tests: Adjust parallel tests

- The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage.
- Standardize on parallel test naming conventions for variables / values.
- More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`.
- Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`.
- Updates tests to use the `check_if_process_is_running` helper.

---

chore: Revise inline docs for the `ssl_letsencrypt` test

- Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override.
- Removes top comment block that is no longer providing value or correct information to maintainers.
- Revised `acme.json` test case inline doc comments.
This commit is contained in:
Brennan Kinney 2023-01-03 18:58:09 +13:00
parent 306592fcad
commit 2ec6c4abc0
17 changed files with 623 additions and 591 deletions

View file

@ -1,15 +1,15 @@
load "${REPOSITORY_ROOT}/test/helper/setup"
load "${REPOSITORY_ROOT}/test/helper/common"
export TEST_NAME_PREFIX='default relay host:'
export CONTAINER_NAME='dms-test-default_relay_host'
TEST_NAME_PREFIX='[Relay] ENV:'
CONTAINER_NAME='dms-test_default-relay-host'
function setup_file() {
init_with_defaults
local CUSTOM_SETUP_ARGUMENTS=(
--env DEFAULT_RELAY_HOST=default.relay.host.invalid:25 \
--env PERMIT_DOCKER=host \
--env DEFAULT_RELAY_HOST=default.relay.host.invalid:25
--env PERMIT_DOCKER=host
)
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
@ -17,7 +17,7 @@ function setup_file() {
function teardown_file() { _default_teardown ; }
@test "${TEST_NAME_PREFIX} default relay host is added to main.cf" {
@test "${TEST_NAME_PREFIX} 'DEFAULT_RELAY_HOST' should configure 'main.cf:relayhost'" {
_run_in_container bash -c 'grep -e "^relayhost =" /etc/postfix/main.cf'
assert_output 'relayhost = default.relay.host.invalid:25'
}

View file

@ -2,7 +2,7 @@ load "${REPOSITORY_ROOT}/test/helper/setup"
load "${REPOSITORY_ROOT}/test/helper/common"
TEST_NAME_PREFIX='ClamAV:'
CONTAINER_NAME='dms-test-clamav'
CONTAINER_NAME='dms-test_clamav'
function setup_file() {
init_with_defaults
@ -35,7 +35,7 @@ function setup_file() {
function teardown_file() { _default_teardown ; }
@test "${TEST_NAME_PREFIX} process clamd is running" {
_run_in_container bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
run check_if_process_is_running 'clamd'
assert_success
}
@ -66,6 +66,8 @@ function teardown_file() { _default_teardown ; }
}
@test "${TEST_NAME_PREFIX} process clamd restarts when killed" {
_run_in_container bash -c "pkill clamd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
_run_in_container pkill 'clamd'
assert_success
run_until_success_or_timeout 10 check_if_process_is_running 'clamd'
}

View file

@ -1,48 +1,50 @@
load "${REPOSITORY_ROOT}/test/test_helper/common"
load "${REPOSITORY_ROOT}/test/helper/setup"
load "${REPOSITORY_ROOT}/test/helper/common"
setup_file() {
local PRIVATE_CONFIG
PRIVATE_CONFIG=$(duplicate_config_for_container .)
TEST_NAME_PREFIX='[ClamAV + SA] (disabled):'
CONTAINER_NAME='dms-test_clamav-spamassasin_disabled'
docker run --rm -d --name mail_disabled_clamav_spamassassin \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
-e ENABLE_CLAMAV=0 \
-e ENABLE_SPAMASSASSIN=0 \
-e AMAVIS_LOGLEVEL=2 \
-h mail.my-domain.com -t "${NAME}"
function setup_file() {
init_with_defaults
# TODO: find a better way to know when we have waited long enough
# for ClamAV to should have come up, if it were enabled
wait_for_smtp_port_in_container mail_disabled_clamav_spamassassin
docker exec mail_disabled_clamav_spamassassin /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt"
local CUSTOM_SETUP_ARGUMENTS=(
--env ENABLE_AMAVIS=1
--env ENABLE_CLAMAV=0
--env ENABLE_SPAMASSASSIN=0
--env AMAVIS_LOGLEVEL=2
)
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
_run_in_container bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt"
assert_success
wait_for_empty_mail_queue_in_container "${CONTAINER_NAME}"
}
teardown_file() {
docker rm -f mail_disabled_clamav_spamassassin
}
function teardown_file() { _default_teardown ; }
@test "checking process: ClamAV (ClamAV disabled by ENABLED_CLAMAV=0)" {
run docker exec mail_disabled_clamav_spamassassin /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
@test "${TEST_NAME_PREFIX} ClamAV - should be disabled by ENV 'ENABLED_CLAMAV=0'" {
run check_if_process_is_running 'clamd'
assert_failure
}
@test "checking spamassassin: should not be listed in amavis when disabled" {
run docker exec mail_disabled_clamav_spamassassin /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'"
@test "${TEST_NAME_PREFIX} SA - Amavis integration should not be active" {
_run_in_container /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'"
assert_success
}
@test "checking ClamAV: should not be listed in amavis when disabled" {
run docker exec mail_disabled_clamav_spamassassin grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log
@test "${TEST_NAME_PREFIX} ClamAV - Amavis integration should not be active" {
_run_in_container grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log
assert_failure
}
@test "checking ClamAV: should not be called when disabled" {
run docker exec mail_disabled_clamav_spamassassin grep -i 'connect to /var/run/clamav/clamd.ctl failed' /var/log/mail/mail.log
@test "${TEST_NAME_PREFIX} SA should not be called" {
_run_in_container grep -i 'connect to /var/run/clamav/clamd.ctl failed' /var/log/mail/mail.log
assert_failure
}
@test "checking restart of process: ClamAV (ClamAV disabled by ENABLED_CLAMAV=0)" {
run docker exec mail_disabled_clamav_spamassassin /bin/bash -c "pkill -f clamd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
@test "${TEST_NAME_PREFIX} ClamAV process should not be restarted when killed" {
_run_in_container /bin/bash -c "pkill -f clamd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
assert_failure
}

