mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2025-08-03 09:34:33 +02:00
tests: Adjust parallel tests
- The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
This commit is contained in:
parent
306592fcad
commit
2ec6c4abc0
17 changed files with 623 additions and 591 deletions
|
@ -1,15 +1,15 @@
|
|||
load "${REPOSITORY_ROOT}/test/helper/setup"
|
||||
load "${REPOSITORY_ROOT}/test/helper/common"
|
||||
|
||||
export TEST_NAME_PREFIX='default relay host:'
|
||||
export CONTAINER_NAME='dms-test-default_relay_host'
|
||||
TEST_NAME_PREFIX='[Relay] ENV:'
|
||||
CONTAINER_NAME='dms-test_default-relay-host'
|
||||
|
||||
function setup_file() {
|
||||
init_with_defaults
|
||||
|
||||
local CUSTOM_SETUP_ARGUMENTS=(
|
||||
--env DEFAULT_RELAY_HOST=default.relay.host.invalid:25 \
|
||||
--env PERMIT_DOCKER=host \
|
||||
--env DEFAULT_RELAY_HOST=default.relay.host.invalid:25
|
||||
--env PERMIT_DOCKER=host
|
||||
)
|
||||
|
||||
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
|
@ -17,7 +17,7 @@ function setup_file() {
|
|||
|
||||
function teardown_file() { _default_teardown ; }
|
||||
|
||||
@test "${TEST_NAME_PREFIX} default relay host is added to main.cf" {
|
||||
@test "${TEST_NAME_PREFIX} 'DEFAULT_RELAY_HOST' should configure 'main.cf:relayhost'" {
|
||||
_run_in_container bash -c 'grep -e "^relayhost =" /etc/postfix/main.cf'
|
||||
assert_output 'relayhost = default.relay.host.invalid:25'
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@ load "${REPOSITORY_ROOT}/test/helper/setup"
|
|||
load "${REPOSITORY_ROOT}/test/helper/common"
|
||||
|
||||
TEST_NAME_PREFIX='ClamAV:'
|
||||
CONTAINER_NAME='dms-test-clamav'
|
||||
CONTAINER_NAME='dms-test_clamav'
|
||||
|
||||
function setup_file() {
|
||||
init_with_defaults
|
||||
|
@ -35,7 +35,7 @@ function setup_file() {
|
|||
function teardown_file() { _default_teardown ; }
|
||||
|
||||
@test "${TEST_NAME_PREFIX} process clamd is running" {
|
||||
_run_in_container bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
|
||||
run check_if_process_is_running 'clamd'
|
||||
assert_success
|
||||
}
|
||||
|
||||
|
@ -66,6 +66,8 @@ function teardown_file() { _default_teardown ; }
|
|||
}
|
||||
|
||||
@test "${TEST_NAME_PREFIX} process clamd restarts when killed" {
|
||||
_run_in_container bash -c "pkill clamd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
|
||||
_run_in_container pkill 'clamd'
|
||||
assert_success
|
||||
|
||||
run_until_success_or_timeout 10 check_if_process_is_running 'clamd'
|
||||
}
|
||||
|
|
|
@ -1,48 +1,50 @@
|
|||
load "${REPOSITORY_ROOT}/test/test_helper/common"
|
||||
load "${REPOSITORY_ROOT}/test/helper/setup"
|
||||
load "${REPOSITORY_ROOT}/test/helper/common"
|
||||
|
||||
setup_file() {
|
||||
local PRIVATE_CONFIG
|
||||
PRIVATE_CONFIG=$(duplicate_config_for_container .)
|
||||
TEST_NAME_PREFIX='[ClamAV + SA] (disabled):'
|
||||
CONTAINER_NAME='dms-test_clamav-spamassasin_disabled'
|
||||
|
||||
docker run --rm -d --name mail_disabled_clamav_spamassassin \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-e ENABLE_CLAMAV=0 \
|
||||
-e ENABLE_SPAMASSASSIN=0 \
|
||||
-e AMAVIS_LOGLEVEL=2 \
|
||||
-h mail.my-domain.com -t "${NAME}"
|
||||
function setup_file() {
|
||||
init_with_defaults
|
||||
|
||||
# TODO: find a better way to know when we have waited long enough
|
||||
# for ClamAV to should have come up, if it were enabled
|
||||
wait_for_smtp_port_in_container mail_disabled_clamav_spamassassin
|
||||
docker exec mail_disabled_clamav_spamassassin /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt"
|
||||
local CUSTOM_SETUP_ARGUMENTS=(
|
||||
--env ENABLE_AMAVIS=1
|
||||
--env ENABLE_CLAMAV=0
|
||||
--env ENABLE_SPAMASSASSIN=0
|
||||
--env AMAVIS_LOGLEVEL=2
|
||||
)
|
||||
|
||||
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
|
||||
|
||||
_run_in_container bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt"
|
||||
assert_success
|
||||
wait_for_empty_mail_queue_in_container "${CONTAINER_NAME}"
|
||||
}
|
||||
|
||||
teardown_file() {
|
||||
docker rm -f mail_disabled_clamav_spamassassin
|
||||
}
|
||||
function teardown_file() { _default_teardown ; }
|
||||
|
||||
@test "checking process: ClamAV (ClamAV disabled by ENABLED_CLAMAV=0)" {
|
||||
run docker exec mail_disabled_clamav_spamassassin /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
|
||||
@test "${TEST_NAME_PREFIX} ClamAV - should be disabled by ENV 'ENABLED_CLAMAV=0'" {
|
||||
run check_if_process_is_running 'clamd'
|
||||
assert_failure
|
||||
}
|
||||
|
||||
@test "checking spamassassin: should not be listed in amavis when disabled" {
|
||||
run docker exec mail_disabled_clamav_spamassassin /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'"
|
||||
@test "${TEST_NAME_PREFIX} SA - Amavis integration should not be active" {
|
||||
_run_in_container /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'"
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "checking ClamAV: should not be listed in amavis when disabled" {
|
||||
run docker exec mail_disabled_clamav_spamassassin grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log
|
||||
@test "${TEST_NAME_PREFIX} ClamAV - Amavis integration should not be active" {
|
||||
_run_in_container grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log
|
||||
assert_failure
|
||||
}
|
||||
|
||||
@test "checking ClamAV: should not be called when disabled" {
|
||||
run docker exec mail_disabled_clamav_spamassassin grep -i 'connect to /var/run/clamav/clamd.ctl failed' /var/log/mail/mail.log
|
||||
@test "${TEST_NAME_PREFIX} SA should not be called" {
|
