mirror of
https://blitiri.com.ar/repos/chasquid
synced 2025-12-19 14:57:04 +00:00
643f7576f0
When using STARTTLS, the SMTP courier needs to determine whether the server certificates are valid or not. Today, that's implemented via connecting once with full certificate verification, and if that fails, reconnecting with verification disabled. This works okay in practice, but it is slower on insecure servers (due to the reconnection), and some of them even complain because we connect too frequently, causing delivery problems. The latter has only been observed once, on the drv-berlin-brandenburg.de MX servers. To improve on that situation, this patch makes the courier do the TLS connection only once, and uses the verification results directly. The behaviour of the server is otherwise unchanged. The only difference is that when delivering mail to servers that have invalid certificates, we now connect once instead of twice. The tests are expanded to increase coverage for this particular case.
446 lines
11 KiB
Go
446 lines
11 KiB
Go
package courier
|
|
|
|
import (
|
|
"bufio"
|
|
"crypto/tls"
|
|
"fmt"
|
|
"net"
|
|
"net/textproto"
|
|
"os"
|
|
"strings"
|
|
"sync"
|
|
"testing"
|
|
"time"
|
|
|
|
"blitiri.com.ar/go/chasquid/internal/domaininfo"
|
|
"blitiri.com.ar/go/chasquid/internal/testlib"
|
|
"blitiri.com.ar/go/chasquid/internal/trace"
|
|
)
|
|
|
|
// This domain will cause idna.ToASCII to fail.
|
|
var invalidDomain = "test " + strings.Repeat("x", 65536) + "\uff00"
|
|
|
|
// Override the netLookupMX function, to return controlled results for
|
|
// testing.
|
|
var testMX = map[string][]*net.MX{}
|
|
var testMXErr = map[string]error{}
|
|
|
|
func init() {
|
|
netLookupMX = func(name string) ([]*net.MX, error) {
|
|
return testMX[name], testMXErr[name]
|
|
}
|
|
}
|
|
|
|
func newSMTP(t *testing.T) (*SMTP, string) {
|
|
dir := testlib.MustTempDir(t)
|
|
dinfo, err := domaininfo.New(dir)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
return &SMTP{"hello", dinfo, nil}, dir
|
|
}
|
|
|
|
// Fake server, to test SMTP out.
|
|
type FakeServer struct {
|
|
t *testing.T
|
|
responses map[string]string
|
|
wg *sync.WaitGroup
|
|
addr string
|
|
tlsConfig *tls.Config
|
|
}
|
|
|
|
func newFakeServer(t *testing.T, responses map[string]string) *FakeServer {
|
|
s := &FakeServer{
|
|
t: t,
|
|
responses: responses,
|
|
wg: &sync.WaitGroup{},
|
|
}
|
|
s.start()
|
|
return s
|
|
}
|
|
|
|
func (s *FakeServer) loadTLS() string {
|
|
tmpDir := testlib.MustTempDir(s.t)
|
|
var err error
|
|
s.tlsConfig, err = testlib.GenerateCert(tmpDir)
|
|
if err != nil {
|
|
os.RemoveAll(tmpDir)
|
|
s.t.Fatalf("error generating cert: %v", err)
|
|
}
|
|
|
|
cert, err := tls.LoadX509KeyPair(tmpDir+"/cert.pem", tmpDir+"/key.pem")
|
|
if err != nil {
|
|
os.RemoveAll(tmpDir)
|
|
s.t.Fatalf("error loading temp cert: %v", err)
|
|
}
|
|
|
|
s.tlsConfig.Certificates = []tls.Certificate{cert}
|
|
|
|
return tmpDir
|
|
}
|
|
|
|
func (s *FakeServer) start() string {
|
|
s.t.Helper()
|
|
l, err := net.Listen("tcp", "localhost:0")
|
|
if err != nil {
|
|
s.t.Fatalf("fake server listen: %v", err)
|
|
}
|
|
s.addr = l.Addr().String()
|
|
|
|
s.wg.Add(1)
|
|
|
|
go func() {
|
|
defer s.wg.Done()
|
|
defer l.Close()
|
|
|
|
tmpDir := s.loadTLS()
|
|
defer os.RemoveAll(tmpDir)
|
|
|
|
c, err := l.Accept()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
defer c.Close()
|
|
|
|
s.t.Logf("fakeServer got connection")
|
|
|
|
r := textproto.NewReader(bufio.NewReader(c))
|
|
c.Write([]byte(s.responses["_welcome"]))
|
|
for {
|
|
line, err := r.ReadLine()
|
|
if err != nil {
|
|
s.t.Logf("fakeServer exiting: %v\n", err)
|
|
return
|
|
}
|
|
|
|
s.t.Logf("fakeServer read: %q\n", line)
|
|
if line == "STARTTLS" && s.responses["_STARTTLS"] == "ok" {
|
|
c.Write([]byte(s.responses["STARTTLS"]))
|
|
|
|
tlssrv := tls.Server(c, s.tlsConfig)
|
|
err = tlssrv.Handshake()
|
|
if err != nil {
|
|
s.t.Logf("starttls handshake error: %v", err)
|
|
return
|
|
}
|
|
|
|
// Replace the connection with the wrapped one.
