Bug 38063

Summary: ucs-test: Postfix allows MAIL FROM address spoofing
Product: UCS Test Reporter: Sönke Schwardt-Krummrich <schwardt>
Component: MailAssignee: Mail maintainers <mail-maintainers>
Status: NEW --- QA Contact:
Severity: normal    
Priority: P5    
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Linux   
What kind of report is it?: Development Internal What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on: 31738, 38061    
Bug Blocks:    
Attachments: testSMTP script

Description Sönke Schwardt-Krummrich univentionstaff 2015-03-17 13:59:43 CET 
Created attachment 6765 [details]
testSMTP script

Bug 31738|38061 describes a way to implement a sender address restriction.
This should be tested automatically. The attached script was used during development, to have an idea which mails were rejected (or not).

testSMTP requires the hostname/IP address of the mailserver and the port to be tested (25 or 465; other ports are not supported!).

Usage:
==> on the test system
# eval $(ucr shell)
# udm users/user create --ignore_exists --position "cn=users,$ldap_base" \
                        --set username="ding" --set lastname=Ding \
                        --set password=univention \
                        --set mailPrimaryAddress=ding@$domainname \
                        --set mailAlternativeAddress=ding2@$domainname
# udm users/user create --ignore_exists --position "cn=users,$ldap_base" \
                        --set username="dong" --set lastname=Dong \
                        --set password=univention \
                        --set mailPrimaryAddress=dong@$domainname

==> on an external system
# univention-install swaks
# vim ./testSMTP
(alter the DOMAIN variable and enter the value of $domainname of the mailserver)
# ./testSMTP 10.200.18.40 25 > /dev/null
or 
# ./testSMTP 10.200.18.40 465 > /dev/null