# HG changeset patch # User Sergey Kandaurov # Date 1614858340 -10800 # Node ID d1c4059e1e728918a0a2f3f2e1e860ab755dbdbb # Parent 3b8a9f02d141bba87efa006df58ce73849b2dae1 Tests: smtp tests with proxy protocol and realip. diff --git a/mail_proxy_protocol.t b/mail_proxy_protocol.t new file mode 100644 --- /dev/null +++ b/mail_proxy_protocol.t @@ -0,0 +1,124 @@ +#!/usr/bin/perl + +# (C) Sergey Kandaurov +# (C) Nginx, Inc. + +# Tests for mail proxy module, PROXY protocol with realip. + +############################################################################### + +use warnings; +use strict; + +use Test::More; + +use MIME::Base64; + +BEGIN { use FindBin; chdir($FindBin::Bin); } + +use lib 'lib'; +use Test::Nginx; +use Test::Nginx::SMTP; + +############################################################################### + +select STDERR; $| = 1; +select STDOUT; $| = 1; + +local $SIG{PIPE} = 'IGNORE'; + +my $t = Test::Nginx->new()->has(qw/mail smtp http rewrite/) + ->write_file_expand('nginx.conf', <<'EOF'); + +%%TEST_GLOBALS%% + +daemon off; + +events { +} + +mail { + proxy_pass_error_message on; + proxy_smtp_auth on; + auth_http http://127.0.0.1:8080/mail/auth; + smtp_auth login plain; + + server { + listen 127.0.0.1:8025 proxy_protocol; + protocol smtp; + + auth_http_header X-Type proxy; + } + + server { + listen 127.0.0.1:8027 proxy_protocol; + protocol smtp; + + set_real_ip_from 127.0.0.1/32; + auth_http_header X-Type realip; + } +} + +http { + %%TEST_GLOBALS_HTTP%% + + server { + listen 127.0.0.1:8080; + server_name localhost; + + location = /mail/auth { + set $reply ERROR; + set $test $http_x_type:$http_client_ip:$http_proxy_protocol_addr; + + if ($test = proxy:127.0.0.1:192.0.2.1) { + set $reply OK; + } + + if ($test = realip:192.0.2.1:192.0.2.1) { + set $reply OK; + } + + add_header Auth-Status $reply; + add_header Auth-Server 127.0.0.1; + add_header Auth-Port %%PORT_8026%%; + add_header Auth-Wait 1; + return 204; + } + } +} + +EOF + +$t->run_daemon(\&Test::Nginx::SMTP::smtp_test_daemon); +$t->try_run('no proxy_protocol')->plan(6); + +$t->waitforsocket('127.0.0.1:' . port(8026)); + +############################################################################### + +# connection with PROXY protocol + +my $s = Test::Nginx::SMTP->new(PeerAddr => '127.0.0.1:' . port(8025)); +$s->send('PROXY TCP4 192.0.2.1 192.0.2.2 123 5678'); +$s->check(qr/^220 /, "greeting with proxy_protocol"); + +$s->send('EHLO example.com'); +$s->check(qr/^250 /, "ehlo with proxy_protocol"); + +$s->send('AUTH PLAIN ' . encode_base64("\0test\@example.com\0secret", '')); +$s->authok('auth with proxy_protocol'); + +# connection with PROXY protocol and set_realip_from + +$s = Test::Nginx::SMTP->new(PeerAddr => '127.0.0.1:' . port(8027)); + +$s->send('PROXY TCP4 192.0.2.1 192.0.2.2 123 5678'); +$s->check(qr/^220 /, "greeting with proxy_protocol and realip"); + +$s->send('EHLO example.com'); +$s->check(qr/^250 /, "ehlo with proxy_protocol and realip"); + +$s->send('AUTH PLAIN ' . encode_base64("\0test\@example.com\0secret", '')); +$s->authok('auth with proxy_protocol and realip'); + +###############################################################################