pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / rspamd.nix
at 23.11-pre 11 kB view raw
1{ system ? builtins.currentSystem, 2 config ? {}, 3 pkgs ? import ../.. { inherit system config; } 4}: 5 6with import ../lib/testing-python.nix { inherit system pkgs; }; 7with pkgs.lib; 8 9let 10 initMachine = '' 11 start_all() 12 machine.wait_for_unit("rspamd.service") 13 machine.succeed("id rspamd >/dev/null") 14 ''; 15 checkSocket = socket: user: group: mode: '' 16 machine.succeed( 17 "ls ${socket} >/dev/null", 18 '[[ "$(stat -c %U ${socket})" == "${user}" ]]', 19 '[[ "$(stat -c %G ${socket})" == "${group}" ]]', 20 '[[ "$(stat -c %a ${socket})" == "${mode}" ]]', 21 ) 22 ''; 23 simple = name: enableIPv6: makeTest { 24 name = "rspamd-${name}"; 25 nodes.machine = { 26 services.rspamd.enable = true; 27 networking.enableIPv6 = enableIPv6; 28 }; 29 testScript = '' 30 start_all() 31 machine.wait_for_unit("multi-user.target") 32 machine.wait_for_open_port(11334) 33 machine.wait_for_unit("rspamd.service") 34 machine.succeed("id rspamd >/dev/null") 35 ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660" } 36 machine.sleep(10) 37 machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf")) 38 machine.log( 39 machine.succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf") 40 ) 41 machine.log(machine.succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf")) 42 machine.log(machine.succeed("systemctl cat rspamd.service")) 43 machine.log(machine.succeed("curl http://localhost:11334/auth")) 44 machine.log(machine.succeed("curl http://127.0.0.1:11334/auth")) 45 ${optionalString enableIPv6 ''machine.log(machine.succeed("curl http://[::1]:11334/auth"))''} 46 # would not reformat 47 ''; 48 }; 49in 50{ 51 simple = simple "simple" true; 52 ipv4only = simple "ipv4only" false; 53 deprecated = makeTest { 54 name = "rspamd-deprecated"; 55 nodes.machine = { 56 services.rspamd = { 57 enable = true; 58 workers.normal.bindSockets = [{ 59 socket = "/run/rspamd/rspamd.sock"; 60 mode = "0600"; 61 owner = "rspamd"; 62 group = "rspamd"; 63 }]; 64 workers.controller.bindSockets = [{ 65 socket = "/run/rspamd/rspamd-worker.sock"; 66 mode = "0666"; 67 owner = "rspamd"; 68 group = "rspamd"; 69 }]; 70 }; 71 }; 72 73 testScript = '' 74 ${initMachine} 75 machine.wait_for_file("/run/rspamd/rspamd.sock") 76 ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "600" } 77 ${checkSocket "/run/rspamd/rspamd-worker.sock" "rspamd" "rspamd" "666" } 78 machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf")) 79 machine.log( 80 machine.succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf") 81 ) 82 machine.log(machine.succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf")) 83 machine.log(machine.succeed("rspamc -h /run/rspamd/rspamd-worker.sock stat")) 84 machine.log( 85 machine.succeed( 86 "curl --unix-socket /run/rspamd/rspamd-worker.sock http://localhost/ping" 87 ) 88 ) 89 ''; 90 }; 91 92 bindports = makeTest { 93 name = "rspamd-bindports"; 94 nodes.machine = { 95 services.rspamd = { 96 enable = true; 97 workers.normal.bindSockets = [{ 98 socket = "/run/rspamd/rspamd.sock"; 99 mode = "0600"; 100 owner = "rspamd"; 101 group = "rspamd"; 102 }]; 103 workers.controller.bindSockets = [{ 104 socket = "/run/rspamd/rspamd-worker.sock"; 105 mode = "0666"; 106 owner = "rspamd"; 107 group = "rspamd"; 108 }]; 109 workers.controller2 = { 110 type = "controller"; 111 bindSockets = [ "0.0.0.0:11335" ]; 112 extraConfig = '' 113 static_dir = "''${WWWDIR}"; 114 secure_ip = null; 115 password = "verysecretpassword"; 116 ''; 117 }; 118 }; 119 }; 120 121 testScript = '' 122 ${initMachine} 123 machine.wait_for_file("/run/rspamd/rspamd.sock") 124 ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "600" } 125 ${checkSocket "/run/rspamd/rspamd-worker.sock" "rspamd" "rspamd" "666" } 126 machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf")) 127 machine.log( 128 machine.succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf") 129 ) 130 machine.log(machine.succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf")) 131 machine.log( 132 machine.succeed( 133 "grep 'LOCAL_CONFDIR/override.d/worker-controller2.inc' /etc/rspamd/rspamd.conf" 134 ) 135 ) 136 machine.log( 137 machine.succeed( 138 "grep 'verysecretpassword' /etc/rspamd/override.d/worker-controller2.inc" 139 ) 140 ) 141 machine.wait_until_succeeds( 142 "journalctl -u rspamd | grep -i 'starting controller process' >&2" 143 ) 144 machine.log(machine.succeed("rspamc -h /run/rspamd/rspamd-worker.sock stat")) 145 machine.log( 146 machine.succeed( 147 "curl --unix-socket /run/rspamd/rspamd-worker.sock http://localhost/ping" 148 ) 149 ) 150 machine.log(machine.succeed("curl http://localhost:11335/ping")) 151 ''; 152 }; 153 customLuaRules = makeTest { 154 name = "rspamd-custom-lua-rules"; 155 nodes.machine = { 156 environment.etc."tests/no-muh.eml".text = '' 157 From: Sheep1<bah@example.com> 158 To: Sheep2<mah@example.com> 159 Subject: Evil cows 160 161 I find cows to be evil don't you? 162 ''; 163 environment.etc."tests/muh.eml".text = '' 164 From: Cow<cow@example.com> 165 To: Sheep2<mah@example.com> 166 Subject: Evil cows 167 168 Cows are majestic creatures don't Muh agree? 