summaryrefslogtreecommitdiffstats
path: root/src/smtpd/smtpd_dns_filter.ref
blob: ce1710f17d7c470653df186b3e12ed34e14aca78 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163

>>> #
>>> # Initialize
>>> #
>>> client localhost 127.0.0.1
OK
>>> smtpd_delay_reject 0
OK
>>> #
>>> # Test reject_unknown_helo_hostname
>>> #
>>> smtpd_dns_reply_filter regexp:../dns/no-mx.reg
OK
>>> helo_restrictions reject_unknown_helo_hostname,permit
OK
>>> # EXPECT OK + "all MX records dropped" warning.
>>> helo xn--1xa.porcupine.org
./smtpd_check: ignoring DNS RR: xn--1xa.porcupine.org. TTL IN MX 10 spike.porcupine.org.
./smtpd_check: warning: xn--1xa.porcupine.org: address or MX lookup error: DNS reply filter drops all results
OK
>>> # EXPECT OK (nullmx has A record)
>>> helo nullmx.porcupine.org
OK
>>> # EXPECT reject (nxdomain is not filtered).
>>> helo nxdomain.porcupine.org
./smtpd_check: <queue id>: reject: HELO from localhost[127.0.0.1]: 450 4.7.1 <nxdomain.porcupine.org>: Helo command rejected: Host not found; proto=SMTP helo=<nxdomain.porcupine.org>
450 4.7.1 <nxdomain.porcupine.org>: Helo command rejected: Host not found
>>> smtpd_dns_reply_filter regexp:../dns/no-a.reg
OK
>>> # EXPECT OK (host has AAAA record).
>>> mail user@spike.porcupine.org
OK
>>> helo spike.porcupine.org
./smtpd_check: ignoring DNS RR: spike.porcupine.org. TTL IN A 168.100.3.2
OK
>>> # EXPECT OK + "all A records dropped" warning + no delayed reject.
>>> helo fist.porcupine.org
./smtpd_check: ignoring DNS RR: fist.porcupine.org. TTL IN A 168.100.3.4
./smtpd_check: warning: fist.porcupine.org: address or MX lookup error: DNS reply filter drops all results
OK
>>> mail user@spike.porcupine.org
OK
>>> rcpt user@spike.porcupine.org
OK
>>> smtpd_dns_reply_filter regexp:../dns/error.reg
OK
>>> # EXPECT OK + "filter config error" warning + delayed reject.
>>> helo spike.porcupine.org
./smtpd_check: warning: smtpd_dns_reply_filter: unknown DNS filter action: "oops"
./smtpd_check: warning: smtpd_dns_reply_filter: unknown DNS filter action: "oops"
OK
>>> mail user@spike.porcupine.org
OK
>>> rcpt user@spike.porcupine.org
./smtpd_check: <queue id>: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 <spike.porcupine.org>: Helo command rejected: Host not found; from=<user@spike.porcupine.org> to=<user@spike.porcupine.org> proto=SMTP helo=<spike.porcupine.org>
450 4.7.1 <spike.porcupine.org>: Helo command rejected: Host not found
>>> # EXPECT OK + "filter config error" warning (nullmx has A record) + delayed reject.
>>> helo nullmx.porcupine.org
./smtpd_check: warning: smtpd_dns_reply_filter: unknown DNS filter action: "oops"
OK
>>> mail user@spike.porcupine.org
OK
>>> rcpt user@spike.porcupine.org
./smtpd_check: <queue id>: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 <nullmx.porcupine.org>: Helo command rejected: Host not found; from=<user@spike.porcupine.org> to=<user@spike.porcupine.org> proto=SMTP helo=<nullmx.porcupine.org>
450 4.7.1 <nullmx.porcupine.org>: Helo command rejected: Host not found
>>> # EXPECT reject (nxdomain is not filtered).
>>> helo nxdomain.porcupine.org
./smtpd_check: <queue id>: reject: HELO from localhost[127.0.0.1]: 450 4.7.1 <nxdomain.porcupine.org>: Helo command rejected: Host not found; from=<user@spike.porcupine.org> proto=SMTP helo=<nxdomain.porcupine.org>
450 4.7.1 <nxdomain.porcupine.org>: Helo command rejected: Host not found
>>> #
>>> # Test reject_unknown_sender_domain (same code as
>>> # reject_unknown_recipient_domain).
>>> #
>>> smtpd_dns_reply_filter regexp:../dns/no-mx.reg
OK
>>> helo localhost
OK
>>> sender_restrictions reject_unknown_sender_domain
OK
>>> # EXPECT OK + "all MX records dropped" warning.
>>> mail user@xn--1xa.porcupine.org
./smtpd_check: ignoring DNS RR: xn--1xa.porcupine.org. TTL IN MX 10 spike.porcupine.org.
./smtpd_check: warning: xn--1xa.porcupine.org: MX or address lookup error: DNS reply filter drops all results
OK
>>> # EXPECT reject (nullmx is not filtered).
>>> mail user@nullmx.porcupine.org
./smtpd_check: <queue id>: reject: MAIL from localhost[127.0.0.1]: 550 5.7.27 <user@nullmx.porcupine.org>: Sender address rejected: Domain nullmx.porcupine.org does not accept mail (nullMX); from=<user@nullmx.porcupine.org> proto=SMTP helo=<localhost>
550 5.7.27 <user@nullmx.porcupine.org>: Sender address rejected: Domain nullmx.porcupine.org does not accept mail (nullMX)
>>> # EXPECT reject (nxdomain is not filtered).
