Open Build Service

rubygem-postfix-rate-policyd.spec Changed

postfix-rate-policyd-1.0.1.gem/checksums.yaml.gz -> postfix-rate-policyd-1.0.2.gem/checksums.yaml.gz Changed

postfix-rate-policyd-1.0.1.gem/data/lib/postfix/rate/policyd/heuristics.rb -> postfix-rate-policyd-1.0.2.gem/data/lib/postfix/rate/policyd/heuristics.rb Changed

postfix-rate-policyd-1.0.1.gem/data/lib/postfix/rate/policyd/version.rb -> postfix-rate-policyd-1.0.2.gem/data/lib/postfix/rate/policyd/version.rb Changed

postfix-rate-policyd-1.0.1.gem/data/spec/helpers/database_helpers.rb -> postfix-rate-policyd-1.0.2.gem/data/spec/helpers/database_helpers.rb Changed

@@ -1,3 +1,5 @@
+require 'ostruct'
+
 module DatabaseHelpers
   def self.init_database(debug = false)
     options = {}
@@ -31,6 +33,54 @@
       Sequel::Model.db.execute_dui "DELETE FROM trackers;"
     end
   
-    Postfix::Rate::Models.init
+    config = OpenStruct.new(
+      trackers: {},
+      policies: 
+        {
+          "name"=>"default",
+          "h_max_addresses"=>5,
+          "h_activity_threshold"=>14400,
+          "h_interval"=>1800,
+          "h_interval_count"=>50,
+          "h_grace_threshold"=>1296000,
+          "description"=>"Default Policy",
+          "interval"=>3600,
+          "heuristics"=>false,
+          "count"=>10,
+          "recipients"=>20,
+          "volume"=>"nil"
+        },
+        {
+          "name"=>"default_for_addresses",
+          "h_max_addresses"=>5,
+          "h_activity_threshold"=>14400,
+          "h_interval"=>1800,
+          "h_interval_count"=>50,
+          "h_grace_threshold"=>1296000,
+          "description"=>"Default Policy for unauthenticated addresses",
+          "interval"=>86400,
+          "heuristics"=>true,
+          "count"=>200,
+          "recipients"=>200,
+          "volume"=>"nil"
+        },
+        {
+          "name"=>"default_for_identities",
+          "h_max_addresses"=>5,
+          "h_activity_threshold"=>14400,
+          "h_interval"=>1800,
+          "h_interval_count"=>50,
+          "h_grace_threshold"=>1296000,
+          "description"=>"Default Policy for authenticated identities",
+          "interval"=>86400,
+          "heuristics"=>true,
+          "count"=>500,
+          "recipients"=>1000,
+          "volume"=>"nil"
+        }
+      
+    )
+    
+    Postfix::Rate::Models.init(config)
   end
 end
\ No newline at end of file

postfix-rate-policyd-1.0.1.gem/data/spec/heuristics_spec.rb -> postfix-rate-policyd-1.0.2.gem/data/spec/heuristics_spec.rb Changed

