tretrain(t *testing.T, acc *store.Account) {
464 // Fresh empty junkfilter.
465 basePath := mox.DataDirPath("accounts")
466 dbPath := filepath.Join(basePath, acc.Name, "junkfilter.db")
467 bloomPath := filepath.Join(basePath, acc.Name, "junkfilter.bloom")
470 jf, _, err := acc.OpenJunkFilter(ctxbg, pkglog)
471 tcheck(t, err, "open junk filter")
474 // Fetch messags to retrain on.
475 q := bstore.QueryDB[store.Message](ctxbg, acc.DB)
476 q.FilterEqual("Expunged", false)
477 q.FilterFn(func(m store.Message) bool {
478 return m.Flags.Junk || m.Flags.Notjunk
480 msgs, err := q.List()
481 tcheck(t, err, "fetch messages")
483 // Retrain the messages.
484 for _, m := range msgs {
485 ham := m.Flags.Notjunk
487 f, err := os.Open(acc.MessagePath(m.ID))
488 tcheck(t, err, "open message")
489 r := store.FileMsgReader(m.MsgPrefix, f)
491 jf.TrainMessage(ctxbg, r, m.Size, ham)
494 tcheck(t, err, "close message")
498 tcheck(t, err, "save junkfilter")
501// Test accept/reject with DMARC reputation and with spammy content.
502func TestSpam(t *testing.T) {
503 resolver := &dns.MockResolver{
504 A: map[string][]string{
505 "example.org.": {"127.0.0.1"}, // For mx check.
507 TXT: map[string][]string{
508 "example.org.": {"v=spf1 ip4:127.0.0.10 -all"},
509 "_dmarc.example.org.": {"v=DMARC1;p=reject; rua=mailto:dmarcrpt@example.org"},
512 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/junk/mox.conf"), resolver)
515 // Insert spammy messages. No junkfilter training yet.
517 RemoteIP: "127.0.0.10",
518 RemoteIPMasked1: "127.0.0.10",
519 RemoteIPMasked2: "127.0.0.0",
520 RemoteIPMasked3: "127.0.0.0",
521 MailFrom: "remote@example.org",
522 MailFromLocalpart: smtp.Localpart("remote"),
523 MailFromDomain: "example.org",
524 RcptToLocalpart: smtp.Localpart("mjl"),
525 RcptToDomain: "mox.example",
526 MsgFromLocalpart: smtp.Localpart("remote"),
527 MsgFromDomain: "example.org",
528 MsgFromOrgDomain: "example.org",
529 MsgFromValidated: true,
530 MsgFromValidation: store.ValidationStrict,
531 Flags: store.Flags{Seen: true, Junk: true},
532 Size: int64(len(deliverMessage)),
534 for i := 0; i < 3; i++ {
536 tinsertmsg(t, ts.acc, "Inbox", &nm, deliverMessage)
539 // Delivery from sender with bad reputation should fail.
540 ts.run(func(err error, client *smtpclient.Client) {
541 mailFrom := "remote@example.org"
542 rcptTo := "mjl@mox.example"
544 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
546 var cerr smtpclient.Error
547 if err == nil || !errors.As(err, &cerr) || cerr.Code != smtp.C451LocalErr {
548 t.Fatalf("delivery by bad sender, got err %v, expected smtpclient.Error with code %d", err, smtp.C451LocalErr)
551 ts.checkCount("Rejects", 1)
552 checkEvaluationCount(t, 0) // No positive interactions yet.
555 // Delivery from sender with bad reputation matching AcceptRejectsToMailbox should
556 // result in accepted delivery to the mailbox.
557 ts.run(func(err error, client *smtpclient.Client) {
558 mailFrom := "remote@example.org"
559 rcptTo := "mjl2@mox.example"
561 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage2)), strings.NewReader(deliverMessage2), false, false, false)
563 tcheck(t, err, "deliver")
565 ts.checkCount("mjl2junk", 1) // In ruleset rejects mailbox.
566 ts.checkCount("Rejects", 1) // Same as before.
567 checkEvaluationCount(t, 0) // This is not an actual accept.
570 // Mark the messages as having good reputation.
571 q := bstore.QueryDB[store.Message](ctxbg, ts.acc.DB)
572 q.FilterEqual("Expunged", false)
573 _, err := q.UpdateFields(map[string]any{"Junk": false, "Notjunk": true})
574 tcheck(t, err, "update junkiness")
576 // Message should now be accepted.
577 ts.run(func(err error, client *smtpclient.Client) {
578 mailFrom := "remote@example.org"
579 rcptTo := "mjl@mox.example"
581 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
583 tcheck(t, err, "deliver")
585 // Message should now be removed from Rejects mailboxes.
586 ts.checkCount("Rejects", 0)
587 ts.checkCount("mjl2junk", 1)
588 checkEvaluationCount(t, 1)
591 // Undo dmarc pass, mark messages as junk, and train the filter.
593 q = bstore.QueryDB[store.Message](ctxbg, ts.acc.DB)
594 q.FilterEqual("Expunged", false)
595 _, err = q.UpdateFields(map[string]any{"Junk": true, "Notjunk": false})
596 tcheck(t, err, "update junkiness")
599 // Message should be refused for spammy content.
600 ts.run(func(err error, client *smtpclient.Client) {
601 mailFrom := "remote@example.org"
602 rcptTo := "mjl@mox.example"
604 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
606 var cerr smtpclient.Error
607 if err == nil || !errors.As(err, &cerr) || cerr.Code != smtp.C451LocalErr {
608 t.Fatalf("attempt to deliver spamy message, got err %v, expected smtpclient.Error with code %d", err, smtp.C451LocalErr)
610 checkEvaluationCount(t, 1) // No new evaluation, this isn't a DMARC reject.
614// Test accept/reject with forwarded messages, DMARC ignored, no IP/EHLO/MAIL
615// FROM-based reputation.
616func TestForward(t *testing.T) {
617 // Do a run without forwarding, and with.
618 check := func(forward bool) {
620 resolver := &dns.MockResolver{
621 A: map[string][]string{
622 "bad.example.": {"127.0.0.1"}, // For mx check.
623 "good.example.": {"127.0.0.1"}, // For mx check.
624 "forward.example.": {"127.0.0.10"}, // For mx check.
626 TXT: map[string][]string{
627 "bad.example.": {"v=spf1 ip4:127.0.0.1 -all"},
628 "good.example.": {"v=spf1 ip4:127.0.0.1 -all"},
629 "forward.example.": {"v=spf1 ip4:127.0.0.10 -all"},
630 "_dmarc.bad.example.": {"v=DMARC1;p=reject; rua=mailto:dmarc@bad.example"},
631 "_dmarc.good.example.": {"v=DMARC1;p=reject; rua=mailto:dmarc@good.example"},
632 "_dmarc.forward.example.": {"v=DMARC1;p=reject; rua=mailto:dmarc@forward.example"},
634 PTR: map[string][]string{
635 "127.0.0.10": {"forward.example."}, // For iprev check.