||||
_run_in_container grep -i 'connect to /var/run/clamav/clamd.ctl failed' /var/log/mail/mail.log
|
||||
assert_failure
|
||||
}
|
||||
|
||||
@test "checking restart of process: ClamAV (ClamAV disabled by ENABLED_CLAMAV=0)" {
|
||||
run docker exec mail_disabled_clamav_spamassassin /bin/bash -c "pkill -f clamd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
|
||||
@test "${TEST_NAME_PREFIX} ClamAV process should not be restarted when killed" {
|
||||
_run_in_container /bin/bash -c "pkill -f clamd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
|
||||
assert_failure
|
||||
}
|
||||
|
|
|
@ -1,61 +1,61 @@
|
|||
load "${REPOSITORY_ROOT}/test/test_helper/common"
|
||||
load "${REPOSITORY_ROOT}/test/helper/setup"
|
||||
load "${REPOSITORY_ROOT}/test/helper/common"
|
||||
|
||||
CONTAINER="mail_dnsbl_enabled"
|
||||
CONTAINER2="mail_dnsbl_disabled"
|
||||
TEST_NAME_PREFIX='DNSBLs:'
|
||||
|
||||
CONTAINER1_NAME='dms-test_dnsbl_enabled'
|
||||
CONTAINER2_NAME='dms-test_dnsbl_disabled'
|
||||
|
||||
function setup_file() {
|
||||
local PRIVATE_CONFIG
|
||||
PRIVATE_CONFIG=$(duplicate_config_for_container . "${CONTAINER}")
|
||||
local CONTAINER_NAME=${CONTAINER1_NAME}
|
||||
local CUSTOM_SETUP_ARGUMENTS=(
|
||||
--env ENABLE_DNSBL=1
|
||||
)
|
||||
init_with_defaults
|
||||
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
|
||||
|
||||
docker run --rm -d --name "${CONTAINER}" \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-e ENABLE_DNSBL=1 \
|
||||
-h mail.my-domain.com \
|
||||
-t "${NAME}"
|
||||
local CONTAINER_NAME=${CONTAINER2_NAME}
|
||||
local CUSTOM_SETUP_ARGUMENTS=(
|
||||
--env ENABLE_DNSBL=0
|
||||
)
|
||||
init_with_defaults
|
||||
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
|
||||
}
|
||||
|
||||
docker run --rm -d --name "${CONTAINER2}" \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-e ENABLE_DNSBL=0 \
|
||||
-h mail.my-domain.com \
|
||||
-t "${NAME}"
|
||||
|
||||
wait_for_smtp_port_in_container "${CONTAINER}"
|
||||
wait_for_smtp_port_in_container "${CONTAINER2}"
|
||||
function teardown_file() {
|
||||
docker rm -f "${CONTAINER1_NAME}" "${CONTAINER2_NAME}"
|
||||
}
|
||||
|
||||
# ENABLE_DNSBL=1
|
||||
@test "checking enabled postfix DNS block list zen.spamhaus.org" {
|
||||
run docker exec "${CONTAINER}" postconf smtpd_recipient_restrictions
|
||||
@test "${TEST_NAME_PREFIX} (enabled) Postfix DNS block list zen.spamhaus.org" {
|
||||
run docker exec "${CONTAINER1_NAME}" postconf smtpd_recipient_restrictions
|
||||
assert_output --partial 'reject_rbl_client zen.spamhaus.org'
|
||||
}
|
||||
|
||||
@test "checking enabled postscreen DNS block lists --> postscreen_dnsbl_action" {
|
||||
run docker exec "${CONTAINER}" postconf postscreen_dnsbl_action
|
||||
@test "${TEST_NAME_PREFIX} (enabled) Postscreen DNS block lists -> postscreen_dnsbl_action" {
|
||||
run docker exec "${CONTAINER1_NAME}" postconf postscreen_dnsbl_action
|
||||
assert_output 'postscreen_dnsbl_action = enforce'
|
||||
}
|
||||
|
||||
@test "checking enabled postscreen DNS block lists --> postscreen_dnsbl_sites" {
|
||||
run docker exec "${CONTAINER}" postconf postscreen_dnsbl_sites
|
||||
@test "${TEST_NAME_PREFIX} (enabled) Postscreen DNS block lists -> postscreen_dnsbl_sites" {
|
||||
run docker exec "${CONTAINER1_NAME}" postconf postscreen_dnsbl_sites
|
||||
assert_output 'postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]*3 bl.mailspike.net=127.0.0.[2;14;13;12;11;10] b.barracudacentral.org*2 bl.spameatingmonkey.net=127.0.0.2 dnsbl.sorbs.net psbl.surriel.com list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].[2..3]*-4'
|
||||
}
|
||||
|
||||
# ENABLE_DNSBL=0
|
||||
@test "checking disabled postfix DNS block list zen.spamhaus.org" {
|
||||
run docker exec "${CONTAINER2}" postconf smtpd_recipient_restrictions
|
||||
@test "${TEST_NAME_PREFIX} (disabled) Postfix DNS block list zen.spamhaus.org" {
|
||||
run docker exec "${CONTAINER2_NAME}" postconf smtpd_recipient_restrictions
|
||||
refute_output --partial 'reject_rbl_client zen.spamhaus.org'
|
||||
}
|
||||
|
||||
@test "checking disabled postscreen DNS block lists --> postscreen_dnsbl_action" {
|
||||
run docker exec "${CONTAINER2}" postconf postscreen_dnsbl_action
|
||||
@test "${TEST_NAME_PREFIX} (disabled) Postscreen DNS block lists -> postscreen_dnsbl_action" {
|
||||
run docker exec "${CONTAINER2_NAME}" postconf postscreen_dnsbl_action
|
||||
assert_output 'postscreen_dnsbl_action = ignore'
|
||||
}
|
||||
|
||||
@test "checking disabled postscreen DNS block lists --> postscreen_dnsbl_sites" {
|
||||
run docker exec "${CONTAINER2}" postconf postscreen_dnsbl_sites
|
||||
@test "${TEST_NAME_PREFIX} (disabled) Postscreen DNS block lists -> postscreen_dnsbl_sites" {
|
||||
run docker exec "${CONTAINER2_NAME}" postconf postscreen_dnsbl_sites
|
||||
assert_output 'postscreen_dnsbl_sites ='
|
||||
}
|
||||
|
||||
# cleanup
|
||||
function teardown_file() {
|
||||
docker rm -f "${CONTAINER}" "${CONTAINER2}"
|
||||
}
|
||||
|
|
|
@ -1,88 +1,90 @@
|
|||
load "${REPOSITORY_ROOT}/test/test_helper/common"
|
||||
load "${REPOSITORY_ROOT}/test/helper/setup"
|
||||
load "${REPOSITORY_ROOT}/test/helper/common"
|
||||
|
||||
TEST_NAME_PREFIX='Fail2Ban:'
|
||||
CONTAINER1_NAME='dms-test_fail2ban'
|
||||
CONTAINER2_NAME='dms-test_fail2ban_fail-auth-mailer'
|
||||
|
||||
function get_container2_ip() {
|
||||
docker inspect --format '{{ .NetworkSettings.IPAddress }}' "${CONTAINER2_NAME}"
|
||||
}
|
||||
|
||||
function setup_file() {
|
||||
local PRIVATE_CONFIG
|
||||
PRIVATE_CONFIG=$(duplicate_config_for_container .)
