byterazor/qpsmtpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add testing for greylist()

Browse Source
This commit is contained in:
Jared Johnson 2014-12-22 15:22:11 -06:00
parent 1f43e30de1
commit c01cdffb08
2 changed files with 73 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
plugins/greylisting
View File

@ -360,7 +360,7 @@ sub greylist {
my $value = $self->db->get($key); my $value = $self->db->get($key);
if ( ! $value ) { if ( ! $value ) {
# new IP or entry timed out - record new # new IP or entry timed out - record new
$self->db->set( $key, sprintf $fmt, time, 1, 0, 0 ); $self->db->set( $key, sprintf $fmt, $self->now, 1, 0, 0 );
$self->log(LOGWARN, "fail: initial DENYSOFT, unknown"); $self->log(LOGWARN, "fail: initial DENYSOFT, unknown");
return $self->cleanup_and_return(); return $self->cleanup_and_return();
} }
@ -371,8 +371,8 @@ sub greylist {
if ($white) { if ($white) {
# white IP - accept unless timed out # white IP - accept unless timed out
if (time - $ts < $config->{white_timeout}) { if ( $self->now - $ts < $config->{white_timeout} ) {
$self->db->set( $key, sprintf $fmt, time, $new, $black, ++$white ); $self->db->set( $key, sprintf $fmt, $self->now, $new, $black, ++$white );
$self->log(LOGINFO, "pass: white, $white deliveries"); $self->log(LOGINFO, "pass: white, $white deliveries");
return $self->cleanup_and_return(DECLINED); return $self->cleanup_and_return(DECLINED);
} }
@ -382,7 +382,7 @@ sub greylist {
} }
# Black IP - deny, but don't update timestamp # Black IP - deny, but don't update timestamp
if (time - $ts < $config->{black_timeout}) { if ( $self->now - $ts < $config->{black_timeout} ) {
$self->db->set( $key, sprintf $fmt, $ts, $new, ++$black, 0 ); $self->db->set( $key, sprintf $fmt, $ts, $new, ++$black, 0 );
$self->log(LOGWARN, $self->log(LOGWARN,
"fail: black DENYSOFT - $black deferred connections"); "fail: black DENYSOFT - $black deferred connections");
@ -390,8 +390,8 @@ sub greylist {
} }
# Grey IP - accept unless timed out # Grey IP - accept unless timed out
elsif (time - $ts < $config->{grey_timeout}) { elsif ( $self->now - $ts < $config->{grey_timeout} ) {
$self->db->set( $key, sprintf $fmt, time, $new, $black, 1 ); $self->db->set( $key, sprintf $fmt, $self->now, $new, $black, 1 );
$self->log(LOGWARN, "pass: updated grey->white"); $self->log(LOGWARN, "pass: updated grey->white");
return $self->cleanup_and_return(DECLINED); return $self->cleanup_and_return(DECLINED);
} }
@ -400,6 +400,9 @@ sub greylist {
return $self->cleanup_and_return(DECLINED); return $self->cleanup_and_return(DECLINED);
} }
# This exists purely to be overridden for testing
sub now { time() }
sub cleanup_and_return { sub cleanup_and_return {
my ($self, $return_val) = @_; my ($self, $return_val) = @_;
@ -461,7 +464,7 @@ sub prune_db {
my $pruned = 0; my $pruned = 0;
foreach my $key ( $self->db->get_keys ) { foreach my $key ( $self->db->get_keys ) {
my ($ts, $new, $black, $white) = split /:/, $self->db->get($key); my ($ts, $new, $black, $white) = split /:/, $self->db->get($key);
my $age = time - $ts; my $age = $self->now - $ts;
next if $age < $self->{_args}{white_timeout}; next if $age < $self->{_args}{white_timeout};
$pruned++; $pruned++;
$self->db->delete($key); $self->db->delete($key);

63
t/plugin_tests/greylisting
View File

@ -26,6 +26,7 @@ sub register_tests {
$self->register_test("test_greylist_p0f_link"); $self->register_test("test_greylist_p0f_link");
$self->register_test("test_greylist_p0f_uptime"); $self->register_test("test_greylist_p0f_uptime");
$self->register_test('test_exclude_file_match'); $self->register_test('test_exclude_file_match');
$self->register_test('test_greylist');
} }
sub test_load_exclude_files { sub test_load_exclude_files {
@ -219,6 +220,68 @@ sub test_greylist_p0f_uptime {
ok( ! $self->p0f_match(), 'p0f uptime miss'); ok( ! $self->p0f_match(), 'p0f uptime miss');
} }
my $mocktime;
sub test_greylist {
my ( $self ) = @_;
$self->{_args} = {
remote_ip => 1,
sender => 0,
recipient => 0,
reject => 1,
black_timeout => 50 * 60, # 50m
grey_timeout => 3 * 3600 + 20 * 60, # 3h:20m
white_timeout => 36 * 3600 * 24, # 36 days
p0f => 0,
geoip => 0,
};
$self->connection->remote_host('example.com');
$self->connection->remote_ip('1.2.3.4');
my $sender = Qpsmtpd::Address->new( "<$test_email>" );
my $rcpt = Qpsmtpd::Address->new( "<$test_email>" );
my $start = time() - 40 * 3600 * 24; # 40 days ago
$mocktime = $start;
is( $self->rc( $self->greylist( $self->transaction, $sender, $rcpt ) ),
'DENYSOFT: This mail is temporarily denied',
'Initial connection attempt greylisted' );
$mocktime = $start + 60 * 49;
is( $self->rc( $self->greylist( $self->transaction, $sender, $rcpt ) ),
'DENYSOFT: This mail is temporarily denied',
'Greylisted 49 minutes later' );
$mocktime = $start + 60 * 51;
is( $self->rc( $self->greylist( $self->transaction, $sender, $rcpt ) ),
'DECLINED',
'Allowed 51 minutes later' );
$mocktime = $start + 60 * 52 + 36 * 3600 * 24;
$self->prune_db;
is( $self->rc( $self->greylist( $self->transaction, $sender, $rcpt ) ),
'DENYSOFT: This mail is temporarily denied',
're-greylisted 36 days later' );
$self->connection->remote_ip('4.3.2.1');
$mocktime = $start;
is( $self->rc( $self->greylist( $self->transaction, $sender, $rcpt ) ),
'DENYSOFT: This mail is temporarily denied',
'Initial connection attempt greylisted for new IP' );
$mocktime = $start + 36 * 3600 * 24 - 60;
is( $self->rc( $self->greylist( $self->transaction, $sender, $rcpt ) ),
# 'DENYSOFT: This mail is temporarily denied',
# 'New IP still greylisted when greylist_timeout window is missed' );
'DECLINED',
"New IP allowed for 36 days, just like 'white' clients (huh?)" );
}
{
no warnings qw( redefine );
sub now { $mocktime || time() }
}
sub rc {
my ( $self, $r, $msg ) = @_;
return '' if ! defined $r;
return return_code($r) if ! defined $msg;
return return_code($r) . ": $msg";
}
sub _reset_transaction { sub _reset_transaction {
my $self = shift; my $self = shift;