638 rcptTo := "mjl3@mox.example"
640 // For SPF and DMARC pass, otherwise the test ends quickly.
641 resolver.TXT["bad.example."] = []string{"v=spf1 ip4:127.0.0.10 -all"}
642 resolver.TXT["good.example."] = []string{"v=spf1 ip4:127.0.0.10 -all"}
643 rcptTo = "mjl@mox.example" // Without IsForward rule.
646 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/junk/mox.conf"), resolver)
649 totalEvaluations := 0
651 var msgBad = strings.ReplaceAll(`From: <remote@bad.example>
654Message-Id: <bad@example.org>
658 var msgOK = strings.ReplaceAll(`From: <remote@good.example>
661Message-Id: <good@example.org>
665 var msgOK2 = strings.ReplaceAll(`From: <other@forward.example>
668Message-Id: <regular@example.org>
670happens to come from forwarding mail server.
673 // Deliver forwarded messages, then classify as junk. Normally enough to treat
674 // other unrelated messages from IP as junk, but not for forwarded messages.
675 ts.run(func(err error, client *smtpclient.Client) {
676 tcheck(t, err, "connect")
678 mailFrom := "remote@forward.example"
680 mailFrom = "remote@bad.example"
683 for i := 0; i < 10; i++ {
684 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(msgBad)), strings.NewReader(msgBad), false, false, false)
685 tcheck(t, err, "deliver message")
687 totalEvaluations += 10
689 n, err := bstore.QueryDB[store.Message](ctxbg, ts.acc.DB).UpdateFields(map[string]any{"Junk": true, "MsgFromValidated": true})
690 tcheck(t, err, "marking messages as junk")
693 // Next delivery will fail, with negative "message From" signal.
694 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(msgBad)), strings.NewReader(msgBad), false, false, false)
695 var cerr smtpclient.Error
696 if err == nil || !errors.As(err, &cerr) || cerr.Code != smtp.C451LocalErr {
697 t.Fatalf("delivery by bad sender, got err %v, expected smtpclient.Error with code %d", err, smtp.C451LocalErr)
700 checkEvaluationCount(t, totalEvaluations)
703 // Delivery from different "message From" without reputation, but from same
704 // forwarding email server, should succeed under forwarding, not as regular sending
706 ts.run(func(err error, client *smtpclient.Client) {
707 tcheck(t, err, "connect")
709 mailFrom := "remote@forward.example"
711 mailFrom = "remote@good.example"
714 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(msgOK)), strings.NewReader(msgOK), false, false, false)
716 tcheck(t, err, "deliver")
717 totalEvaluations += 1
719 var cerr smtpclient.Error
720 if err == nil || !errors.As(err, &cerr) || cerr.Code != smtp.C451LocalErr {
721 t.Fatalf("delivery by bad ip, got err %v, expected smtpclient.Error with code %d", err, smtp.C451LocalErr)
724 checkEvaluationCount(t, totalEvaluations)
727 // Delivery from forwarding server that isn't a forward should get same treatment.
728 ts.run(func(err error, client *smtpclient.Client) {
729 tcheck(t, err, "connect")
731 mailFrom := "other@forward.example"
733 // Ensure To header matches.
736 msg = strings.ReplaceAll(msg, "<mjl@mox.example>", "<mjl3@mox.example>")
739 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(msg)), strings.NewReader(msg), false, false, false)
741 tcheck(t, err, "deliver")
742 totalEvaluations += 1
744 var cerr smtpclient.Error
745 if err == nil || !errors.As(err, &cerr) || cerr.Code != smtp.C451LocalErr {
746 t.Fatalf("delivery by bad ip, got err %v, expected smtpclient.Error with code %d", err, smtp.C451LocalErr)
749 checkEvaluationCount(t, totalEvaluations)
757// Messages that we sent to, that have passing DMARC, but that are otherwise spammy, should be accepted.
758func TestDMARCSent(t *testing.T) {
759 resolver := &dns.MockResolver{
760 A: map[string][]string{
761 "example.org.": {"127.0.0.1"}, // For mx check.
763 TXT: map[string][]string{
764 "example.org.": {"v=spf1 ip4:127.0.0.1 -all"},
765 "_dmarc.example.org.": {"v=DMARC1;p=reject;rua=mailto:dmarcrpt@example.org"},
768 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/junk/mox.conf"), resolver)
771 // First check that DMARC policy rejects message and results in optional evaluation.
772 ts.run(func(err error, client *smtpclient.Client) {
773 mailFrom := "remote@example.org"
774 rcptTo := "mjl@mox.example"
776 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
778 var cerr smtpclient.Error
779 if err == nil || !errors.As(err, &cerr) || cerr.Code != smtp.C550MailboxUnavail {
780 t.Fatalf("attempt to deliver spamy message, got err %v, expected smtpclient.Error with code %d", err, smtp.C550MailboxUnavail)
782 l := checkEvaluationCount(t, 1)
783 tcompare(t, l[0].Optional, true)
786 // Update DNS for an SPF pass, and DMARC pass.
787 resolver.TXT["example.org."] = []string{"v=spf1 ip4:127.0.0.10 -all"}
789 // Insert spammy messages not related to the test message.
791 MailFrom: "remote@test.example",
792 RcptToLocalpart: smtp.Localpart("mjl"),
793 RcptToDomain: "mox.example",
794 Flags: store.Flags{Seen: true, Junk: true},
795 Size: int64(len(deliverMessage)),
797 for i := 0; i < 3; i++ {
799 tinsertmsg(t, ts.acc, "Archive", &nm, deliverMessage)
803 // Baseline, message should be refused for spammy content.
804 ts.run(func(err error, client *smtpclient.Client) {
805 mailFrom := "remote@example.org"
806 rcptTo := "mjl@mox.example"
808 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
810 var cerr smtpclient.Error
811 if err == nil || !errors.As(err, &cerr) || cerr.Code != smtp.C451LocalErr {
812 t.Fatalf("attempt to deliver spamy message, got err %v, expected smtpclient.Error with code %d", err, smtp.C451LocalErr)
814 checkEvaluationCount(t, 1) // No new evaluation.
817 // Insert a message that we sent to the address that is about to send to us.
818 sentMsg := store.Message{Size: int64(len(deliverMessage))}
819 tinsertmsg(t, ts.acc, "Sent", &sentMsg, deliverMessage)
820 err := ts.acc.DB.Insert(ctxbg, &store.Recipient{MessageID: sentMsg.ID, Localpart: "remote", Domain: "example.org", OrgDomain: "example.org", Sent: time.Now()})
821 tcheck(t, err, "inserting message recipient")
823 // Reject a message due to DMARC again. Since we sent a message to the domain, it
824 // is no longer unknown and we should see a non-optional evaluation that will
825 // result in a DMARC report.