|
||||
docker run --rm -d --name mail_fail2ban \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-e ENABLE_FAIL2BAN=1 \
|
||||
-e POSTSCREEN_ACTION=ignore \
|
||||
--cap-add=NET_ADMIN \
|
||||
--hostname mail.my-domain.com \
|
||||
--tty \
|
||||
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)" \
|
||||
"${NAME}"
|
||||
export CONTAINER_NAME
|
||||
|
||||
CONTAINER_NAME=${CONTAINER1_NAME}
|
||||
local CUSTOM_SETUP_ARGUMENTS=(
|
||||
--env ENABLE_FAIL2BAN=1
|
||||
--env POSTSCREEN_ACTION=ignore
|
||||
--cap-add=NET_ADMIN
|
||||
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)"
|
||||
)
|
||||
init_with_defaults
|
||||
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
|
||||
|
||||
# Create a container which will send wrong authentications and should get banned
|
||||
docker run --name fail-auth-mailer \
|
||||
-e MAIL_FAIL2BAN_IP="$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' mail_fail2ban)" \
|
||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test \
|
||||
-d "${NAME}" \
|
||||
tail -f /var/log/faillog
|
||||
CONTAINER_NAME=${CONTAINER2_NAME}
|
||||
local CUSTOM_SETUP_ARGUMENTS=(--env MAIL_FAIL2BAN_IP="$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' ${CONTAINER1_NAME})")
|
||||
init_with_defaults
|
||||
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
|
||||
wait_for_finished_setup_in_container mail_fail2ban
|
||||
# Set default implicit container fallback for helpers:
|
||||
CONTAINER_NAME=${CONTAINER1_NAME}
|
||||
}
|
||||
|
||||
function teardown_file() {
|
||||
docker rm -f mail_fail2ban fail-auth-mailer
|
||||
docker rm -f "${CONTAINER1_NAME}" "${CONTAINER2_NAME}"
|
||||
}
|
||||
|
||||
#
|
||||
# processes
|
||||
#
|
||||
|
||||
@test "checking process: fail2ban (fail2ban server enabled)" {
|
||||
run docker exec mail_fail2ban /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python3 /usr/bin/fail2ban-server'"
|
||||
@test "${TEST_NAME_PREFIX} Fail2Ban is running" {
|
||||
run check_if_process_is_running 'fail2ban-server'
|
||||
assert_success
|
||||
}
|
||||
|
||||
#
|
||||
# fail2ban
|
||||
#
|
||||
@test "${TEST_NAME_PREFIX} localhost is not banned because ignored" {
|
||||
_run_in_container fail2ban-client status postfix-sasl
|
||||
assert_success
|
||||
refute_output --regexp '.*IP list:.*127\.0\.0\.1.*'
|
||||
|
||||
@test "checking fail2ban: localhost is not banned because ignored" {
|
||||
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*127.0.0.1'"
|
||||
assert_failure
|
||||
run docker exec mail_fail2ban /bin/sh -c "grep 'ignoreip = 127.0.0.1/8' /etc/fail2ban/jail.conf"
|
||||
_run_in_container grep 'ignoreip = 127.0.0.1/8' /etc/fail2ban/jail.conf
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "checking fail2ban: fail2ban-fail2ban.cf overrides" {
|
||||
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get loglevel | grep DEBUG"
|
||||
@test "${TEST_NAME_PREFIX} fail2ban-fail2ban.cf overrides" {
|
||||
_run_in_container fail2ban-client get loglevel
|
||||
assert_success
|
||||
assert_output --partial 'DEBUG'
|
||||
}
|
||||
|
||||
@test "checking fail2ban: fail2ban-jail.cf overrides" {
|
||||
FILTERS=(dovecot postfix postfix-sasl)
|
||||
|
||||
for FILTER in "${FILTERS[@]}"; do
|
||||
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get ${FILTER} bantime"
|
||||
@test "${TEST_NAME_PREFIX} fail2ban-jail.cf overrides" {
|
||||
for FILTER in 'dovecot' 'postfix' 'postfix-sasl'
|
||||
do
|
||||
_run_in_container fail2ban-client get "${FILTER}" bantime
|
||||
assert_output 1234
|
||||
|
||||
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get ${FILTER} findtime"
|
||||
_run_in_container fail2ban-client get "${FILTER}" findtime
|
||||
assert_output 321
|
||||
|
||||
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get ${FILTER} maxretry"
|
||||
_run_in_container fail2ban-client get "${FILTER}" maxretry
|
||||
assert_output 2
|
||||
|
||||
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client -d | grep -F \"['set', 'dovecot', 'addaction', 'nftables-multiport']\""
|
||||
assert_output "['set', 'dovecot', 'addaction', 'nftables-multiport']"
|
||||
|
||||
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client -d | grep -F \"['set', 'postfix', 'addaction', 'nftables-multiport']\""
|
||||
assert_output "['set', 'postfix', 'addaction', 'nftables-multiport']"
|
||||
|
||||
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client -d | grep -F \"['set', 'postfix-sasl', 'addaction', 'nftables-multiport']\""
|
||||
assert_output "['set', 'postfix-sasl', 'addaction', 'nftables-multiport']"
|
||||
_run_in_container fail2ban-client -d
|
||||
assert_output --partial "['set', 'dovecot', 'addaction', 'nftables-multiport']"
|
||||
assert_output --partial "['set', 'postfix', 'addaction', 'nftables-multiport']"
|
||||
assert_output --partial "['set', 'postfix-sasl', 'addaction', 'nftables-multiport']"
|
||||
done
|
||||
}
|
||||
|
||||
@test "checking fail2ban: ban ip on multiple failed login" {
|
||||
# can't pipe the file as usual due to postscreen. (respecting postscreen_greet_wait time and talking in turn):
|
||||
# NOTE: This test case is fragile if other test cases were to be run concurrently
|
||||
@test "${TEST_NAME_PREFIX} ban ip on multiple failed login" {
|
||||
# can't pipe the file as usual due to postscreen
|
||||
# respecting postscreen_greet_wait time and talking in turn):
|
||||
|
||||
# shellcheck disable=SC1004
|
||||
for _ in {1,2}
|
||||
do
|
||||
docker exec fail-auth-mailer /bin/bash -c \
|
||||
docker exec "${CONTAINER2_NAME}" /bin/bash -c \
|
||||
'exec 3<>/dev/tcp/${MAIL_FAIL2BAN_IP}/25 && \
|
||||
while IFS= read -r cmd; do \
|
||||
head -1 <&3; \
|
||||
|
@ -93,108 +95,123 @@ function teardown_file() {
|
|||
|
||||
sleep 5
|
||||
|
||||
FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer)
|
||||
# Checking that FAIL_AUTH_MAILER_IP is banned in mail_fail2ban
|
||||
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep '${FAIL_AUTH_MAILER_IP}'"
|
||||
# Checking that CONTAINER2_IP is banned in "${CONTAINER1_NAME}"
|
