From d3e2dfe3baeeb0a934a55cb6c6c8d455d0c3c1b6 Mon Sep 17 00:00:00 2001 From: Martin Schulze Date: Thu, 5 Sep 2019 22:25:09 +0200 Subject: [PATCH 1/8] Move mail_with_ldap into its own .bats file --- Makefile | 36 +-- test/mail_with_ldap.bats | 222 ++++++++++++++++++ .../auth/ldap-smtp-auth-spoofed-alias.txt | 2 +- test/tests.bats | 139 ----------- 4 files changed, 224 insertions(+), 175 deletions(-) create mode 100644 test/mail_with_ldap.bats diff --git a/Makefile b/Makefile index e1aece17..e83cbc80 100644 --- a/Makefile +++ b/Makefile @@ -5,11 +5,10 @@ all-fast: build backup generate-accounts run generate-accounts-after-run fixture no-build: backup generate-accounts run generate-accounts-after-run fixtures tests clean build-no-cache: - cd test/docker-openldap/ && docker build -f Dockerfile -t ldap --no-cache . + export DOCKER_MAIL_DOCKER_BUILD_NO_CACHE=--no-cache docker build --no-cache -t $(NAME) . build: - cd test/docker-openldap/ && docker build -f Dockerfile -t ldap . docker build -t $(NAME) . backup: @@ -155,39 +154,6 @@ run: -e DMS_DEBUG=0 \ -h mail.my-domain.com -t $(NAME) sleep 15 - docker run --rm -d --name ldap_for_mail \ - -e LDAP_DOMAIN="localhost.localdomain" \ - -h ldap.my-domain.com -t ldap - sleep 15 - docker run --rm -d --name mail_with_ldap \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ - -e ENABLE_LDAP=1 \ - -e LDAP_SERVER_HOST=ldap \ - -e LDAP_START_TLS=no \ - -e SPOOF_PROTECTION=1 \ - -e LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain \ - -e LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain \ - -e LDAP_BIND_PW=admin \ - -e LDAP_QUERY_FILTER_USER="(&(mail=%s)(mailEnabled=TRUE))" \ - -e LDAP_QUERY_FILTER_GROUP="(&(mailGroupMember=%s)(mailEnabled=TRUE))" \ - -e LDAP_QUERY_FILTER_ALIAS="(|(&(mailAlias=%s)(objectClass=PostfixBookMailForward))(&(mailAlias=%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE)))" \ - -e LDAP_QUERY_FILTER_DOMAIN="(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))" \ - -e DOVECOT_TLS=no \ - -e DOVECOT_PASS_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \ - -e DOVECOT_USER_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \ - -e REPORT_RECIPIENT=1 \ - -e ENABLE_SASLAUTHD=1 \ - -e SASLAUTHD_MECHANISMS=ldap \ - -e SASLAUTHD_LDAP_SERVER=ldap \ - -e SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain \ - -e SASLAUTHD_LDAP_PASSWORD=admin \ - -e SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain \ - -e POSTMASTER_ADDRESS=postmaster@localhost.localdomain \ - -e DMS_DEBUG=0 \ - --link ldap_for_mail:ldap \ - -h mail.my-domain.com -t $(NAME) - sleep 15 generate-accounts-after-run: docker run --rm -e MAIL_USER=added@localhost.localdomain -e MAIL_PASS=mypassword -t $(NAME) /bin/sh -c 'echo "$$MAIL_USER|$$(doveadm pw -s SHA512-CRYPT -u $$MAIL_USER -p $$MAIL_PASS)"' >> test/config/postfix-accounts.cf diff --git a/test/mail_with_ldap.bats b/test/mail_with_ldap.bats new file mode 100644 index 00000000..2525f11a --- /dev/null +++ b/test/mail_with_ldap.bats @@ -0,0 +1,222 @@ +load 'test_helper/common' + +function setup() { + run_setup_file_if_necessary +} + +function teardown() { + run_teardown_file_if_necessary +} + +function setup_file() { + pushd test/docker-openldap/ + docker build -f Dockerfile -t ldap $DOCKER_MAIL_DOCKER_BUILD_NO_CACHE . + popd + + docker run -d --name ldap_for_mail \ + -e LDAP_DOMAIN="localhost.localdomain" \ + -h ldap.my-domain.com -t ldap + + docker run -d --name mail_with_ldap \ + -v "`pwd`/test/config":/tmp/docker-mailserver \ + -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ + -e ENABLE_LDAP=1 \ + -e LDAP_SERVER_HOST=ldap \ + -e LDAP_START_TLS=no \ + -e SPOOF_PROTECTION=1 \ + -e LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain \ + -e LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain \ + -e LDAP_BIND_PW=admin \ + -e LDAP_QUERY_FILTER_USER="(&(mail=%s)(mailEnabled=TRUE))" \ + -e LDAP_QUERY_FILTER_GROUP="(&(mailGroupMember=%s)(mailEnabled=TRUE))" \ + -e LDAP_QUERY_FILTER_ALIAS="(|(&(mailAlias=%s)(objectClass=PostfixBookMailForward))(&(mailAlias=%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE)))" \ + -e LDAP_QUERY_FILTER_DOMAIN="(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))" \ + -e DOVECOT_TLS=no \ + -e DOVECOT_PASS_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \ + -e DOVECOT_USER_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \ + -e REPORT_RECIPIENT=1 \ + -e ENABLE_SASLAUTHD=1 \ + -e SASLAUTHD_MECHANISMS=ldap \ + -e SASLAUTHD_LDAP_SERVER=ldap \ + -e SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain \ + -e SASLAUTHD_LDAP_PASSWORD=admin \ + -e SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain \ + -e POSTMASTER_ADDRESS=postmaster@localhost.localdomain \ + -e DMS_DEBUG=0 \ + --link ldap_for_mail:ldap \ + -h mail.my-domain.com -t ${NAME} + wait_for_smtp_port_in_container