JAMES-2246 Add SMTP authorized addresses tests The authorized address parameter is only used at the SMTP level (for aborting the SMTP connnection if a non authenticated, not allowed user try to relay an email).
We miss a mechanism for allowed user to actually relay emails (in MailetContainer). SMTPAuthSuccessful is not expressive enough. Project: http://git-wip-us.apache.org/repos/asf/james-project/repo Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/4b5c18ce Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/4b5c18ce Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/4b5c18ce Branch: refs/heads/master Commit: 4b5c18cedde57d106fb3a6af25f05612d405d0a2 Parents: b64f2b2 Author: benwa <btell...@linagora.com> Authored: Mon Dec 4 11:15:38 2017 +0700 Committer: benwa <btell...@linagora.com> Committed: Fri Dec 8 17:35:50 2017 +0700 ---------------------------------------------------------------------- .../james/smtp/SmtpAuthorizedAddressesTest.java | 256 +++++++++++++++++++ .../AddDefaultAttributesMessageHook.java | 4 +- 2 files changed, 258 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/james-project/blob/4b5c18ce/server/mailet/integration-testing/src/test/java/org/apache/james/smtp/SmtpAuthorizedAddressesTest.java ---------------------------------------------------------------------- diff --git a/server/mailet/integration-testing/src/test/java/org/apache/james/smtp/SmtpAuthorizedAddressesTest.java b/server/mailet/integration-testing/src/test/java/org/apache/james/smtp/SmtpAuthorizedAddressesTest.java new file mode 100644 index 0000000..3c9ea9f --- /dev/null +++ b/server/mailet/integration-testing/src/test/java/org/apache/james/smtp/SmtpAuthorizedAddressesTest.java @@ -0,0 +1,256 @@ +/**************************************************************** + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information * + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the * + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the * + * specific language governing permissions and limitations * + * under the License. * + ****************************************************************/ + +package org.apache.james.smtp; + +import static com.jayway.restassured.RestAssured.when; +import static com.jayway.restassured.config.EncoderConfig.encoderConfig; +import static com.jayway.restassured.config.RestAssuredConfig.newConfig; +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.hasSize; + +import org.apache.james.MemoryJamesServerMain; +import org.apache.james.mailets.TemporaryJamesServer; +import org.apache.james.mailets.configuration.CommonProcessors; +import org.apache.james.mailets.configuration.MailetConfiguration; +import org.apache.james.mailets.configuration.MailetContainer; +import org.apache.james.mailets.configuration.ProcessorConfiguration; +import org.apache.james.mailets.configuration.SmtpConfiguration; +import org.apache.james.probe.DataProbe; +import org.apache.james.transport.mailets.LocalDelivery; +import org.apache.james.transport.mailets.RemoteDelivery; +import org.apache.james.transport.mailets.RemoveMimeHeader; +import org.apache.james.transport.mailets.ToProcessor; +import org.apache.james.transport.matchers.All; +import org.apache.james.transport.matchers.RecipientIsLocal; +import org.apache.james.transport.matchers.SMTPIsAuthNetwork; +import org.apache.james.util.streams.SwarmGenericContainer; +import org.apache.james.utils.DataProbeImpl; +import org.apache.james.utils.IMAPMessageReader; +import org.apache.james.utils.SMTPMessageSender; +import org.junit.After; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.RuleChain; +import org.junit.rules.TemporaryFolder; +import org.testcontainers.containers.wait.HostPortWaitStrategy; + +import com.google.common.base.Charsets; +import com.jayway.awaitility.Awaitility; +import com.jayway.awaitility.Duration; +import com.jayway.awaitility.core.ConditionFactory; +import com.jayway.restassured.RestAssured; +import com.jayway.restassured.builder.RequestSpecBuilder; +import com.jayway.restassured.http.ContentType; + +public class SmtpAuthorizedAddressesTest { + private static final String DEFAULT_DOMAIN = "james.org"; + private static final String LOCALHOST_IP = "127.0.0.1"; + private static final int SMTP_PORT = 1025; + public static final int IMAP_PORT = 1143; + private static final String PASSWORD = "secret"; + + private static final String JAMES_APACHE_ORG = "james.org"; + private static final String FROM = "fromuser@" + JAMES_APACHE_ORG; + private static final String TO = "t...