Add integration tests suite for some code paths

2025-04-03 05:07:38 +03:00 · 2020-02-22 23:06:20 +03:00 · 2020-02-22 23:06:20 +03:00 · 65240ebc91
commit 65240ebc91
parent 353c1edd5e
8 changed files with 641 additions and 30 deletions
--- a/tests/basic_test.go
+++ b/tests/basic_test.go
@ -9,6 +9,8 @@ import (
 )

 func TestBasic(tt *testing.T) {
+	tt.Parallel()
+
 	// This test is mostly intended to test whether the integration testing
 	// library is working as expected.

--- a/tests/conn.go
+++ b/tests/conn.go
@ -34,7 +34,7 @@ func (c *Conn) AllowIOErr(ok bool) {
 }

 // Write writes the string to the connection socket.
-func (c *Conn) Write(s string) error {
+func (c *Conn) Write(s string) {
 	c.T.Helper()

 	// Make sure the test will not accidentally hang waiting for I/O forever if
@ -50,22 +50,17 @@ func (c *Conn) Write(s string) error {

 	c.log('>', "%s", s)
 	if _, err := io.WriteString(c.Conn, s); err != nil {
-		if c.allowIOErr {
-			return err
-		}
 		c.fatal("Unexpected I/O error: %v", err)
 	}
-
-	return nil
 }

-func (c *Conn) Writeln(s string) error {
+func (c *Conn) Writeln(s string) {
 	c.T.Helper()

-	return c.Write(s + "\r\n")
+	c.Write(s + "\r\n")
 }

-func (c *Conn) consumeLine() (string, error) {
+func (c *Conn) Readln() (string, error) {
 	c.T.Helper()

 	// Make sure the test will not accidentally hang waiting for I/O forever if
@ -97,15 +92,29 @@ func (c *Conn) consumeLine() (string, error) {
 	return c.Scanner.Text(), nil
 }

+func (c *Conn) Expect(line string) error {
+	c.T.Helper()
+
+	actual, err := c.Readln()
+	if err != nil {
+		return err
+	}
+
+	if line != actual {
+		c.T.Fatalf("Response line not matching the expected one, want %q", line)
+	}
+	return nil
+}
+
 // ExpectPattern reads a line from the connection socket and checks whether is
 // matches the supplied shell pattern (as defined by path.Match). The original
 // line is returned.
-func (c *Conn) ExpectPattern(pat string) (string, error) {
+func (c *Conn) ExpectPattern(pat string) string {
 	c.T.Helper()

-	line, err := c.consumeLine()
+	line, err := c.Readln()
 	if err != nil {
-		return line, err
+		c.T.Fatal("Unexpected I/O error:", err)
 	}

 	match, err := path.Match(pat, line)
@ -113,23 +122,27 @@ func (c *Conn) ExpectPattern(pat string) (string, error) {
 		c.T.Fatal("Malformed pattern:", err)
 	}
 	if !match {
-		c.T.Fatal("Response line not matching the expected pattern, want", pat)
+		c.T.Fatalf("Response line not matching the expected pattern, want %q", pat)
 	}

-	return line, nil
+	return line
 }

 func (c *Conn) fatal(f string, args ...interface{}) {
+	c.T.Helper()
 	c.log('-', f, args...)
 	c.T.FailNow()
 }

 func (c *Conn) error(f string, args ...interface{}) {
+	c.T.Helper()
 	c.log('-', f, args...)
 	c.T.Fail()
 }

 func (c *Conn) log(direction rune, f string, args ...interface{}) {
+	c.T.Helper()
+
 	local, remote := c.Conn.LocalAddr().(*net.TCPAddr), c.Conn.RemoteAddr().(*net.TCPAddr)
 	msg := strings.Builder{}
 	if local.IP.IsLoopback() {
@ -177,6 +190,75 @@ func (c *Conn) TLS() {
 	c.Scanner = bufio.NewScanner(c.Conn)
 }

