mirror of
https://github.com/mjl-/mox.git
synced 2025-07-12 13:04:38 +03:00
if the first smtp or imap command is invalid, shut down the connection instead of trying to read more
this is quite common on the internet. the other side may be trying some other protocol, e.g. http, or some common vulnerability. we don't want to spam our own logs with multiple invalid lines. if the first command is valid, but later are not, we'll keep trying to process them. so this only affects protocol sessions that are very likely not smtp/imap. also remove a few more sleeps during tests, making imapserver and smtpserver tests a bit faster.
This commit is contained in:
@ -42,6 +42,8 @@ func init() {
|
||||
// Don't make tests slow.
|
||||
badClientDelay = 0
|
||||
reputationlessSenderDeliveryDelay = 0
|
||||
authFailDelay = 0
|
||||
unknownRecipientsDelay = 0
|
||||
}
|
||||
|
||||
func tcheck(t *testing.T, err error, msg string) {
|
||||
@ -877,3 +879,46 @@ func TestRatelimitDelivery(t *testing.T) {
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func TestNonSMTP(t *testing.T) {
|
||||
ts := newTestServer(t, "../testdata/smtp/mox.conf", dns.MockResolver{})
|
||||
defer ts.close()
|
||||
ts.cid += 2
|
||||
|
||||
serverConn, clientConn := net.Pipe()
|
||||
defer serverConn.Close()
|
||||
serverdone := make(chan struct{})
|
||||
defer func() { <-serverdone }()
|
||||
|
||||
go func() {
|
||||
tlsConfig := &tls.Config{
|
||||
Certificates: []tls.Certificate{fakeCert(ts.t)},
|
||||
}
|
||||
serve("test", ts.cid-2, dns.Domain{ASCII: "mox.example"}, tlsConfig, serverConn, ts.resolver, ts.submission, false, 100<<20, false, false, ts.dnsbls)
|
||||
close(serverdone)
|
||||
}()
|
||||
|
||||
defer clientConn.Close()
|
||||
|
||||
buf := make([]byte, 128)
|
||||
|
||||
// Read and ignore hello.
|
||||
if _, err := clientConn.Read(buf); err != nil {
|
||||
t.Fatalf("reading hello: %v", err)
|
||||
}
|
||||
|
||||
if _, err := fmt.Fprintf(clientConn, "bogus\r\n"); err != nil {
|
||||
t.Fatalf("write command: %v", err)
|
||||
}
|
||||
n, err := clientConn.Read(buf)
|
||||
if err != nil {
|
||||
t.Fatalf("read response line: %v", err)
|
||||
}
|
||||
s := string(buf[:n])
|
||||
if !strings.HasPrefix(s, "500 5.5.2 ") {
|
||||
t.Fatalf(`got %q, expected "500 5.5.2 ...`, s)
|
||||
}
|
||||
if _, err := clientConn.Read(buf); err == nil {
|
||||
t.Fatalf("connection not closed after bogus command")
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user