pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / rspamd.nix
at master 11 kB view raw
1{ 2 system ? builtins.currentSystem, 3 config ? { }, 4 pkgs ? import ../.. { inherit system config; }, 5}: 6 7with import ../lib/testing-python.nix { inherit system pkgs; }; 8with pkgs.lib; 9 10let 11 initMachine = '' 12 start_all() 13 machine.wait_for_unit("rspamd.service") 14 machine.succeed("id rspamd >/dev/null") 15 ''; 16 checkSocket = socket: user: group: mode: '' 17 machine.succeed( 18 "ls ${socket} >/dev/null", 19 '[[ "$(stat -c %U ${socket})" == "${user}" ]]', 20 '[[ "$(stat -c %G ${socket})" == "${group}" ]]', 21 '[[ "$(stat -c %a ${socket})" == "${mode}" ]]', 22 ) 23 ''; 24 simple = 25 name: enableIPv6: 26 makeTest { 27 name = "rspamd-${name}"; 28 nodes.machine = { 29 services.rspamd.enable = true; 30 networking.enableIPv6 = enableIPv6; 31 }; 32 testScript = '' 33 start_all() 34 machine.wait_for_unit("multi-user.target") 35 machine.wait_for_open_port(11334) 36 machine.wait_for_unit("rspamd.service") 37 machine.succeed("id rspamd >/dev/null") 38 ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660"} 39 machine.sleep(10) 40 machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf")) 41 machine.log( 42 machine.succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf") 43 ) 44 machine.log(machine.succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf")) 45 machine.log(machine.succeed("systemctl cat rspamd.service")) 46 machine.log(machine.succeed("curl http://localhost:11334/auth")) 47 machine.log(machine.succeed("curl http://127.0.0.1:11334/auth")) 48 ${optionalString enableIPv6 ''machine.log(machine.succeed("curl http://[::1]:11334/auth"))''} 49 # would not reformat 50 ''; 51 }; 52in 53{ 54 simple = simple "simple" true; 55 ipv4only = simple "ipv4only" false; 56 deprecated = makeTest { 57 name = "rspamd-deprecated"; 58 nodes.machine = { 59 services.rspamd = { 60 enable = true; 61 workers.normal.bindSockets = [ 62 { 63 socket = "/run/rspamd/rspamd.sock"; 64 mode = "0600"; 65 owner = "rspamd"; 66 group = "rspamd"; 67 } 68 ]; 69 workers.controller.bindSockets = [ 70 { 71 socket = "/run/rspamd/rspamd-worker.sock"; 72 mode = "0666"; 73 owner = "rspamd"; 74 group = "rspamd"; 75 } 76 ]; 77 }; 78 }; 79 80 testScript = '' 81 ${initMachine} 82 machine.wait_for_file("/run/rspamd/rspamd.sock") 83 ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "600"} 84 ${checkSocket "/run/rspamd/rspamd-worker.sock" "rspamd" "rspamd" "666"} 85 machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf")) 86 machine.log( 87 machine.succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf") 88 ) 89 machine.log(machine.succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf")) 90 machine.log(machine.succeed("rspamc -h /run/rspamd/rspamd-worker.sock stat")) 91 machine.log( 92 machine.succeed( 93 "curl --unix-socket /run/rspamd/rspamd-worker.sock http://localhost/ping" 94 ) 95 ) 96 ''; 97 }; 98 99 bindports = makeTest { 100 name = "rspamd-bindports"; 101 nodes.machine = { 102 services.rspamd = { 103 enable = true; 104 workers.normal.bindSockets = [ 105 { 106 socket = "/run/rspamd/rspamd.sock"; 107 mode = "0600"; 108 owner = "rspamd"; 109 group = "rspamd"; 110 } 111 ]; 112 workers.controller.bindSockets = [ 113 { 114 socket = "/run/rspamd/rspamd-worker.sock"; 115 mode = "0666"; 116 owner = "rspamd"; 117 group = "rspamd"; 118 } 119 ]; 120 workers.controller2 = { 121 type = "controller"; 122 bindSockets = [ "0.0.0.0:11335" ]; 123 extraConfig = '' 124 static_dir = "''${WWWDIR}"; 125 secure_ip = null; 126 password = "verysecretpassword"; 127 ''; 128 }; 129 }; 130 }; 131 132 testScript = '' 133 ${initMachine} 134 machine.wait_for_file("/run/rspamd/rspamd.sock") 135 ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "600"} 136 ${checkSocket "/run/rspamd/rspamd-worker.sock" "rspamd" "rspamd" "666"} 137 machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf")) 138 machine.log( 139 machine.succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf") 140 ) 141 machine.log(machine.succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf")) 142 machine.log( 143 machine.succeed( 144 "grep 'LOCAL_CONFDIR/override.d/worker-controller2.inc' /etc/rspamd/rspamd.conf" 145 ) 146 ) 147 machine.log( 148 machine.succeed( 149 "grep 'verysecretpassword' /etc/rspamd/override.d/worker-controller2.inc" 150 ) 151 ) 152 machine.wait_until_succeeds( 153 "journalctl -u rspamd | grep -i 'starting controller process' >&2" 154 ) 155 machine.log(machine.succeed("rspamc -h /run/rspamd/rspamd-worker.sock stat")) 156 machine.log( 157 machine.succeed( 158 "curl --unix-socket /run/rspamd/rspamd-worker.sock http://localhost/ping" 159 ) 160 ) 161 machine.log(machine.succeed("curl http://localhost:11335/ping")) 162 ''; 163 }; 164 customLuaRules = makeTest { 165 name = "rspamd-custom-lua-rules"; 166 nodes.machine = { 167 environment.etc."tests/no-muh.eml".text = '' 168 From: Sheep1<bah@example.com> 169 To: Sheep2<mah@example.com> 170 Subject: Evil cows 171 172 I find cows to be evil don't you? 173 ''; 174 environment.etc."tests/muh.eml".text = '' 175 From: Cow<cow@example.com> 176 To: Sheep2<mah@example.com> 177 Subject: Evil cows 178 179 Cows are majestic creatures don't Muh agree? 