||||
CONTAINER2_IP=$(get_container2_ip)
|
||||
_run_in_container fail2ban-client status postfix-sasl
|
||||
assert_success
|
||||
assert_output --partial "${CONTAINER2_IP}"
|
||||
|
||||
# Checking that FAIL_AUTH_MAILER_IP is banned by nftables
|
||||
run docker exec mail_fail2ban /bin/sh -c "nft list set inet f2b-table addr-set-postfix-sasl"
|
||||
assert_output --partial "elements = { ${FAIL_AUTH_MAILER_IP} }"
|
||||
# Checking that CONTAINER2_IP is banned by nftables
|
||||
_run_in_container bash -c 'nft list set inet f2b-table addr-set-postfix-sasl'
|
||||
assert_success
|
||||
assert_output --partial "elements = { ${CONTAINER2_IP} }"
|
||||
}
|
||||
|
||||
@test "checking fail2ban: unban ip works" {
|
||||
FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer)
|
||||
docker exec mail_fail2ban fail2ban-client set postfix-sasl unbanip "${FAIL_AUTH_MAILER_IP}"
|
||||
|
||||
@test "${TEST_NAME_PREFIX} unban ip works" {
|
||||
CONTAINER2_IP=$(get_container2_ip)
|
||||
_run_in_container fail2ban-client set postfix-sasl unbanip "${CONTAINER2_IP}"
|
||||
assert_success
|
||||
sleep 5
|
||||
|
||||
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*${FAIL_AUTH_MAILER_IP}'"
|
||||
assert_failure
|
||||
# Checking that CONTAINER2_IP is unbanned in "${CONTAINER1_NAME}"
|
||||
_run_in_container fail2ban-client status postfix-sasl
|
||||
assert_success
|
||||
refute_output --partial "${CONTAINER2_IP}"
|
||||
|
||||
# Checking that FAIL_AUTH_MAILER_IP is unbanned by nftables
|
||||
run docker exec mail_fail2ban /bin/sh -c "nft list set inet f2b-table addr-set-postfix-sasl"
|
||||
refute_output --partial "${FAIL_AUTH_MAILER_IP}"
|
||||
# Checking that CONTAINER2_IP is unbanned by nftables
|
||||
_run_in_container bash -c 'nft list set inet f2b-table addr-set-postfix-sasl'
|
||||
refute_output --partial "${CONTAINER2_IP}"
|
||||
}
|
||||
|
||||
@test "checking fail2ban ban" {
|
||||
# Ban single IP address
|
||||
run docker exec mail_fail2ban fail2ban ban 192.0.66.7
|
||||
@test "${TEST_NAME_PREFIX} bans work properly (single IP)" {
|
||||
_run_in_container fail2ban ban 192.0.66.7
|
||||
assert_success
|
||||
assert_output "Banned custom IP: 1"
|
||||
assert_output 'Banned custom IP: 1'
|
||||
|
||||
run docker exec mail_fail2ban fail2ban
|
||||
_run_in_container fail2ban
|
||||
assert_success
|
||||
assert_output --regexp "Banned in custom:.*192\.0\.66\.7"
|
||||
assert_output --regexp 'Banned in custom:.*192\.0\.66\.7'
|
||||
|
||||
run docker exec mail_fail2ban nft list set inet f2b-table addr-set-custom
|
||||
_run_in_container nft list set inet f2b-table addr-set-custom
|
||||
assert_success
|
||||
assert_output --partial "elements = { 192.0.66.7 }"
|
||||
assert_output --partial 'elements = { 192.0.66.7 }'
|
||||
|
||||
run docker exec mail_fail2ban fail2ban unban 192.0.66.7
|
||||
_run_in_container fail2ban unban 192.0.66.7
|
||||
assert_success
|
||||
assert_output --partial "Unbanned IP from custom: 1"
|
||||
assert_output --partial 'Unbanned IP from custom: 1'
|
||||
|
||||
run docker exec mail_fail2ban nft list set inet f2b-table addr-set-custom
|
||||
refute_output --partial "192.0.66.7"
|
||||
|
||||
# Ban IP network
|
||||
run docker exec mail_fail2ban fail2ban ban 192.0.66.0/24
|
||||
assert_success
|
||||
assert_output "Banned custom IP: 1"
|
||||
|
||||
run docker exec mail_fail2ban fail2ban
|
||||
assert_success
|
||||
assert_output --regexp "Banned in custom:.*192\.0\.66\.0/24"
|
||||
|
||||
run docker exec mail_fail2ban nft list set inet f2b-table addr-set-custom
|
||||
assert_success
|
||||
assert_output --partial "elements = { 192.0.66.0/24 }"
|
||||
|
||||
run docker exec mail_fail2ban fail2ban unban 192.0.66.0/24
|
||||
assert_success
|
||||
assert_output --partial "Unbanned IP from custom: 1"
|
||||
|
||||
run docker exec mail_fail2ban nft list set inet f2b-table addr-set-custom
|
||||
refute_output --partial "192.0.66.0/24"
|
||||
_run_in_container nft list set inet f2b-table addr-set-custom
|
||||
refute_output --partial '192.0.66.7'
|
||||
}
|
||||
|
||||
@test "checking FAIL2BAN_BLOCKTYPE is really set to drop" {
|
||||
run docker exec mail_fail2ban bash -c 'nft list table inet f2b-table'
|
||||
@test "${TEST_NAME_PREFIX} bans work properly (subnet)" {
|
||||
_run_in_container fail2ban ban 192.0.66.0/24
|
||||
assert_success
|
||||
assert_output 'Banned custom IP: 1'
|
||||
|
||||
_run_in_container fail2ban
|
||||
assert_success
|
||||
assert_output --regexp 'Banned in custom:.*192\.0\.66\.0/24'
|
||||
|
||||
_run_in_container nft list set inet f2b-table addr-set-custom
|
||||
assert_success
|
||||
assert_output --partial 'elements = { 192.0.66.0/24 }'
|
||||
|
||||
_run_in_container fail2ban unban 192.0.66.0/24
|
||||
assert_success
|
||||
assert_output --partial 'Unbanned IP from custom: 1'
|
||||
|
||||
_run_in_container nft list set inet f2b-table addr-set-custom
|
||||
refute_output --partial '192.0.66.0/24'
|
||||
}
|
||||
|
||||
@test "${TEST_NAME_PREFIX} FAIL2BAN_BLOCKTYPE is really set to drop" {
|
||||
# ban IPs here manually so we can be sure something is inside the jails
|
||||
for JAIL in dovecot postfix-sasl custom; do
|
||||
_run_in_container fail2ban-client set "${JAIL}" banip 192.33.44.55
|
||||
assert_success
|
||||
done
|
||||
|
||||
_run_in_container nft list table inet f2b-table
|
||||
assert_success
|
||||
assert_output --partial 'tcp dport { 110, 143, 465, 587, 993, 995, 4190 } ip saddr @addr-set-dovecot drop'
|
||||
assert_output --partial 'tcp dport { 25, 110, 143, 465, 587, 993, 995 } ip saddr @addr-set-postfix-sasl drop'
|
||||
assert_output --partial 'tcp dport { 25, 110, 143, 465, 587, 993, 995, 4190 } ip saddr @addr-set-custom drop'
|
||||
|
||||
# unban the IPs previously banned to get a clean state again
|
||||
for JAIL in dovecot postfix-sasl custom; do
|
||||
_run_in_container fail2ban-client set "${JAIL}" unbanip 192.33.44.55
|
||||
assert_success
|
||||
done
|
||||
}
|
||||
|
||||
@test "checking setup.sh: setup.sh fail2ban" {