826 resolver.TXT["example.org."] = []string{"v=spf1 ip4:127.0.0.1 -all"}
827 ts.run(func(err error, client *smtpclient.Client) {
828 mailFrom := "remote@example.org"
829 rcptTo := "mjl@mox.example"
831 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
833 var cerr smtpclient.Error
834 if err == nil || !errors.As(err, &cerr) || cerr.Code != smtp.C550MailboxUnavail {
835 t.Fatalf("attempt to deliver spamy message, got err %v, expected smtpclient.Error with code %d", err, smtp.C550MailboxUnavail)
837 l := checkEvaluationCount(t, 2) // New evaluation.
838 tcompare(t, l[1].Optional, false)
841 // We should now be accepting the message because we recently sent a message.
842 resolver.TXT["example.org."] = []string{"v=spf1 ip4:127.0.0.10 -all"}
843 ts.run(func(err error, client *smtpclient.Client) {
844 mailFrom := "remote@example.org"
845 rcptTo := "mjl@mox.example"
847 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
849 tcheck(t, err, "deliver")
850 l := checkEvaluationCount(t, 3) // New evaluation.
851 tcompare(t, l[2].Optional, false)
855// Test DNSBL, then getting through with subjectpass.
856func TestBlocklistedSubjectpass(t *testing.T) {
857 // Set up a DNSBL on dnsbl.example, and get DMARC pass.
858 resolver := &dns.MockResolver{
859 A: map[string][]string{
860 "example.org.": {"127.0.0.10"}, // For mx check.
861 "2.0.0.127.dnsbl.example.": {"127.0.0.2"}, // For healthcheck.
862 "10.0.0.127.dnsbl.example.": {"127.0.0.10"}, // Where our connection pretends to come from.
864 TXT: map[string][]string{
865 "10.0.0.127.dnsbl.example.": {"blocklisted"},
866 "example.org.": {"v=spf1 ip4:127.0.0.10 -all"},
867 "_dmarc.example.org.": {"v=DMARC1;p=reject"},
869 PTR: map[string][]string{
870 "127.0.0.10": {"example.org."}, // For iprev check.
873 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/mox.conf"), resolver)
874 ts.dnsbls = []dns.Domain{{ASCII: "dnsbl.example"}}
877 // Message should be refused softly (temporary error) due to DNSBL.
878 ts.run(func(err error, client *smtpclient.Client) {
879 mailFrom := "remote@example.org"
880 rcptTo := "mjl@mox.example"
882 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
884 var cerr smtpclient.Error
885 if err == nil || !errors.As(err, &cerr) || cerr.Code != smtp.C451LocalErr {
886 t.Fatalf("attempted deliver from dnsblocklisted ip, got err %v, expected smtpclient.Error with code %d", err, smtp.C451LocalErr)
890 // Set up subjectpass on account.
891 acc := mox.Conf.Dynamic.Accounts[ts.acc.Name]
892 acc.SubjectPass.Period = time.Hour
893 mox.Conf.Dynamic.Accounts[ts.acc.Name] = acc
895 // Message should be refused quickly (permanent error) due to DNSBL and Subjectkey.
897 ts.run(func(err error, client *smtpclient.Client) {
898 mailFrom := "remote@example.org"
899 rcptTo := "mjl@mox.example"
901 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
903 var cerr smtpclient.Error
904 if err == nil || !errors.As(err, &cerr) || cerr.Code != smtp.C550MailboxUnavail {
905 t.Fatalf("attempted deliver from dnsblocklisted ip, got err %v, expected smtpclient.Error with code %d", err, smtp.C550MailboxUnavail)
907 i := strings.Index(cerr.Line, subjectpass.Explanation)
909 t.Fatalf("got error line %q, expected error line with subjectpass", cerr.Line)
911 pass = cerr.Line[i+len(subjectpass.Explanation):]
914 ts.run(func(err error, client *smtpclient.Client) {
915 mailFrom := "remote@example.org"
916 rcptTo := "mjl@mox.example"
917 passMessage := strings.Replace(deliverMessage, "Subject: test", "Subject: test "+pass, 1)
919 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(passMessage)), strings.NewReader(passMessage), false, false, false)
921 tcheck(t, err, "deliver with subjectpass")
925// Test accepting a DMARC report.
926func TestDMARCReport(t *testing.T) {
927 resolver := &dns.MockResolver{
928 A: map[string][]string{
929 "example.org.": {"127.0.0.10"}, // For mx check.
931 TXT: map[string][]string{
932 "example.org.": {"v=spf1 ip4:127.0.0.10 -all"},
933 "_dmarc.example.org.": {"v=DMARC1;p=reject; rua=mailto:dmarcrpt@example.org"},
935 PTR: map[string][]string{
936 "127.0.0.10": {"example.org."}, // For iprev check.
939 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/dmarcreport/mox.conf"), resolver)
942 run := func(report string, n int) {
944 ts.run(func(err error, client *smtpclient.Client) {
947 tcheck(t, err, "run")
949 mailFrom := "remote@example.org"
950 rcptTo := "mjl@mox.example"
952 msgb := &bytes.Buffer{}
953 _, xerr := fmt.Fprintf(msgb, "From: %s\r\nTo: %s\r\nSubject: dmarc report\r\nMIME-Version: 1.0\r\nContent-Type: text/xml\r\n\r\n", mailFrom, rcptTo)
954 tcheck(t, xerr, "write msg headers")
955 w := quotedprintable.NewWriter(msgb)
956 _, xerr = w.Write([]byte(strings.ReplaceAll(report, "\n", "\r\n")))
957 tcheck(t, xerr, "write message")
961 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(msg)), strings.NewReader(msg), false, false, false)
963 tcheck(t, err, "deliver")
965 records, err := dmarcdb.Records(ctxbg)
966 tcheck(t, err, "dmarcdb records")
967 if len(records) != n {
968 t.Fatalf("got %d dmarcdb records, expected %d or more", len(records), n)
974 run(strings.ReplaceAll(dmarcReport, "xmox.nl", "mox.example"), 1)
976 // We always store as an evaluation, but as optional for reports.
977 evals := checkEvaluationCount(t, 2)
978 tcompare(t, evals[0].Optional, true)
979 tcompare(t, evals[1].Optional, true)
982const dmarcReport = `<?xml version="1.0" encoding="UTF-8" ?>
985 <org_name>example.org</org_name>
986 <email>postmaster@example.org</email>
987 <report_id>1</report_id>
989 <begin>1596412800</begin>
990 <end>1596499199</end>
994 <domain>xmox.nl</domain>
1003 <source_ip>127.0.0.10</source_ip>
1006 <disposition>none</disposition>
1012 <header_from>xmox.nl</header_from>
1016 <domain>xmox.nl</domain>
1017 <result>pass</result>
1018 <selector>testsel</selector>
1021 <domain>xmox.nl</domain>
1022 <result>pass</result>
1029// Test accepting a TLS report.