|
|
// Don't send a reply, as per the protocol.
|
|
c = tlssrv
|
|
defer c.Close()
|
|
r = textproto.NewReader(bufio.NewReader(c))
|
|
continue
|
|
}
|
|
|
|
c.Write([]byte(s.responses[line]))
|
|
if line == "DATA" {
|
|
_, err = r.ReadDotBytes()
|
|
if err != nil {
|
|
s.t.Logf("fakeServer exiting: %v\n", err)
|
|
return
|
|
}
|
|
c.Write([]byte(s.responses["_DATA"]))
|
|
}
|
|
}
|
|
}()
|
|
|
|
return s.addr
|
|
}
|
|
|
|
func (s *FakeServer) HostPort() (string, string) {
|
|
host, port, _ := net.SplitHostPort(s.addr)
|
|
return host, port
|
|
}
|
|
|
|
func (s *FakeServer) Wait() {
|
|
s.wg.Wait()
|
|
}
|
|
|
|
func TestSMTP(t *testing.T) {
|
|
// Shorten the total timeout, so the test fails quickly if the protocol
|
|
// gets stuck.
|
|
smtpTotalTimeout = 5 * time.Second
|
|
|
|
responses := map[string]string{
|
|
"_welcome": "220 welcome\n",
|
|
"EHLO hello": "250 ehlo ok\n",
|
|
"MAIL FROM:<me@me>": "250 mail ok\n",
|
|
"RCPT TO:<to@to>": "250 rcpt ok\n",
|
|
"DATA": "354 send data\n",
|
|
"_DATA": "250 data ok\n",
|
|
"QUIT": "250 quit ok\n",
|
|
}
|
|
srv := newFakeServer(t, responses)
|
|
host, port := srv.HostPort()
|
|
|
|
// Put a non-existing host first, so we check that if the first host
|
|
// doesn't work, we try with the rest.
|
|
// The host we use is invalid, to avoid having to do an actual network
|
|
// lookup whick makes the test more hermetic. This is a hack, ideally we
|
|
// would be able to override the default resolver, but Go does not
|
|
// implement that yet.
|
|
testMX["to"] = []*net.MX{
|
|
{Host: ":::", Pref: 10},
|
|
{Host: host, Pref: 20},
|
|
}
|
|
*smtpPort = port
|
|
|
|
s, tmpDir := newSMTP(t)
|
|
defer testlib.RemoveIfOk(t, tmpDir)
|
|
err, _ := s.Deliver("me@me", "to@to", []byte("data"))
|
|
if err != nil {
|
|
t.Errorf("deliver failed: %v", err)
|
|
}
|
|
|
|
srv.Wait()
|
|
}
|
|
|
|
func TestSMTPErrors(t *testing.T) {
|
|
// Shorten the total timeout, so the test fails quickly if the protocol
|
|
// gets stuck.
|
|
smtpTotalTimeout = 1 * time.Second
|
|
|
|
responses := []map[string]string{
|
|
// First test: hang response, should fail due to timeout.
|
|
{
|
|
"_welcome": "220 no newline",
|
|
},
|
|
|
|
// MAIL FROM not allowed.
|
|
{
|
|
"_welcome": "220 mail from not allowed\n",
|
|
"EHLO hello": "250 ehlo ok\n",
|
|
"MAIL FROM:<me@me>": "501 mail error\n",
|
|
},
|
|
|
|
// RCPT TO not allowed.
|
|
{
|
|
"_welcome": "220 rcpt to not allowed\n",
|
|
"EHLO hello": "250 ehlo ok\n",
|
|
"MAIL FROM:<me@me>": "250 mail ok\n",
|
|
"RCPT TO:<to@to>": "501 rcpt error\n",
|
|
},
|
|
|
|
// DATA error.