mail_with_ldap +} + +function teardown_file() { + docker rm -f ldap_for_mail mail_with_ldap +} + +@test "first" { + # this test must come first to reliably identify when to run setup_file +} + +# processes + +@test "checking process: saslauthd (saslauthd server enabled)" { + run docker exec mail_with_ldap /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" + assert_success +} + +# postfix +@test "checking postfix: ldap lookup works correctly" { + run docker exec mail_with_ldap /bin/sh -c "postmap -q some.user@localhost.localdomain ldap:/etc/postfix/ldap-users.cf" + assert_success + assert_output "some.user@localhost.localdomain" + run docker exec mail_with_ldap /bin/sh -c "postmap -q postmaster@localhost.localdomain ldap:/etc/postfix/ldap-aliases.cf" + assert_success + assert_output "some.user@localhost.localdomain" + run docker exec mail_with_ldap /bin/sh -c "postmap -q employees@localhost.localdomain ldap:/etc/postfix/ldap-groups.cf" + assert_success + assert_output "some.user@localhost.localdomain" + + # Test of the user part of the domain is not the same as the uniqueIdentifier part in the ldap + run docker exec mail_with_ldap /bin/sh -c "postmap -q some.user.email@localhost.localdomain ldap:/etc/postfix/ldap-users.cf" + assert_success + assert_output "some.user.email@localhost.localdomain" + + # Test email receiving from a other domain then the primary domain of the mailserver + run docker exec mail_with_ldap /bin/sh -c "postmap -q some.other.user@localhost.otherdomain ldap:/etc/postfix/ldap-users.cf" + assert_success + assert_output "some.other.user@localhost.otherdomain" + run docker exec mail_with_ldap /bin/sh -c "postmap -q postmaster@localhost.otherdomain ldap:/etc/postfix/ldap-aliases.cf" + assert_success + assert_output "some.other.user@localhost.otherdomain" + run docker exec mail_with_ldap /bin/sh -c "postmap -q employees@localhost.otherdomain ldap:/etc/postfix/ldap-groups.cf" + assert_success + assert_output "some.other.user@localhost.otherdomain" +} + +@test "checking postfix: ldap custom config files copied" { + run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-users.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-groups.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-aliases.cf" + assert_success +} + +@test "checking postfix: ldap config overwrites success" { + run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-users.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'start_tls = no' /etc/postfix/ldap-users.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf" + assert_success + + run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-groups.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'start_tls = no' /etc/postfix/ldap-groups.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf" + assert_success + + run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-aliases.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'start_tls = no' /etc/postfix/ldap-aliases.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf" + assert_success +} + +# dovecot +@test "checking dovecot: ldap imap connection and authentication works" { + run docker exec mail_with_ldap /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-ldap-auth.txt" + assert_success +} + +@test "checking dovecot: ldap mail delivery works" { + run docker exec mail_with_ldap /bin/sh -c "sendmail -f user@external.tld some.user@localhost.localdomain < /tmp/docker-mailserver-test/email-templates/test-email.txt" + sleep 10 + run docker exec mail_with_ldap /bin/sh -c "ls -A /var/mail/localhost.localdomain/some.user/new | wc -l" + assert_success + assert_output 1 +} + +@test "checking dovecot: ldap mail delivery works for a different domain then the mailserver" { + run docker exec mail_with_ldap /bin/sh -c "sendmail -f user@external.tld some.other.user@localhost.otherdomain < /tmp/docker-mailserver-test/email-templates/test-email.txt" + sleep 10 + run docker exec mail_with_ldap /bin/sh -c "ls -A /var/mail/localhost.localdomain/some.other.user/new | wc -l" + assert_success + assert_output 1 +} + +@test "checking dovecot: ldap config overwrites success" { + run docker exec mail_with_ldap /bin/sh -c "grep 'hosts = ldap' /etc/dovecot/dovecot-ldap.conf.ext" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'tls = no' /etc/dovecot/dovecot-ldap.conf.ext" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'base = ou=people,dc=localhost,dc=localdomain' /etc/dovecot/dovecot-ldap.conf.ext" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'dn = cn=admin,dc=localhost,dc=localdomain' /etc/dovecot/dovecot-ldap.conf.ext" + assert_success +} + +@test "checking dovecot: postmaster address" { + run docker exec mail_with_ldap /bin/sh -c "grep 'postmaster_address = postmaster@localhost.localdomain' /etc/dovecot/conf.d/15-lda.conf" + assert_success +} + +@test "checking spoofing: rejects sender forging" { + run docker exec mail_with_ldap /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/ldap-smtp-auth-spoofed.txt | grep 'Sender address rejected: not owned by user'" + assert_success +} + +# ATTENTION: this test must come after "checking dovecot: ldap mail delivery works" since it will deliver an email which skews the count in said test, leading to failure +@test "checking spoofing: accepts sending as alias" { + run docker exec mail_with_ldap /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/ldap-smtp-auth-spoofed-alias.txt | grep 'End data with'" + assert_success +} + +# saslauthd +@test "checking saslauthd: sasl ldap authentication works" { + run docker exec mail_with_ldap bash -c "testsaslauthd -u some.user -p secret" + assert_success +} + +@test "checking saslauthd: ldap smtp authentication" { + run docker exec mail_with_ldap /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'" + assert_success + run docker exec mail_with_ldap /bin/sh -c "openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'" + assert_success + run docker exec mail_with_ldap /bin/sh -c "openssl s_client -quiet -starttls smtp -connect 0.0.0.0:587 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'" + assert_success +} + +# +# Pflogsumm delivery check +# + +@test "checking pflogsum delivery" { + # checking default sender is correctly set when env variable not defined + run docker exec mail_with_ldap grep "mailserver-report@mail.my-domain.com" /etc/logrotate.d/maillog + assert_success + + # checking default logrotation setup + run docker exec mail_with_ldap grep "daily" /etc/logrotate.d/maillog + assert_success +} + +# +# supervisor +# + +@test "checking restart of process: saslauthd (saslauthd server enabled)" { + run docker exec mail_with_ldap /bin/bash -c "pkill saslauthd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" + assert_success +} + +@test "last" { + # this test is only there to reliably mark the end for the teardown_file +} \ No newline at end of file diff --git a/test/test-files/auth/ldap-smtp-auth-spoofed-alias.txt b/test/test-files/auth/ldap-smtp-auth-spoofed-alias.txt index 663abb53..007b0f99 100644 --- a/test/test-files/auth/ldap-smtp-auth-spoofed-alias.txt +++ b/test/test-files/auth/ldap-smtp-auth-spoofed-alias.txt @@ -9,7 +9,7 @@ From: alias_address To: Existing Local User Date: Sat, 22 May 2010 07:43:25 -0400 Subject: Test Message -This is a test mail. +This is a test mail from ldap-smtp-auth-spoofed-alias.txt . QUIT diff --git a/test/tests.bats b/test/tests.bats index 54ee1acb..c28c8836 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -129,11 +129,6 @@ function count_processed_changes() { assert_failure } -@test "checking process: saslauthd (saslauthd server enabled)" { - run docker exec mail_with_ldap /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" - assert_success -} - # # imap # @@ -1378,71 +1373,6 @@ function count_processed_changes() { # # postfix -@test "checking postfix: ldap lookup works correctly" { - run docker exec mail_with_ldap /bin/sh -c "postmap -q some.user@localhost.localdomain ldap:/etc/postfix/ldap-users.cf" - assert_success - assert_output "some.user@localhost.localdomain" - run docker exec mail_with_ldap /bin/sh -c "postmap -q postmaster@localhost.localdomain ldap:/etc/postfix/ldap-aliases.cf" - assert_success - assert_output "some.user@localhost.localdomain" - run docker exec mail_with_ldap /bin/sh -c "postmap -q employees@localhost.localdomain ldap:/etc/postfix/ldap-groups.cf" - assert_success - assert_output "some.user@localhost.localdomain" - - # Test of the user part of the domain is not the same as the uniqueIdentifier part in the ldap - run docker exec mail_with_ldap /bin/sh -c "postmap -q some.user.email@localhost.localdomain ldap:/etc/postfix/ldap-users.cf" - assert_success - assert_output "some.user.email@localhost.localdomain" - - # Test email receiving from a other domain then the primary domain of the mailserver - run docker exec mail_with_ldap /bin/sh -c "postmap -q some.other.user@localhost.otherdomain ldap:/etc/postfix/ldap-users.cf" - assert_success - assert_output "some.other.user@localhost.otherdomain" - run docker exec mail_with_ldap /bin/sh -c "postmap -q postmaster@localhost.otherdomain ldap:/etc/postfix/ldap-aliases.cf" - assert_success - assert_output "some.other.user@localhost.otherdomain" - run docker exec mail_with_ldap /bin/sh -c "postmap -q employees@localhost.otherdomain ldap:/etc/postfix/ldap-groups.cf" - assert_success - assert_output "some.other.user@localhost.otherdomain" -} - -@test "checking postfix: ldap custom config files copied" { - run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-users.cf" - assert_success - run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-groups.cf" - assert_success - run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-aliases.cf" - assert_success -} - -@test "checking postfix: ldap config overwrites success" { - run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-users.cf" - assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'start_tls = no' /etc/postfix/ldap-users.cf" - assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf" - assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf" - assert_success - - run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-groups.cf" - assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'start_tls = no' /etc/postfix/ldap-groups.cf" - assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf" - assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf" - assert_success - - run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-aliases.cf" - assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'start_tls = no' /etc/postfix/ldap-aliases.cf" - assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf" - assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf" - assert_success -} @test "checking postfix: remove privacy details of the sender" { run docker exec mail_privacy /bin/sh -c "ls /var/mail/localhost.localdomain/user1/new | wc -l" @@ -1453,46 +1383,10 @@ function count_processed_changes() { assert_output 0 } -# dovecot -@test "checking dovecot: ldap imap connection and authentication works" { - run docker exec mail_with_ldap /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-ldap-auth.txt" - assert_success -} - -@test "checking dovecot: ldap mail delivery works" { - run docker exec mail_with_ldap /bin/sh -c "sendmail -f user@external.tld some.user@localhost.localdomain < /tmp/docker-mailserver-test/email-templates/test-email.txt" - sleep 10 - run docker exec mail_with_ldap /bin/sh -c "ls -A /var/mail/localhost.localdomain/some.user/new | wc -l" - assert_success - assert_output 1 -} - -@test "checking dovecot: ldap mail delivery works for a different domain then the mailserver" { - run docker exec mail_with_ldap /bin/sh -c "sendmail -f user@external.tld some.other.user@localhost.otherdomain < /tmp/docker-mailserver-test/email-templates/test-email.txt" - sleep 10 - run docker exec mail_with_ldap /bin/sh -c "ls -A /var/mail/localhost.localdomain/some.other.user/new | wc -l" - assert_success - assert_output 1 -} - -@test "checking dovecot: ldap config overwrites success" { - run docker exec mail_with_ldap /bin/sh -c "grep 'hosts = ldap' /etc/dovecot/dovecot-ldap.conf.ext" - assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'tls = no' /etc/dovecot/dovecot-ldap.conf.ext" - assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'base = ou=people,dc=localhost,dc=localdomain' /etc/dovecot/dovecot-ldap.conf.ext" - assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'dn = cn=admin,dc=localhost,dc=localdomain' /etc/dovecot/dovecot-ldap.conf.ext" - assert_success -} - @test "checking dovecot: postmaster address" { run docker exec mail /bin/sh -c "grep 'postmaster_address = postmaster@my-domain.com' /etc/dovecot/conf.d/15-lda.conf" assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'postmaster_address = postmaster@localhost.localdomain' /etc/dovecot/conf.d/15-lda.conf" - assert_success - run docker exec mail_override_hostname /bin/sh -c "grep 'postmaster_address = postmaster@my-domain.com' /etc/dovecot/conf.d/15-lda.conf" assert_success } @@ -1501,33 +1395,12 @@ function count_processed_changes() { # checking rejection of spoofed sender run docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-spoofed.txt | grep 'Sender address rejected: not owned by user'" assert_success - # checking ldap - run docker exec mail_with_ldap /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/ldap-smtp-auth-spoofed.txt | grep 'Sender address rejected: not owned by user'" - assert_success } @test "checking spoofing: accepts sending as alias" { run docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-spoofed-alias.txt | grep 'End data with'" assert_success - # checking ldap alias - run docker exec mail_with_ldap /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/ldap-smtp-auth-spoofed-alias.txt | grep 'End data with'" - assert_success -} - -# saslauthd -@test "checking saslauthd: sasl ldap authentication works" { - run docker exec mail_with_ldap bash -c "testsaslauthd -u some.user -p secret" - assert_success -} - -@test "checking saslauthd: ldap smtp authentication" { - run docker exec mail_with_ldap /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'" - assert_success - run docker exec mail_with_ldap /bin/sh -c "openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'" - assert_success - run docker exec mail_with_ldap /bin/sh -c "openssl s_client -quiet -starttls smtp -connect 0.0.0.0:587 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'" - assert_success } # @@ -1546,13 +1419,6 @@ function count_processed_changes() { # check sender is not the default one. run docker exec mail grep "From: mailserver-report@mail.my-domain.com" /var/mail/localhost.localdomain/user1/new/ -R assert_failure - - # checking default sender is correctly set when env variable not defined - run docker exec mail_with_ldap grep "mailserver-report@mail.my-domain.com" /etc/logrotate.d/maillog - assert_success - # checking default logrotation setup - run docker exec mail_with_ldap grep "daily" /etc/logrotate.d/maillog - assert_success } @@ -1653,11 +1519,6 @@ function count_processed_changes() { assert_failure } -@test "checking restart of process: saslauthd (saslauthd server enabled)" { - run docker exec mail_with_ldap /bin/bash -c "pkill saslauthd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" - assert_success -} - # # root mail delivery # From a03c741e1be4f91de00e096187e6c1c6b52b1523 Mon Sep 17 00:00:00 2001 From: Martin Schulze Date: Tue, 8 Oct 2019 21:36:13 +0200 Subject: [PATCH 2/8] Extract mail_manual_ssl into own .bats file --- Makefile | 9 ------ test/mail_manual_ssl.bats | 60 +++++++++++++++++++++++++++++++++++++++ test/tests.bats | 27 ------------------ 3 files changed, 60 insertions(+), 36 deletions(-) create mode 100644 test/mail_manual_ssl.bats diff --git a/Makefile b/Makefile index e83cbc80..16ccfb9e 100644 --- a/Makefile +++ b/Makefile @@ -145,15 +145,6 @@ run: -e DMS_DEBUG=0 \ -h mail.my-domain.com -t $(NAME) sleep 15 - docker run --rm -d --name mail_manual_ssl \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ - -e SSL_TYPE=manual \ - -e SSL_CERT_PATH=/tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem \ - -e SSL_KEY_PATH=/tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem \ - -e DMS_DEBUG=0 \ - -h mail.my-domain.com -t $(NAME) - sleep 15 generate-accounts-after-run: docker run --rm -e MAIL_USER=added@localhost.localdomain -e MAIL_PASS=mypassword -t $(NAME) /bin/sh -c 'echo "$$MAIL_USER|$$(doveadm pw -s SHA512-CRYPT -u $$MAIL_USER -p $$MAIL_PASS)"' >> test/config/postfix-accounts.cf diff --git a/test/mail_manual_ssl.bats b/test/mail_manual_ssl.bats new file mode 100644 index 00000000..00465ebd --- /dev/null +++ b/test/mail_manual_ssl.bats @@ -0,0 +1,60 @@ +load 'test_helper/common' + +function setup() { + run_setup_file_if_necessary +} + +function teardown() { + run_teardown_file_if_necessary +} + +function setup_file() { + docker run -d --name mail_manual_ssl \ + -v "`pwd`/test/config":/tmp/docker-mailserver \ + -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ + -e SSL_TYPE=manual \ + -e SSL_CERT_PATH=/tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem \ + -e SSL_KEY_PATH=/tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem \ + -e DMS_DEBUG=0 \ + -h mail.my-domain.com -t ${NAME} + wait_for_finished_setup_in_container mail_manual_ssl +} + +function teardown_file() { + docker rm -f mail_manual_ssl +} + +@test "first" { + skip 'this test must come first to reliably identify when to run setup_file' +} + +@test "checking ssl: manual configuration is correct" { + run docker exec mail_manual_ssl /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/postfix/main.cf | wc -l' + assert_success + assert_output 1 + run docker exec mail_manual_ssl /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/dovecot/conf.d/10-ssl.conf | wc -l' + assert_success + assert_output 1 + run docker exec mail_manual_ssl /bin/sh -c 'grep -ir "/etc/postfix/ssl/key" /etc/postfix/main.cf | wc -l' + assert_success + assert_output 1 + run docker exec mail_manual_ssl /bin/sh -c 'grep -ir "/etc/postfix/ssl/key" /etc/dovecot/conf.d/10-ssl.conf | wc -l' + assert_success + assert_output 1 +} + +@test "checking ssl: manual configuration copied files correctly " { + run docker exec mail_manual_ssl /bin/sh -c 'cmp -s /etc/postfix/ssl/cert /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem' + assert_success + run docker exec mail_manual_ssl /bin/sh -c 'cmp -s /etc/postfix/ssl/key /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem' + assert_success +} + +@test "checking ssl: manual cert works correctly" { + run docker exec mail_manual_ssl /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" + assert_success +} + +@test "last" { + skip 'this test is only there to reliably mark the end for the teardown_file' +} \ No newline at end of file diff --git a/test/tests.bats b/test/tests.bats index c28c8836..0487baf6 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -720,33 +720,6 @@ function count_processed_changes() { assert_success } -@test "checking ssl: manual configuration is correct" { - run docker exec mail_manual_ssl /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/postfix/main.cf | wc -l' - assert_success - assert_output 1 - run docker exec mail_manual_ssl /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/dovecot/conf.d/10-ssl.conf | wc -l' - assert_success - assert_output 1 - run docker exec mail_manual_ssl /bin/sh -c 'grep -ir "/etc/postfix/ssl/key" /etc/postfix/main.cf | wc -l' - assert_success - assert_output 1 - run docker exec mail_manual_ssl /bin/sh -c 'grep -ir "/etc/postfix/ssl/key" /etc/dovecot/conf.d/10-ssl.conf | wc -l' - assert_success - assert_output 1 -} - -@test "checking ssl: manual configuration copied files correctly " { - run docker exec mail_manual_ssl /bin/sh -c 'cmp -s /etc/postfix/ssl/cert /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem' - assert_success - run docker exec mail_manual_ssl /bin/sh -c 'cmp -s /etc/postfix/ssl/key /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem' - assert_success -} - -@test "checking ssl: manual cert works correctly" { - run docker exec mail_manual_ssl /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" - assert_success -} - # # postsrsd # From d05255cb0499c70e56ba23bc376e6bed0dcf3e88 Mon Sep 17 00:00:00 2001 From: Martin Schulze Date: Tue, 8 Oct 2019 21:45:05 +0200 Subject: [PATCH 3/8] Tests: Extract mail_fetchmail into own .bats file --- Makefile | 8 ----- test/mail_fetchmail.bats | 64 ++++++++++++++++++++++++++++++++++++++++ test/tests.bats | 24 --------------- 3 files changed, 64 insertions(+), 32 deletions(-) create mode 100644 test/mail_fetchmail.bats diff --git a/Makefile b/Makefile index 16ccfb9e..ad7e2361 100644 --- a/Makefile +++ b/Makefile @@ -129,14 +129,6 @@ run: --cap-add=NET_ADMIN \ -h mail.my-domain.com -t $(NAME) sleep 15 - docker run --rm -d --name mail_fetchmail \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ - -e ENABLE_FETCHMAIL=1 \ - --cap-add=NET_ADMIN \ - -e DMS_DEBUG=0 \ - -h mail.my-domain.com -t $(NAME) - sleep 15 docker run --rm -d --name mail_disabled_clamav_spamassassin \ -v "`pwd`/test/config":/tmp/docker-mailserver \ -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ diff --git a/test/mail_fetchmail.bats b/test/mail_fetchmail.bats new file mode 100644 index 00000000..bb6d4d8b --- /dev/null +++ b/test/mail_fetchmail.bats @@ -0,0 +1,64 @@ +load 'test_helper/common' + +function setup() { + run_setup_file_if_necessary +} + +function teardown() { + run_teardown_file_if_necessary +} + +function setup_file() { + docker run -d --name mail_fetchmail \ + -v "`pwd`/test/config":/tmp/docker-mailserver \ + -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ + -e ENABLE_FETCHMAIL=1 \ + --cap-add=NET_ADMIN \ + -e DMS_DEBUG=0 \ + -h mail.my-domain.com -t ${NAME} + wait_for_finished_setup_in_container mail_fetchmail +} + +function teardown_file() { + docker rm -f mail_fetchmail +} + +@test "first" { + skip 'this test must come first to reliably identify when to run setup_file' +} + +# +# processes +# + +@test "checking process: fetchmail (fetchmail server enabled)" { + run docker exec mail_fetchmail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'" + assert_success +} + +# +# fetchmail +# + +@test "checking fetchmail: gerneral options in fetchmailrc are loaded" { + run docker exec mail_fetchmail grep 'set syslog' /etc/fetchmailrc + assert_success +} + +@test "checking fetchmail: fetchmail.cf is loaded" { + run docker exec mail_fetchmail grep 'pop3.example.com' /etc/fetchmailrc + assert_success +} + +# +# supervisor +# + +@test "checking restart of process: fetchmail" { + run docker exec mail_fetchmail /bin/bash -c "pkill fetchmail && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'" + assert_success +} + +@test "last" { + skip 'this test is only there to reliably mark the end for the teardown_file' +} \ No newline at end of file diff --git a/test/tests.bats b/test/tests.bats index 0487baf6..f7ac2922 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -119,11 +119,6 @@ function count_processed_changes() { assert_failure } -@test "checking process: fetchmail (fetchmail server enabled)" { - run docker exec mail_fetchmail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'" - assert_success -} - @test "checking process: clamav (clamav disabled by ENABLED_CLAMAV=0)" { run docker exec mail_disabled_clamav_spamassassin /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" assert_failure @@ -840,20 +835,6 @@ function count_processed_changes() { assert_failure } -# -# fetchmail -# - -@test "checking fetchmail: gerneral options in fetchmailrc are loaded" { - run docker exec mail_fetchmail grep 'set syslog' /etc/fetchmailrc - assert_success -} - -@test "checking fetchmail: fetchmail.cf is loaded" { - run docker exec mail_fetchmail grep 'pop3.example.com' /etc/fetchmailrc - assert_success -} - # # system # @@ -1482,11 +1463,6 @@ function count_processed_changes() { assert_success } -@test "checking restart of process: fetchmail" { - run docker exec mail_fetchmail /bin/bash -c "pkill