|
||||
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client set dovecot banip 192.0.66.4"
|
||||
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client set dovecot banip 192.0.66.5"
|
||||
@test "${TEST_NAME_PREFIX} setup.sh fail2ban" {
|
||||
_run_in_container fail2ban-client set dovecot banip 192.0.66.4
|
||||
_run_in_container fail2ban-client set dovecot banip 192.0.66.5
|
||||
|
||||
sleep 10
|
||||
|
||||
run ./setup.sh -c mail_fail2ban fail2ban
|
||||
# Originally: run ./setup.sh -c "${CONTAINER1_NAME}" fail2ban
|
||||
_run_in_container setup fail2ban
|
||||
assert_output --regexp '^Banned in dovecot:.*192\.0\.66\.4'
|
||||
assert_output --regexp '^Banned in dovecot:.*192\.0\.66\.5'
|
||||
|
||||
run ./setup.sh -c mail_fail2ban fail2ban unban 192.0.66.4
|
||||
_run_in_container setup fail2ban unban 192.0.66.4
|
||||
assert_output --partial "Unbanned IP from dovecot: 1"
|
||||
|
||||
run ./setup.sh -c mail_fail2ban fail2ban
|
||||
assert_output --regexp "^Banned in dovecot:.*192\.0\.66\.5"
|
||||
_run_in_container setup fail2ban
|
||||
assert_output --regexp '^Banned in dovecot:.*192\.0\.66\.5'
|
||||
|
||||
run ./setup.sh -c mail_fail2ban fail2ban unban 192.0.66.5
|
||||
assert_output --partial "Unbanned IP from dovecot: 1"
|
||||
_run_in_container setup fail2ban unban 192.0.66.5
|
||||
assert_output --partial 'Unbanned IP from dovecot: 1'
|
||||
|
||||
run ./setup.sh -c mail_fail2ban fail2ban unban
|
||||
assert_output --partial "You need to specify an IP address: Run"
|
||||
_run_in_container setup fail2ban unban
|
||||
assert_output --partial 'You need to specify an IP address: Run'
|
||||
}
|
||||
|
||||
#
|
||||
# supervisor
|
||||
#
|
||||
|
||||
@test "checking restart of process: fail2ban (fail2ban server enabled)" {
|
||||
run docker exec mail_fail2ban /bin/bash -c "pkill fail2ban && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/bin/python3 /usr/bin/fail2ban-server'"
|
||||
@test "${TEST_NAME_PREFIX} restart of Fail2Ban" {
|
||||
_run_in_container pkill fail2ban
|
||||
assert_success
|
||||
|
||||
run_until_success_or_timeout 10 check_if_process_is_running 'fail2ban-server'
|
||||
}
|
||||
|
|
|
@ -1,92 +1,92 @@
|
|||
load "${REPOSITORY_ROOT}/test/test_helper/common"
|
||||
load "${REPOSITORY_ROOT}/test/helper/setup"
|
||||
load "${REPOSITORY_ROOT}/test/helper/common"
|
||||
|
||||
TEST_NAME_PREFIX='Postgrey (enabled):'
|
||||
CONTAINER_NAME='dms-test_postgrey_enabled'
|
||||
|
||||
function setup_file() {
|
||||
local PRIVATE_CONFIG
|
||||
PRIVATE_CONFIG=$(duplicate_config_for_container .)
|
||||
local CUSTOM_SETUP_ARGUMENTS=(
|
||||
--env ENABLE_DNSBL=1
|
||||
--env ENABLE_POSTGREY=1
|
||||
--env PERMIT_DOCKER=container
|
||||
--env POSTGREY_AUTO_WHITELIST_CLIENTS=5
|
||||
--env POSTGREY_DELAY=15
|
||||
--env POSTGREY_MAX_AGE=35
|
||||
--env POSTGREY_TEXT="Delayed by Postgrey"
|
||||
)
|
||||
|
||||
docker run -d --name mail_with_postgrey \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-e ENABLE_DNSBL=1 \
|
||||
-e ENABLE_POSTGREY=1 \
|
||||
-e PERMIT_DOCKER=container \
|
||||
-e POSTGREY_AUTO_WHITELIST_CLIENTS=5 \
|
||||
-e POSTGREY_DELAY=15 \
|
||||
-e POSTGREY_MAX_AGE=35 \
|
||||
-e POSTGREY_TEXT="Delayed by Postgrey" \
|
||||
-h mail.my-domain.com -t "${NAME}"
|
||||
init_with_defaults
|
||||
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
|
||||
# using postfix availability as start indicator, this might be insufficient for postgrey
|
||||
wait_for_smtp_port_in_container mail_with_postgrey
|
||||
# Postfix needs to be ready on port 25 for nc usage below:
|
||||
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
|
||||
}
|
||||
|
||||
function teardown_file() {
|
||||
docker rm -f mail_with_postgrey
|
||||
}
|
||||
function teardown_file() { _default_teardown ; }
|
||||
|
||||
@test "checking postgrey: /etc/postfix/main.cf correctly edited" {
|
||||
run docker exec mail_with_postgrey /bin/bash -c "grep -F 'zen.spamhaus.org=127.0.0.[2..11], check_policy_service inet:127.0.0.1:10023' /etc/postfix/main.cf | wc -l"
|
||||
@test "${TEST_NAME_PREFIX} /etc/postfix/main.cf correctly edited" {
|
||||
_run_in_container bash -c "grep -F 'zen.spamhaus.org=127.0.0.[2..11], check_policy_service inet:127.0.0.1:10023' /etc/postfix/main.cf | wc -l"
|
||||
assert_success
|
||||
assert_output 1
|
||||
}
|
||||
|
||||
@test "checking postgrey: /etc/default/postgrey correctly edited and has the default values" {
|
||||
run docker exec mail_with_postgrey /bin/bash -c "grep '^POSTGREY_OPTS=\"--inet=127.0.0.1:10023 --delay=15 --max-age=35 --auto-whitelist-clients=5\"$' /etc/default/postgrey | wc -l"
|
||||
@test "${TEST_NAME_PREFIX} /etc/default/postgrey correctly edited and has the default values" {
|
||||
_run_in_container bash -c "grep '^POSTGREY_OPTS=\"--inet=127.0.0.1:10023 --delay=15 --max-age=35 --auto-whitelist-clients=5\"$' /etc/default/postgrey | wc -l"
|
||||
assert_success
|
||||
assert_output 1
|
||||
|
||||
run docker exec mail_with_postgrey /bin/bash -c "grep '^POSTGREY_TEXT=\"Delayed by Postgrey\"$' /etc/default/postgrey | wc -l"
|
||||
_run_in_container bash -c "grep '^POSTGREY_TEXT=\"Delayed by Postgrey\"$' /etc/default/postgrey | wc -l"
|
||||
assert_success
|
||||
assert_output 1
|
||||
}
|
||||
|
||||
@test "checking process: postgrey (postgrey server enabled)" {
|
||||
run docker exec mail_with_postgrey /bin/bash -c "ps aux --forest | grep -v grep | grep 'postgrey'"
|
||||
@test "${TEST_NAME_PREFIX} Postgrey is running" {
|
||||
run check_if_process_is_running 'postgrey'
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "checking postgrey: there should be a log entry about a new greylisted e-mail user@external.tld in /var/log/mail/mail.log" {
|
||||
@test "${TEST_NAME_PREFIX} there should be a log entry about a new greylisted e-mail user@external.tld in /var/log/mail/mail.log" {
|
||||
#editing the postfix config in order to ensure that postgrey handles the test e-mail. The other spam checks at smtpd_recipient_restrictions would interfere with it.