|
|
{
|
|
"_welcome": "220 data error\n",
|
|
"EHLO hello": "250 ehlo ok\n",
|
|
"MAIL FROM:<me@me>": "250 mail ok\n",
|
|
"RCPT TO:<to@to>": "250 rcpt ok\n",
|
|
"DATA": "554 data error\n",
|
|
},
|
|
|
|
// DATA response error.
|
|
{
|
|
"_welcome": "220 data response error\n",
|
|
"EHLO hello": "250 ehlo ok\n",
|
|
"MAIL FROM:<me@me>": "250 mail ok\n",
|
|
"RCPT TO:<to@to>": "250 rcpt ok\n",
|
|
"DATA": "354 send data\n",
|
|
"_DATA": "551 data response error\n",
|
|
},
|
|
}
|
|
|
|
for _, rs := range responses {
|
|
srv := newFakeServer(t, rs)
|
|
host, port := srv.HostPort()
|
|
|
|
testMX["to"] = []*net.MX{{Host: host, Pref: 10}}
|
|
*smtpPort = port
|
|
|
|
s, tmpDir := newSMTP(t)
|
|
defer testlib.RemoveIfOk(t, tmpDir)
|
|
err, _ := s.Deliver("me@me", "to@to", []byte("data"))
|
|
if err == nil {
|
|
t.Errorf("deliver not failed in case %q: %v", rs["_welcome"], err)
|
|
}
|
|
t.Logf("failed as expected: %v", err)
|
|
|
|
srv.Wait()
|
|
}
|
|
}
|
|
|
|
func TestNoMXServer(t *testing.T) {
|
|
testMX["to"] = []*net.MX{}
|
|
|
|
s, tmpDir := newSMTP(t)
|
|
defer testlib.RemoveIfOk(t, tmpDir)
|
|
err, permanent := s.Deliver("me@me", "to@to", []byte("data"))
|
|
if err == nil {
|
|
t.Errorf("delivery worked, expected failure")
|
|
}
|
|
if !permanent {
|
|
t.Errorf("expected permanent failure, got transient (%v)", err)
|
|
}
|
|
t.Logf("got permanent failure, as expected: %v", err)
|
|
}
|
|
|
|
func TestTooManyMX(t *testing.T) {
|
|
tr := trace.New("test", "test")
|
|
testMX["domain"] = []*net.MX{
|
|
{Host: "h1", Pref: 10}, {Host: "h2", Pref: 20},
|
|
{Host: "h3", Pref: 30}, {Host: "h4", Pref: 40},
|
|
{Host: "h5", Pref: 50}, {Host: "h5", Pref: 60},
|
|
}
|
|
mxs, err, perm := lookupMXs(tr, "domain")
|
|
if err != nil {
|
|
t.Fatalf("unexpected error: %v", err)
|
|
}
|
|
if perm != true {
|
|
t.Fatalf("expected perm == true")
|
|
}
|
|
if len(mxs) != 5 {
|
|
t.Errorf("expected len(mxs) == 5, got: %v", mxs)
|
|
}
|
|
}
|
|
|
|
func TestFallbackToA(t *testing.T) {
|
|
tr := trace.New("test", "test")
|
|
testMX["domain"] = nil
|
|
testMXErr["domain"] = &net.DNSError{
|
|
Err: "no such host (test)",
|
|
IsTemporary: false,
|
|
IsNotFound: true,
|
|
}
|
|
|
|
mxs, err, perm := lookupMXs(tr, "domain")
|
|
if err != nil {
|
|
t.Errorf("unexpected error: %v", err)
|
|
}
|
|
if perm != true {
|
|
t.Errorf("expected perm == true")
|
|
}
|
|
if !(len(mxs) == 1 && mxs[0] == "domain") {
|
|
t.Errorf("expected mxs == [domain], got: %v", mxs)
|
|
}
|
|
}
|
|
|
|
func TestTemporaryDNSerror(t *testing.T) {
|
|
tr := trace.New("test", "test")
|
|
testMX["domain"] = nil
|
|
testMXErr["domain"] = &net.DNSError{
|
|
Err: "temp error (test)",
|
|
IsTemporary: true,
|
|
}
|
|
|
|
mxs, err, perm := lookupMXs(tr, "domain")
|
|
if !(mxs == nil && err == testMXErr["domain"]) {
|
|
t.Errorf("expected mxs == nil, err == test error, got: %v, %v", mxs, err)
|
|
}
|
|
if perm != false {
|
|
t.Errorf("expected perm == false")
|
|
}
|
|
}
|
|
|
|
func TestMXLookupError(t *testing.T) {
|
|
tr := trace.New("test", "test")
|
|
testMX["domain"] = nil
|
|
testMXErr["domain"] = fmt.Errorf("test error")
|
|
|
|
mxs, err, perm := lookupMXs(tr, "domain")
|
|
if !(mxs == nil && err == testMXErr["domain"]) {
|
|
t.Errorf("expected mxs == nil, err == test error, got: %v, %v", mxs, err)
|
|
}
|
|
if perm != false {
|
|
t.Errorf("expected perm == false")
|
|
}
|
|
}
|
|
|
|
func TestLookupInvalidDomain(t *testing.T) {
|
|
tr := trace.New("test", "test")
|
|
|
|
mxs, err, perm := lookupMXs(tr, invalidDomain)
|
|
if !(mxs == nil && err != nil) {
|
|
t.Errorf("expected err != nil, got: %v, %v", mxs, err)
|
|
}
|
|
if perm != true {
|
|
t.Fatalf("expected perm == true")
|
|
}
|
|
}
|
|
|
|
func TestTLS(t *testing.T) {
|
|
smtpTotalTimeout = 5 * time.Second
|
|
|
|
responses := map[string]string{
|
|
"_welcome": "220 welcome\n",
|
|
"EHLO hello": "250-ehlo ok\n250 STARTTLS\n",
|
|
"STARTTLS": "220 starttls go\n",
|
|
"_STARTTLS": "ok",
|
|
"MAIL FROM:<me@me>": "250 mail ok\n",
|
|
"RCPT TO:<to@to>": "250 rcpt ok\n",
|
|
"DATA": "354 send data\n",
|
|
"_DATA": "250 data ok\n",
|
|
"QUIT": "250 quit ok\n",
|
|
}
|
|
srv := newFakeServer(t, responses)
|
|
_, *smtpPort = srv.HostPort()
|
|
|
|
testMX["to"] = []*net.MX{
|
|
{Host: "localhost", Pref: 20},
|
|
}
|
|
|
|
s, tmpDir := newSMTP(t)
|
|
defer testlib.RemoveIfOk(t, tmpDir)
|
|
err, _ := s.Deliver("me@me", "to@to", []byte("data"))
|
|
if err != nil {
|
|
t.Errorf("deliver failed: %v", err)
|
|
}
|
|
|
|
srv.Wait()
|
|
|
|
// Now do another delivery, but without TLS, to check that the detection
|
|
// of connection downgrade is working.
|
|
responses = map[string]string{
|
|
"_welcome": "220 welcome\n",
|
|
"EHLO hello": "250 ehlo ok\n",
|
|
"MAIL FROM:<me@me>": "250 mail ok\n",
|
|
"RCPT TO:<to@to>": "250 rcpt ok\n",
|
|
"DATA": "354 send data\n",
|
|
"_DATA": "250 data ok\n",
|
|
"QUIT": "250 quit ok\n",
|
|
}
|
|
srv = newFakeServer(t, responses)
|
|
_, *smtpPort = srv.HostPort()
|
|
|
|
err, permanent := s.Deliver("me@me", "to@to", []byte("data"))
|
|
if !strings.Contains(err.Error(),
|
|
"Security level check failed (level:PLAIN)") {
|
|
t.Errorf("expected sec level check failed, got: %v", err)
|
|
}
|
|
if permanent != false {
|
|
t.Errorf("expected transient failure, got permanent")
|
|
}
|
|
|
|
srv.Wait()
|
|
}
|
|
|
|
func TestTLSError(t *testing.T) {
|
|
smtpTotalTimeout = 5 * time.Second
|
|
|
|
responses := map[string]string{
|
|
"_welcome": "220 welcome\n",
|
|
"EHLO hello": "250-ehlo ok\n250 STARTTLS\n",
|
|
"STARTTLS": "500 starttls err\n",
|
|
"_STARTTLS": "no",
|
|
}
|
|
srv := newFakeServer(t, responses)
|
|
_, *smtpPort = srv.HostPort()
|
|
|
|
testMX["to"] = []*net.MX{
|
|
{Host: "localhost", Pref: 20},
|
|
}
|
|
|
|
s, tmpDir := newSMTP(t)
|
|
defer testlib.RemoveIfOk(t, tmpDir)
|
|
err, permanent := s.Deliver("me@me", "to@to", []byte("data"))
|
|
if !strings.Contains(err.Error(), "TLS error:") {
|
|
t.Errorf("expected TLS error, got: %v", err)
|
|
}
|
|
if permanent != false {
|
|
t.Errorf("expected transient failure, got permanent")
|
|
}
|
|
|
|
srv.Wait()
|
|
}
|