@@ -398,4 +398,159 @@
       end
     end
   end
+
+  context 'policy with heuristics disabled' do
+    let :identity do
+      id = Postfix::Rate::Models::AuthenticatedIdentity.new(identity: 'sender@foo.bar')
+      id.policy = Postfix::Rate::Models::Policy.find(name: 'default')
+      id.save
+      id
+    end
+
+    context 'should update the heuristics data' do
+      it 'should initialize the heuristics data' do
+        id = identity
+        req = request
+        entity = subject.fetch_entity(req)
+
+        expect {
+          subject.check_heuristics(req)
+        }.to change{entity.tracker.heuristics}
+      end
+
+      it 'should add the new address in the heuristics data' do
+        id = identity
+        req = request
+        entity = subject.fetch_entity(req)
+        subject.update_quota(req)
+
+        req1 = request
+        req1.set_attribute 'client_address', '2.3.4.5'
+        req1.new_instance!
+        entity = subject.fetch_entity(req1)
+
+        expect {
+          subject.check_heuristics(req1)
+        }.to change{entity.tracker.heuristics:addresses.count}.to(2)
+      end
+
+      it 'should update the address data' do
+        id = identity
+        req = request
+        entity = subject.fetch_entity(req)
+        subject.update_quota(req)
+
+        Timecop.travel(10.seconds.from_now) do
+          req1 = request
+          entity = subject.fetch_entity(req1)
+
+          expect {
+            subject.check_heuristics(req1)
+          }.to change{entity.tracker.heuristics:addresses'1.2.3.4':last_seen}
+            .and change{entity.tracker.heuristics:addresses'1.2.3.4':total_count}
+            .and change{entity.tracker.heuristics:addresses'1.2.3.4':last_count}
+        end
+      end
+
+      it 'last_count is a rolling average' do
+        id = identity
+        req = request
+        entity = subject.fetch_entity(req)
+        subject.update_quota(req)
+
+        Timecop.travel((entity.policy.h_interval/2).seconds.from_now) do
+          req1 = request
+          entity = subject.fetch_entity(req1)
+
+          expect {
+            subject.check_heuristics(req1)
+          }.to change{entity.tracker.heuristics:addresses'1.2.3.4':last_count}.to(1.5)
+        end
+      end
+
+      it 'should reset last_count' do
+        id = identity
+        req = request
+        entity = subject.fetch_entity(req)
+        subject.update_quota(req)
+
+        Timecop.travel((entity.policy.h_interval+10).seconds.from_now) do
+          req1 = request
+          entity = subject.fetch_entity(req1)
+          
+          entity.tracker.heuristics:addresses'1.2.3.4':last_count = 100
+
+          expect {
+            subject.check_heuristics(req1)
+          }.to change{entity.tracker.heuristics:addresses'1.2.3.4':last_count}.to(1)
+        end
+      end
+    end
+    
+    context 'should not ban the identity' do
+      it 'when clients has multiple addresses and one address over quota' do
+        id = identity
+        req = request
+        subject.fetch_entity(req)
+        subject.update_quota(req)
+        
+        req1 = request
+        req1.set_attribute 'client_address', '2.3.4.5'
+        req1.new_instance!
+        subject.fetch_entity(req1)
+        subject.update_quota(req1)
+
+        req2 = request
+        req2.set_attribute 'client_address', '2.3.4.5'
+        req2.new_instance!
+        entity = subject.fetch_entity(req2)
+        
+        entity.tracker.heuristics:addresses'2.3.4.5':last_count = entity.policy.h_interval_count
+        entity.tracker.heuristics:addresses'2.3.4.5':total_count = entity.policy.h_interval_count
+
+        Timecop.travel(10.seconds.from_now) do
+          expect {
+            subject.check_heuristics(req2)
+          }.to not_change{entity.disabled}
+            .and not_change{Postfix::Rate::Models::NetworkAddress.where(flags: 'b').count}
+        end
+      end
+
+      it 'when client is sending from too many addresses' do
+        id = identity
+        req = request
+        entity = subject.fetch_entity(req)
+
+        # build and store the maximum allowed amount of addresses
+        addresses = 1.upto(entity.policy.h_max_addresses).map do | n |
+          "1.1.1.#{n}"
+        end
+
+        addresses.each.with_index do | addr, idx |
+          req = request
+          req.set_attribute 'client_address', addr
+          req.new_instance!
+          entity = subject.fetch_entity(req)
+          subject.update_quota(req)
+        end
+
+        # now attempt a request from a new address
+        req = request
+        req.set_attribute 'client_address', '2.2.2.2'
+        req.new_instance!
+        entity = subject.fetch_entity(req)
+        
+        # should forget 1.1.1.1 and store 2.2.2.2
+        new_addresses = addresses.dup
+        new_addresses.shift
+        new_addresses.push('2.2.2.2')
+
+        expect {
+          subject.check_heuristics(req)
+        }.to not_change{entity.disabled}
+          .and not_change{Postfix::Rate::Models::NetworkAddress.where(flags: 'b').count}
+          .and not_change{entity.tracker.heuristics:addresses.keys}
+      end
+    end
+  end
 end
\ No newline at end of file

postfix-rate-policyd-1.0.1.gem/metadata.gz -> postfix-rate-policyd-1.0.2.gem/metadata.gz Changed

Changes of Revision 13