180 ''; 181 services.rspamd = { 182 enable = true; 183 locals = { 184 "antivirus.conf" = mkIf false { 185 text = '' 186 clamav { 187 action = "reject"; 188 symbol = "CLAM_VIRUS"; 189 type = "clamav"; 190 log_clean = true; 191 servers = "/run/clamav/clamd.ctl"; 192 } 193 ''; 194 }; 195 "redis.conf" = { 196 enable = false; 197 text = '' 198 servers = "127.0.0.1"; 199 ''; 200 }; 201 "groups.conf".text = '' 202 group "cows" { 203 symbol { 204 NO_MUH = { 205 weight = 1.0; 206 description = "Mails should not muh"; 207 } 208 } 209 } 210 ''; 211 }; 212 localLuaRules = pkgs.writeText "rspamd.local.lua" '' 213 local rspamd_logger = require "rspamd_logger" 214 rspamd_config.NO_MUH = { 215 callback = function (task) 216 local parts = task:get_text_parts() 217 if parts then 218 for _,part in ipairs(parts) do 219 local content = tostring(part:get_content()) 220 rspamd_logger.infox(rspamd_config, 'Found content %s', content) 221 local found = string.find(content, "Muh"); 222 rspamd_logger.infox(rspamd_config, 'Found muh %s', tostring(found)) 223 if found then 224 return true 225 end 226 end 227 end 228 return false 229 end, 230 score = 5.0, 231 description = 'Allow no cows', 232 group = "cows", 233 } 234 rspamd_logger.infox(rspamd_config, 'Work dammit!!!') 235 ''; 236 }; 237 }; 238 testScript = '' 239 ${initMachine} 240 machine.wait_for_open_port(11334) 241 machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf")) 242 machine.log(machine.succeed("cat /etc/rspamd/rspamd.local.lua")) 243 machine.log(machine.succeed("cat /etc/rspamd/local.d/groups.conf")) 244 # Verify that redis.conf was not written 245 machine.fail("cat /etc/rspamd/local.d/redis.conf >&2") 246 # Verify that antivirus.conf was not written 247 machine.fail("cat /etc/rspamd/local.d/antivirus.conf >&2") 248 ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660"} 249 machine.log( 250 machine.succeed("curl --unix-socket /run/rspamd/rspamd.sock http://localhost/ping") 251 ) 252 machine.log(machine.succeed("rspamc -h 127.0.0.1:11334 stat")) 253 machine.log(machine.succeed("cat /etc/tests/no-muh.eml | rspamc -h 127.0.0.1:11334")) 254 machine.log( 255 machine.succeed("cat /etc/tests/muh.eml | rspamc -h 127.0.0.1:11334 symbols") 256 ) 257 machine.wait_until_succeeds("journalctl -u rspamd | grep -i muh >&2") 258 machine.log( 259 machine.fail( 260 "cat /etc/tests/no-muh.eml | rspamc -h 127.0.0.1:11334 symbols | grep NO_MUH" 261 ) 262 ) 263 machine.log( 264 machine.succeed( 265 "cat /etc/tests/muh.eml | rspamc -h 127.0.0.1:11334 symbols | grep NO_MUH" 266 ) 267 ) 268 ''; 269 }; 270 postfixIntegration = makeTest { 271 name = "rspamd-postfix-integration"; 272 nodes.machine = { 273 environment.systemPackages = with pkgs; [ msmtp ]; 274 environment.etc."tests/gtube.eml".text = '' 275 From: Sheep1<bah@example.com> 276 To: Sheep2<tester@example.com> 277 Subject: Evil cows 278 279 I find cows to be evil don't you? 280 281 XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X 282 ''; 283 environment.etc."tests/example.eml".text = '' 284 From: Sheep1<bah@example.com> 285 To: Sheep2<tester@example.com> 286 Subject: Evil cows 287 288 I find cows to be evil don't you? 289 ''; 290 users.users.tester = { 291 isNormalUser = true; 292 password = "test"; 293 }; 294 services.postfix = { 295 enable = true; 296 settings.main.mydestination = [ "example.com" ]; 297 }; 298 services.rspamd = { 299 enable = true; 300 postfix.enable = true; 301 workers.rspamd_proxy.type = "rspamd_proxy"; 302 }; 303 }; 304 testScript = '' 305 ${initMachine} 306 machine.wait_for_open_port(11334) 307 machine.wait_for_open_port(25) 308 ${checkSocket "/run/rspamd/rspamd-milter.sock" "rspamd" "postfix" "660"} 309 machine.log(machine.succeed("rspamc -h 127.0.0.1:11334 stat")) 310 machine.log( 311 machine.succeed( 312 "msmtp --host=localhost -t --read-envelope-from < /etc/tests/example.eml" 313 ) 314 ) 315 machine.log( 316 machine.fail( 317 "msmtp --host=localhost -t --read-envelope-from < /etc/tests/gtube.eml" 318 ) 319 ) 320 321 machine.wait_until_fails('[ "$(postqueue -p)" != "Mail queue is empty" ]') 322 machine.fail("journalctl -u postfix | grep -i error >&2") 323 ''; 324 }; 325}