+func (c *Conn) SMTPNegotation(ourName string, requireExts, blacklistExts []string) {
+	c.T.Helper()
+
+	needCapsMap := make(map[string]bool)
+	blacklistCapsMap := make(map[string]bool)
+	for _, ext := range requireExts {
+		needCapsMap[ext] = false
+	}
+	for _, ext := range blacklistExts {
+		blacklistCapsMap[ext] = false
+	}
+
+	c.Writeln("EHLO " + ourName)
+
+	// Consume the first line from socket, it is either initial greeting (sent
+	// before we sent EHLO) or the EHLO reply in case of re-negotiation after
+	// STARTTLS.
+	l, err := c.Readln()
+	if err != nil {
+		c.T.Fatal("I/O error during SMTP negotiation:", err)
+	}
+	if strings.HasPrefix(l, "220") {
+		// That was initial greeting, consume one more line.
+		c.ExpectPattern("250-*")
+	}
+
+	var caps []string
+capsloop:
+	for {
+		line, err := c.Readln()
+		if err != nil {
+			c.T.Fatal("I/O error during SMTP negotiation:", err)
+		}
+
+		switch {
+		case strings.HasPrefix(line, "250-"):
+			caps = append(caps, strings.TrimPrefix(line, "250-"))
+		case strings.HasPrefix(line, "250 "):
+			caps = append(caps, strings.TrimPrefix(line, "250 "))
+			break capsloop
+		default:
+			c.T.Fatal("Unexpected reply during SMTP negotiation:", line)
+		}
+	}
+
+	for _, ext := range caps {
+		needCapsMap[ext] = true
+		if _, ok := blacklistCapsMap[ext]; ok {
+			blacklistCapsMap[ext] = true
+		}
+	}
+	for ext, status := range needCapsMap {
+		if !status {
+			c.T.Fatalf("Capability %v is missing but required", ext)
+		}
+	}
+	for ext, status := range blacklistCapsMap {
+		if status {
+			c.T.Fatalf("Capability %v is present but not allowed", ext)
+		}
+	}
+}
+
 func (c *Conn) Close() error {
 	return c.Conn.Close()
 }
+
+func (c *Conn) Rebind(subtest *T) *Conn {
+	cpy := *c
+	cpy.T = subtest
+	return &cpy
+}
--- a/tests/limits_test.go
+++ b/tests/limits_test.go
@ -0,0 +1,89 @@
+//+build integration
+
+package tests_test
+
+import (
+	"testing"
+
+	"github.com/foxcpp/maddy/tests"
+)
+
+func TestConcurrencyLimit(tt *testing.T) {
+	tt.Parallel()
+	t := tests.NewT(tt)
+	t.DNS(nil)
+	t.Port("smtp")
+	t.Config(`
+		smtp tcp://127.0.0.1:{env:TEST_PORT_smtp} {
+			hostname mx.maddy.test
+			tls off
+
+			defer_sender_reject no
+			limits {
+				all concurrency 1
+			}
+
+			deliver_to dummy
+		}
+	`)
+	t.Run(1)
+	defer t.Close()
+
+	c1 := t.Conn("smtp")
+	defer c1.Close()
+	c1.SMTPNegotation("localhost", nil, nil)
+	c1.Writeln("MAIL FROM:<testing@maddy.test")
+	c1.ExpectPattern("250 *")
+	// Down on semaphore.
+
+	c2 := t.Conn("smtp")
+	defer c2.Close()
+	c2.SMTPNegotation("localhost", nil, nil)
+	c1.Writeln("MAIL FROM:<testing@maddy.test")
+	// Temporary error due to lock timeout.
+	c1.ExpectPattern("451 *")
+}
+
+func TestPerIPConcurrency(tt *testing.T) {
+	tt.Parallel()
+	t := tests.NewT(tt)
+	t.DNS(nil)
+	t.Port("smtp")
+	t.Config(`