@any.com"; + + private final TemporaryFolder smtpFolder = new TemporaryFolder(); + private final SwarmGenericContainer fakeSmtp = new SwarmGenericContainer("weave/rest-smtp-sink:latest") + .withExposedPorts(25) + .withAffinityToContainer() + .waitingFor(new HostPortWaitStrategy()); + + @Rule + public final RuleChain chain = RuleChain.outerRule(smtpFolder).around(fakeSmtp); + + @Rule + public TemporaryFolder temporaryFolder = new TemporaryFolder(); + + private TemporaryJamesServer jamesServer; + private ConditionFactory calmlyAwait; + + @Before + public void setup() throws Exception { + Duration slowPacedPollInterval = Duration.FIVE_HUNDRED_MILLISECONDS; + calmlyAwait = Awaitility.with() + .pollInterval(slowPacedPollInterval) + .and() + .with() + .pollDelay(slowPacedPollInterval) + .await(); + calmlyAwait.atMost(Duration.ONE_MINUTE).until(() -> fakeSmtp.tryConnect(25)); + + RestAssured.requestSpecification = new RequestSpecBuilder() + .setContentType(ContentType.JSON) + .setAccept(ContentType.JSON) + .setConfig(newConfig().encoderConfig(encoderConfig().defaultContentCharset(Charsets.UTF_8))) + .setPort(80) + .setBaseUri("http://" + fakeSmtp.getContainerIp()) + .build(); + } + + private void createJamesServer(SmtpConfiguration.Builder smtpConfiguration) throws Exception { + MailetContainer mailetContainer = MailetContainer.builder() + .postmaster("postmaster@" + DEFAULT_DOMAIN) + .threads(5) + .addProcessor(ProcessorConfiguration.builder() + .state("root") + .addMailet(MailetConfiguration.builder() + .matcher(All.class) + .mailet(ToProcessor.class) + .addProperty("processor", "transport") + .build()) + .build()) + .addProcessor(CommonProcessors.error()) + .addProcessor(ProcessorConfiguration.builder() + .state("transport") + .enableJmx(true) + .addMailet(MailetConfiguration.builder() + .matcher(All.class) + .mailet(RemoveMimeHeader.class) + .addProperty("name", "bcc") + .build()) + .addMailet(MailetConfiguration.builder() + .matcher(RecipientIsLocal.class) + .mailet(LocalDelivery.class) + .build()) + .addMailet(MailetConfiguration.builder() + .matcher(SMTPIsAuthNetwork.class) + .mailet(RemoteDelivery.class) + .addProperty("outgoingQueue", "outgoing") + .addProperty("delayTime", "5000, 100000, 500000") + .addProperty("maxRetries", "25") + .addProperty("maxDnsProblemRetries", "0") + .addProperty("deliveryThreads", "10") + .addProperty("sendpartial", "true") + .addProperty("bounceProcessor", "bounces") + .addProperty("gateway", fakeSmtp.getContainerIp()) + .build()) + .addMailet(MailetConfiguration.builder() + .matcher(All.class) + .mailet(ToProcessor.class) + .addProperty("processor", "bounces") + .build()) + .build()) + .addProcessor(CommonProcessors.localAddressError()) + .addProcessor(CommonProcessors.relayDenied()) + .addProcessor(CommonProcessors.bounces()) + .build(); + jamesServer = TemporaryJamesServer.builder() + .withBase(MemoryJamesServerMain.SMTP_AND_IMAP_MODULE) + .withSmtpConfiguration(smtpConfiguration.build()) + .build(temporaryFolder, mailetContainer); + + DataProbe dataProbe = jamesServer.getProbe(DataProbeImpl.class); + dataProbe.addDomain(JAMES_APACHE_ORG); + dataProbe.addUser(FROM, PASSWORD); + } + + @After + public void tearDown() { + if (jamesServer != null) { + jamesServer.shutdown(); + } + } + + @Test + public void userShouldBeAbleToRelayMessagesWhenInAcceptedNetwork() throws Exception { + createJamesServer(SmtpConfiguration.builder() + .requireAuthentication() + .withAutorizedAddresses("127.0.0.0/8")); + + try (SMTPMessageSender