1030func TestTLSReport(t *testing.T) {
1031 // Requires setting up DKIM.
1032 privKey := ed25519.NewKeyFromSeed(make([]byte, ed25519.SeedSize)) // Fake key, don't use this for real!
1033 dkimRecord := dkim.Record{
1035 Hashes: []string{"sha256"},
1036 Flags: []string{"s"},
1037 PublicKey: privKey.Public(),
1040 dkimTxt, err := dkimRecord.Record()
1041 tcheck(t, err, "dkim record")
1043 sel := config.Selector{
1044 HashEffective: "sha256",
1045 HeadersEffective: []string{"From", "To", "Subject", "Date"},
1047 Domain: dns.Domain{ASCII: "testsel"},
1049 dkimConf := config.DKIM{
1050 Selectors: map[string]config.Selector{"testsel": sel},
1051 Sign: []string{"testsel"},
1054 resolver := &dns.MockResolver{
1055 A: map[string][]string{
1056 "example.org.": {"127.0.0.10"}, // For mx check.
1058 TXT: map[string][]string{
1059 "testsel._domainkey.example.org.": {dkimTxt},
1060 "_dmarc.example.org.": {"v=DMARC1;p=reject;rua=mailto:dmarcrpt@example.org"},
1062 PTR: map[string][]string{
1063 "127.0.0.10": {"example.org."}, // For iprev check.
1066 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/tlsrpt/mox.conf"), resolver)
1069 run := func(rcptTo, tlsrpt string, n int) {
1071 ts.run(func(err error, client *smtpclient.Client) {
1074 mailFrom := "remote@example.org"
1076 msgb := &bytes.Buffer{}
1077 _, xerr := fmt.Fprintf(msgb, "From: %s\r\nTo: %s\r\nSubject: tlsrpt report\r\nMIME-Version: 1.0\r\nContent-Type: application/tlsrpt+json\r\n\r\n%s\r\n", mailFrom, rcptTo, tlsrpt)
1078 tcheck(t, xerr, "write msg")
1079 msg := msgb.String()
1081 selectors := mox.DKIMSelectors(dkimConf)
1082 headers, xerr := dkim.Sign(ctxbg, pkglog.Logger, "remote", dns.Domain{ASCII: "example.org"}, selectors, false, strings.NewReader(msg))
1083 tcheck(t, xerr, "dkim sign")
1087 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(msg)), strings.NewReader(msg), false, false, false)
1089 tcheck(t, err, "deliver")
1091 records, err := tlsrptdb.Records(ctxbg)
1092 tcheck(t, err, "tlsrptdb records")
1093 if len(records) != n {
1094 t.Fatalf("got %d tlsrptdb records, expected %d", len(records), n)
1099 const tlsrpt = `{"organization-name":"Example.org","date-range":{"start-datetime":"2022-01-07T00:00:00Z","end-datetime":"2022-01-07T23:59:59Z"},"contact-info":"tlsrpt@example.org","report-id":"1","policies":[{"policy":{"policy-type":"no-policy-found","policy-domain":"xmox.nl"},"summary":{"total-successful-session-count":1,"total-failure-session-count":0}}]}`
1101 run("mjl@mox.example", tlsrpt, 0)
1102 run("mjl@mox.example", strings.ReplaceAll(tlsrpt, "xmox.nl", "mox.example"), 1)
1103 run("mjl@mailhost.mox.example", strings.ReplaceAll(tlsrpt, "xmox.nl", "mailhost.mox.example"), 2)
1105 // We always store as an evaluation, but as optional for reports.
1106 evals := checkEvaluationCount(t, 3)
1107 tcompare(t, evals[0].Optional, true)
1108 tcompare(t, evals[1].Optional, true)
1109 tcompare(t, evals[2].Optional, true)
1112func TestRatelimitConnectionrate(t *testing.T) {
1113 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/mox.conf"), dns.MockResolver{})
1116 // We'll be creating 300 connections, no TLS and reduce noise.
1117 ts.tlsmode = smtpclient.TLSSkip
1118 mlog.SetConfig(map[string]slog.Level{"": mlog.LevelInfo})
1120 // We may be passing a window boundary during this tests. The limit is 300/minute.
1121 // So make twice that many connections and hope the tests don't take too long.
1122 for i := 0; i <= 2*300; i++ {
1123 ts.run(func(err error, client *smtpclient.Client) {
1125 if err != nil && i < 300 {
1126 t.Fatalf("expected smtp connection, got %v", err)
1128 if err == nil && i == 600 {
1129 t.Fatalf("expected no smtp connection due to connection rate limit, got connection")
1138func TestRatelimitAuth(t *testing.T) {
1139 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/mox.conf"), dns.MockResolver{})
1142 ts.submission = true
1143 ts.tlsmode = smtpclient.TLSSkip
1147 // We may be passing a window boundary during this tests. The limit is 10 auth
1148 // failures/minute. So make twice that many connections and hope the tests don't
1150 for i := 0; i <= 2*10; i++ {
1151 ts.run(func(err error, client *smtpclient.Client) {
1154 t.Fatalf("got auth success with bad credentials")
1156 var cerr smtpclient.Error
1157 badauth := errors.As(err, &cerr) && cerr.Code == smtp.C535AuthBadCreds
1158 if !badauth && i < 10 {
1159 t.Fatalf("expected auth failure, got %v", err)
1161 if badauth && i == 20 {
1162 t.Fatalf("expected no smtp connection due to failed auth rate limit, got other error %v", err)
1171func TestRatelimitDelivery(t *testing.T) {
1172 resolver := dns.MockResolver{
1173 A: map[string][]string{
1174 "example.org.": {"127.0.0.10"}, // For mx check.
1176 PTR: map[string][]string{
1177 "127.0.0.10": {"example.org."},
1180 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/mox.conf"), resolver)
1183 orig := limitIPMasked1MessagesPerMinute
1184 limitIPMasked1MessagesPerMinute = 1
1186 limitIPMasked1MessagesPerMinute = orig
1189 ts.run(func(err error, client *smtpclient.Client) {
1190 mailFrom := "remote@example.org"
1191 rcptTo := "mjl@mox.example"
1193 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
1195 tcheck(t, err, "deliver to remote")
1197 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
1198 var cerr smtpclient.Error
1199 if err == nil || !errors.As(err, &cerr) || cerr.Code != smtp.C452StorageFull {
1200 t.Fatalf("got err %v, expected smtpclient error with code 452 for storage full", err)
1204 limitIPMasked1MessagesPerMinute = orig
1206 origSize := limitIPMasked1SizePerMinute
1207 // Message was already delivered once. We'll do another one. But the 3rd will fail.
1208 // We need the actual size with prepended headers, since that is used in the
1210 msg, err := bstore.QueryDB[store.Message](ctxbg, ts.acc.DB).Get()
1212 t.Fatalf("getting delivered message for its size: %v", err)
1214 limitIPMasked1SizePerMinute = 2*msg.Size + int64(len(deliverMessage)/2)
1216 limitIPMasked1SizePerMinute = origSize
1218 ts.run(func(err error, client *smtpclient.Client) {
1219 mailFrom := "remote@example.org"
1220 rcptTo := "mjl@mox.example"
1222 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
1224 tcheck(t, err, "deliver to remote")
1226 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
1227 var cerr smtpclient.Error
1228 if err == nil || !errors.As(err, &cerr) || cerr.Code != smtp.C452StorageFull {
1229 t.Fatalf("got err %v, expected smtpclient error with code 452 for storage full", err)
1234func TestNonSMTP(t *testing.T) {
1235 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/mox.conf"), dns.MockResolver{})
1239 serverConn, clientConn := net.Pipe()
1240 defer serverConn.Close()
1241 serverdone := make(chan struct{})
1242 defer func() { <-serverdone }()
1245 tlsConfig := &tls.Config{
1246 Certificates: []tls.Certificate{fakeCert(ts.t)},
1248 serve("test", ts.cid-2, dns.Domain{ASCII: "mox.example"}, tlsConfig, serverConn, ts.resolver, ts.submission, false, 100<<20, false, false, false, ts.dnsbls, 0)
1252 defer clientConn.Close()
1254 buf := make([]byte, 128)
1256 // Read and ignore hello.
1257 if _, err := clientConn.Read(buf); err != nil {
1258 t.Fatalf("reading hello: %v", err)
1261 if _, err := fmt.Fprintf(clientConn, "bogus\r\n"); err != nil {
1262 t.Fatalf("write command: %v", err)
1264 n, err := clientConn.Read(buf)
1266 t.Fatalf("read response line: %v", err)
1268 s := string(buf[:n])
1269 if !strings.HasPrefix(s, "500 5.5.2 ") {
1270 t.Fatalf(`got %q, expected "500 5.5.2 ...`, s)
1272 if _, err := clientConn.Read(buf); err == nil {
1273 t.Fatalf("connection not closed after bogus command")
1277// Test limits on outgoing messages.
1278func TestLimitOutgoing(t *testing.T) {
1279 ts := newTestServer(t, filepath.FromSlash("../testdata/smtpserversendlimit/mox.conf"), dns.MockResolver{})
1282 ts.user = "mjl@mox.example"
1284 ts.submission = true
1286 err := ts.acc.DB.Insert(ctxbg, &store.Outgoing{Recipient: "a@other.example", Submitted: time.Now().Add(-24*time.Hour - time.Minute)})
1287 tcheck(t, err, "inserting outgoing/recipient past 24h window")
1289 testSubmit := func(rcptTo string, expErr *smtpclient.Error) {
1291 ts.run(func(err error, client *smtpclient.Client) {
1293 mailFrom := "mjl@mox.example"
1295 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(submitMessage)), strings.NewReader(submitMessage), false, false, false)
1297 ts.smtpErr(err, expErr)
1301 // Limits are set to 4 messages a day, 2 first-time recipients.
1302 testSubmit("b@other.example", nil)
1303 testSubmit("c@other.example", nil)
1304 testSubmit("d@other.example", &smtpclient.Error{Code: smtp.C451LocalErr, Secode: smtp.SePol7DeliveryUnauth1}) // Would be 3rd recipient.
1305 testSubmit("b@other.example", nil)
1306 testSubmit("b@other.example", nil)
1307 testSubmit("b@other.example", &smtpclient.Error{Code: smtp.C451LocalErr, Secode: smtp.SePol7DeliveryUnauth1}) // Would be 5th message.
1310// Test account size limit enforcement.
1311func TestQuota(t *testing.T) {
1312 resolver := dns.MockResolver{
1313 A: map[string][]string{
1314 "other.example.": {"127.0.0.10"}, // For mx check.
1316 PTR: map[string][]string{
1317 "127.0.0.10": {"other.example."},
1320 ts := newTestServer(t, filepath.FromSlash("../testdata/smtpserverquota/mox.conf"), resolver)
1323 testDeliver := func(rcptTo string, expErr *smtpclient.Error) {
1325 ts.run(func(err error, client *smtpclient.Client) {
1327 mailFrom := "mjl@other.example"
1329 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
1331 ts.smtpErr(err, expErr)
1335 testDeliver("mjl@mox.example", &smtpclient.Error{Code: smtp.C452StorageFull, Secode: smtp.SeMailbox2Full2})
1338// Test with catchall destination address.
1339func TestCatchall(t *testing.T) {
1340 resolver := dns.MockResolver{
1341 A: map[string][]string{
1342 "other.example.": {"127.0.0.10"}, // For mx check.
1344 PTR: map[string][]string{
1345 "127.0.0.10": {"other.example."},
1348 ts := newTestServer(t, filepath.FromSlash("../testdata/smtpservercatchall/mox.conf"), resolver)
1351 testDeliver := func(rcptTo string, expErr *smtpclient.Error) {
1353 ts.run(func(err error, client *smtpclient.Client) {
1355 mailFrom := "mjl@other.example"
1357 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(submitMessage)), strings.NewReader(submitMessage), false, false, false)
1359 ts.smtpErr(err, expErr)
1363 testDeliver("mjl@mox.example", nil) // Exact match.
1364 testDeliver("mjl+test@mox.example", nil) // Domain localpart catchall separator.
1365 testDeliver("MJL+TEST@mox.example", nil) // Again, and case insensitive.
1366 testDeliver("unknown@mox.example", nil) // Catchall address, to account catchall.
1368 n, err := bstore.QueryDB[store.Message](ctxbg, ts.acc.DB).Count()
1369 tcheck(t, err, "checking delivered messages")
1372 acc, err := store.OpenAccount(pkglog, "catchall")
1373 tcheck(t, err, "open account")
1378 n, err = bstore.QueryDB[store.Message](ctxbg, acc.DB).Count()
1379 tcheck(t, err, "checking delivered messages to catchall account")
1383// Test DKIM signing for outgoing messages.
1384func TestDKIMSign(t *testing.T) {
1385 resolver := dns.MockResolver{
1386 A: map[string][]string{
1387 "mox.example.": {"127.0.0.10"}, // For mx check.
1389 PTR: map[string][]string{
1390 "127.0.0.10": {"mox.example."},
1394 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/mox.conf"), resolver)
1397 // Set DKIM signing config.
1399 genDKIM := func(domain string) string {
1400 dom, _ := mox.Conf.Domain(dns.Domain{ASCII: domain})
1402 privkey := make([]byte, ed25519.SeedSize) // Fake key, don't use for real.
1404 privkey[0] = byte(gen)
1406 sel := config.Selector{
1407 HashEffective: "sha256",
1408 HeadersEffective: []string{"From", "To", "Subject"},
1409 Key: ed25519.NewKeyFromSeed(privkey),
1410 Domain: dns.Domain{ASCII: "testsel"},
1412 dom.DKIM = config.DKIM{
1413 Selectors: map[string]config.Selector{"testsel": sel},
1414 Sign: []string{"testsel"},
1416 mox.Conf.Dynamic.Domains[domain] = dom
1417 pubkey := sel.Key.Public().(ed25519.PublicKey)
1418 return "v=DKIM1;k=ed25519;p=" + base64.StdEncoding.EncodeToString(pubkey)
1421 dkimtxt := genDKIM("mox.example")
1422 dkimtxt2 := genDKIM("mox2.example")
1424 // DKIM verify needs to find the key.
1425 resolver.TXT = map[string][]string{
1426 "testsel._domainkey.mox.example.": {dkimtxt},
1427 "testsel._domainkey.mox2.example.": {dkimtxt2},
1430 ts.submission = true
1431 ts.user = "mjl@mox.example"
1435 testSubmit := func(mailFrom, msgFrom string) {
1437 ts.run(func(err error, client *smtpclient.Client) {
1440 msg := strings.ReplaceAll(fmt.Sprintf(`From: <%s>
1441To: <remote@example.org>
1443Message-Id: <test@mox.example>
1446`, msgFrom), "\n", "\r\n")
1448 rcptTo := "remote@example.org"
1450 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(msg)), strings.NewReader(msg), false, false, false)
1452 tcheck(t, err, "deliver")
1454 msgs, err := queue.List(ctxbg, queue.Filter{}, queue.Sort{})
1455 tcheck(t, err, "listing queue")
1457 tcompare(t, len(msgs), n)
1458 sort.Slice(msgs, func(i, j int) bool {
1459 return msgs[i].ID > msgs[j].ID
1461 f, err := queue.OpenMessage(ctxbg, msgs[0].ID)
1462 tcheck(t, err, "open message in queue")
1464 results, err := dkim.Verify(ctxbg, pkglog.Logger, resolver, false, dkim.DefaultPolicy, f, false)
1465 tcheck(t, err, "verifying dkim message")
1466 tcompare(t, len(results), 1)
1467 tcompare(t, results[0].Status, dkim.StatusPass)
1468 tcompare(t, results[0].Sig.Domain.ASCII, strings.Split(msgFrom, "@")[1])
1472 testSubmit("mjl@mox.example", "mjl@mox.example")
1473 testSubmit("mjl@mox.example", "mjl@mox2.example") // DKIM signature will be for mox2.example.
1476// Test to postmaster addresses.
1477func TestPostmaster(t *testing.T) {
1478 resolver := dns.MockResolver{
1479 A: map[string][]string{
1480 "other.example.": {"127.0.0.10"}, // For mx check.
1482 PTR: map[string][]string{
1483 "127.0.0.10": {"other.example."},
1486 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/postmaster/mox.conf"), resolver)
1489 testDeliver := func(rcptTo string, expErr *smtpclient.Error) {
1491 ts.run(func(err error, client *smtpclient.Client) {
1493 mailFrom := "mjl@other.example"
1495 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
1497 ts.smtpErr(err, expErr)
1501 testDeliver("postmaster", nil) // Plain postmaster address without domain.
1502 testDeliver("postmaster@host.mox.example", nil) // Postmaster address with configured mail server hostname.
1503 testDeliver("postmaster@mox.example", nil) // Postmaster address without explicitly configured destination.
1504 testDeliver("postmaster@unknown.example", &smtpclient.Error{Permanent: true, Code: smtp.C550MailboxUnavail, Secode: smtp.SeAddr1UnknownDestMailbox1})
1507// Test to address with empty localpart.
1508func TestEmptylocalpart(t *testing.T) {
1509 resolver := dns.MockResolver{
1510 A: map[string][]string{
1511 "other.example.": {"127.0.0.10"}, // For mx check.
1513 PTR: map[string][]string{
1514 "127.0.0.10": {"other.example."},
1517 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/mox.conf"), resolver)
1520 testDeliver := func(rcptTo string, expErr *smtpclient.Error) {
1522 ts.run(func(err error, client *smtpclient.Client) {
1525 mailFrom := `""@other.example`
1526 msg := strings.ReplaceAll(deliverMessage, "To: <mjl@mox.example>", `To: <""@mox.example>`)
1528 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(msg)), strings.NewReader(msg), false, false, false)
1530 ts.smtpErr(err, expErr)
1534 testDeliver(`""@mox.example`, nil)
1537// Test handling REQUIRETLS and TLS-Required: No.
1538func TestRequireTLS(t *testing.T) {
1539 resolver := dns.MockResolver{
1540 A: map[string][]string{
1541 "mox.example.": {"127.0.0.10"}, // For mx check.
1543 PTR: map[string][]string{
1544 "127.0.0.10": {"mox.example."},
1548 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/mox.conf"), resolver)
1551 ts.submission = true
1552 ts.requiretls = true
1553 ts.user = "mjl@mox.example"
1559 msg0 := strings.ReplaceAll(`From: <mjl@mox.example>
1560To: <remote@example.org>
1562Message-Id: <test@mox.example>
1568 msg1 := strings.ReplaceAll(`From: <mjl@mox.example>
1569To: <remote@example.org>
1571Message-Id: <test@mox.example>
1578 msg2 := strings.ReplaceAll(`From: <mjl@mox.example>
1579To: <remote@example.org>
1581Message-Id: <test@mox.example>
1586 testSubmit := func(msg string, requiretls bool, expRequireTLS *bool) {
1588 ts.run(func(err error, client *smtpclient.Client) {
1591 rcptTo := "remote@example.org"
1593 err = client.Deliver(ctxbg, "mjl@mox.example", rcptTo, int64(len(msg)), strings.NewReader(msg), false, false, requiretls)
1595 tcheck(t, err, "deliver")
1597 msgs, err := queue.List(ctxbg, queue.Filter{}, queue.Sort{})
1598 tcheck(t, err, "listing queue")
1599 tcompare(t, len(msgs), 1)
1600 tcompare(t, msgs[0].RequireTLS, expRequireTLS)
1601 _, err = queue.Drop(ctxbg, pkglog, queue.Filter{IDs: []int64{msgs[0].ID}})
1602 tcheck(t, err, "deleting message from queue")
1606 testSubmit(msg0, true, &yes) // Header ignored, requiretls applied.
1607 testSubmit(msg0, false, &no) // TLS-Required header applied.
1608 testSubmit(msg1, true, &yes) // Bad headers ignored, requiretls applied.
1609 testSubmit(msg1, false, nil) // Inconsistent multiple headers ignored.