+		smtp tcp://127.0.0.1:{env:TEST_PORT_smtp} {
+			hostname mx.maddy.test
+			tls off
+
+			defer_sender_reject no
+			limits {
+				ip concurrency 1
+			}
+
+			deliver_to dummy
+		}
+	`)
+	t.Run(1)
+	defer t.Close()
+
+	c1 := t.Conn("smtp")
+	defer c1.Close()
+	c1.SMTPNegotation("localhost", nil, nil)
+	c1.Writeln("MAIL FROM:<testing@maddy.test")
+	c1.ExpectPattern("250 *")
+	// Down on semaphore.
+
+	c3 := t.Conn4("127.0.0.2", "smtp")
+	defer c3.Close()
+	c3.SMTPNegotation("localhost", nil, nil)
+	c3.Writeln("MAIL FROM:<testing@maddy.test")
+	c3.ExpectPattern("250 *")
+	// Down on semaphore (different IP).
+
+	c2 := t.Conn("smtp")
+	defer c2.Close()
+	c2.SMTPNegotation("localhost", nil, nil)
+	c1.Writeln("MAIL FROM:<testing@maddy.test")
+	// Temporary error due to lock timeout.
+	c1.ExpectPattern("451 *")
+
+}
--- a/tests/smtp_test.go
+++ b/tests/smtp_test.go
@ -0,0 +1,335 @@
+//+build integration
+
+package tests_test
+
+import (
+	"errors"
+	"io/ioutil"
+	"path/filepath"
+	"testing"
+
+	"github.com/foxcpp/go-mockdns"
+	"github.com/foxcpp/maddy/tests"
+)
+
+func TestCheckRequireTLS(tt *testing.T) {
+	tt.Parallel()
+	t := tests.NewT(tt)
+	t.DNS(nil)
+	t.Port("smtp")
+	t.Config(`
+		smtp tcp://127.0.0.1:{env:TEST_PORT_smtp} {
+			hostname mx.maddy.test
+			tls self_signed
+
+			defer_sender_reject no
+
+			check {
+				require_tls
+			}
+			deliver_to dummy
+		}
+	`)
+	t.Run(1)
+	defer t.Close()
+
+	conn := t.Conn("smtp")
+	defer conn.Close()
+	conn.SMTPNegotation("localhost", nil, nil)
+	conn.Writeln("MAIL FROM:<testing@two.maddy.test>")
+	conn.ExpectPattern("550 5.7.1 *")
+	conn.Writeln("STARTTLS")
+	conn.ExpectPattern("220 *")
+	conn.TLS()
+	conn.SMTPNegotation("localhost", nil, nil)
+	conn.Writeln("MAIL FROM:<testing@two.maddy.test>")
+	conn.ExpectPattern("250 *")
+	conn.Writeln("QUIT")
+	conn.ExpectPattern("221 *")
+}
+
+func TestCheckSPF(tt *testing.T) {
+	tt.Parallel()
+	t := tests.NewT(tt)
+	t.DNS(map[string]mockdns.Zone{
+		"none.maddy.test.": {
+			TXT: []string{},
+		},
+		"neutral.maddy.test.": {
+			TXT: []string{"v=spf1 ?all"},
+		},
+		"fail.maddy.test.": {
+			TXT: []string{"v=spf1 -all"},
+		},
+		"softfail.maddy.test.": {
+			TXT: []string{"v=spf1 ~all"},
+		},
+		"permerr.maddy.test.": {
+			TXT: []string{"v=spf1 something_clever"},
+		},
+		"temperr.maddy.test.": {
+			Err: errors.New("IANA forgot to resign the root zone"),
+		},
+	})
+	t.Port("smtp")
+	t.Config(`
+		smtp tcp://127.0.0.1:{env:TEST_PORT_smtp} {
+			hostname mx.maddy.test
+			tls off
+
+			defer_sender_reject no
+
+			check {
+				apply_spf {
+					enforce_early yes
+
+					none_action ignore
+					neutral_action reject
+					fail_action reject
+					softfail_action reject
+					permerr_action reject
+					temperr_action reject
+				}
+			}
+			deliver_to dummy
+		}
+	`)
+	t.Run(1)
+	defer t.Close()
+
+	conn := t.Conn("smtp")
+	defer conn.Close()
+	conn.SMTPNegotation("localhost", nil, nil)
+
+	conn.Writeln("MAIL FROM:<testing@none.maddy.test>")
+	conn.ExpectPattern("250 *")
+	conn.Writeln("RSET")
+	conn.ExpectPattern("250 *")
+
+	conn.Writeln("MAIL FROM:<testing@fail.maddy.test>")
+	conn.ExpectPattern("550 5.7.23 *")
+
+	conn.Writeln("MAIL FROM:<testing@softfail.maddy.test>")
+	conn.ExpectPattern("550 5.7.23 *")
+
+	conn.Writeln("MAIL FROM:<testing@permerr.maddy.test>")
+	conn.ExpectPattern("550 5.7.23 *")
+
+	conn.Writeln("MAIL FROM:<testing@temperr.maddy.test>")
+	conn.ExpectPattern("451 4.7.23 *")
+
+	conn.Writeln("QUIT")
+	conn.ExpectPattern("221 *")
+}
+
+func TestDNSBLConfig(tt *testing.T) {
+	tt.Parallel()
+	t := tests.NewT(tt)
+	t.DNS(map[string]mockdns.Zone{
+		"1.0.0.127.dnsbl.test.": {
+			A: []string{"127.0.0.127"},
+		},
+		"sender.test.dnsbl.test.": {
+			A: []string{"127.0.0.127"},
+		},
+	})
+	t.Port("smtp")
+	t.Config(`
+		smtp tcp://127.0.0.1:{env:TEST_PORT_smtp} {
+			hostname mx.maddy.test
+			tls off
+
+			defer_sender_reject no
+
+			check {
+				dnsbl {
+					reject_threshold 1
+
+					dnsbl.test {
+						client_ipv4
+						mailfrom
+					}
+				}
+			}
+			deliver_to dummy
+		}
+	`)
+	t.Run(1)
+	defer t.Close()
+
+	conn := t.Conn("smtp")
+	defer conn.Close()
+	conn.SMTPNegotation("localhost", nil, nil)
+
+	conn.Writeln("MAIL FROM:<testing@sender.test>")
+	conn.ExpectPattern("554 5.7.0 Client identity is listed in the used DNSBL *")
+
+	conn.Writeln("MAIL FROM:<testing@misc.test>")
+	conn.ExpectPattern("554 5.7.0 Client identity is listed in the used DNSBL *")
+
+	conn.Writeln("QUIT")
+	conn.ExpectPattern("221 *")
+}
+
+func TestDNSBLConfig2(tt *testing.T) {
+	tt.Parallel()
+	t := tests.NewT(tt)
+	t.DNS(map[string]mockdns.Zone{
+		"1.0.0.127.dnsbl2.test.": {
+			A: []string{"127.0.0.127"},
+		},
+		"sender.test.dnsbl.test.": {
+			A: []string{"127.0.0.127"},
+		},
+	})
+	t.Port("smtp")
+	t.Config(`
+		smtp tcp://127.0.0.1:{env:TEST_PORT_smtp} {
+			hostname mx.maddy.test
+			tls off
+
+			defer_sender_reject no
+
+			check {
+				dnsbl {
+					reject_threshold 1
+
+					dnsbl.test {
+						mailfrom
+					}
+					dnsbl2.test {
+						client_ipv4
+						score -1
+					}
+				}
+			}
+			deliver_to dummy
+		}
+	`)
+	t.Run(1)
+	defer t.Close()
+
+	conn := t.Conn("smtp")
+	defer conn.Close()
+	conn.SMTPNegotation("localhost", nil, nil)
+
+	conn.Writeln("MAIL FROM:<testing@sender.test>")
+	conn.ExpectPattern("250 *")
+
+	conn.Writeln("QUIT")
+	conn.ExpectPattern("221 *")
+}
+
+func TestCheckCommand(tt *testing.T) {
+	tt.Parallel()
+	t := tests.NewT(tt)
+	t.DNS(nil)
+	t.Port("smtp")
+	t.Config(`
+		smtp tcp://127.0.0.1:{env:TEST_PORT_smtp} {
+			hostname mx.maddy.test
+			tls off
+
+			check {
+				command {env:TEST_PWD}/testdata/check_command.sh {sender} {
+					code 12 reject
+				}
+			}
+			deliver_to dummy
+		}
+	`)
+	t.Run(1)
+	defer t.Close()
+
+	conn := t.Conn("smtp")
+	defer conn.Close()
+	conn.SMTPNegotation("localhost", nil, nil)
+
+	// Note: Internally, messages are handled using LF line endings, being
+	// converted CRLF only when transfered over Internet protocols.
+	expectedMsg := "From: <testing@sender.test>\n" +
+		"To: <testing@maddy.test>\n" +
+		"Subject: Hi there!\n" +
+		"\n" +
+		"Nice to meet you!\n"
+	submitMsg := func(conn *tests.Conn, from string) {
+		// Fairly trivial SMTP transaction.
+		conn.Writeln("MAIL FROM:<" + from + ">")
+		conn.ExpectPattern("250 *")
+		conn.Writeln("RCPT TO:<testing@maddy.test>")
+		conn.ExpectPattern("250 *")
+		conn.Writeln("DATA")
+		conn.ExpectPattern("354 *")
+		conn.Writeln("From: <testing@sender.test>")
+		conn.Writeln("To: <testing@maddy.test>")
+		conn.Writeln("Subject: Hi there!")
+		conn.Writeln("")
+		conn.Writeln("Nice to meet you!")
+		conn.Writeln(".")
+	}
+
+	t.Subtest("Message dump", func(t *tests.T) {
+		conn := conn.Rebind(t)
+
+		submitMsg(conn, "testing@maddy.test")
+		conn.ExpectPattern("250 *")
+
+		msgPath := filepath.Join(t.StateDir(), "msg")
+		msgContents, err := ioutil.ReadFile(msgPath)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if string(msgContents) != expectedMsg {
+			t.Log("Wrong message contents received by check script!")
+			t.Log("Actual:")
+			t.Log(msgContents)
+			t.Log("Expected:")
+			t.Log(expectedMsg)
+		}
+	})
+	t.Subtest("Message dump + Add header", func(t *tests.T) {
+		conn := conn.Rebind(t)
+
+		submitMsg(conn, "testing+addHeader@maddy.test")
+		conn.ExpectPattern("250 *")
+
+		msgPath := filepath.Join(t.StateDir(), "msg")
+		msgContents, err := ioutil.ReadFile(msgPath)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		expectedMsg := "X-Added-Header: 1\n" + expectedMsg
+		if string(msgContents) != expectedMsg {
+			t.Log("Wrong message contents received by check script!")
+			t.Log("Actual:")
+			t.Log(msgContents)
+			t.Log("Expected:")
+			t.Log(expectedMsg)
+		}
+	})
+	t.Subtest("Body reject", func(t *tests.T) {
+		conn := conn.Rebind(t)
+
+		submitMsg(conn, "testing+reject@maddy.test")
+		conn.ExpectPattern("550 *")
+
+		msgPath := filepath.Join(t.StateDir(), "msg")
+		msgContents, err := ioutil.ReadFile(msgPath)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if string(msgContents) != expectedMsg {
+			t.Log("Wrong message contents received by check script!")
+			t.Log("Actual:")
+			t.Log(msgContents)
+			t.Log("Expected:")
+			t.Log([]byte(expectedMsg))
+		}
+	})
+
+	conn.Writeln("QUIT")
+	conn.ExpectPattern("221 *")
+}
--- a/tests/t.go
+++ b/tests/t.go
@ -26,6 +26,7 @@ import (
 var (
 	TestBinary  = "./maddy"
 	CoverageOut string
+	DebugLog    bool
 )

