You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by bt...@apache.org on 2017/12/08 10:40:04 UTC
[09/13] james-project git commit: JAMES-2246 Add SMTP authorized
addresses tests
JAMES-2246 Add SMTP authorized addresses tests
The authorized address parameter is only used at the SMTP level (for aborting the SMTP connnection if a non authenticated, not allowed user try to relay an email).
We miss a mechanism for allowed user to actually relay emails (in MailetContainer). SMTPAuthSuccessful is not expressive enough.
Project: http://git-wip-us.apache.org/repos/asf/james-project/repo
Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/4b5c18ce
Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/4b5c18ce
Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/4b5c18ce
Branch: refs/heads/master
Commit: 4b5c18cedde57d106fb3a6af25f05612d405d0a2
Parents: b64f2b2
Author: benwa <bt...@linagora.com>
Authored: Mon Dec 4 11:15:38 2017 +0700
Committer: benwa <bt...@linagora.com>
Committed: Fri Dec 8 17:35:50 2017 +0700
----------------------------------------------------------------------
.../james/smtp/SmtpAuthorizedAddressesTest.java | 256 +++++++++++++++++++
.../AddDefaultAttributesMessageHook.java | 4 +-
2 files changed, 258 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/james-project/blob/4b5c18ce/server/mailet/integration-testing/src/test/java/org/apache/james/smtp/SmtpAuthorizedAddressesTest.java
----------------------------------------------------------------------
diff --git a/server/mailet/integration-testing/src/test/java/org/apache/james/smtp/SmtpAuthorizedAddressesTest.java b/server/mailet/integration-testing/src/test/java/org/apache/james/smtp/SmtpAuthorizedAddressesTest.java
new file mode 100644
index 0000000..3c9ea9f
--- /dev/null
+++ b/server/mailet/integration-testing/src/test/java/org/apache/james/smtp/SmtpAuthorizedAddressesTest.java
@@ -0,0 +1,256 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one *
+ * or more contributor license agreements. See the NOTICE file *
+ * distributed with this work for additional information *
+ * regarding copyright ownership. The ASF licenses this file *
+ * to you under the Apache License, Version 2.0 (the *
+ * "License"); you may not use this file except in compliance *
+ * with the License. You may obtain a copy of the License at *
+ * *
+ * http://www.apache.org/licenses/LICENSE-2.0 *
+ * *
+ * Unless required by applicable law or agreed to in writing, *
+ * software distributed under the License is distributed on an *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
+ * KIND, either express or implied. See the License for the *
+ * specific language governing permissions and limitations *
+ * under the License. *
+ ****************************************************************/
+
+package org.apache.james.smtp;
+
+import static com.jayway.restassured.RestAssured.when;
+import static com.jayway.restassured.config.EncoderConfig.encoderConfig;
+import static com.jayway.restassured.config.RestAssuredConfig.newConfig;
+import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.Matchers.hasSize;
+
+import org.apache.james.MemoryJamesServerMain;
+import org.apache.james.mailets.TemporaryJamesServer;
+import org.apache.james.mailets.configuration.CommonProcessors;
+import org.apache.james.mailets.configuration.MailetConfiguration;
+import org.apache.james.mailets.configuration.MailetContainer;
+import org.apache.james.mailets.configuration.ProcessorConfiguration;
+import org.apache.james.mailets.configuration.SmtpConfiguration;
+import org.apache.james.probe.DataProbe;
+import org.apache.james.transport.mailets.LocalDelivery;
+import org.apache.james.transport.mailets.RemoteDelivery;
+import org.apache.james.transport.mailets.RemoveMimeHeader;
+import org.apache.james.transport.mailets.ToProcessor;
+import org.apache.james.transport.matchers.All;
+import org.apache.james.transport.matchers.RecipientIsLocal;
+import org.apache.james.transport.matchers.SMTPIsAuthNetwork;
+import org.apache.james.util.streams.SwarmGenericContainer;
+import org.apache.james.utils.DataProbeImpl;
+import org.apache.james.utils.IMAPMessageReader;
+import org.apache.james.utils.SMTPMessageSender;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.RuleChain;