1610 testSubmit(msg2, false, nil) // Regular message, no RequireTLS setting.
1611 testSubmit(msg2, true, &yes) // Requiretls applied.
1613 // Check that we get an error if remote SMTP server does not support the requiretls
1615 ts.requiretls = false
1616 ts.run(func(err error, client *smtpclient.Client) {
1619 rcptTo := "remote@example.org"
1621 err = client.Deliver(ctxbg, "mjl@mox.example", rcptTo, int64(len(msg0)), strings.NewReader(msg0), false, false, true)
1624 t.Fatalf("delivered with requiretls to server without requiretls")
1626 if !errors.Is(err, smtpclient.ErrRequireTLSUnsupported) {
1627 t.Fatalf("got err %v, expected ErrRequireTLSUnsupported", err)
1632func TestSmuggle(t *testing.T) {
1633 resolver := dns.MockResolver{
1634 A: map[string][]string{
1635 "example.org.": {"127.0.0.10"}, // For mx check.
1637 PTR: map[string][]string{
1638 "127.0.0.10": {"example.org."}, // For iprev check.
1641 ts := newTestServer(t, filepath.FromSlash("../testdata/smtpsmuggle/mox.conf"), resolver)
1642 ts.tlsmode = smtpclient.TLSSkip
1645 test := func(data string) {
1648 ts.runRaw(func(conn net.Conn) {
1651 ourHostname := mox.Conf.Static.HostnameDomain
1652 remoteHostname := dns.Domain{ASCII: "mox.example"}
1653 opts := smtpclient.Opts{
1654 RootCAs: mox.Conf.Static.TLS.CertPool,
1656 log := pkglog.WithCid(ts.cid - 1)
1657 _, err := smtpclient.New(ctxbg, log.Logger, conn, ts.tlsmode, ts.tlspkix, ourHostname, remoteHostname, opts)
1658 tcheck(t, err, "smtpclient")
1661 write := func(s string) {
1662 _, err := conn.Write([]byte(s))
1663 tcheck(t, err, "write")
1666 readPrefixLine := func(prefix string) string {
1668 buf := make([]byte, 512)
1669 n, err := conn.Read(buf)
1670 tcheck(t, err, "read")
1671 s := strings.TrimRight(string(buf[:n]), "\r\n")
1672 if !strings.HasPrefix(s, prefix) {
1673 t.Fatalf("got smtp response %q, expected line with prefix %q", s, prefix)
1678 write("MAIL FROM:<remote@example.org>\r\n")
1680 write("RCPT TO:<mjl@mox.example>\r\n")
1685 write("\r\n") // Empty header.
1687 write("\r\n.\r\n") // End of message.
1688 line := readPrefixLine("5")
1689 if !strings.Contains(line, "smug") {
1690 t.Errorf("got 5xx error with message %q, expected error text containing smug", line)
1701func TestFutureRelease(t *testing.T) {
1702 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/mox.conf"), dns.MockResolver{})
1703 ts.tlsmode = smtpclient.TLSSkip
1704 ts.user = "mjl@mox.example"
1706 ts.submission = true
1709 ts.auth = func(mechanisms []string, cs *tls.ConnectionState) (sasl.Client, error) {
1710 return sasl.NewClientPlain(ts.user, ts.pass), nil
1713 test := func(mailtoMore, expResponsePrefix string) {
1716 ts.runRaw(func(conn net.Conn) {
1719 ourHostname := mox.Conf.Static.HostnameDomain
1720 remoteHostname := dns.Domain{ASCII: "mox.example"}
1721 opts := smtpclient.Opts{Auth: ts.auth}
1722 log := pkglog.WithCid(ts.cid - 1)
1723 _, err := smtpclient.New(ctxbg, log.Logger, conn, ts.tlsmode, false, ourHostname, remoteHostname, opts)
1724 tcheck(t, err, "smtpclient")
1727 write := func(s string) {
1728 _, err := conn.Write([]byte(s))
1729 tcheck(t, err, "write")
1732 readPrefixLine := func(prefix string) string {
1734 buf := make([]byte, 512)
1735 n, err := conn.Read(buf)
1736 tcheck(t, err, "read")
1737 s := strings.TrimRight(string(buf[:n]), "\r\n")
1738 if !strings.HasPrefix(s, prefix) {
1739 t.Fatalf("got smtp response %q, expected line with prefix %q", s, prefix)
1744 write(fmt.Sprintf("MAIL FROM:<mjl@mox.example>%s\r\n", mailtoMore))
1745 readPrefixLine(expResponsePrefix)
1746 if expResponsePrefix != "2" {
1749 write("RCPT TO:<mjl@mox.example>\r\n")
1754 write("From: <mjl@mox.example>\r\n\r\nbody\r\n\r\n.\r\n")
1759 test(" HOLDFOR=1", "2")
1760 test(" HOLDUNTIL="+time.Now().Add(time.Minute).UTC().Format(time.RFC3339), "2")
1761 test(" HOLDUNTIL="+time.Now().Add(time.Minute).UTC().Format(time.RFC3339Nano), "2")
1763 test(" HOLDFOR=0", "501") // 0 is invalid syntax.
1764 test(fmt.Sprintf(" HOLDFOR=%d", int64((queue.FutureReleaseIntervalMax+time.Minute)/time.Second)), "554") // Too far in the future.
1765 test(" HOLDUNTIL="+time.Now().Add(-time.Minute).UTC().Format(time.RFC3339), "554") // In the past.
1766 test(" HOLDUNTIL="+time.Now().Add(queue.FutureReleaseIntervalMax+time.Minute).UTC().Format(time.RFC3339), "554") // Too far in the future.
1767 test(" HOLDUNTIL=2024-02-10T17:28:00+00:00", "501") // "Z" required.
1768 test(" HOLDUNTIL=24-02-10T17:28:00Z", "501") // Invalid.
1769 test(" HOLDFOR=1 HOLDFOR=1", "501") // Duplicate.
1770 test(" HOLDFOR=1 HOLDUNTIL="+time.Now().Add(time.Hour).UTC().Format(time.RFC3339), "501") // Duplicate.