 type T struct {
@ -77,6 +78,7 @@ func (t *T) DNS(zones map[string]mockdns.Zone) {
 	if err != nil {
 		t.Fatal("Test configuration failed:", err)
 	}
+	dnsServ.Log = t
 	t.dnsServ = dnsServ
 }

@ -113,11 +115,8 @@ func (t *T) Run(waitListeners int) {
 		// If there is no DNS zones set in test - start a server that will
 		// respond with NXDOMAIN to all queries to avoid accidentally leaking
 		// any DNS queries to the real world.
-		dnsServ, err := mockdns.NewServer(nil)
-		if err != nil {
-			t.Fatal("Test configuration failed:", err)
-		}
-		t.dnsServ = dnsServ
+		t.Log("NOTE: Explicit DNS(nil) is recommended.")
+		t.DNS(nil)
 	}

 	// Setup file system, create statedir, runtimedir, write out config.
@ -151,7 +150,7 @@ func (t *T) Run(waitListeners int) {
 	configPreable := "state_dir " + filepath.Join(t.testDir, "statedir") + "\n" +
 		"runtime_dir " + filepath.Join(t.testDir, "runtime") + "\n\n"

-	ioutil.WriteFile(filepath.Join(t.testDir, "maddy.conf"), []byte(configPreable+t.cfg), os.ModePerm)
+	err = ioutil.WriteFile(filepath.Join(t.testDir, "maddy.conf"), []byte(configPreable+t.cfg), os.ModePerm)
 	if err != nil {
 		t.Fatal("Test configuration failed:", err)
 	}
@ -171,14 +170,24 @@ func (t *T) Run(waitListeners int) {
 	if CoverageOut != "" {
 		cmd.Args = append(cmd.Args, "-test.coverprofile", CoverageOut+"."+strconv.FormatInt(time.Now().UnixNano(), 16))
 	}
+	if DebugLog {
+		cmd.Args = append(cmd.Args, "-debug")
+	}

 	t.Logf("launching %v", cmd.Args)

-	// Set environment variables.
-	cmd.Env = []string{
-		"TEST_STATE_DIR=" + filepath.Join(t.testDir, "statedir"),
-		"TEST_RUNTIME_DIR=" + filepath.Join(t.testDir, "statedir"),
+	pwd, err := os.Getwd()
+	if err != nil {
+		t.Fatal("Test configuration failed:", err)
 	}
+
+	// Set environment variables.
+	cmd.Env = os.Environ()
+	cmd.Env = append(cmd.Env,
+		"TEST_PWD="+pwd,
+		"TEST_STATE_DIR="+filepath.Join(t.testDir, "statedir"),
+		"TEST_RUNTIME_DIR="+filepath.Join(t.testDir, "statedir"),
+	)
 	for name, port := range t.ports {
 		cmd.Env = append(cmd.Env, fmt.Sprintf("TEST_PORT_%s=%d", name, port))
 	}
@ -228,12 +237,15 @@ func (t *T) Run(waitListeners int) {
 	t.servProc = cmd
 }

-func (t *T) Close() {
-	if err := t.dnsServ.Close(); err != nil {
-		t.Log("Unable to stop the DNS server:", err)
-	}
-	t.dnsServ = nil
+func (t *T) StateDir() string {
+	return filepath.Join(t.testDir, "statedir")
+}

+func (t *T) RuntimeDir() string {
+	return filepath.Join(t.testDir, "statedir")
+}
+
+func (t *T) Close() {
 	if err := t.servProc.Process.Signal(os.Interrupt); err != nil {
 		t.Log("Unable to kill the server process:", err)
 		os.RemoveAll(t.testDir)
@ -243,7 +255,7 @@ func (t *T) Close() {
 	go func() {
 		time.Sleep(5 * time.Second)
 		if t.servProc != nil {
-			t.servProc.Process.Kill()
+			t.servProc.Process.Kill() //nolint:errcheck
 		}
 	}()