|
||||
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/permit_sasl_authenticated.*policyd-spf,$//g' /etc/postfix/main.cf"
|
||||
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/reject_unauth_pipelining.*reject_unknown_recipient_domain,$//g' /etc/postfix/main.cf"
|
||||
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/reject_rbl_client.*inet:127\.0\.0\.1:10023$//g' /etc/postfix/main.cf"
|
||||
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/smtpd_recipient_restrictions =/smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10023/g' /etc/postfix/main.cf"
|
||||
_run_in_container bash -c "sed -ie 's/permit_sasl_authenticated.*policyd-spf,$//g' /etc/postfix/main.cf"
|
||||
_run_in_container bash -c "sed -ie 's/reject_unauth_pipelining.*reject_unknown_recipient_domain,$//g' /etc/postfix/main.cf"
|
||||
_run_in_container bash -c "sed -ie 's/reject_rbl_client.*inet:127\.0\.0\.1:10023$//g' /etc/postfix/main.cf"
|
||||
_run_in_container bash -c "sed -ie 's/smtpd_recipient_restrictions =/smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10023/g' /etc/postfix/main.cf"
|
||||
_run_in_container postfix reload
|
||||
|
||||
run docker exec mail_with_postgrey /bin/sh -c "/etc/init.d/postfix reload"
|
||||
run docker exec mail_with_postgrey /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/postgrey.txt"
|
||||
_run_in_container bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/postgrey.txt"
|
||||
sleep 5 #ensure that the information has been written into the log
|
||||
run docker exec mail_with_postgrey /bin/bash -c "grep -i 'action=greylist.*user@external\.tld' /var/log/mail/mail.log | wc -l"
|
||||
_run_in_container bash -c "grep -i 'action=greylist.*user@external\.tld' /var/log/mail/mail.log | wc -l"
|
||||
assert_success
|
||||
assert_output 1
|
||||
}
|
||||
|
||||
@test "checking postgrey: there should be a log entry about the retried and passed e-mail user@external.tld in /var/log/mail/mail.log" {
|
||||
@test "${TEST_NAME_PREFIX} there should be a log entry about the retried and passed e-mail user@external.tld in /var/log/mail/mail.log" {
|
||||
sleep 20 #wait 20 seconds so that postgrey would accept the message
|
||||
run docker exec mail_with_postgrey /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/postgrey.txt"
|
||||
_run_in_container bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/postgrey.txt"
|
||||
sleep 8
|
||||
|
||||
run docker exec mail_with_postgrey /bin/sh -c "grep -i 'action=pass, reason=triplet found.*user@external\.tld' /var/log/mail/mail.log | wc -l"
|
||||
_run_in_container bash -c "grep -i 'action=pass, reason=triplet found.*user@external\.tld' /var/log/mail/mail.log | wc -l"
|
||||
assert_success
|
||||
assert_output 1
|
||||
}
|
||||
|
||||
@test "checking postgrey: there should be a log entry about the whitelisted and passed e-mail user@whitelist.tld in /var/log/mail/mail.log" {
|
||||
run docker exec mail_with_postgrey /bin/sh -c "nc -w 8 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist.txt"
|
||||
run docker exec mail_with_postgrey /bin/sh -c "grep -i 'action=pass, reason=client whitelist' /var/log/mail/mail.log | wc -l"
|
||||
@test "${TEST_NAME_PREFIX} there should be a log entry about the whitelisted and passed e-mail user@whitelist.tld in /var/log/mail/mail.log" {
|
||||
_run_in_container bash -c "nc -w 8 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist.txt"
|
||||
_run_in_container bash -c "grep -i 'action=pass, reason=client whitelist' /var/log/mail/mail.log | wc -l"
|
||||
assert_success
|
||||
assert_output 1
|
||||
}
|
||||
|
||||
@test "checking postgrey: there should be a log entry about the whitelisted local and passed e-mail user@whitelistlocal.tld in /var/log/mail/mail.log" {
|
||||
run docker exec mail_with_postgrey /bin/sh -c "nc -w 8 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist_local.txt"
|
||||
run docker exec mail_with_postgrey /bin/sh -c "grep -i 'action=pass, reason=client whitelist' /var/log/mail/mail.log | wc -l"
|
||||
@test "${TEST_NAME_PREFIX} there should be a log entry about the whitelisted local and passed e-mail user@whitelistlocal.tld in /var/log/mail/mail.log" {
|
||||
_run_in_container bash -c "nc -w 8 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist_local.txt"
|
||||
_run_in_container bash -c "grep -i 'action=pass, reason=client whitelist' /var/log/mail/mail.log | wc -l"
|
||||
assert_success
|
||||
assert_output 1
|
||||
}
|
||||
|
||||
@test "checking postgrey: there should be a log entry about the whitelisted recipient user2@otherdomain.tld in /var/log/mail/mail.log" {
|
||||
run docker exec mail_with_postgrey /bin/sh -c "nc -w 8 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist_recipients.txt"
|
||||
run docker exec mail_with_postgrey /bin/sh -c "grep -i 'action=pass, reason=recipient whitelist' /var/log/mail/mail.log | wc -l"
|
||||
@test "${TEST_NAME_PREFIX} there should be a log entry about the whitelisted recipient user2@otherdomain.tld in /var/log/mail/mail.log" {
|
||||
_run_in_container bash -c "nc -w 8 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist_recipients.txt"
|
||||
_run_in_container bash -c "grep -i 'action=pass, reason=recipient whitelist' /var/log/mail/mail.log | wc -l"
|
||||
assert_success
|
||||
assert_output 1
|
||||
}
|
||||
|
|
|
@ -1,44 +1,46 @@
|
|||
load "${REPOSITORY_ROOT}/test/test_helper/common"
|
||||
load "${REPOSITORY_ROOT}/test/helper/setup"
|
||||
load "${REPOSITORY_ROOT}/test/helper/common"
|
||||
|
||||
setup() {
|
||||
# Getting mail container IP
|
||||
MAIL_POSTSCREEN_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' mail_postscreen)
|
||||
TEST_NAME_PREFIX='Postscreen:'
|
||||
CONTAINER1_NAME='dms-test_postscreen_enforce'
|
||||
CONTAINER2_NAME='dms-test_postscreen_sender'
|
||||
|
||||
function setup() {
|
||||
MAIL_POSTSCREEN_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' "${CONTAINER1_NAME}")
|
||||
}
|
||||
|
||||
setup_file() {
|
||||
local PRIVATE_CONFIG
|
||||
PRIVATE_CONFIG=$(duplicate_config_for_container .)