messageSender = + SMTPMessageSender.noAuthentication(LOCALHOST_IP, SMTP_PORT, JAMES_APACHE_ORG)) { + + messageSender.sendMessage(FROM, TO); + calmlyAwait.atMost(Duration.ONE_MINUTE).until(messageSender::messageHasBeenSent); + + calmlyAwait.atMost(Duration.ONE_MINUTE) + .until(this::messageIsReceivedByTheSmtpServer); + } + } + + @Test + public void userShouldNotBeAbleToRelayMessagesWhenOutOfAcceptedNetwork() throws Exception { + createJamesServer(SmtpConfiguration.builder() + .requireAuthentication() + .withAutorizedAddresses("172.0.0.0/8")); + + try (SMTPMessageSender messageSender = + SMTPMessageSender.noAuthentication(LOCALHOST_IP, SMTP_PORT, JAMES_APACHE_ORG)) { + + messageSender.sendMessage(FROM, TO); + calmlyAwait.atMost(Duration.ONE_MINUTE).until(messageSender::messageSendingFailed); + } + } + + @Test + public void userShouldBeAbleToRelayMessagesWhenOutOfAcceptedNetworkButAuthenticated() throws Exception { + createJamesServer(SmtpConfiguration.builder() + .requireAuthentication() + .withAutorizedAddresses("172.0.0.0/8")); + + try (SMTPMessageSender messageSender = + SMTPMessageSender.authentication(LOCALHOST_IP, SMTP_PORT, JAMES_APACHE_ORG, FROM, PASSWORD)) { + + messageSender.sendMessage(FROM, TO); + + calmlyAwait.atMost(Duration.ONE_MINUTE).until(messageSender::messageHasBeenSent); + + calmlyAwait.atMost(Duration.ONE_MINUTE) + .until(this::messageIsReceivedByTheSmtpServer); + } + } + + @Test + public void localDeliveryShouldBePossibleFromNonAuthenticatedNonAuthorizedSender() throws Exception { + createJamesServer(SmtpConfiguration.builder() + .requireAuthentication() + .withAutorizedAddresses("172.0.0.0/8")); + + try (SMTPMessageSender messageSender = + SMTPMessageSender.noAuthentication(LOCALHOST_IP, SMTP_PORT, JAMES_APACHE_ORG); + IMAPMessageReader imapMessageReader = new IMAPMessageReader(LOCALHOST_IP, IMAP_PORT)) { + + messageSender.sendMessage(TO, FROM); + + calmlyAwait.atMost(Duration.ONE_MINUTE).until(messageSender::messageHasBeenSent); + + calmlyAwait.atMost(Duration.ONE_MINUTE) + .until(() -> imapMessageReader.userReceivedMessage(FROM, PASSWORD)); + } + } + + private boolean messageIsReceivedByTheSmtpServer() { + try { + when() + .get("/api/email") + .then() + .statusCode(200) + .body("", hasSize(1)) + .body("[0].from", equalTo(FROM)) + .body("[0].subject", equalTo("test")); + return true; + } catch (Exception e) { + return false; + } + } + +} http://git-wip-us.apache.org/repos/asf/james-project/blob/4b5c18ce/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/AddDefaultAttributesMessageHook.java ---------------------------------------------------------------------- diff --git a/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/AddDefaultAttributesMessageHook.java b/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/AddDefaultAttributesMessageHook.java index 8cd5d67..04aa165 100644 --- a/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/AddDefaultAttributesMessageHook.java +++ b/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/AddDefaultAttributesMessageHook.java @@ -20,10 +20,10 @@ package org.apache.james.smtpserver; import org.apache.commons.configuration.Configuration; import org.apache.commons.configuration.ConfigurationException; -import org.apache.james.server.core.MailImpl; import org.apache.james.protocols.smtp.SMTPSession; import org.apache.james.protocols.smtp.hook.HookResult; import org.apache.james.protocols.smtp.hook.HookReturnCode; +import org.apache.james.server.core.MailImpl; import org.apache.mailet.Mail; /** @@ -34,7 +34,7 @@ public class AddDefaultAttributesMessageHook implements JamesMessageHook { /** * The mail attribute which get set if the client is allowed to relay */ - private final static String SMTP_AUTH_NETWORK_NAME = "org.apache.james.SMTPIsAuthNetwork"; + public static final String SMTP_AUTH_NETWORK_NAME = "org.apache.james.SMTPIsAuthNetwork"; @Override public void init(Configuration config) throws ConfigurationException { --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org