>>> mail user@nxdomain.porcupine.org
./smtpd_check: <queue id>: reject: MAIL from localhost[127.0.0.1]: 450 4.1.8 <user@nxdomain.porcupine.org>: Sender address rejected: Domain not found; from=<user@nxdomain.porcupine.org> proto=SMTP helo=<localhost>
450 4.1.8 <user@nxdomain.porcupine.org>: Sender address rejected: Domain not found
>>> # EXPECT OK
>>> mail user@localhost
OK
>>> smtpd_dns_reply_filter regexp:../dns/no-a.reg
OK
>>> # EXPECT OK (host has AAAA record).
>>> mail user@spike.porcupine.org
./smtpd_check: ignoring DNS RR: spike.porcupine.org. TTL IN A 168.100.3.2
OK
>>> # EXPECT OK + "all A records dropped" warning.
>>> mail user@fist.porcupine.org
./smtpd_check: ignoring DNS RR: fist.porcupine.org. TTL IN A 168.100.3.4
./smtpd_check: warning: fist.porcupine.org: MX or address lookup error: DNS reply filter drops all results
OK
>>> smtpd_dns_reply_filter regexp:../dns/error.reg
OK
>>> # EXPECT OK + "filter config error" warning + delayed reject.
>>> mail user@xn--1xa.porcupine.org
./smtpd_check: warning: smtpd_dns_reply_filter: unknown DNS filter action: "oops"
OK
>>> rcpt user
./smtpd_check: <queue id>: reject: RCPT from localhost[127.0.0.1]: 450 4.1.8 <user@xn--1xa.porcupine.org>: Sender address rejected: Domain not found; from=<user@xn--1xa.porcupine.org> to=<user> proto=SMTP helo=<localhost>
450 4.1.8 <user@xn--1xa.porcupine.org>: Sender address rejected: Domain not found
>>> # EXPECT reject (nullmx is not filtered).
>>> mail user@nullmx.porcupine.org
./smtpd_check: <queue id>: reject: MAIL from localhost[127.0.0.1]: 550 5.7.27 <user@nullmx.porcupine.org>: Sender address rejected: Domain nullmx.porcupine.org does not accept mail (nullMX); from=<user@nullmx.porcupine.org> proto=SMTP helo=<localhost>
550 5.7.27 <user@nullmx.porcupine.org>: Sender address rejected: Domain nullmx.porcupine.org does not accept mail (nullMX)
>>> # EXPECT reject (nxdomain is not filtered).
>>> mail user@nxdomain.porcupine.org
./smtpd_check: <queue id>: reject: MAIL from localhost[127.0.0.1]: 450 4.1.8 <user@nxdomain.porcupine.org>: Sender address rejected: Domain not found; from=<user@nxdomain.porcupine.org> proto=SMTP helo=<localhost>
450 4.1.8 <user@nxdomain.porcupine.org>: Sender address rejected: Domain not found
>>> #
>>> # Test reject_rbl_client
>>> #
>>> client_restrictions reject_rbl_client,dnsbltest.porcupine.org
OK
>>> smtpd_dns_reply_filter regexp:../dns/no-mx.reg
OK
>>> flush_dnsxl_cache
OK
>>> # EXPECT reject + A and TXT record.
>>> client localhost 127.0.0.2
./smtpd_check: <queue id>: reject: CONNECT from localhost[127.0.0.2]: 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; DNS blocklist test; from=<user@nxdomain.porcupine.org> proto=SMTP helo=<localhost>
554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; DNS blocklist test
>>> smtpd_dns_reply_filter regexp:../dns/no-a.reg
OK
>>> flush_dnsxl_cache
OK
>>> # EXPECT OK + "all A results dropped" warning.
>>> client localhost 127.0.0.2
./smtpd_check: ignoring DNS RR: 2.0.0.127.dnsbltest.porcupine.org. TTL IN A 127.0.0.2
./smtpd_check: warning: 2.0.0.127.dnsbltest.porcupine.org: RBL lookup error: Error looking up name=2.0.0.127.dnsbltest.porcupine.org type=A: DNS reply filter drops all results
OK
>>> smtpd_dns_reply_filter regexp:../dns/no-txt.reg
OK
>>> flush_dnsxl_cache
OK
>>> # EXPECT reject + A record, "all TXT results dropped" warning.
>>> client localhost 127.0.0.2
./smtpd_check: ignoring DNS RR: 2.0.0.127.dnsbltest.porcupine.org. TTL IN TXT DNS blocklist test
./smtpd_check: warning: 2.0.0.127.dnsbltest.porcupine.org: TXT lookup error: DNS reply filter drops all results
./smtpd_check: <queue id>: reject: CONNECT from localhost[127.0.0.2]: 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; from=<user@nxdomain.porcupine.org> proto=SMTP helo=<localhost>
554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org
>>> smtpd_dns_reply_filter regexp:../dns/error.reg
OK
>>> flush_dnsxl_cache
OK
>>> # EXPECT OK + "filter configuration error"
>>> client localhost 127.0.0.2
./smtpd_check: warning: smtpd_dns_reply_filter: unknown DNS filter action: "oops"
./smtpd_check: warning: 2.0.0.127.dnsbltest.porcupine.org: RBL lookup error: Error looking up name=2.0.0.127.dnsbltest.porcupine.org type=A: Invalid DNS reply filter syntax
OK
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-09 02:43:56 +0000