|
||||
function setup_file() {
|
||||
local CONTAINER_NAME=${CONTAINER1_NAME}
|
||||
local CUSTOM_SETUP_ARGUMENTS=(
|
||||
--env POSTSCREEN_ACTION=enforce
|
||||
--cap-add=NET_ADMIN
|
||||
)
|
||||
init_with_defaults
|
||||
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
|
||||
|
||||
docker run -d --name mail_postscreen \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-e POSTSCREEN_ACTION=enforce \
|
||||
--cap-add=NET_ADMIN \
|
||||
-h mail.my-domain.com -t "${NAME}"
|
||||
|
||||
docker run --name mail_postscreen_sender \
|
||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-d "${NAME}" \
|
||||
tail -f /var/log/faillog
|
||||
|
||||
wait_for_smtp_port_in_container mail_postscreen
|
||||
local CONTAINER_NAME=${CONTAINER2_NAME}
|
||||
init_with_defaults
|
||||
common_container_setup
|
||||
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
|
||||
}
|
||||
|
||||
teardown_file() {
|
||||
docker rm -f mail_postscreen mail_postscreen_sender
|
||||
function teardown_file() {
|
||||
docker rm -f "${CONTAINER1_NAME}" "${CONTAINER2_NAME}"
|
||||
}
|
||||
|
||||
@test "checking postscreen: talk too fast" {
|
||||
docker exec mail_postscreen_sender /bin/sh -c "nc ${MAIL_POSTSCREEN_IP} 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login.txt"
|
||||
@test "${TEST_NAME_PREFIX} talk too fast" {
|
||||
run docker exec "${CONTAINER2_NAME}" /bin/sh -c "nc ${MAIL_POSTSCREEN_IP} 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login.txt"
|
||||
assert_success
|
||||
|
||||
repeat_until_success_or_timeout 10 run docker exec mail_postscreen grep 'COMMAND PIPELINING' /var/log/mail/mail.log
|
||||
repeat_until_success_or_timeout 10 run docker exec "${CONTAINER1_NAME}" grep 'COMMAND PIPELINING' /var/log/mail/mail.log
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "checking postscreen: positive test (respecting postscreen_greet_wait time and talking in turn)" {
|
||||
@test "${TEST_NAME_PREFIX} positive test (respecting postscreen_greet_wait time and talking in turn)" {
|
||||
for _ in {1,2}; do
|
||||
# shellcheck disable=SC1004
|
||||
docker exec mail_postscreen_sender /bin/bash -c \
|
||||
docker exec "${CONTAINER2_NAME}" /bin/bash -c \
|
||||
'exec 3<>/dev/tcp/'"${MAIL_POSTSCREEN_IP}"'/25 && \
|
||||
while IFS= read -r cmd; do \
|
||||
head -1 <&3; \
|
||||
|
@ -47,6 +49,6 @@ teardown_file() {
|
|||
done < "/tmp/docker-mailserver-test/auth/smtp-auth-login.txt"'
|
||||
done
|
||||
|
||||
repeat_until_success_or_timeout 10 run docker exec mail_postscreen grep 'PASS NEW ' /var/log/mail/mail.log
|
||||
repeat_until_success_or_timeout 10 run docker exec "${CONTAINER1_NAME}" grep 'PASS NEW ' /var/log/mail/mail.log
|
||||
assert_success
|
||||
}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
load "${REPOSITORY_ROOT}/test/helper/setup"
|
||||
load "${REPOSITORY_ROOT}/test/helper/common"
|
||||
|
||||
TEST_NAME_PREFIX='spam (Amavis):'
|
||||
CONTAINER_NAME='dms-test-spam_bounced'
|
||||
TEST_NAME_PREFIX='Spam bounced:'
|
||||
CONTAINER_NAME='dms-test_spam-bounced'
|
||||
|
||||
function setup_file() {
|
||||
init_with_defaults
|
||||
|
|
|
@ -1,67 +1,67 @@
|
|||
load "${REPOSITORY_ROOT}/test/test_helper/common"
|
||||
load "${REPOSITORY_ROOT}/test/helper/setup"
|
||||
load "${REPOSITORY_ROOT}/test/helper/common"
|
||||
|
||||
TEST_NAME_PREFIX='Spam junk folder:'
|
||||
CONTAINER1_NAME='dms-test_spam-junk-folder_1'
|
||||
CONTAINER2_NAME='dms-test_spam-junk-folder_2'
|
||||
|
||||
function teardown() { _default_teardown ; }
|
||||
|
||||
# Test case
|
||||
# ---------
|
||||
# When SPAMASSASSIN_SPAM_TO_INBOX=1, spam messages must be delivered and eventually (MOVE_SPAM_TO_JUNK=1) moved to the Junk folder.
|
||||
# When SPAMASSASSIN_SPAM_TO_INBOX=1, spam messages must be delivered
|
||||
# and eventually (MOVE_SPAM_TO_JUNK=1) moved to the Junk folder.
|
||||
|
||||
@test "checking amavis: spam message is delivered and moved to the Junk folder (MOVE_SPAM_TO_JUNK=1)" {
|
||||
local PRIVATE_CONFIG
|
||||
PRIVATE_CONFIG=$(duplicate_config_for_container . mail_spam_moved_junk)
|
||||
|
||||
docker run -d --name mail_spam_moved_junk \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-e ENABLE_SPAMASSASSIN=1 \
|
||||
-e MOVE_SPAM_TO_JUNK=1 \
|
||||
-e PERMIT_DOCKER=container \
|
||||
-e SA_SPAM_SUBJECT="SPAM: " \
|
||||
-e SPAMASSASSIN_SPAM_TO_INBOX=1 \
|
||||
-h mail.my-domain.com -t "${NAME}"
|
||||
|
||||
teardown() { docker rm -f mail_spam_moved_junk; }
|
||||
|
||||
wait_for_smtp_port_in_container mail_spam_moved_junk
|
||||
@test "${TEST_NAME_PREFIX} (Amavis) spam message delivered & moved to Junk folder" {
|
||||
export CONTAINER_NAME=${CONTAINER1_NAME}
|
||||
local CUSTOM_SETUP_ARGUMENTS=(
|
||||
--env ENABLE_AMAVIS=1
|
||||
--env ENABLE_SPAMASSASSIN=1
|
||||
--env MOVE_SPAM_TO_JUNK=1
|
||||
--env PERMIT_DOCKER=container
|
||||
--env SA_SPAM_SUBJECT="SPAM: "
|
||||
--env SPAMASSASSIN_SPAM_TO_INBOX=1
|
||||
)
|
||||
init_with_defaults
|
||||
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
|
||||
|
||||
# send a spam message
|
||||
run docker exec mail_spam_moved_junk /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt"
|
||||
_run_in_container bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt"
|
||||
assert_success
|
||||
|
||||
# message will be added to a queue with varying delay until amavis receives it
|
||||
run repeat_until_success_or_timeout 60 sh -c "docker logs mail_spam_moved_junk | grep 'Passed SPAM {RelayedTaggedInbound,Quarantined}'"
|
||||
run repeat_until_success_or_timeout 60 bash -c "docker logs ${CONTAINER_NAME} | grep 'Passed SPAM {RelayedTaggedInbound,Quarantined}'"
|
||||
assert_success
|
||||
|
||||
# spam moved to Junk folder
|
||||
run repeat_until_success_or_timeout 20 sh -c "docker exec mail_spam_moved_junk sh -c 'grep \"Subject: SPAM: \" /var/mail/localhost.localdomain/user1/.Junk/new/ -R'"
|
||||
run repeat_until_success_or_timeout 20 bash -c "docker exec ${CONTAINER_NAME} sh -c 'grep \"Subject: SPAM: \" /var/mail/localhost.localdomain/user1/.Junk/new/ -R'"
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "checking amavis: spam message is delivered to INBOX (MOVE_SPAM_TO_JUNK=0)" {
|
||||
local PRIVATE_CONFIG
|
||||
PRIVATE_CONFIG=$(duplicate_config_for_container . mail_spam_moved_new)
|
||||
|
||||