169 ''; 170 services.rspamd = { 171 enable = true; 172 locals = { 173 "antivirus.conf" = mkIf false { text = '' 174 clamav { 175 action = "reject"; 176 symbol = "CLAM_VIRUS"; 177 type = "clamav"; 178 log_clean = true; 179 servers = "/run/clamav/clamd.ctl"; 180 } 181 '';}; 182 "redis.conf" = { 183 enable = false; 184 text = '' 185 servers = "127.0.0.1"; 186 ''; 187 }; 188 "groups.conf".text = '' 189 group "cows" { 190 symbol { 191 NO_MUH = { 192 weight = 1.0; 193 description = "Mails should not muh"; 194 } 195 } 196 } 197 ''; 198 }; 199 localLuaRules = pkgs.writeText "rspamd.local.lua" '' 200 local rspamd_logger = require "rspamd_logger" 201 rspamd_config.NO_MUH = { 202 callback = function (task) 203 local parts = task:get_text_parts() 204 if parts then 205 for _,part in ipairs(parts) do 206 local content = tostring(part:get_content()) 207 rspamd_logger.infox(rspamd_config, 'Found content %s', content) 208 local found = string.find(content, "Muh"); 209 rspamd_logger.infox(rspamd_config, 'Found muh %s', tostring(found)) 210 if found then 211 return true 212 end 213 end 214 end 215 return false 216 end, 217 score = 5.0, 218 description = 'Allow no cows', 219 group = "cows", 220 } 221 rspamd_logger.infox(rspamd_config, 'Work dammit!!!') 222 ''; 223 }; 224 }; 225 testScript = '' 226 ${initMachine} 227 machine.wait_for_open_port(11334) 228 machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf")) 229 machine.log(machine.succeed("cat /etc/rspamd/rspamd.local.lua")) 230 machine.log(machine.succeed("cat /etc/rspamd/local.d/groups.conf")) 231 # Verify that redis.conf was not written 232 machine.fail("cat /etc/rspamd/local.d/redis.conf >&2") 233 # Verify that antivirus.conf was not written 234 machine.fail("cat /etc/rspamd/local.d/antivirus.conf >&2") 235 ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660" } 236 machine.log( 237 machine.succeed("curl --unix-socket /run/rspamd/rspamd.sock http://localhost/ping") 238 ) 239 machine.log(machine.succeed("rspamc -h 127.0.0.1:11334 stat")) 240 machine.log(machine.succeed("cat /etc/tests/no-muh.eml | rspamc -h 127.0.0.1:11334")) 241 machine.log( 242 machine.succeed("cat /etc/tests/muh.eml | rspamc -h 127.0.0.1:11334 symbols") 243 ) 244 machine.wait_until_succeeds("journalctl -u rspamd | grep -i muh >&2") 245 machine.log( 246 machine.fail( 247 "cat /etc/tests/no-muh.eml | rspamc -h 127.0.0.1:11334 symbols | grep NO_MUH" 248 ) 249 ) 250 machine.log( 251 machine.succeed( 252 "cat /etc/tests/muh.eml | rspamc -h 127.0.0.1:11334 symbols | grep NO_MUH" 253 ) 254 ) 255 ''; 256 }; 257 postfixIntegration = makeTest { 258 name = "rspamd-postfix-integration"; 259 nodes.machine = { 260 environment.systemPackages = with pkgs; [ msmtp ]; 261 environment.etc."tests/gtube.eml".text = '' 262 From: Sheep1<bah@example.com> 263 To: Sheep2<tester@example.com> 264 Subject: Evil cows 265 266 I find cows to be evil don't you? 267 268 XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X 269 ''; 270 environment.etc."tests/example.eml".text = '' 271 From: Sheep1<bah@example.com> 272 To: Sheep2<tester@example.com> 273 Subject: Evil cows 274 275 I find cows to be evil don't you? 276 ''; 277 users.users.tester = { 278 isNormalUser = true; 279 password = "test"; 280 }; 281 services.postfix = { 282 enable = true; 283 destination = ["example.com"]; 284 }; 285 services.rspamd = { 286 enable = true; 287 postfix.enable = true; 288 workers.rspamd_proxy.type = "rspamd_proxy"; 289 }; 290 }; 291 testScript = '' 292 ${initMachine} 293 machine.wait_for_open_port(11334) 294 machine.wait_for_open_port(25) 295 ${checkSocket "/run/rspamd/rspamd-milter.sock" "rspamd" "postfix" "660" } 296 machine.log(machine.succeed("rspamc -h 127.0.0.1:11334 stat")) 297 machine.log( 298 machine.succeed( 299 "msmtp --host=localhost -t --read-envelope-from < /etc/tests/example.eml" 300 ) 301 ) 302 machine.log( 303 machine.fail( 304 "msmtp --host=localhost -t --read-envelope-from < /etc/tests/gtube.eml" 305 ) 306 ) 307 308 machine.wait_until_fails('[ "$(postqueue -p)" != "Mail queue is empty" ]') 309 machine.fail("journalctl -u postfix | grep -i error >&2") 310 machine.fail("journalctl -u postfix | grep -i warning >&2") 311 ''; 312 }; 313}