+import org.junit.rules.TemporaryFolder;
+import org.testcontainers.containers.wait.HostPortWaitStrategy;
+
+import com.google.common.base.Charsets;
+import com.jayway.awaitility.Awaitility;
+import com.jayway.awaitility.Duration;
+import com.jayway.awaitility.core.ConditionFactory;
+import com.jayway.restassured.RestAssured;
+import com.jayway.restassured.builder.RequestSpecBuilder;
+import com.jayway.restassured.http.ContentType;
+
+public class SmtpAuthorizedAddressesTest {
+ private static final String DEFAULT_DOMAIN = "james.org";
+ private static final String LOCALHOST_IP = "127.0.0.1";
+ private static final int SMTP_PORT = 1025;
+ public static final int IMAP_PORT = 1143;
+ private static final String PASSWORD = "secret";
+
+ private static final String JAMES_APACHE_ORG = "james.org";
+ private static final String FROM = "fromuser@" + JAMES_APACHE_ORG;
+ private static final String TO = "to@any.com";
+
+ private final TemporaryFolder smtpFolder = new TemporaryFolder();
+ private final SwarmGenericContainer fakeSmtp = new SwarmGenericContainer("weave/rest-smtp-sink:latest")
+ .withExposedPorts(25)
+ .withAffinityToContainer()
+ .waitingFor(new HostPortWaitStrategy());
+
+ @Rule
+ public final RuleChain chain = RuleChain.outerRule(smtpFolder).around(fakeSmtp);
+
+ @Rule
+ public TemporaryFolder temporaryFolder = new TemporaryFolder();
+
+ private TemporaryJamesServer jamesServer;
+ private ConditionFactory calmlyAwait;
+
+ @Before
+ public void setup() throws Exception {
+ Duration slowPacedPollInterval = Duration.FIVE_HUNDRED_MILLISECONDS;
+ calmlyAwait = Awaitility.with()
+ .pollInterval(slowPacedPollInterval)
+ .and()
+ .with()
+ .pollDelay(slowPacedPollInterval)
+ .await();
+ calmlyAwait.atMost(Duration.ONE_MINUTE).until(() -> fakeSmtp.tryConnect(25));
+
+ RestAssured.requestSpecification = new RequestSpecBuilder()
+ .setContentType(ContentType.JSON)
+ .setAccept(ContentType.JSON)
+ .setConfig(newConfig().encoderConfig(encoderConfig().defaultContentCharset(Charsets.UTF_8)))
+ .setPort(80)
+ .setBaseUri("http://" + fakeSmtp.getContainerIp())
+ .build();
+ }
+
+ private void createJamesServer(SmtpConfiguration.Builder smtpConfiguration) throws Exception {
+ MailetContainer mailetContainer = MailetContainer.builder()
+ .postmaster("postmaster@" + DEFAULT_DOMAIN)
+ .threads(5)
+ .addProcessor(ProcessorConfiguration.builder()
+ .state("root")
+ .addMailet(MailetConfiguration.builder()
+ .matcher(All.class)
+ .mailet(ToProcessor.class)
+ .addProperty("processor", "transport")
+ .build())
+ .build())
+ .addProcessor(CommonProcessors.error())
+ .addProcessor(ProcessorConfiguration.builder()
+ .state("transport")
+ .enableJmx(true)
+ .addMailet(MailetConfiguration.builder()
+ .matcher(All.class)
+ .mailet(RemoveMimeHeader.class)
+ .addProperty("name", "bcc")
+ .build())
+ .addMailet(MailetConfiguration.builder()
+ .matcher(RecipientIsLocal.class)
+ .mailet(LocalDelivery.class)
+ .build())
+ .addMailet(MailetConfiguration.builder()
+ .matcher(SMTPIsAuthNetwork.class)
+ .mailet(RemoteDelivery.class)
+ .addProperty("outgoingQueue", "outgoing")
+ .addProperty("delayTime", "5000, 100000, 500000")
+ .addProperty("maxRetries", "25")
+ .addProperty("maxDnsProblemRetries", "0")
+ .addProperty("deliveryThreads", "10")
+ .addProperty("sendpartial", "true")
+ .addProperty("bounceProcessor", "bounces")
+ .addProperty("gateway", fakeSmtp.getContainerIp())
+ .build())
+ .addMailet(MailetConfiguration.builder()
+ .matcher(All.class)
+ .mailet(ToProcessor.class)
+ .addProperty("processor", "bounces")
+ .build())
+ .build())
+ .addProcessor(CommonProcessors.localAddressError())
+ .addProcessor(CommonProcessors.relayDenied())
+ .addProcessor(CommonProcessors.bounces())
+ .build();
+ jamesServer = TemporaryJamesServer.builder()
+ .withBase(MemoryJamesServerMain.SMTP_AND_IMAP_MODULE)
+ .withSmtpConfiguration(smtpConfiguration.build())
+ .build(temporaryFolder, mailetContainer);
+
+ DataProbe dataProbe = jamesServer.getProbe(DataProbeImpl.class);
+ dataProbe.addDomain(JAMES_APACHE_ORG);
+ dataProbe.addUser(FROM, PASSWORD);
+ }
+
+ @After
+ public void tearDown() {
+ if (jamesServer != null) {
+ jamesServer.shutdown();
+ }
+ }
+
+ @Test
+ public void userShouldBeAbleToRelayMessagesWhenInAcceptedNetwork() throws Exception {
+ createJamesServer(SmtpConfiguration.builder()
+ .requireAuthentication()
+ .withAutorizedAddresses("127.0.0.0/8"));
+
+ try (SMTPMessageSender messageSender =
+ SMTPMessageSender.noAuthentication(LOCALHOST_IP, SMTP_PORT, JAMES_APACHE_ORG)) {
+
+ messageSender.sendMessage(FROM, TO);
+ calmlyAwait.atMost(Duration.ONE_MINUTE).until(messageSender::messageHasBeenSent);
+
+ calmlyAwait.atMost(Duration.ONE_MINUTE)
+ .until(this::messageIsReceivedByTheSmtpServer);
+ }
+ }
+
+ @Test
+ public void userShouldNotBeAbleToRelayMessagesWhenOutOfAcceptedNetwork() throws Exception {
+ createJamesServer(SmtpConfiguration.builder()
+ .requireAuthentication()
+ .withAutorizedAddresses("172.0.0.0/8"));
+
+ try (SMTPMessageSender messageSender =
+ SMTPMessageSender.noAuthentication(LOCALHOST_IP, SMTP_PORT, JAMES_APACHE_ORG)) {
+
+ messageSender.sendMessage(FROM, TO);
+ calmlyAwait.atMost(Duration.ONE_MINUTE).until(messageSender::messageSendingFailed);
+ }
+ }
+
+ @Test
+ public void userShouldBeAbleToRelayMessagesWhenOutOfAcceptedNetworkButAuthenticated() throws Exception {
+ createJamesServer(SmtpConfiguration.builder()
+ .requireAuthentication()
+ .withAutorizedAddresses("172.0.0.0/8"));
+
+ try (SMTPMessageSender messageSender =
+ SMTPMessageSender.authentication(LOCALHOST_IP, SMTP_PORT, JAMES_APACHE_ORG, FROM, PASSWORD)) {
+
+ messageSender.sendMessage(FROM, TO);
+
+ calmlyAwait.atMost(Duration.ONE_MINUTE).until(messageSender::messageHasBeenSent);
+
+ calmlyAwait.atMost(Duration.ONE_MINUTE)
+ .until(this::messageIsReceivedByTheSmtpServer);
+ }
+ }
+
+ @Test
+ public void localDeliveryShouldBePossibleFromNonAuthenticatedNonAuthorizedSender() throws Exception {
+ createJamesServer(SmtpConfiguration.builder()
+ .requireAuthentication()
+ .withAutorizedAddresses("172.0.0.0/8"));
+
+ try (SMTPMessageSender messageSender =
+ SMTPMessageSender.noAuthentication(LOCALHOST_IP, SMTP_PORT, JAMES_APACHE_ORG);
+ IMAPMessageReader imapMessageReader = new IMAPMessageReader(LOCALHOST_IP, IMAP_PORT)) {
+
+ messageSender.sendMessage(TO, FROM);
+
+ calmlyAwait.atMost(Duration.ONE_MINUTE).until(messageSender::messageHasBeenSent);
+
+ calmlyAwait.atMost(Duration.ONE_MINUTE)
+ .until(() -> imapMessageReader.userReceivedMessage(FROM, PASSWORD));
+ }
+ }
+
+ private boolean messageIsReceivedByTheSmtpServer() {
+ try {
+ when()
+ .get("/api/email")
+ .then()
+ .statusCode(200)
+ .body("", hasSize(1))
+ .body("[0].from", equalTo(FROM))
+ .body("[0].subject", equalTo("test"));
+ return true;
+ } catch (Exception e) {
+ return false;
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/james-project/blob/4b5c18ce/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/AddDefaultAttributesMessageHook.java
----------------------------------------------------------------------
diff --git a/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/AddDefaultAttributesMessageHook.java b/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/AddDefaultAttributesMessageHook.java
index 8cd5d67..04aa165 100644
--- a/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/AddDefaultAttributesMessageHook.java
+++ b/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/AddDefaultAttributesMessageHook.java
@@ -20,10 +20,10 @@ package org.apache.james.smtpserver;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationException;
-import org.apache.james.server.core.MailImpl;
import org.apache.james.protocols.smtp.SMTPSession;
import org.apache.james.protocols.smtp.hook.HookResult;
import org.apache.james.protocols.smtp.hook.HookReturnCode;
+import org.apache.james.server.core.MailImpl;
import org.apache.mailet.Mail;
/**
@@ -34,7 +34,7 @@ public class AddDefaultAttributesMessageHook implements JamesMessageHook {
/**
* The mail attribute which get set if the client is allowed to relay
*/
- private final static String SMTP_AUTH_NETWORK_NAME = "org.apache.james.SMTPIsAuthNetwork";
+ public static final String SMTP_AUTH_NETWORK_NAME = "org.apache.james.SMTPIsAuthNetwork";
@Override
public void init(Configuration config) throws ConfigurationException {
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org