docker run -d --name mail_spam_moved_new \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-e ENABLE_SPAMASSASSIN=1 \
|
||||
-e MOVE_SPAM_TO_JUNK=0 \
|
||||
-e PERMIT_DOCKER=container \
|
||||
-e SA_SPAM_SUBJECT="SPAM: " \
|
||||
-e SPAMASSASSIN_SPAM_TO_INBOX=1 \
|
||||
-h mail.my-domain.com -t "${NAME}"
|
||||
|
||||
teardown() { docker rm -f mail_spam_moved_new; }
|
||||
|
||||
wait_for_smtp_port_in_container mail_spam_moved_new
|
||||
@test "${TEST_NAME_PREFIX} (Amavis) spam message delivered to INBOX" {
|
||||
export CONTAINER_NAME=${CONTAINER2_NAME}
|
||||
local CUSTOM_SETUP_ARGUMENTS=(
|
||||
--env ENABLE_AMAVIS=1
|
||||
--env ENABLE_SPAMASSASSIN=1
|
||||
--env MOVE_SPAM_TO_JUNK=0
|
||||
--env PERMIT_DOCKER=container
|
||||
--env SA_SPAM_SUBJECT="SPAM: "
|
||||
--env SPAMASSASSIN_SPAM_TO_INBOX=1
|
||||
)
|
||||
init_with_defaults
|
||||
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
|
||||
|
||||
# send a spam message
|
||||
run docker exec mail_spam_moved_new /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt"
|
||||
_run_in_container /bin/bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt"
|
||||
assert_success
|
||||
|
||||
# message will be added to a queue with varying delay until amavis receives it
|
||||
run repeat_until_success_or_timeout 60 sh -c "docker logs mail_spam_moved_new | grep 'Passed SPAM {RelayedTaggedInbound,Quarantined}'"
|
||||
run repeat_until_success_or_timeout 60 bash -c "docker logs ${CONTAINER_NAME} | grep 'Passed SPAM {RelayedTaggedInbound,Quarantined}'"
|
||||
assert_success
|
||||
|
||||
# spam moved to INBOX
|
||||
run repeat_until_success_or_timeout 20 sh -c "docker exec mail_spam_moved_new sh -c 'grep \"Subject: SPAM: \" /var/mail/localhost.localdomain/user1/new/ -R'"
|
||||
run repeat_until_success_or_timeout 20 bash -c "docker exec ${CONTAINER_NAME} sh -c 'grep \"Subject: SPAM: \" /var/mail/localhost.localdomain/user1/new/ -R'"
|
||||
assert_success
|
||||
}
|
||||
|
|
|
@ -1,64 +1,61 @@
|
|||
load "${REPOSITORY_ROOT}/test/test_helper/common"
|
||||
load "${REPOSITORY_ROOT}/test/helper/setup"
|
||||
load "${REPOSITORY_ROOT}/test/helper/common"
|
||||
|
||||
function setup() {
|
||||
local PRIVATE_CONFIG
|
||||
TEST_NAME_PREFIX='Undefined spam subject:'
|
||||
|
||||
PRIVATE_CONFIG=$(duplicate_config_for_container .)
|
||||
docker run -d --name mail_undef_spam_subject \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-e ENABLE_SPAMASSASSIN=1 \
|
||||
-e SA_SPAM_SUBJECT="undef" \
|
||||
--hostname mail.my-domain.com \
|
||||
--tty \
|
||||
"${NAME}"
|
||||
CONTAINER1_NAME='dms-test_spam-undef-subject_1'
|
||||
CONTAINER2_NAME='dms-test_spam-undef-subject_2'
|
||||
CONTAINER_NAME=${CONTAINER2_NAME}
|
||||
|
||||
CONTAINER='mail_undef_spam_subject_2'
|
||||
PRIVATE_CONFIG=$(duplicate_config_for_container . "${CONTAINER}")
|
||||
docker run -d \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-v "$(pwd)/test/onedir":/var/mail-state \
|
||||
-e ENABLE_CLAMAV=1 \
|
||||
-e SPOOF_PROTECTION=1 \
|
||||
-e ENABLE_SPAMASSASSIN=1 \
|
||||
-e REPORT_RECIPIENT=user1@localhost.localdomain \
|
||||
-e REPORT_SENDER=report1@mail.my-domain.com \
|
||||
-e SA_TAG=-5.0 \
|
||||
-e SA_TAG2=2.0 \
|
||||
-e SA_KILL=3.0 \
|
||||
-e SA_SPAM_SUBJECT="SPAM: " \
|
||||
-e VIRUSMAILS_DELETE_DELAY=7 \
|
||||
-e ENABLE_SRS=1 \
|
||||
-e ENABLE_MANAGESIEVE=1 \
|
||||
-e PERMIT_DOCKER=host \
|
||||
--name "${CONTAINER}" \
|
||||
--hostname mail.my-domain.com \
|
||||
--tty \
|
||||
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)" \
|
||||
"${NAME}"
|
||||
function setup_file() {
|
||||
local CONTAINER_NAME=${CONTAINER1_NAME}
|
||||
local CUSTOM_SETUP_ARGUMENTS=(
|
||||
--env ENABLE_AMAVIS=1
|
||||
--env ENABLE_SPAMASSASSIN=1
|
||||
--env SA_SPAM_SUBJECT='undef'
|
||||
)
|
||||
init_with_defaults
|
||||
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
|
||||
wait_for_finished_setup_in_container mail_undef_spam_subject
|
||||
wait_for_finished_setup_in_container "${CONTAINER}"
|
||||
# ulimit required for `ENABLE_SRS=1`
|
||||
local CONTAINER_NAME=${CONTAINER2_NAME}
|
||||
local CUSTOM_SETUP_ARGUMENTS=(
|
||||
--env ENABLE_CLAMAV=1
|
||||
--env SPOOF_PROTECTION=1
|
||||
--env ENABLE_SPAMASSASSIN=1
|
||||
--env REPORT_RECIPIENT=user1@localhost.localdomain
|
||||
--env REPORT_SENDER=report1@mail.my-domain.com
|
||||
--env SA_TAG=-5.0
|
||||
--env SA_TAG2=2.0
|
||||
--env SA_KILL=3.0
|
||||
--env SA_SPAM_SUBJECT="SPAM: "
|
||||
--env VIRUSMAILS_DELETE_DELAY=7
|
||||
--env ENABLE_SRS=1
|
||||
--env ENABLE_MANAGESIEVE=1
|
||||
--env PERMIT_DOCKER=host
|
||||
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)"
|
||||
)
|
||||
init_with_defaults
|
||||
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
}
|
||||
|
||||
function teardown() {
|
||||
docker rm -f mail_undef_spam_subject "${CONTAINER}"
|
||||
function teardown_file() {
|
||||
docker rm -f "${CONTAINER1_NAME}" "${CONTAINER2_NAME}"
|
||||
}
|
||||
|
||||
@test "checking spamassassin: docker env variables are set correctly (custom)" {
|
||||
run docker exec "${CONTAINER}" /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= -5.0'"
|
||||
@test "${TEST_NAME_PREFIX} Docker env variables are set correctly (custom)" {
|
||||
_run_in_container bash -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= -5.0'"
|
||||
assert_success
|
||||
|
||||
run docker exec "${CONTAINER}" /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'"
|
||||
_run_in_container bash -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'"
|
||||
assert_success
|
||||
|
||||
run docker exec "${CONTAINER}" /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 3.0'"
|
||||
_run_in_container bash -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 3.0'"
|
||||
assert_success
|
||||
|
||||
run docker exec "${CONTAINER}" /bin/sh -c "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= .SPAM: .'"
|
||||
_run_in_container bash -c "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= .SPAM: .'"
|
||||
assert_success
|
||||
|
||||
run docker exec mail_undef_spam_subject /bin/sh -c "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= undef'"
|
||||
run docker exec "${CONTAINER1_NAME}" bash -c "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= undef'"
|
||||
assert_success
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue