pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / rspamd.nix
at 21.11-pre 11 kB view raw
1{ system ? builtins.currentSystem, 2 config ? {}, 3 pkgs ? import ../.. { inherit system config; } 4}: 5 6with import ../lib/testing-python.nix { inherit system pkgs; }; 7with pkgs.lib; 8 9let 10 initMachine = '' 11 start_all() 12 machine.wait_for_unit("rspamd.service") 13 machine.succeed("id rspamd >/dev/null") 14 ''; 15 checkSocket = socket: user: group: mode: '' 16 machine.succeed( 17 "ls ${socket} >/dev/null", 18 '[[ "$(stat -c %U ${socket})" == "${user}" ]]', 19 '[[ "$(stat -c %G ${socket})" == "${group}" ]]', 20 '[[ "$(stat -c %a ${socket})" == "${mode}" ]]', 21 ) 22 ''; 23 simple = name: enableIPv6: makeTest { 24 name = "rspamd-${name}"; 25 machine = { 26 services.rspamd.enable = true; 27 networking.enableIPv6 = enableIPv6; 28 virtualisation.memorySize = 1024; 29 }; 30 testScript = '' 31 start_all() 32 machine.wait_for_unit("multi-user.target") 33 machine.wait_for_open_port(11334) 34 machine.wait_for_unit("rspamd.service") 35 machine.succeed("id rspamd >/dev/null") 36 ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660" } 37 machine.sleep(10) 38 machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf")) 39 machine.log( 40 machine.succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf") 41 ) 42 machine.log(machine.succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf")) 43 machine.log(machine.succeed("systemctl cat rspamd.service")) 44 machine.log(machine.succeed("curl http://localhost:11334/auth")) 45 machine.log(machine.succeed("curl http://127.0.0.1:11334/auth")) 46 ${optionalString enableIPv6 ''machine.log(machine.succeed("curl http://[::1]:11334/auth"))''} 47 # would not reformat 48 ''; 49 }; 50in 51{ 52 simple = simple "simple" true; 53 ipv4only = simple "ipv4only" false; 54 deprecated = makeTest { 55 name = "rspamd-deprecated"; 56 machine = { 57 services.rspamd = { 58 enable = true; 59 workers.normal.bindSockets = [{ 60 socket = "/run/rspamd/rspamd.sock"; 61 mode = "0600"; 62 owner = "rspamd"; 63 group = "rspamd"; 64 }]; 65 workers.controller.bindSockets = [{ 66 socket = "/run/rspamd/rspamd-worker.sock"; 67 mode = "0666"; 68 owner = "rspamd"; 69 group = "rspamd"; 70 }]; 71 }; 72 virtualisation.memorySize = 1024; 73 }; 74 75 testScript = '' 76 ${initMachine} 77 machine.wait_for_file("/run/rspamd/rspamd.sock") 78 ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "600" } 79 ${checkSocket "/run/rspamd/rspamd-worker.sock" "rspamd" "rspamd" "666" } 80 machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf")) 81 machine.log( 82 machine.succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf") 83 ) 84 machine.log(machine.succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf")) 85 machine.log(machine.succeed("rspamc -h /run/rspamd/rspamd-worker.sock stat")) 86 machine.log( 87 machine.succeed( 88 "curl --unix-socket /run/rspamd/rspamd-worker.sock http://localhost/ping" 89 ) 90 ) 91 ''; 92 }; 93 94 bindports = makeTest { 95 name = "rspamd-bindports"; 96 machine = { 97 services.rspamd = { 98 enable = true; 99 workers.normal.bindSockets = [{ 100 socket = "/run/rspamd/rspamd.sock"; 101 mode = "0600"; 102 owner = "rspamd"; 103 group = "rspamd"; 104 }]; 105 workers.controller.bindSockets = [{ 106 socket = "/run/rspamd/rspamd-worker.sock"; 107 mode = "0666"; 108 owner = "rspamd"; 109 group = "rspamd"; 110 }]; 111 workers.controller2 = { 112 type = "controller"; 113 bindSockets = [ "0.0.0.0:11335" ]; 114 extraConfig = '' 115 static_dir = "''${WWWDIR}"; 116 secure_ip = null; 117 password = "verysecretpassword"; 118 ''; 119 }; 120 }; 121 virtualisation.memorySize = 1024; 122 }; 123 124 testScript = '' 125 ${initMachine} 126 machine.wait_for_file("/run/rspamd/rspamd.sock") 127 ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "600" } 128 ${checkSocket "/run/rspamd/rspamd-worker.sock" "rspamd" "rspamd" "666" } 129 machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf")) 130 machine.log( 131 machine.succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf") 132 ) 133 machine.log(machine.succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf")) 134 machine.log( 135 machine.succeed( 136 "grep 'LOCAL_CONFDIR/override.d/worker-controller2.inc' /etc/rspamd/rspamd.conf" 137 ) 138 ) 139 machine.log( 140 machine.succeed( 141 "grep 'verysecretpassword' /etc/rspamd/override.d/worker-controller2.inc" 142 ) 143 ) 144 machine.wait_until_succeeds( 145 "journalctl -u rspamd | grep -i 'starting controller process' >&2" 146 ) 147 machine.log(machine.succeed("rspamc -h /run/rspamd/rspamd-worker.sock stat")) 148 machine.log( 149 machine.succeed( 150 "curl --unix-socket /run/rspamd/rspamd-worker.sock http://localhost/ping" 151 ) 152 ) 153 machine.log(machine.succeed("curl http://localhost:11335/ping")) 154 ''; 155 }; 156 customLuaRules = makeTest { 157 name = "rspamd-custom-lua-rules"; 158 machine = { 159 environment.etc."tests/no-muh.eml".text = '' 160 From: Sheep1<bah@example.com> 161 To: Sheep2<mah@example.com> 162 Subject: Evil cows 163 164 I find cows to be evil don't you? 165 ''; 166 environment.etc."tests/muh.eml".text = '' 167 From: Cow<cow@example.com> 168 To: Sheep2<mah@example.com> 169 Subject: Evil cows 170 171 Cows are majestic creatures don't Muh agree? 172 ''; 173 services.rspamd = { 174 enable = true; 175 locals = { 176 "antivirus.conf" = mkIf false { text = '' 177 clamav { 178 action = "reject"; 179 symbol = "CLAM_VIRUS"; 180 type = "clamav"; 181 log_clean = true; 182 servers = "/run/clamav/clamd.ctl"; 183 } 184 '';}; 185 "redis.conf" = { 186 enable = false; 187 text = '' 188 servers = "127.0.0.1"; 189 ''; 190 }; 191 "groups.conf".text = '' 192 group "cows" { 193 symbol { 194 NO_MUH = { 195 weight = 1.0; 196 description = "Mails should not muh"; 197 } 198 } 199 } 200 ''; 201 }; 202 localLuaRules = pkgs.writeText "rspamd.local.lua" '' 203 local rspamd_logger = require "rspamd_logger" 204 rspamd_config.NO_MUH = { 205 callback = function (task) 206 local parts = task:get_text_parts() 207 if parts then 208 for _,part in ipairs(parts) do 209 local content = tostring(part:get_content()) 210 rspamd_logger.infox(rspamd_config, 'Found content %s', content) 211 local found = string.find(content, "Muh"); 212 rspamd_logger.infox(rspamd_config, 'Found muh %s', tostring(found)) 213 if found then 214 return true 215 end 216 end 217 end 218 return false 219 end, 220 score = 5.0, 221 description = 'Allow no cows', 222 group = "cows", 223 } 224 rspamd_logger.infox(rspamd_config, 'Work dammit!!!') 225 ''; 226 }; 227 virtualisation.memorySize = 1024; 228 }; 229 testScript = '' 230 ${initMachine} 231 machine.wait_for_open_port(11334) 232 machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf")) 233 machine.log(machine.succeed("cat /etc/rspamd/rspamd.local.lua")) 234 machine.log(machine.succeed("cat /etc/rspamd/local.d/groups.conf")) 235 # Verify that redis.conf was not written 236 machine.fail("cat /etc/rspamd/local.d/redis.conf >&2") 237 # Verify that antivirus.conf was not written 238 machine.fail("cat /etc/rspamd/local.d/antivirus.conf >&2") 239 ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660" } 240 machine.log( 241 machine.succeed("curl --unix-socket /run/rspamd/rspamd.sock http://localhost/ping") 242 ) 243 machine.log(machine.succeed("rspamc -h 127.0.0.1:11334 stat")) 244 machine.log(machine.succeed("cat /etc/tests/no-muh.eml | rspamc -h 127.0.0.1:11334")) 245 machine.log( 246 machine.succeed("cat /etc/tests/muh.eml | rspamc -h 127.0.0.1:11334 symbols") 247 ) 248 machine.wait_until_succeeds("journalctl -u rspamd | grep -i muh >&2") 249 machine.log( 250 machine.fail( 251 "cat /etc/tests/no-muh.eml | rspamc -h 127.0.0.1:11334 symbols | grep NO_MUH" 252 ) 253 ) 254 machine.log( 255 machine.succeed( 256 "cat /etc/tests/muh.eml | rspamc -h 127.0.0.1:11334 symbols | grep NO_MUH" 257 ) 258 ) 259 ''; 260 }; 261 postfixIntegration = makeTest { 262 name = "rspamd-postfix-integration"; 263 machine = { 264 environment.systemPackages = with pkgs; [ msmtp ]; 265 environment.etc."tests/gtube.eml".text = '' 266 From: Sheep1<bah@example.com> 267 To: Sheep2<tester@example.com> 268 Subject: Evil cows 269 270 I find cows to be evil don't you? 271 272 XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X 273 ''; 274 environment.etc."tests/example.eml".text = '' 275 From: Sheep1<bah@example.com> 276 To: Sheep2<tester@example.com> 277 Subject: Evil cows 278 279 I find cows to be evil don't you? 280 ''; 281 users.users.tester = { 282 isNormalUser = true; 283 password = "test"; 284 }; 285 services.postfix = { 286 enable = true; 287 destination = ["example.com"]; 288 }; 289 services.rspamd = { 290 enable = true; 291 postfix.enable = true; 292 workers.rspamd_proxy.type = "rspamd_proxy"; 293 }; 294 virtualisation.memorySize = 1024; 295 }; 296 testScript = '' 297 ${initMachine} 298 machine.wait_for_open_port(11334) 299 machine.wait_for_open_port(25) 300 ${checkSocket "/run/rspamd/rspamd-milter.sock" "rspamd" "postfix" "660" } 301 machine.log(machine.succeed("rspamc -h 127.0.0.1:11334 stat")) 302 machine.log( 303 machine.succeed( 304 "msmtp --host=localhost -t --read-envelope-from < /etc/tests/example.eml" 305 ) 306 ) 307 machine.log( 308 machine.fail( 309 "msmtp --host=localhost -t --read-envelope-from < /etc/tests/gtube.eml" 310 ) 311 ) 312 313 machine.wait_until_fails('[ "$(postqueue -p)" != "Mail queue is empty" ]') 314 machine.fail("journalctl -u postfix | grep -i error >&2") 315 machine.fail("journalctl -u postfix | grep -i warning >&2") 316 ''; 317 }; 318}