View file

@ -1,61 +1,61 @@
load "${REPOSITORY_ROOT}/test/test_helper/common"
load "${REPOSITORY_ROOT}/test/helper/setup"
load "${REPOSITORY_ROOT}/test/helper/common"
CONTAINER="mail_dnsbl_enabled"
CONTAINER2="mail_dnsbl_disabled"
TEST_NAME_PREFIX='DNSBLs:'
CONTAINER1_NAME='dms-test_dnsbl_enabled'
CONTAINER2_NAME='dms-test_dnsbl_disabled'
function setup_file() {
local PRIVATE_CONFIG
PRIVATE_CONFIG=$(duplicate_config_for_container . "${CONTAINER}")
local CONTAINER_NAME=${CONTAINER1_NAME}
local CUSTOM_SETUP_ARGUMENTS=(
--env ENABLE_DNSBL=1
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
docker run --rm -d --name "${CONTAINER}" \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
-e ENABLE_DNSBL=1 \
-h mail.my-domain.com \
-t "${NAME}"
local CONTAINER_NAME=${CONTAINER2_NAME}
local CUSTOM_SETUP_ARGUMENTS=(
--env ENABLE_DNSBL=0
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
}
docker run --rm -d --name "${CONTAINER2}" \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
-e ENABLE_DNSBL=0 \
-h mail.my-domain.com \
-t "${NAME}"
wait_for_smtp_port_in_container "${CONTAINER}"
wait_for_smtp_port_in_container "${CONTAINER2}"
function teardown_file() {
docker rm -f "${CONTAINER1_NAME}" "${CONTAINER2_NAME}"
}
# ENABLE_DNSBL=1
@test "checking enabled postfix DNS block list zen.spamhaus.org" {
run docker exec "${CONTAINER}" postconf smtpd_recipient_restrictions
@test "${TEST_NAME_PREFIX} (enabled) Postfix DNS block list zen.spamhaus.org" {
run docker exec "${CONTAINER1_NAME}" postconf smtpd_recipient_restrictions
assert_output --partial 'reject_rbl_client zen.spamhaus.org'
}
@test "checking enabled postscreen DNS block lists --> postscreen_dnsbl_action" {
run docker exec "${CONTAINER}" postconf postscreen_dnsbl_action
@test "${TEST_NAME_PREFIX} (enabled) Postscreen DNS block lists -> postscreen_dnsbl_action" {
run docker exec "${CONTAINER1_NAME}" postconf postscreen_dnsbl_action
assert_output 'postscreen_dnsbl_action = enforce'
}
@test "checking enabled postscreen DNS block lists --> postscreen_dnsbl_sites" {
run docker exec "${CONTAINER}" postconf postscreen_dnsbl_sites
@test "${TEST_NAME_PREFIX} (enabled) Postscreen DNS block lists -> postscreen_dnsbl_sites" {
run docker exec "${CONTAINER1_NAME}" postconf postscreen_dnsbl_sites
assert_output 'postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]*3 bl.mailspike.net=127.0.0.[2;14;13;12;11;10] b.barracudacentral.org*2 bl.spameatingmonkey.net=127.0.0.2 dnsbl.sorbs.net psbl.surriel.com list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].[2..3]*-4'
}
# ENABLE_DNSBL=0
@test "checking disabled postfix DNS block list zen.spamhaus.org" {
run docker exec "${CONTAINER2}" postconf smtpd_recipient_restrictions
@test "${TEST_NAME_PREFIX} (disabled) Postfix DNS block list zen.spamhaus.org" {
run docker exec "${CONTAINER2_NAME}" postconf smtpd_recipient_restrictions
refute_output --partial 'reject_rbl_client zen.spamhaus.org'
}
@test "checking disabled postscreen DNS block lists --> postscreen_dnsbl_action" {
run docker exec "${CONTAINER2}" postconf postscreen_dnsbl_action
@test "${TEST_NAME_PREFIX} (disabled) Postscreen DNS block lists -> postscreen_dnsbl_action" {
run docker exec "${CONTAINER2_NAME}" postconf postscreen_dnsbl_action
assert_output 'postscreen_dnsbl_action = ignore'
}
@test "checking disabled postscreen DNS block lists --> postscreen_dnsbl_sites" {
run docker exec "${CONTAINER2}" postconf postscreen_dnsbl_sites
@test "${TEST_NAME_PREFIX} (disabled) Postscreen DNS block lists -> postscreen_dnsbl_sites" {
run docker exec "${CONTAINER2_NAME}" postconf postscreen_dnsbl_sites
assert_output 'postscreen_dnsbl_sites ='
}
# cleanup
function teardown_file() {
docker rm -f "${CONTAINER}" "${CONTAINER2}"
}

View file

@ -1,88 +1,90 @@
load "${REPOSITORY_ROOT}/test/test_helper/common"
load "${REPOSITORY_ROOT}/test/helper/setup"
load "${REPOSITORY_ROOT}/test/helper/common"
TEST_NAME_PREFIX='Fail2Ban:'
CONTAINER1_NAME='dms-test_fail2ban'
CONTAINER2_NAME='dms-test_fail2ban_fail-auth-mailer'
function get_container2_ip() {
docker inspect --format '{{ .NetworkSettings.IPAddress }}' "${CONTAINER2_NAME}"
}
function setup_file() {
local PRIVATE_CONFIG
PRIVATE_CONFIG=$(duplicate_config_for_container .)
docker run --rm -d --name mail_fail2ban \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
-e ENABLE_FAIL2BAN=1 \
-e POSTSCREEN_ACTION=ignore \
--cap-add=NET_ADMIN \
--hostname mail.my-domain.com \
--tty \
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)" \
"${NAME}"
export CONTAINER_NAME
CONTAINER_NAME=${CONTAINER1_NAME}
local CUSTOM_SETUP_ARGUMENTS=(
--env ENABLE_FAIL2BAN=1
--env POSTSCREEN_ACTION=ignore
--cap-add=NET_ADMIN
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)"
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
# Create a container which will send wrong authentications and should get banned
docker run --name fail-auth-mailer \
-e MAIL_FAIL2BAN_IP="$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' mail_fail2ban)" \
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test \
-d "${NAME}" \
tail -f /var/log/faillog
CONTAINER_NAME=${CONTAINER2_NAME}
local CUSTOM_SETUP_ARGUMENTS=(--env MAIL_FAIL2BAN_IP="$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' ${CONTAINER1_NAME})")
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_finished_setup_in_container mail_fail2ban
# Set default implicit container fallback for helpers:
CONTAINER_NAME=${CONTAINER1_NAME}
}
function teardown_file() {
docker rm -f mail_fail2ban fail-auth-mailer
docker rm -f "${CONTAINER1_NAME}" "${CONTAINER2_NAME}"
}
#
# processes
#
@test "checking process: fail2ban (fail2ban server enabled)" {
run docker exec mail_fail2ban /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python3 /usr/bin/fail2ban-server'"
@test "${TEST_NAME_PREFIX} Fail2Ban is running" {
run check_if_process_is_running 'fail2ban-server'
assert_success
}
#
# fail2ban
#
@test "${TEST_NAME_PREFIX} localhost is not banned because ignored" {
_run_in_container fail2ban-client status postfix-sasl
assert_success
refute_output --regexp '.*IP list:.*127\.0\.0\.1.*'
@test "checking fail2ban: localhost is not banned because ignored" {
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*127.0.0.1'"
assert_failure
run docker exec mail_fail2ban /bin/sh -c "grep 'ignoreip = 127.0.0.1/8' /etc/fail2ban/jail.conf"
_run_in_container grep 'ignoreip = 127.0.0.1/8' /etc/fail2ban/jail.conf
assert_success
}
@test "checking fail2ban: fail2ban-fail2ban.cf overrides" {
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get loglevel | grep DEBUG"
@test "${TEST_NAME_PREFIX} fail2ban-fail2ban.cf overrides" {
_run_in_container fail2ban-client get loglevel
assert_success
assert_output --partial 'DEBUG'
}
@test "checking fail2ban: fail2ban-jail.cf overrides" {
FILTERS=(dovecot postfix postfix-sasl)
for FILTER in "${FILTERS[@]}"; do
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get ${FILTER} bantime"
@test "${TEST_NAME_PREFIX} fail2ban-jail.cf overrides" {
for FILTER in 'dovecot' 'postfix' 'postfix-sasl'
do
_run_in_container fail2ban-client get "${FILTER}" bantime
assert_output 1234
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get ${FILTER} findtime"
_run_in_container fail2ban-client get "${FILTER}" findtime
assert_output 321
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get ${FILTER} maxretry"
_run_in_container fail2ban-client get "${FILTER}" maxretry
assert_output 2
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client -d | grep -F \"['set', 'dovecot', 'addaction', 'nftables-multiport']\""
assert_output "['set', 'dovecot', 'addaction', 'nftables-multiport']"
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client -d | grep -F \"['set', 'postfix', 'addaction', 'nftables-multiport']\""
assert_output "['set', 'postfix', 'addaction', 'nftables-multiport']"
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client -d | grep -F \"['set', 'postfix-sasl', 'addaction', 'nftables-multiport']\""
assert_output "['set', 'postfix-sasl', 'addaction', 'nftables-multiport']"
_run_in_container fail2ban-client -d
assert_output --partial "['set', 'dovecot', 'addaction', 'nftables-multiport']"
assert_output --partial "['set', 'postfix', 'addaction', 'nftables-multiport']"
assert_output --partial "['set', 'postfix-sasl', 'addaction', 'nftables-multiport']"
done
}
@test "checking fail2ban: ban ip on multiple failed login" {
# can't pipe the file as usual due to postscreen. (respecting postscreen_greet_wait time and talking in turn):
# NOTE: This test case is fragile if other test cases were to be run concurrently
@test "${TEST_NAME_PREFIX} ban ip on multiple failed login" {
# can't pipe the file as usual due to postscreen
# respecting postscreen_greet_wait time and talking in turn):
# shellcheck disable=SC1004
for _ in {1,2}
do
docker exec fail-auth-mailer /bin/bash -c \
docker exec "${CONTAINER2_NAME}" /bin/bash -c \
'exec 3<>/dev/tcp/${MAIL_FAIL2BAN_IP}/25 && \
while IFS= read -r cmd; do \
head -1 <&3; \
@ -93,108 +95,123 @@ function teardown_file() {
sleep 5
FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer)
# Checking that FAIL_AUTH_MAILER_IP is banned in mail_fail2ban
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep '${FAIL_AUTH_MAILER_IP}'"
# Checking that CONTAINER2_IP is banned in "${CONTAINER1_NAME}"
CONTAINER2_IP=$(get_container2_ip)
_run_in_container fail2ban-client status postfix-sasl
assert_success
assert_output --partial "${CONTAINER2_IP}"
# Checking that FAIL_AUTH_MAILER_IP is banned by nftables
run docker exec mail_fail2ban /bin/sh -c "nft list set inet f2b-table addr-set-postfix-sasl"
assert_output --partial "elements = { ${FAIL_AUTH_MAILER_IP} }"
# Checking that CONTAINER2_IP is banned by nftables
_run_in_container bash -c 'nft list set inet f2b-table addr-set-postfix-sasl'
assert_success
assert_output --partial "elements = { ${CONTAINER2_IP} }"
}
@test "checking fail2ban: unban ip works" {
FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer)
docker exec mail_fail2ban fail2ban-client set postfix-sasl unbanip "${FAIL_AUTH_MAILER_IP}"
@test "${TEST_NAME_PREFIX} unban ip works" {
CONTAINER2_IP=$(get_container2_ip)
_run_in_container fail2ban-client set postfix-sasl unbanip "${CONTAINER2_IP}"
assert_success
sleep 5
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*${FAIL_AUTH_MAILER_IP}'"
assert_failure
# Checking that CONTAINER2_IP is unbanned in "${CONTAINER1_NAME}"
_run_in_container fail2ban-client status postfix-sasl
assert_success
refute_output --partial "${CONTAINER2_IP}"
# Checking that FAIL_AUTH_MAILER_IP is unbanned by nftables
run docker exec mail_fail2ban /bin/sh -c "nft list set inet f2b-table addr-set-postfix-sasl"
refute_output --partial "${FAIL_AUTH_MAILER_IP}"
# Checking that CONTAINER2_IP is unbanned by nftables
_run_in_container bash -c 'nft list set inet f2b-table addr-set-postfix-sasl'
refute_output --partial "${CONTAINER2_IP}"
}
@test "checking fail2ban ban" {
# Ban single IP address
run docker exec mail_fail2ban fail2ban ban 192.0.66.7
@test "${TEST_NAME_PREFIX} bans work properly (single IP)" {
_run_in_container fail2ban ban 192.0.66.7
assert_success
assert_output "Banned custom IP: 1"
assert_output 'Banned custom IP: 1'
run docker exec mail_fail2ban fail2ban
_run_in_container fail2ban
assert_success
assert_output --regexp "Banned in custom:.*192\.0\.66\.7"
assert_output --regexp 'Banned in custom:.*192\.0\.66\.7'
run docker exec mail_fail2ban nft list set inet f2b-table addr-set-custom
_run_in_container nft list set inet f2b-table addr-set-custom
assert_success
assert_output --partial "elements = { 192.0.66.7 }"
assert_output --partial 'elements = { 192.0.66.7 }'
run docker exec mail_fail2ban fail2ban unban 192.0.66.7
_run_in_container fail2ban unban 192.0.66.7
assert_success
assert_output --partial "Unbanned IP from custom: 1"
assert_output --partial 'Unbanned IP from custom: 1'
run docker exec mail_fail2ban nft list set inet f2b-table addr-set-custom
refute_output --partial "192.0.66.7"
# Ban IP network
run docker exec mail_fail2ban fail2ban ban 192.0.66.0/24
assert_success
assert_output "Banned custom IP: 1"
run docker exec mail_fail2ban fail2ban
assert_success
assert_output --regexp "Banned in custom:.*192\.0\.66\.0/24"
run docker exec mail_fail2ban nft list set inet f2b-table addr-set-custom
assert_success
assert_output --partial "elements = { 192.0.66.0/24 }"
run docker exec mail_fail2ban fail2ban unban 192.0.66.0/24
assert_success
assert_output --partial "Unbanned IP from custom: 1"
run docker exec mail_fail2ban nft list set inet f2b-table addr-set-custom
refute_output --partial "192.0.66.0/24"
_run_in_container nft list set inet f2b-table addr-set-custom
refute_output --partial '192.0.66.7'
}
@test "checking FAIL2BAN_BLOCKTYPE is really set to drop" {
run docker exec mail_fail2ban bash -c 'nft list table inet f2b-table'
@test "${TEST_NAME_PREFIX} bans work properly (subnet)" {
_run_in_container fail2ban ban 192.0.66.0/24
assert_success
assert_output 'Banned custom IP: 1'
_run_in_container fail2ban
assert_success
assert_output --regexp 'Banned in custom:.*192\.0\.66\.0/24'
_run_in_container nft list set inet f2b-table addr-set-custom
assert_success
assert_output --partial 'elements = { 192.0.66.0/24 }'
_run_in_container fail2ban unban 192.0.66.0/24
assert_success
assert_output --partial 'Unbanned IP from custom: 1'
_run_in_container nft list set inet f2b-table addr-set-custom
refute_output --partial '192.0.66.0/24'
}
@test "${TEST_NAME_PREFIX} FAIL2BAN_BLOCKTYPE is really set to drop" {
# ban IPs here manually so we can be sure something is inside the jails
for JAIL in dovecot postfix-sasl custom; do
_run_in_container fail2ban-client set "${JAIL}" banip 192.33.44.55
assert_success
done
_run_in_container nft list table inet f2b-table
assert_success
assert_output --partial 'tcp dport { 110, 143, 465, 587, 993, 995, 4190 } ip saddr @addr-set-dovecot drop'
assert_output --partial 'tcp dport { 25, 110, 143, 465, 587, 993, 995 } ip saddr @addr-set-postfix-sasl drop'
assert_output --partial 'tcp dport { 25, 110, 143, 465, 587, 993, 995, 4190 } ip saddr @addr-set-custom drop'
# unban the IPs previously banned to get a clean state again
for JAIL in dovecot postfix-sasl custom; do
_run_in_container fail2ban-client set "${JAIL}" unbanip 192.33.44.55
assert_success
done
}
@test "checking setup.sh: setup.sh fail2ban" {
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client set dovecot banip 192.0.66.4"
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client set dovecot banip 192.0.66.5"
@test "${TEST_NAME_PREFIX} setup.sh fail2ban" {
_run_in_container fail2ban-client set dovecot banip 192.0.66.4
_run_in_container fail2ban-client set dovecot banip 192.0.66.5
sleep 10
run ./setup.sh -c mail_fail2ban fail2ban
# Originally: run ./setup.sh -c "${CONTAINER1_NAME}" fail2ban
_run_in_container setup fail2ban
assert_output --regexp '^Banned in dovecot:.*192\.0\.66\.4'
assert_output --regexp '^Banned in dovecot:.*192\.0\.66\.5'
run ./setup.sh -c mail_fail2ban fail2ban unban 192.0.66.4
_run_in_container setup fail2ban unban 192.0.66.4
assert_output --partial "Unbanned IP from dovecot: 1"
run ./setup.sh -c mail_fail2ban fail2ban
assert_output --regexp "^Banned in dovecot:.*192\.0\.66\.5"
_run_in_container setup fail2ban
assert_output --regexp '^Banned in dovecot:.*192\.0\.66\.5'
run ./setup.sh -c mail_fail2ban fail2ban unban 192.0.66.5
assert_output --partial "Unbanned IP from dovecot: 1"
_run_in_container setup fail2ban unban 192.0.66.5
assert_output --partial 'Unbanned IP from dovecot: 1'
run ./setup.sh -c mail_fail2ban fail2ban unban
assert_output --partial "You need to specify an IP address: Run"
_run_in_container setup fail2ban unban
assert_output --partial 'You need to specify an IP address: Run'
}
#
# supervisor
#
@test "checking restart of process: fail2ban (fail2ban server enabled)" {
run docker exec mail_fail2ban /bin/bash -c "pkill fail2ban && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/bin/python3 /usr/bin/fail2ban-server'"
@test "${TEST_NAME_PREFIX} restart of Fail2Ban" {
_run_in_container pkill fail2ban
assert_success
run_until_success_or_timeout 10 check_if_process_is_running 'fail2ban-server'
}

View file

@ -1,92 +1,92 @@
load "${REPOSITORY_ROOT}/test/test_helper/common"
load "${REPOSITORY_ROOT}/test/helper/setup"
load "${REPOSITORY_ROOT}/test/helper/common"
TEST_NAME_PREFIX='Postgrey (enabled):'
CONTAINER_NAME='dms-test_postgrey_enabled'
function setup_file() {
local PRIVATE_CONFIG
PRIVATE_CONFIG=$(duplicate_config_for_container .)
local CUSTOM_SETUP_ARGUMENTS=(
--env ENABLE_DNSBL=1
--env ENABLE_POSTGREY=1
--env PERMIT_DOCKER=container
--env POSTGREY_AUTO_WHITELIST_CLIENTS=5
--env POSTGREY_DELAY=15
--env POSTGREY_MAX_AGE=35
--env POSTGREY_TEXT="Delayed by Postgrey"
)
docker run -d --name mail_with_postgrey \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
-e ENABLE_DNSBL=1 \
-e ENABLE_POSTGREY=1 \
-e PERMIT_DOCKER=container \
-e POSTGREY_AUTO_WHITELIST_CLIENTS=5 \
-e POSTGREY_DELAY=15 \
-e POSTGREY_MAX_AGE=35 \
-e POSTGREY_TEXT="Delayed by Postgrey" \
-h mail.my-domain.com -t "${NAME}"
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
# using postfix availability as start indicator, this might be insufficient for postgrey
wait_for_smtp_port_in_container mail_with_postgrey
# Postfix needs to be ready on port 25 for nc usage below:
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
}
function teardown_file() {
docker rm -f mail_with_postgrey
}
function teardown_file() { _default_teardown ; }
@test "checking postgrey: /etc/postfix/main.cf correctly edited" {
run docker exec mail_with_postgrey /bin/bash -c "grep -F 'zen.spamhaus.org=127.0.0.[2..11], check_policy_service inet:127.0.0.1:10023' /etc/postfix/main.cf | wc -l"
@test "${TEST_NAME_PREFIX} /etc/postfix/main.cf correctly edited" {
_run_in_container bash -c "grep -F 'zen.spamhaus.org=127.0.0.[2..11], check_policy_service inet:127.0.0.1:10023' /etc/postfix/main.cf | wc -l"
assert_success
assert_output 1
}
@test "checking postgrey: /etc/default/postgrey correctly edited and has the default values" {
run docker exec mail_with_postgrey /bin/bash -c "grep '^POSTGREY_OPTS=\"--inet=127.0.0.1:10023 --delay=15 --max-age=35 --auto-whitelist-clients=5\"$' /etc/default/postgrey | wc -l"
@test "${TEST_NAME_PREFIX} /etc/default/postgrey correctly edited and has the default values" {
_run_in_container bash -c "grep '^POSTGREY_OPTS=\"--inet=127.0.0.1:10023 --delay=15 --max-age=35 --auto-whitelist-clients=5\"$' /etc/default/postgrey | wc -l"
assert_success
assert_output 1
run docker exec mail_with_postgrey /bin/bash -c "grep '^POSTGREY_TEXT=\"Delayed by Postgrey\"$' /etc/default/postgrey | wc -l"
_run_in_container bash -c "grep '^POSTGREY_TEXT=\"Delayed by Postgrey\"$' /etc/default/postgrey | wc -l"
assert_success
assert_output 1
}
@test "checking process: postgrey (postgrey server enabled)" {
run docker exec mail_with_postgrey /bin/bash -c "ps aux --forest | grep -v grep | grep 'postgrey'"
@test "${TEST_NAME_PREFIX} Postgrey is running" {
run check_if_process_is_running 'postgrey'
assert_success
}
@test "checking postgrey: there should be a log entry about a new greylisted e-mail user@external.tld in /var/log/mail/mail.log" {
@test "${TEST_NAME_PREFIX} there should be a log entry about a new greylisted e-mail user@external.tld in /var/log/mail/mail.log" {
#editing the postfix config in order to ensure that postgrey handles the test e-mail. The other spam checks at smtpd_recipient_restrictions would interfere with it.
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/permit_sasl_authenticated.*policyd-spf,$//g' /etc/postfix/main.cf"
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/reject_unauth_pipelining.*reject_unknown_recipient_domain,$//g' /etc/postfix/main.cf"
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/reject_rbl_client.*inet:127\.0\.0\.1:10023$//g' /etc/postfix/main.cf"
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/smtpd_recipient_restrictions =/smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10023/g' /etc/postfix/main.cf"
_run_in_container bash -c "sed -ie 's/permit_sasl_authenticated.*policyd-spf,$//g' /etc/postfix/main.cf"
_run_in_container bash -c "sed -ie 's/reject_unauth_pipelining.*reject_unknown_recipient_domain,$//g' /etc/postfix/main.cf"
_run_in_container bash -c "sed -ie 's/reject_rbl_client.*inet:127\.0\.0\.1:10023$//g' /etc/postfix/main.cf"
_run_in_container bash -c "sed -ie 's/smtpd_recipient_restrictions =/smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10023/g' /etc/postfix/main.cf"
_run_in_container postfix reload
run docker exec mail_with_postgrey /bin/sh -c "/etc/init.d/postfix reload"
run docker exec mail_with_postgrey /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/postgrey.txt"
_run_in_container bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/postgrey.txt"
sleep 5 #ensure that the information has been written into the log
run docker exec mail_with_postgrey /bin/bash -c "grep -i 'action=greylist.*user@external\.tld' /var/log/mail/mail.log | wc -l"
_run_in_container bash -c "grep -i 'action=greylist.*user@external\.tld' /var/log/mail/mail.log | wc -l"
assert_success
assert_output 1
}
@test "checking postgrey: there should be a log entry about the retried and passed e-mail user@external.tld in /var/log/mail/mail.log" {
@test "${TEST_NAME_PREFIX} there should be a log entry about the retried and passed e-mail user@external.tld in /var/log/mail/mail.log" {
sleep 20 #wait 20 seconds so that postgrey would accept the message
run docker exec mail_with_postgrey /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/postgrey.txt"
_run_in_container bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/postgrey.txt"
sleep 8
run docker exec mail_with_postgrey /bin/sh -c "grep -i 'action=pass, reason=triplet found.*user@external\.tld' /var/log/mail/mail.log | wc -l"
_run_in_container bash -c "grep -i 'action=pass, reason=triplet found.*user@external\.tld' /var/log/mail/mail.log | wc -l"
assert_success
assert_output 1
}
@test "checking postgrey: there should be a log entry about the whitelisted and passed e-mail user@whitelist.tld in /var/log/mail/mail.log" {
run docker exec mail_with_postgrey /bin/sh -c "nc -w 8 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist.txt"
run docker exec mail_with_postgrey /bin/sh -c "grep -i 'action=pass, reason=client whitelist' /var/log/mail/mail.log | wc -l"
@test "${TEST_NAME_PREFIX} there should be a log entry about the whitelisted and passed e-mail user@whitelist.tld in /var/log/mail/mail.log" {
_run_in_container bash -c "nc -w 8 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist.txt"
_run_in_container bash -c "grep -i 'action=pass, reason=client whitelist' /var/log/mail/mail.log | wc -l"
assert_success
assert_output 1
}
@test "checking postgrey: there should be a log entry about the whitelisted local and passed e-mail user@whitelistlocal.tld in /var/log/mail/mail.log" {
run docker exec mail_with_postgrey /bin/sh -c "nc -w 8 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist_local.txt"
run docker exec mail_with_postgrey /bin/sh -c "grep -i 'action=pass, reason=client whitelist' /var/log/mail/mail.log | wc -l"
@test "${TEST_NAME_PREFIX} there should be a log entry about the whitelisted local and passed e-mail user@whitelistlocal.tld in /var/log/mail/mail.log" {
_run_in_container bash -c "nc -w 8 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist_local.txt"
_run_in_container bash -c "grep -i 'action=pass, reason=client whitelist' /var/log/mail/mail.log | wc -l"
assert_success
assert_output 1
}
@test "checking postgrey: there should be a log entry about the whitelisted recipient user2@otherdomain.tld in /var/log/mail/mail.log" {
run docker exec mail_with_postgrey /bin/sh -c "nc -w 8 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist_recipients.txt"
run docker exec mail_with_postgrey /bin/sh -c "grep -i 'action=pass, reason=recipient whitelist' /var/log/mail/mail.log | wc -l"
@test "${TEST_NAME_PREFIX} there should be a log entry about the whitelisted recipient user2@otherdomain.tld in /var/log/mail/mail.log" {
_run_in_container bash -c "nc -w 8 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist_recipients.txt"
_run_in_container bash -c "grep -i 'action=pass, reason=recipient whitelist' /var/log/mail/mail.log | wc -l"
assert_success
assert_output 1
}

View file

@ -1,44 +1,46 @@
load "${REPOSITORY_ROOT}/test/test_helper/common"
load "${REPOSITORY_ROOT}/test/helper/setup"
load "${REPOSITORY_ROOT}/test/helper/common"
setup() {
# Getting mail container IP
MAIL_POSTSCREEN_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' mail_postscreen)
TEST_NAME_PREFIX='Postscreen:'
CONTAINER1_NAME='dms-test_postscreen_enforce'
CONTAINER2_NAME='dms-test_postscreen_sender'
function setup() {
MAIL_POSTSCREEN_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' "${CONTAINER1_NAME}")
}
setup_file() {
local PRIVATE_CONFIG
PRIVATE_CONFIG=$(duplicate_config_for_container .)
function setup_file() {
local CONTAINER_NAME=${CONTAINER1_NAME}
local CUSTOM_SETUP_ARGUMENTS=(
--env POSTSCREEN_ACTION=enforce
--cap-add=NET_ADMIN
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
docker run -d --name mail_postscreen \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
-e POSTSCREEN_ACTION=enforce \
--cap-add=NET_ADMIN \
-h mail.my-domain.com -t "${NAME}"
docker run --name mail_postscreen_sender \
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
-d "${NAME}" \
tail -f /var/log/faillog
wait_for_smtp_port_in_container mail_postscreen
local CONTAINER_NAME=${CONTAINER2_NAME}
init_with_defaults
common_container_setup
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
}
teardown_file() {
docker rm -f mail_postscreen mail_postscreen_sender
function teardown_file() {
docker rm -f "${CONTAINER1_NAME}" "${CONTAINER2_NAME}"
}
@test "checking postscreen: talk too fast" {
docker exec mail_postscreen_sender /bin/sh -c "nc ${MAIL_POSTSCREEN_IP} 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login.txt"
@test "${TEST_NAME_PREFIX} talk too fast" {
run docker exec "${CONTAINER2_NAME}" /bin/sh -c "nc ${MAIL_POSTSCREEN_IP} 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login.txt"
assert_success
repeat_until_success_or_timeout 10 run docker exec mail_postscreen grep 'COMMAND PIPELINING' /var/log/mail/mail.log
repeat_until_success_or_timeout 10 run docker exec "${CONTAINER1_NAME}" grep 'COMMAND PIPELINING' /var/log/mail/mail.log
assert_success
}
@test "checking postscreen: positive test (respecting postscreen_greet_wait time and talking in turn)" {
@test "${TEST_NAME_PREFIX} positive test (respecting postscreen_greet_wait time and talking in turn)" {
for _ in {1,2}; do
# shellcheck disable=SC1004
docker exec mail_postscreen_sender /bin/bash -c \
docker exec "${CONTAINER2_NAME}" /bin/bash -c \
'exec 3<>/dev/tcp/'"${MAIL_POSTSCREEN_IP}"'/25 && \
while IFS= read -r cmd; do \
head -1 <&3; \
@ -47,6 +49,6 @@ teardown_file() {
done < "/tmp/docker-mailserver-test/auth/smtp-auth-login.txt"'
done
repeat_until_success_or_timeout 10 run docker exec mail_postscreen grep 'PASS NEW ' /var/log/mail/mail.log
repeat_until_success_or_timeout 10 run docker exec "${CONTAINER1_NAME}" grep 'PASS NEW ' /var/log/mail/mail.log
assert_success
}

View file

@ -1,8 +1,8 @@
load "${REPOSITORY_ROOT}/test/helper/setup"
load "${REPOSITORY_ROOT}/test/helper/common"
TEST_NAME_PREFIX='spam (Amavis):'
CONTAINER_NAME='dms-test-spam_bounced'
TEST_NAME_PREFIX='Spam bounced:'
CONTAINER_NAME='dms-test_spam-bounced'
function setup_file() {
init_with_defaults

View file

@ -1,67 +1,67 @@
load "${REPOSITORY_ROOT}/test/test_helper/common"
load "${REPOSITORY_ROOT}/test/helper/setup"
load "${REPOSITORY_ROOT}/test/helper/common"
TEST_NAME_PREFIX='Spam junk folder:'
CONTAINER1_NAME='dms-test_spam-junk-folder_1'
CONTAINER2_NAME='dms-test_spam-junk-folder_2'
function teardown() { _default_teardown ; }
# Test case
# ---------
# When SPAMASSASSIN_SPAM_TO_INBOX=1, spam messages must be delivered and eventually (MOVE_SPAM_TO_JUNK=1) moved to the Junk folder.
# When SPAMASSASSIN_SPAM_TO_INBOX=1, spam messages must be delivered
# and eventually (MOVE_SPAM_TO_JUNK=1) moved to the Junk folder.
@test "checking amavis: spam message is delivered and moved to the Junk folder (MOVE_SPAM_TO_JUNK=1)" {
local PRIVATE_CONFIG
PRIVATE_CONFIG=$(duplicate_config_for_container . mail_spam_moved_junk)
docker run -d --name mail_spam_moved_junk \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
-e ENABLE_SPAMASSASSIN=1 \
-e MOVE_SPAM_TO_JUNK=1 \
-e PERMIT_DOCKER=container \
-e SA_SPAM_SUBJECT="SPAM: " \
-e SPAMASSASSIN_SPAM_TO_INBOX=1 \
-h mail.my-domain.com -t "${NAME}"
teardown() { docker rm -f mail_spam_moved_junk; }
wait_for_smtp_port_in_container mail_spam_moved_junk
@test "${TEST_NAME_PREFIX} (Amavis) spam message delivered & moved to Junk folder" {
export CONTAINER_NAME=${CONTAINER1_NAME}
local CUSTOM_SETUP_ARGUMENTS=(
--env ENABLE_AMAVIS=1
--env ENABLE_SPAMASSASSIN=1
--env MOVE_SPAM_TO_JUNK=1
--env PERMIT_DOCKER=container
--env SA_SPAM_SUBJECT="SPAM: "
--env SPAMASSASSIN_SPAM_TO_INBOX=1
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
# send a spam message
run docker exec mail_spam_moved_junk /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt"
_run_in_container bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt"
assert_success
# message will be added to a queue with varying delay until amavis receives it
run repeat_until_success_or_timeout 60 sh -c "docker logs mail_spam_moved_junk | grep 'Passed SPAM {RelayedTaggedInbound,Quarantined}'"
run repeat_until_success_or_timeout 60 bash -c "docker logs ${CONTAINER_NAME} | grep 'Passed SPAM {RelayedTaggedInbound,Quarantined}'"
assert_success
# spam moved to Junk folder
run repeat_until_success_or_timeout 20 sh -c "docker exec mail_spam_moved_junk sh -c 'grep \"Subject: SPAM: \" /var/mail/localhost.localdomain/user1/.Junk/new/ -R'"
run repeat_until_success_or_timeout 20 bash -c "docker exec ${CONTAINER_NAME} sh -c 'grep \"Subject: SPAM: \" /var/mail/localhost.localdomain/user1/.Junk/new/ -R'"
assert_success
}
@test "checking amavis: spam message is delivered to INBOX (MOVE_SPAM_TO_JUNK=0)" {
local PRIVATE_CONFIG
PRIVATE_CONFIG=$(duplicate_config_for_container . mail_spam_moved_new)
docker run -d --name mail_spam_moved_new \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
-e ENABLE_SPAMASSASSIN=1 \
-e MOVE_SPAM_TO_JUNK=0 \
-e PERMIT_DOCKER=container \
-e SA_SPAM_SUBJECT="SPAM: " \
-e SPAMASSASSIN_SPAM_TO_INBOX=1 \
-h mail.my-domain.com -t "${NAME}"
teardown() { docker rm -f mail_spam_moved_new; }
wait_for_smtp_port_in_container mail_spam_moved_new
@test "${TEST_NAME_PREFIX} (Amavis) spam message delivered to INBOX" {
export CONTAINER_NAME=${CONTAINER2_NAME}
local CUSTOM_SETUP_ARGUMENTS=(
--env ENABLE_AMAVIS=1
--env ENABLE_SPAMASSASSIN=1
--env MOVE_SPAM_TO_JUNK=0
--env PERMIT_DOCKER=container
--env SA_SPAM_SUBJECT="SPAM: "
--env SPAMASSASSIN_SPAM_TO_INBOX=1
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
# send a spam message
run docker exec mail_spam_moved_new /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt"
_run_in_container /bin/bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt"
assert_success
# message will be added to a queue with varying delay until amavis receives it
run repeat_until_success_or_timeout 60 sh -c "docker logs mail_spam_moved_new | grep 'Passed SPAM {RelayedTaggedInbound,Quarantined}'"
run repeat_until_success_or_timeout 60 bash -c "docker logs ${CONTAINER_NAME} | grep 'Passed SPAM {RelayedTaggedInbound,Quarantined}'"
assert_success
# spam moved to INBOX
run repeat_until_success_or_timeout 20 sh -c "docker exec mail_spam_moved_new sh -c 'grep \"Subject: SPAM: \" /var/mail/localhost.localdomain/user1/new/ -R'"
run repeat_until_success_or_timeout 20 bash -c "docker exec ${CONTAINER_NAME} sh -c 'grep \"Subject: SPAM: \" /var/mail/localhost.localdomain/user1/new/ -R'"
assert_success
}

View file

@ -1,64 +1,61 @@
load "${REPOSITORY_ROOT}/test/test_helper/common"
load "${REPOSITORY_ROOT}/test/helper/setup"
load "${REPOSITORY_ROOT}/test/helper/common"
function setup() {
local PRIVATE_CONFIG
TEST_NAME_PREFIX='Undefined spam subject:'
PRIVATE_CONFIG=$(duplicate_config_for_container .)
docker run -d --name mail_undef_spam_subject \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
-e ENABLE_SPAMASSASSIN=1 \
-e SA_SPAM_SUBJECT="undef" \
--hostname mail.my-domain.com \
--tty \
"${NAME}"
CONTAINER1_NAME='dms-test_spam-undef-subject_1'
CONTAINER2_NAME='dms-test_spam-undef-subject_2'
CONTAINER_NAME=${CONTAINER2_NAME}
CONTAINER='mail_undef_spam_subject_2'
PRIVATE_CONFIG=$(duplicate_config_for_container . "${CONTAINER}")
docker run -d \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
-v "$(pwd)/test/onedir":/var/mail-state \
-e ENABLE_CLAMAV=1 \
-e SPOOF_PROTECTION=1 \
-e ENABLE_SPAMASSASSIN=1 \
-e REPORT_RECIPIENT=user1@localhost.localdomain \
-e REPORT_SENDER=report1@mail.my-domain.com \
-e SA_TAG=-5.0 \
-e SA_TAG2=2.0 \
-e SA_KILL=3.0 \
-e SA_SPAM_SUBJECT="SPAM: " \
-e VIRUSMAILS_DELETE_DELAY=7 \
-e ENABLE_SRS=1 \
-e ENABLE_MANAGESIEVE=1 \
-e PERMIT_DOCKER=host \
--name "${CONTAINER}" \
--hostname mail.my-domain.com \
--tty \
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)" \
"${NAME}"
function setup_file() {
local CONTAINER_NAME=${CONTAINER1_NAME}
local CUSTOM_SETUP_ARGUMENTS=(
--env ENABLE_AMAVIS=1
--env ENABLE_SPAMASSASSIN=1
--env SA_SPAM_SUBJECT='undef'
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_finished_setup_in_container mail_undef_spam_subject
wait_for_finished_setup_in_container "${CONTAINER}"
# ulimit required for `ENABLE_SRS=1`
local CONTAINER_NAME=${CONTAINER2_NAME}
local CUSTOM_SETUP_ARGUMENTS=(
--env ENABLE_CLAMAV=1
--env SPOOF_PROTECTION=1
--env ENABLE_SPAMASSASSIN=1
--env REPORT_RECIPIENT=user1@localhost.localdomain
--env REPORT_SENDER=report1@mail.my-domain.com
--env SA_TAG=-5.0
--env SA_TAG2=2.0
--env SA_KILL=3.0
--env SA_SPAM_SUBJECT="SPAM: "
--env VIRUSMAILS_DELETE_DELAY=7
--env ENABLE_SRS=1
--env ENABLE_MANAGESIEVE=1
--env PERMIT_DOCKER=host
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)"
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
}
function teardown() {
docker rm -f mail_undef_spam_subject "${CONTAINER}"
function teardown_file() {
docker rm -f "${CONTAINER1_NAME}" "${CONTAINER2_NAME}"
}
@test "checking spamassassin: docker env variables are set correctly (custom)" {
run docker exec "${CONTAINER}" /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= -5.0'"
@test "${TEST_NAME_PREFIX} Docker env variables are set correctly (custom)" {
_run_in_container bash -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= -5.0'"
assert_success
run docker exec "${CONTAINER}" /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'"
_run_in_container bash -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'"
assert_success
run docker exec "${CONTAINER}" /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 3.0'"
_run_in_container bash -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 3.0'"
assert_success
run docker exec "${CONTAINER}" /bin/sh -c "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= .SPAM: .'"
_run_in_container bash -c "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= .SPAM: .'"
assert_success
run docker exec mail_undef_spam_subject /bin/sh -c "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= undef'"
run docker exec "${CONTAINER1_NAME}" bash -c "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= undef'"
assert_success
}