@ -257,6 +269,75 @@ func (t *T) Close() {
 		t.Log("Failed to remove test directory:", err)
 	}
 	t.testDir = ""
+
+	// Shutdown the DNS server after maddy to make sure it will not spend time
+	// timing out queries.
+	if err := t.dnsServ.Close(); err != nil {
+		t.Log("Unable to stop the DNS server:", err)
+	}
+	t.dnsServ = nil
+}
+
+// Printf implements Logger interfaces used by some libraries.
+func (t *T) Printf(f string, a ...interface{}) {
+	t.Logf(f, a...)
+}
+
+// Conn6 connects to the server listener at the specified named port using IPv6 loopback.
+func (t *T) Conn6(portName string) Conn {
+	port := t.ports[portName]
+	if port == 0 {
+		panic("tests: connection for the unused port name is requested")
+	}
+
+	conn, err := net.Dial("tcp6", "[::1]:"+strconv.Itoa(int(port)))
+	if err != nil {
+		t.Fatal("Could not connect, is server listening?", err)
+	}
+
+	return Conn{
+		T:            t,
+		WriteTimeout: 1 * time.Second,
+		ReadTimeout:  15 * time.Second,
+		Conn:         conn,
+		Scanner:      bufio.NewScanner(conn),
+	}
+}
+
+// Conn4 connects to the server listener at the specified named port using one
+// of 127.0.0.0/8 addresses as a source.
+func (t *T) Conn4(sourceIP, portName string) Conn {
+	port := t.ports[portName]
+	if port == 0 {
+		panic("tests: connection for the unused port name is requested")
+	}
+
+	localIP := net.ParseIP(sourceIP)
+	if localIP == nil {
+		panic("tests: invalid localIP argument")
+	}
+	if localIP.To4() == nil {
+		panic("tests: only IPv4 addresses are allowed")
+	}
+
+	conn, err := net.DialTCP("tcp4", &net.TCPAddr{
+		IP:   localIP,
+		Port: 0,
+	}, &net.TCPAddr{
+		IP:   net.IPv4(127, 0, 0, 1),
+		Port: int(port),
+	})
+	if err != nil {
+		t.Fatal("Could not connect, is server listening?", err)
+	}
+
+	return Conn{
+		T:            t,
+		WriteTimeout: 1 * time.Second,
+		ReadTimeout:  15 * time.Second,
+		Conn:         conn,
+		Scanner:      bufio.NewScanner(conn),
+	}
 }

 func (t *T) Conn(portName string) Conn {
@ -279,7 +360,16 @@ func (t *T) Conn(portName string) Conn {
 	}
 }

+func (t *T) Subtest(name string, f func(t *T)) {
+	t.T.Run(name, func(subTT *testing.T) {
+		subT := *t
+		subT.T = subTT
+		f(&subT)
+	})
+}
+
 func init() {
 	flag.StringVar(&TestBinary, "integration.executable", "./maddy", "executable to test")
 	flag.StringVar(&CoverageOut, "integration.coverprofile", "", "write coverage stats to file (requires special maddy executable)")
+	flag.BoolVar(&DebugLog, "integration.debug", false, "pass -debug to maddy executable")
 }
--- a/tests/testdata/check_command.sh
+++ b/tests/testdata/check_command.sh
@ -0,0 +1,11 @@
+#!/bin/sh
+
+if [ -e "${TEST_PWD}/testdata/${1}.hdr" ]; then
+    cat "${TEST_PWD}/testdata/${1}.hdr"
+fi
+
+cat > ${TEST_STATE_DIR}/msg
+
+if [ -e "${TEST_PWD}/testdata/${1}.exit" ]; then
+    exit "$(cat "${TEST_PWD}/testdata/${1}.exit")"
+fi
--- a/tests/testdata/testing+addHeader@maddy.test.hdr
+++ b/tests/testdata/testing+addHeader@maddy.test.hdr
@ -0,0 +1 @@
+X-Added-Header: 1
--- a/tests/testdata/testing+reject@maddy.test.exit
+++ b/tests/testdata/testing+reject@maddy.test.exit
@ -0,0 +1 @@
+12