1774func TestSMTPUTF8(t *testing.T) {
1775 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/mox.conf"), dns.MockResolver{})
1778 ts.user = "mjl@mox.example"
1780 ts.submission = true
1782 test := func(mailFrom string, rcptTo string, headerValue string, filename string, clientSmtputf8 bool, expectedSmtputf8 bool, expErr *smtpclient.Error) {
1785 ts.run(func(_ error, client *smtpclient.Client) {
1787 msg := strings.ReplaceAll(fmt.Sprintf(`From: <%s>
1790X-Custom-Test-Header: %s
1792Content-type: multipart/mixed; boundary="simple boundary"
1795Content-Type: text/plain; charset=UTF-8;
1796Content-Disposition: attachment; filename="%s"
1797Content-Transfer-Encoding: base64
1799QW4gYXR0YWNoZWQgdGV4dCBmaWxlLg==
1802`, mailFrom, rcptTo, headerValue, filename), "\n", "\r\n")
1804 err := client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(msg)), strings.NewReader(msg), true, clientSmtputf8, false)
1805 ts.smtpErr(err, expErr)
1810 msgs, _ := queue.List(ctxbg, queue.Filter{}, queue.Sort{Field: "Queued", Asc: false})
1811 queuedMsg := msgs[0]
1812 if queuedMsg.SMTPUTF8 != expectedSmtputf8 {
1813 t.Fatalf("[%s / %s / %s / %s] got SMTPUTF8 %t, expected %t", mailFrom, rcptTo, headerValue, filename, queuedMsg.SMTPUTF8, expectedSmtputf8)
1818 test(`mjl@mox.example`, `remote@example.org`, "header-ascii", "ascii.txt", false, false, nil)
1819 test(`mjl@mox.example`, `remote@example.org`, "header-ascii", "ascii.txt", true, false, nil)
1820 test(`mjl@mox.example`, `🙂@example.org`, "header-ascii", "ascii.txt", true, true, nil)
1821 test(`mjl@mox.example`, `🙂@example.org`, "header-ascii", "ascii.txt", false, true, &smtpclient.Error{Permanent: true, Code: smtp.C553BadMailbox, Secode: smtp.SeMsg6NonASCIIAddrNotPermitted7})
1822 test(`Ω@mox.example`, `remote@example.org`, "header-ascii", "ascii.txt", true, true, nil)
1823 test(`Ω@mox.example`, `remote@example.org`, "header-ascii", "ascii.txt", false, true, &smtpclient.Error{Permanent: true, Code: smtp.C550MailboxUnavail, Secode: smtp.SeMsg6NonASCIIAddrNotPermitted7})
1824 test(`mjl@mox.example`, `remote@example.org`, "header-utf8-😍", "ascii.txt", true, true, nil)
1825 test(`mjl@mox.example`, `remote@example.org`, "header-utf8-😍", "ascii.txt", false, true, nil)
1826 test(`mjl@mox.example`, `remote@example.org`, "header-ascii", "utf8-🫠️.txt", true, true, nil)
1827 test(`Ω@mox.example`, `🙂@example.org`, "header-utf8-😍", "utf8-🫠️.txt", true, true, nil)
1828 test(`mjl@mox.example`, `remote@xn--vg8h.example.org`, "header-ascii", "ascii.txt", true, false, nil)
1831// TestExtra checks whether submission of messages with "X-Mox-Extra-<key>: value"
1832// headers cause those those key/value pairs to be added to the Extra field in the
1834func TestExtra(t *testing.T) {
1835 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/mox.conf"), dns.MockResolver{})
1838 ts.user = "mjl@mox.example"
1840 ts.submission = true
1842 extraMsg := strings.ReplaceAll(`From: <mjl@mox.example>
1843To: <remote@example.org>
1845X-Mox-Extra-Test: testvalue
1848X-Mox-Extra-x-cANONICAL-z: ok
1849Message-Id: <test@mox.example>
1854 ts.run(func(err error, client *smtpclient.Client) {
1856 tcheck(t, err, "init client")
1857 mailFrom := "mjl@mox.example"
1858 rcptTo := "mjl@mox.example"
1859 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(extraMsg)), strings.NewReader(extraMsg), true, true, false)
1860 tcheck(t, err, "deliver")
1862 msgs, err := queue.List(ctxbg, queue.Filter{}, queue.Sort{})
1863 tcheck(t, err, "queue list")
1864 tcompare(t, len(msgs), 1)
1865 tcompare(t, msgs[0].Extra, map[string]string{
1866 "Test": "testvalue",
1869 "X-Canonical-Z": "ok",
1871 // note: these headers currently stay in the message.
1874// TestExtraDup checks for an error for duplicate x-mox-extra-* keys.
1875func TestExtraDup(t *testing.T) {
1876 ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/mox.conf"), dns.MockResolver{})
1879 ts.user = "mjl@mox.example"
1881 ts.submission = true
1883 extraMsg := strings.ReplaceAll(`From: <mjl@mox.example>
1884To: <remote@example.org>
1886X-Mox-Extra-Test: testvalue
1887X-Mox-Extra-Test: testvalue
1888Message-Id: <test@mox.example>
1893 ts.run(func(err error, client *smtpclient.Client) {
1894 tcheck(t, err, "init client")
1895 mailFrom := "mjl@mox.example"
1896 rcptTo := "mjl@mox.example"
1897 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(extraMsg)), strings.NewReader(extraMsg), true, true, false)
1898 ts.smtpErr(err, &smtpclient.Error{Permanent: true, Code: smtp.C554TransactionFailed, Secode: smtp.SeMsg6Other0})
1902// FromID can be specified during submission, but must be unique, with single recipient.
1903func TestUniqueFromID(t *testing.T) {
1904 ts := newTestServer(t, filepath.FromSlash("../testdata/smtpfromid/mox.conf"), dns.MockResolver{})
1907 ts.user = "mjl+fromid@mox.example"
1909 ts.submission = true
1911 extraMsg := strings.ReplaceAll(`From: <mjl@mox.example>
1912To: <remote@example.org>
1918 // Specify our own unique id when queueing.
1919 ts.run(func(err error, client *smtpclient.Client) {
1920 tcheck(t, err, "init client")
1921 mailFrom := "mjl+unique@mox.example"
1922 rcptTo := "mjl@mox.example"
1923 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(extraMsg)), strings.NewReader(extraMsg), true, true, false)
1924 ts.smtpErr(err, nil)
1927 // But we can only use it once.
1928 ts.run(func(err error, client *smtpclient.Client) {
1929 tcheck(t, err, "init client")
1930 mailFrom := "mjl+unique@mox.example"
1931 rcptTo := "mjl@mox.example"
1932 err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(extraMsg)), strings.NewReader(extraMsg), true, true, false)
1933 ts.smtpErr(err, &smtpclient.Error{Permanent: true, Code: smtp.C554TransactionFailed, Secode: smtp.SeAddr1SenderSyntax7})
1936 // We cannot use our own fromid with multiple recipients.
1937 ts.run(func(err error, client *smtpclient.Client) {
1938 tcheck(t, err, "init client")
1939 mailFrom := "mjl+unique2@mox.example"
1940 rcptTo := []string{"mjl@mox.example", "mjl@mox.example"}
1941 _, err = client.DeliverMultiple(ctxbg, mailFrom, rcptTo, int64(len(extraMsg)), strings.NewReader(extraMsg), true, true, false)
1942 ts.smtpErr(err, &smtpclient.Error{Permanent: true, Code: smtp.C554TransactionFailed, Secode: smtp.SeProto5TooManyRcpts3})