fetchmail && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'" - assert_success -} - @test "checking restart of process: clamav (clamav disabled by ENABLED_CLAMAV=0)" { run docker exec mail_disabled_clamav_spamassassin /bin/bash -c "pkill -f clamd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" assert_failure From 56f47db0f2edf344ee6281ef6ed500740caf84cf Mon Sep 17 00:00:00 2001 From: Martin Schulze Date: Tue, 8 Oct 2019 22:03:56 +0200 Subject: [PATCH 4/8] Tests: Extract mail_fail2ban into own .bats file --- Makefile | 8 --- test/mail_fail2ban.bats | 149 ++++++++++++++++++++++++++++++++++++++++ test/tests.bats | 106 ---------------------------- 3 files changed, 149 insertions(+), 114 deletions(-) create mode 100644 test/mail_fail2ban.bats diff --git a/Makefile b/Makefile index ad7e2361..87f8b389 100644 --- a/Makefile +++ b/Makefile @@ -121,14 +121,6 @@ run: -h unknown.domain.tld \ -t $(NAME) sleep 15 - docker run --rm -d --name mail_fail2ban \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ - -e ENABLE_FAIL2BAN=1 \ - -e POSTSCREEN_ACTION=ignore \ - --cap-add=NET_ADMIN \ - -h mail.my-domain.com -t $(NAME) - sleep 15 docker run --rm -d --name mail_disabled_clamav_spamassassin \ -v "`pwd`/test/config":/tmp/docker-mailserver \ -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ diff --git a/test/mail_fail2ban.bats b/test/mail_fail2ban.bats new file mode 100644 index 00000000..7b213c24 --- /dev/null +++ b/test/mail_fail2ban.bats @@ -0,0 +1,149 @@ +load 'test_helper/common' + +function setup() { + run_setup_file_if_necessary +} + +function teardown() { + run_teardown_file_if_necessary +} + +function setup_file() { + docker run --rm -d --name mail_fail2ban \ + -v "`pwd`/test/config":/tmp/docker-mailserver \ + -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ + -e ENABLE_FAIL2BAN=1 \ + -e POSTSCREEN_ACTION=ignore \ + --cap-add=NET_ADMIN \ + -h mail.my-domain.com -t ${NAME} + + # Create a container which will send wrong authentications and should get banned + docker run --name fail-auth-mailer \ + -e MAIL_FAIL2BAN_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' mail_fail2ban) \ + -v "$(pwd)/test/test-files":/tmp/docker-mailserver-test \ + -d ${NAME} \ + tail -f /var/log/faillog + + wait_for_finished_setup_in_container mail_fail2ban + +} + +function teardown_file() { + docker rm -f mail_fail2ban fail-auth-mailer +} + +@test "first" { + skip 'this test must come first to reliably identify when to run setup_file' +} + +# +# processes +# + +@test "checking process: fail2ban (fail2ban server enabled)" { + run docker exec mail_fail2ban /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python3 /usr/bin/fail2ban-server'" + assert_success +} + +# +# fail2ban +# + +@test "checking fail2ban: localhost is not banned because ignored" { + run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*127.0.0.1'" + assert_failure + run docker exec mail_fail2ban /bin/sh -c "grep 'ignoreip = 127.0.0.1/8' /etc/fail2ban/jail.conf" + assert_success +} + +@test "checking fail2ban: fail2ban-fail2ban.cf overrides" { + run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get loglevel | grep DEBUG" + assert_success +} + +@test "checking fail2ban: fail2ban-jail.cf overrides" { + FILTERS=(sshd postfix dovecot postfix-sasl) + + for FILTER in "${FILTERS[@]}"; do + run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get $FILTER bantime" + assert_output 1234 + + run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get $FILTER findtime" + assert_output 321 + + run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get $FILTER maxretry" + assert_output 2 + done +} + +@test "checking fail2ban: ban ip on multiple failed login" { + # can't pipe the file as usual due to postscreen. (respecting postscreen_greet_wait time and talking in turn): + for i in {1,2}; do + docker exec fail-auth-mailer /bin/bash -c \ + 'exec 3<>/dev/tcp/$MAIL_FAIL2BAN_IP/25 && \ + while IFS= read -r cmd; do \ + head -1 <&3; \ + [[ "$cmd" == "EHLO"* ]] && sleep 6; \ + echo $cmd >&3; \ + done < "/tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt"' + done + + sleep 5 + + FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer) + # Checking that FAIL_AUTH_MAILER_IP is banned in mail_fail2ban + run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep '$FAIL_AUTH_MAILER_IP'" + assert_success + + # Checking that FAIL_AUTH_MAILER_IP is banned by iptables + run docker exec mail_fail2ban /bin/sh -c "iptables -L f2b-postfix-sasl -n | grep REJECT | grep '$FAIL_AUTH_MAILER_IP'" + assert_success +} + +@test "checking fail2ban: unban ip works" { + + FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer) + docker exec mail_fail2ban fail2ban-client set postfix-sasl unbanip $FAIL_AUTH_MAILER_IP + + sleep 5 + + run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*$FAIL_AUTH_MAILER_IP'" + assert_failure + + # Checking that FAIL_AUTH_MAILER_IP is unbanned by iptables + run docker exec mail_fail2ban /bin/sh -c "iptables -L f2b-postfix-sasl -n | grep REJECT | grep '$FAIL_AUTH_MAILER_IP'" + assert_failure +} + +# +# debug +# + +@test "checking setup.sh: setup.sh debug fail2ban" { + + run docker exec mail_fail2ban /bin/sh -c "fail2ban-client set dovecot banip 192.0.66.4" + run docker exec mail_fail2ban /bin/sh -c "fail2ban-client set dovecot banip 192.0.66.5" + sleep 10 + run ./setup.sh -c mail_fail2ban debug fail2ban + assert_output --regexp "^Banned in dovecot: 192.0.66.5 192.0.66.4.