Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 05:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing
History
Arne Welzel b8dc6ad120 smtp: Validate mail transaction and disable SMTP analyzer if excessive 
An invalid mail transaction is determined as

* RCPT TO command without a preceding MAIL FROM
* a DATA command without a preceding RCPT TO

and logged as a weird.

The testing pcap for invalid mail transactions was produced with a Python
script against a local exim4 configured to accept more errors and unknown
commands than 3 by default:

    # exim4.conf.template
    smtp_max_synprot_errors = 100
    smtp_max_unknown_commands = 100

See also: https://www.rfc-editor.org/rfc/rfc5321#section-3.3
2023-03-27 18:41:47 +02:00
..
benchmark/broker Port Zeek to latest Broker API 2022-04-27 23:02:27 +02:00
btest smtp: Validate mail transaction and disable SMTP analyzer if excessive 2023-03-27 18:41:47 +02:00
builtin-plugins cirrus: Add smoke testing for builtin plugins 2023-03-08 22:32:29 +01:00
coverage Remove files in build/src/3rdparty from coverage reports 2023-02-09 12:04:53 -07:00
external dns: Remove AD and CD flags from log 2023-03-16 10:09:27 +01:00
scripts extend BTest "path" canonicalization to include compiled-to-C++ variable names 2023-03-08 10:19:21 +01:00
.gitignore
CMakeLists.txt Install Zeek's btest tooling with the distribution 2021-03-11 13:00:15 -08:00
Makefile
README

README 

This directory contains suites for testing for Zeek's correct
operation:

    btest/
        An ever-growing set of small unit tests testing Zeek's
        functionality.

    external/
        A framework for downloading additional test sets that run more
        complex Zeek configuration on larger traces files. Due to their
        size, these are not included directly. See the README for more
        information. 

    scripts/
        Helpers scripts used by some tests.