Provide complete refactoring of openDKIM script (#1812)

* provide complete refactoring of openDKIM usage and tests * fix leftover linting errors * correct defualt key size and README usage * provide independent order for arguments * added `config` and adjusted usage information * fixing shift in setup.sh * adjust usage information to use new style and rename script * use updated argument keysize instead of size
2025-08-04 10:05:00 +02:00 · 2021-02-18 10:29:34 +01:00 · 2021-02-18 10:29:34 +01:00 · 1005bb3b09
commit 1005bb3b09
parent 432f96b3a6
8 changed files with 636 additions and 468 deletions
--- a/test/default_relay_host.bats
+++ b/test/default_relay_host.bats
@ -15,7 +15,7 @@ function setup() {
 }

 function teardown() {
-    docker rm -f mail_with_default_relay
+  docker rm -f mail_with_default_relay
 }

 #
--- a/test/open_dkim.bats
+++ b/test/open_dkim.bats
@ -0,0 +1,380 @@
+load 'test_helper/common'
+
+export IMAGE_NAME CONTAINER_NAME TEST_FILE
+
+IMAGE_NAME="${NAME:?Image name must be set}"
+CONTAINER_NAME='open-dkim'
+TEST_FILE='OpenDKIM :: '
+
+function setup
+{
+  run_setup_file_if_necessary
+}
+
+# WHY IS THIS CONTAINER EVEN CREATED WHEN MOST TESTS DO NOT USE IT?
+function setup_file
+{
+	local PRIVATE_CONFIG
+  PRIVATE_CONFIG="$(duplicate_config_for_container . "${CONTAINER_NAME}")"
+
+  docker run -d \
+    --name "${CONTAINER_NAME}" \
+		--cap-add=SYS_PTRACE \
+		-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
+		-v "${CDIR}/test/test-files":/tmp/docker-mailserver-test:ro \
+		-e DEFAULT_RELAY_HOST=default.relay.host.invalid:25 \
+		-e PERMIT_DOCKER=host \
+		-e DMS_DEBUG=0 \
+		-h mail.my-domain.com \
+    -t "${IMAGE_NAME}"
+
+  wait_for_finished_setup_in_container "${CONTAINER_NAME}"
+}
+
+function teardown
+{
+  run_teardown_file_if_necessary
+}
+
+function teardown_file
+{
+  docker rm -f "${CONTAINER_NAME}"
+}
+
+# –––––––––––––––––––––––––––––––––––––––––––––––
+# ––– Actual Tests ––––––––––––––––––––––––––––––
+# –––––––––––––––––––––––––––––––––––––––––––––––
+
+@test "${TEST_FILE}/etc/opendkim/KeyTable dummy file generated without keys provided" {
+  docker run --rm -d \
+    --name mail_smtponly_without_config \
+		-e SMTP_ONLY=1 \
+		-e ENABLE_LDAP=1 \
+		-e PERMIT_DOCKER=network \
+		-e OVERRIDE_HOSTNAME=mail.mydomain.com \
+		-t "${IMAGE_NAME}"
+
+  function teardown
+  {
+    docker rm -f mail_smtponly_without_config
+  }
+
+  run repeat_in_container_until_success_or_timeout 15 \
+    mail_smtponly_without_config /bin/bash -c "cat /etc/opendkim/KeyTable"
+  assert_success
+}
+
+@test "${TEST_FILE}/etc/opendkim/KeyTable should contain 2 entries" {
+  run docker exec "${CONTAINER_NAME}" /bin/bash -c "cat /etc/opendkim/KeyTable | wc -l"
+  assert_success
+  assert_output 2
+}
+
+# TODO piping ls into grep ...
+@test "${TEST_FILE}/etc/opendkim/keys/ should contain 2 entries" {
+  run docker exec "${CONTAINER_NAME}" /bin/bash -c "ls -l /etc/opendkim/keys/ | grep '^d' | wc -l"
+  assert_success
+  assert_output 2
+}
+
+@test "${TEST_FILE}/etc/opendkim.conf contains nameservers copied from /etc/resolv.conf" {
+  run docker exec "${CONTAINER_NAME}" /bin/bash -c \
+    "grep -E '^Nameservers ((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' \
+    /etc/opendkim.conf"
+  assert_success
+}
+
+# this set of tests is of low quality.                                                       WHAT? <- DELETE AFTER REWRITE
+# It does not test the RSA-Key size properly via openssl or similar                          WHAT??? <- DELETE AFTER REWRITE
+# Instead it tests the file-size (here 861) - which may differ with a different domain names WWHHHHHHAAAT??? <- DELETE AFTER REWRITE
+
+# TODO Needs complete re-write
+@test "${TEST_FILE}generator creates default keys size" {
+  local PRIVATE_CONFIG
+  PRIVATE_CONFIG="$(duplicate_config_for_container . mail_default_key_size)"
+
+  # Prepare default key size 4096
+  rm -rf "${PRIVATE_CONFIG}/keyDefault"
+  mkdir -p "${PRIVATE_CONFIG}/keyDefault"
+
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/keyDefault/":/tmp/docker-mailserver/ \
+    -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
+    -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
+    "${IMAGE_NAME}" /bin/bash -c 'open-dkim | wc -l'
+
+  assert_success
+  assert_output 6
+
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/keyDefault/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" \
+    /bin/bash -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
+
+  assert_success
+  assert_output 861
+}
+
+# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar <- DELETE AFTER REWRITE
+# Instead it tests the file-size (here 861) - which may differ with a different domain names <- DELETE AFTER REWRITE
+
+# TODO Needs complete re-write
+@test "${TEST_FILE}generator creates key size 4096" {
+    local PRIVATE_CONFIG
+    PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_4096)"
+
+    rm -rf "${PRIVATE_CONFIG}/key4096"
+    mkdir -p "${PRIVATE_CONFIG}/config/key4096"
+
+    run docker run --rm \
+      -v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \
+      -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
+      -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
+      "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 4096 | wc -l'
+    assert_success
+    assert_output 6
+
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" \
+    /bin/bash -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
+
+  assert_success
+  assert_output 861
+}
+
+# Instead it tests the file-size (here 511) - which may differ with a different domain names <- DELETE AFTER REWRITE
+# This test may be re-used as a global test to provide better test coverage. <- DELETE AFTER REWRITE
+
+# TODO Needs complete re-write
+@test "${TEST_FILE}generator creates key size 2048" {
+    local PRIVATE_CONFIG
+    PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_2048)"
+
+    rm -rf "${PRIVATE_CONFIG}/key2048"
+    mkdir -p "${PRIVATE_CONFIG}/config/key2048"
+
+    run docker run --rm \
+      -v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \
+      -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
+      -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
+      "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 2048 | wc -l'
+    assert_success
+    assert_output 6
+
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" \
+    /bin/bash -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
+
+  assert_success
+  assert_output 511
+}
+
+# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar <- DELETE AFTER REWRITE
+# Instead it tests the file-size (here 329) - which may differ with a different domain names <- DELETE AFTER REWRITE
+
+# TODO Needs complete re-write
+@test "${TEST_FILE}generator creates key size 1024" {
+    local PRIVATE_CONFIG
+    PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_1024)"
+
+    rm -rf "${PRIVATE_CONFIG}/key1024"
+    mkdir -p "${PRIVATE_CONFIG}/key1024"
+
+    run docker run --rm \
+      -v "${PRIVATE_CONFIG}/key1024/":/tmp/docker-mailserver/ \
+      -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
+      -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
+      "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 1024 | wc -l'
+    assert_success
+    assert_output 6
+
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/key1024/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" \
+    /bin/bash -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
+
+  assert_success
+  assert_output 329
+}
+
+@test "${TEST_FILE}generator creates keys, tables and TrustedHosts" {
+  local PRIVATE_CONFIG
+  PRIVATE_CONFIG="$(duplicate_config_for_container . mail_dkim_generator_creates_keys_tables_TrustedHosts)"
+  rm -rf "${PRIVATE_CONFIG}/empty"
+  mkdir -p "${PRIVATE_CONFIG}/empty"
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/empty/":/tmp/docker-mailserver/ \
+    -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
+    -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
+    "${IMAGE_NAME}" /bin/bash -c 'open-dkim | wc -l'
+  assert_success
+  assert_output 6
+
+  # check keys for localhost.localdomain
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
+  assert_success
+  assert_output 2
+
+  # check keys for otherdomain.tld
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
+  assert_success
+  assert_output 2
+
+  # check presence of tables and TrustedHosts
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" /bin/bash -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
+  assert_success
+  assert_output 4
+}
+
+@test "${TEST_FILE}generator creates keys, tables and TrustedHosts without postfix-accounts.cf" {
+  local PRIVATE_CONFIG
+  PRIVATE_CONFIG="$(duplicate_config_for_container . )"
+  rm -rf "${PRIVATE_CONFIG}/without-accounts"
+  mkdir -p "${PRIVATE_CONFIG}/without-accounts"
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/without-accounts/":/tmp/docker-mailserver/ \
+    -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
+    "${IMAGE_NAME}" /bin/bash -c 'open-dkim | wc -l'
+  assert_success
+  assert_output 5
+
+  # check keys for localhost.localdomain
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
+  assert_success
+  assert_output 2
+
+  # check keys for otherdomain.tld
+  # run docker run --rm \
+  #   -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \
+  #   "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
+  # assert_success
+  # [ "${output}" -eq 0 ]
+  # check presence of tables and TrustedHosts
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" /bin/bash -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
+  assert_success
+  assert_output 4
+}
+
+@test "${TEST_FILE}generator creates keys, tables and TrustedHosts without postfix-virtual.cf" {
+  local PRIVATE_CONFIG
+  PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")"
+  rm -rf "${PRIVATE_CONFIG}/without-virtual"
+  mkdir -p "${PRIVATE_CONFIG}/without-virtual"
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/without-virtual/":/tmp/docker-mailserver/ \
+    -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
+    "${IMAGE_NAME}" /bin/bash -c 'open-dkim | wc -l'
+  assert_success
+  assert_output 5
+
+  # check keys for localhost.localdomain
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
+  assert_success
+  assert_output 2
+
+  # check keys for otherdomain.tld
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
+  assert_success
+  assert_output 2
+
+  # check presence of tables and TrustedHosts
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" /bin/bash -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
+  assert_success
+  assert_output 4
+}
+
+@test "${TEST_FILE}generator creates keys, tables and TrustedHosts using manual provided domain name" {
+  local PRIVATE_CONFIG
+  PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")"
+  rm -rf "${PRIVATE_CONFIG}/with-domain" && mkdir -p "${PRIVATE_CONFIG}/with-domain"
+
+  # generate first key
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
+    "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 2048 domain domain1.tld | wc -l'
+  assert_success
+  assert_output 4
+
+  # generate two additional keys different to the previous one
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
+    "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 2048 domain "domain2.tld,domain3.tld" | wc -l'
+  assert_success
+  assert_output 2
+
+  # generate an additional key whilst providing already existing domains
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
+    "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 2048 domain "domain3.tld,domain4.tld" | wc -l'
+  assert_success
+  assert_output 1
+
+  # check keys for domain1.tld
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/domain1.tld/ | wc -l'
+  assert_success
+  assert_output 2
+
+  # check keys for domain2.tld
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/domain2.tld | wc -l'
+  assert_success
+  assert_output 2
+
+  # check keys for domain3.tld
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/domain3.tld | wc -l'
+  assert_success
+  assert_output 2
+
+  # check keys for domain4.tld
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/domain4.tld | wc -l'
+  assert_success
+  assert_output 2
+
+  # check presence of tables and TrustedHosts
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" /bin/bash -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys' | wc -l"
+  assert_success
+  assert_output 4
+
+  # check valid entries actually present in KeyTable
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" /bin/bash -c \
+    "egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/KeyTable | wc -l"
+  assert_success
+  assert_output 4
+
+  # check valid entries actually present in SigningTable
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
+    "${IMAGE_NAME}" /bin/bash -c \
+    "egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/SigningTable | wc -l"
+  assert_success
+  assert_output 4
+}
--- a/test/tests.bats
+++ b/test/tests.bats
@ -431,310 +431,6 @@ EOF
  assert_success
 }

-#
-# opendkim
-#
-
-@test "checking opendkim: /etc/opendkim/KeyTable should contain 2 entries" {
-  run docker exec mail /bin/sh -c "cat /etc/opendkim/KeyTable | wc -l"
-  assert_success
-  assert_output 2
-}
-
-@test "checking opendkim: /etc/opendkim/KeyTable dummy file generated without keys provided" {
-  docker run --rm -d --name mail_smtponly_without_config \
-		-e SMTP_ONLY=1 \
-		-e ENABLE_LDAP=1 \
-		-e PERMIT_DOCKER=network \
-		-e OVERRIDE_HOSTNAME=mail.mydomain.com \
-		-t "${NAME}"
-
-  teardown() { docker rm -f mail_smtponly_without_config; }
-
-  run repeat_in_container_until_success_or_timeout 15 mail_smtponly_without_config /bin/bash -c "cat /etc/opendkim/KeyTable"
-  assert_success
-}
-
-
-@test "checking opendkim: /etc/opendkim/keys/ should contain 2 entries" {
-  run docker exec mail /bin/sh -c "ls -l /etc/opendkim/keys/ | grep '^d' | wc -l"
-  assert_success
-  assert_output 2
-}
-
-@test "checking opendkim: /etc/opendkim.conf contains nameservers copied from /etc/resolv.conf" {
-  run docker exec mail /bin/bash -c "grep -E '^Nameservers ((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' /etc/opendkim.conf"
-  assert_success
-}
-
-
-# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
-# Instead it tests the file-size (here 861) - which may differ with a different domain names
-# This test may be re-used as a global test to provide better test coverage.
-@test "checking opendkim: generator creates default keys size" {
-    local PRIVATE_CONFIG
-    PRIVATE_CONFIG="$(duplicate_config_for_container . mail_default_key_size)"
-    # Prepare default key size 4096
-    rm -rf "${PRIVATE_CONFIG}/keyDefault"
-    mkdir -p "${PRIVATE_CONFIG}/keyDefault"
-
-    run docker run --rm \
-      -v "${PRIVATE_CONFIG}/keyDefault/":/tmp/docker-mailserver/ \
-      -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-      -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
-      "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l'
-    assert_success
-    assert_output 6
-
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/keyDefault/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" \
-    /bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
-
-  assert_success
-  assert_output 861
-}
-
-# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
-# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
-# Instead it tests the file-size (here 861) - which may differ with a different domain names
-# This test may be re-used as a global test to provide better test coverage.
-@test "checking opendkim: generator creates key size 4096" {
-    local PRIVATE_CONFIG
-    PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_4096)"
-    # Prepare set key size 4096
-    rm -rf "${PRIVATE_CONFIG}/key4096"
-    mkdir -p "${PRIVATE_CONFIG}/config/key4096"
-    run docker run --rm \
-      -v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \
-      -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-      -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
-      "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 4096 | wc -l'
-    assert_success
-    assert_output 6
-
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" \
-    /bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
-
-  assert_success
-  assert_output 861
-}
-
-# Instead it tests the file-size (here 511) - which may differ with a different domain names
-# This test may be re-used as a global test to provide better test coverage.
-@test "checking opendkim: generator creates key size 2048" {
-    local PRIVATE_CONFIG
-    PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_2048)"
-    # Prepare set key size 2048
-    rm -rf "${PRIVATE_CONFIG}/key2048"
-    mkdir -p "${PRIVATE_CONFIG}/config/key2048"
-    run docker run --rm \
-      -v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \
-      -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-      -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
-      "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 | wc -l'
-    assert_success
-    assert_output 6
-
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" \
-    /bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
-
-  assert_success
-  assert_output 511
-}
-
-# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
-# Instead it tests the file-size (here 329) - which may differ with a different domain names
-# This test may be re-used as a global test to provide better test coverage.
-@test "checking opendkim: generator creates key size 1024" {
-    local PRIVATE_CONFIG
-    PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_1024)"
-    # Prepare set key size 1024
-    rm -rf "${PRIVATE_CONFIG}/key1024"
-    mkdir -p "${PRIVATE_CONFIG}/key1024"
-    run docker run --rm \
-      -v "${PRIVATE_CONFIG}/key1024/":/tmp/docker-mailserver/ \
-      -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-      -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
-      "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 1024 | wc -l'
-    assert_success
-    assert_output 6
-
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/key1024/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" \
-    /bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
-
-  assert_success
-  assert_output 329
-}
-
-@test "checking opendkim: generator creates keys, tables and TrustedHosts" {
-  local PRIVATE_CONFIG
-  PRIVATE_CONFIG="$(duplicate_config_for_container . mail_dkim_generator_creates_keys_tables_TrustedHosts)"
-  rm -rf "${PRIVATE_CONFIG}/empty"
-  mkdir -p "${PRIVATE_CONFIG}/empty"
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/empty/":/tmp/docker-mailserver/ \
-    -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-    -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
-    "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l'
-  assert_success
-  assert_output 6
-  # Check keys for localhost.localdomain
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
-  assert_success
-  assert_output 2
-  # Check keys for otherdomain.tld
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
-  assert_success
-  assert_output 2
-  # Check presence of tables and TrustedHosts
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
-  assert_success
-  assert_output 4
-}
-
-@test "checking opendkim: generator creates keys, tables and TrustedHosts without postfix-accounts.cf" {
-  local PRIVATE_CONFIG
-  PRIVATE_CONFIG="$(duplicate_config_for_container . )"
-  rm -rf "${PRIVATE_CONFIG}/without-accounts"
-  mkdir -p "${PRIVATE_CONFIG}/without-accounts"
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/without-accounts/":/tmp/docker-mailserver/ \
-    -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
-    "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l'
-  assert_success
-  assert_output 5
-  # Check keys for localhost.localdomain
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
-  assert_success
-  assert_output 2
-  # Check keys for otherdomain.tld
-  # run docker run --rm \
-  #   -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \
-  #   "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
-  # assert_success
-  # [ "${output}" -eq 0 ]
-  # Check presence of tables and TrustedHosts
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
-  assert_success
-  assert_output 4
-}
-
-@test "checking opendkim: generator creates keys, tables and TrustedHosts without postfix-virtual.cf" {
-  local PRIVATE_CONFIG
-  PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")"
-  rm -rf "${PRIVATE_CONFIG}/without-virtual"
-  mkdir -p "${PRIVATE_CONFIG}/without-virtual"
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/without-virtual/":/tmp/docker-mailserver/ \
-    -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-    "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l'
-  assert_success
-  assert_output 5
-  # Check keys for localhost.localdomain
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
-  assert_success
-  assert_output 2
-  # Check keys for otherdomain.tld
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
-  assert_success
-  assert_output 2
-  # Check presence of tables and TrustedHosts
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
-  assert_success
-  assert_output 4
-}
-
-@test "checking opendkim: generator creates keys, tables and TrustedHosts using manual provided domain name" {
-  local PRIVATE_CONFIG
-  PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")"
-  rm -rf "${PRIVATE_CONFIG}/with-domain" && mkdir -p "${PRIVATE_CONFIG}/with-domain"
-  # Generate first key
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
-    "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 domain1.tld| wc -l'
-  assert_success
-  assert_output 4
-  # Generate two additional keys different to the previous one
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
-    "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 'domain2.tld,domain3.tld' | wc -l'
-  assert_success
-  assert_output 2
-  # Generate an additional key whilst providing already existing domains
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
-    "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 'domain3.tld,domain4.tld' | wc -l'
-  assert_success
-  assert_output 1
-  # Check keys for domain1.tld
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain1.tld/ | wc -l'
-  assert_success
-  assert_output 2
-  # Check keys for domain2.tld
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain2.tld | wc -l'
-  assert_success
-  assert_output 2
-  # Check keys for domain3.tld
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain3.tld | wc -l'
-  assert_success
-  assert_output 2
-  # Check keys for domain4.tld
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain4.tld | wc -l'
-  assert_success
-  assert_output 2
-  # Check presence of tables and TrustedHosts
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys' | wc -l"
-  assert_success
-  assert_output 4
-  # Check valid entries actually present in KeyTable
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" /bin/sh -c \
-    "egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/KeyTable | wc -l"
-  assert_success
-  assert_output 4
-  # Check valid entries actually present in SigningTable
-  run docker run --rm \
-    -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
-    "${IMAGE_NAME:?}" /bin/sh -c \
-    "egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/SigningTable | wc -l"
-  assert_success
-  assert_output 4
-}
-
 #
 # ssl
 #
@ -1238,11 +934,10 @@ EOF
  assert_output "passdb: pass@localhost.localdomain auth succeeded"
 }

-#
-# setup.sh
-#
+# –––––––––––––––––––––––––––––––––––––––––––––––
+# ––– setup.sh ––––––––––––––––––––––––––––––––––
+# –––––––––––––––––––––––––––––––––––––––––––––––

-# CLI interface
@test "checking setup.sh: Without arguments: status 1, show help text" {
  run ./setup.sh
  assert_failure
@ -1255,7 +950,6 @@ EOF
  assert_line --index 1 "Usage: ./setup.sh [-i IMAGE_NAME] [-c CONTAINER_NAME] <subcommand> <subcommand> [args]"
 }

-# email
@test "checking setup.sh: setup.sh email add and login" {
  wait_for_service mail changedetector
  assert_success
@ -1269,9 +963,6 @@ EOF

  wait_for_changes_to_be_detected_in_container mail

-  # Dovecot has been restarted, but this test often fails so presumably it may not be ready
-  # Add a short sleep to see if that helps to make the test more stable
-  # Alternatively we could login with a known good user to make sure that the service is up
  wait_for_service mail postfix
  wait_for_service mail dovecot
  sleep 5
@ -1307,15 +998,16 @@ EOF
@test "checking setup.sh: setup.sh email del" {
  run ./setup.sh -c mail email del -y lorem@impsum.org
  assert_success
-#
-#  TODO delmailuser does not work as expected.
-#  Its implementation is not functional, you cannot delete a user data
-#  directory in the running container by running a new docker container
-#  and not mounting the mail folders (persistance is broken).
-#  The add script is only adding the user to account file.
-#
-#  run docker exec mail ls /var/mail/impsum.org/lorem
-#  assert_failure
+
+  # TODO
+  # delmailuser does not work as expected.
+  # Its implementation is not functional, you cannot delete a user data
+  # directory in the running container by running a new docker container
+  # and not mounting the mail folders (persistance is broken).
+  # The add script is only adding the user to account file.
+
+  #  run docker exec mail ls /var/mail/impsum.org/lorem
+  #  assert_failure
  run grep lorem@impsum.org "$(private_config_path mail)/postfix-accounts.cf"
  assert_failure
 }
@ -1347,6 +1039,7 @@ EOF
  run ./setup.sh -p ./test/alias/config alias list
  assert_success
 }
+
@test "checking setup.sh: setup.sh alias add" {
  mkdir -p ./test/alias/config && echo "" > ./test/alias/config/postfix-virtual.cf
  ./setup.sh -p ./test/alias/config alias add alias@example.com target1@forward.com
@ -1355,6 +1048,7 @@ EOF
  run /bin/sh -c 'cat ./test/alias/config/postfix-virtual.cf | grep "alias@example.com target1@forward.com,target2@forward.com" | wc -l | grep 1'
  assert_success
 }
+
@test "checking setup.sh: setup.sh alias del" {
  # start with a1 -> t1,t2 and a2 -> t1
  mkdir -p ./test/alias/config && echo -e 'alias1@example.org target1@forward.com,target2@forward.com\nalias2@example.org target1@forward.com' > ./test/alias/config/postfix-virtual.cf
@ -1433,18 +1127,11 @@ EOF
  assert_failure
 }

-
-
-# config
-@test "checking setup.sh: setup.sh config dkim" {
-  run ./setup.sh -c mail config dkim
+@test "checking setup.sh: setup.sh dkim help" {
+  run ./setup.sh -c mail dkim help
  assert_success
+  assert_line --index 1 "Generate DKIM Configuration"
 }
-# TODO: To create a test generate-ssl-certificate must be non interactive
-#@test "checking setup.sh: setup.sh config ssl" {
-#  run ./setup.sh -c mail_ssl config ssl
-#  assert_success
-#}

 # debug
@test "checking setup.sh: setup.sh debug fetchmail" {