*" + run ./setup.sh -c mail_fail2ban debug fail2ban unban 192.0.66.4 + assert_output --partial "unbanned IP from dovecot: 192.0.66.4" + run ./setup.sh -c mail_fail2ban debug fail2ban + assert_output --regexp "^Banned in dovecot: 192.0.66.5.*" + run ./setup.sh -c mail_fail2ban debug fail2ban unban 192.0.66.5 + run ./setup.sh -c mail_fail2ban debug fail2ban unban + assert_output --partial "You need to specify an IP address. Run" +} + +# +# supervisor +# + +@test "checking restart of process: fail2ban (fail2ban server enabled)" { + run docker exec mail_fail2ban /bin/bash -c "pkill fail2ban && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/bin/python3 /usr/bin/fail2ban-server'" + assert_success +} + +@test "last" { + skip 'this test is only there to reliably mark the end for the teardown_file' +} \ No newline at end of file diff --git a/test/tests.bats b/test/tests.bats index f7ac2922..9750d281 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -109,11 +109,6 @@ function count_processed_changes() { assert_failure } -@test "checking process: fail2ban (fail2ban server enabled)" { - run docker exec mail_fail2ban /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python3 /usr/bin/fail2ban-server'" - assert_success -} - @test "checking process: fetchmail (disabled in default configuration)" { run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'" assert_failure @@ -754,87 +749,6 @@ function count_processed_changes() { assert_success } -# -# fail2ban -# - -@test "checking fail2ban: localhost is not banned because ignored" { - run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*127.0.0.1'" - assert_failure - run docker exec mail_fail2ban /bin/sh -c "grep 'ignoreip = 127.0.0.1/8' /etc/fail2ban/jail.conf" - assert_success -} - -@test "checking fail2ban: fail2ban-fail2ban.cf overrides" { - run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get loglevel | grep DEBUG" - assert_success -} - -@test "checking fail2ban: fail2ban-jail.cf overrides" { - FILTERS=(sshd postfix dovecot postfix-sasl) - - for FILTER in "${FILTERS[@]}"; do - run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get $FILTER bantime" - assert_output 1234 - - run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get $FILTER findtime" - assert_output 321 - - run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get $FILTER maxretry" - assert_output 2 - done -} - -@test "checking fail2ban: ban ip on multiple failed login" { - # Getting mail_fail2ban container IP - MAIL_FAIL2BAN_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' mail_fail2ban) - - # Create a container which will send wrong authentications and should get banned - docker run --name fail-auth-mailer \ - -e MAIL_FAIL2BAN_IP=$MAIL_FAIL2BAN_IP \ - -v "$(pwd)/test/test-files":/tmp/docker-mailserver-test \ - -d $(docker inspect --format '{{ .Config.Image }}' mail) \ - tail -f /var/log/faillog - - # can't pipe the file as usual due to postscreen. (respecting postscreen_greet_wait time and talking in turn): - for i in {1,2}; do - docker exec fail-auth-mailer /bin/bash -c \ - 'exec 3<>/dev/tcp/$MAIL_FAIL2BAN_IP/25 && \ - while IFS= read -r cmd; do \ - head -1 <&3; \ - [[ "$cmd" == "EHLO"* ]] && sleep 6; \ - echo $cmd >&3; \ - done < "/tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt"' - done - - sleep 5 - - # Checking that FAIL_AUTH_MAILER_IP is banned in mail_fail2ban - FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer) - - run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep '$FAIL_AUTH_MAILER_IP'" - assert_success - - # Checking that FAIL_AUTH_MAILER_IP is banned by iptables - run docker exec mail_fail2ban /bin/sh -c "iptables -L f2b-postfix-sasl -n | grep REJECT | grep '$FAIL_AUTH_MAILER_IP'" - assert_success -} - -@test "checking fail2ban: unban ip works" { - FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer) - - docker exec mail_fail2ban fail2ban-client set postfix-sasl unbanip $FAIL_AUTH_MAILER_IP - - sleep 5 - - run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*$FAIL_AUTH_MAILER_IP'" - assert_failure - - # Checking that FAIL_AUTH_MAILER_IP is unbanned by iptables - run docker exec mail_fail2ban /bin/sh -c "iptables -L f2b-postfix-sasl -n | grep REJECT | grep '$FAIL_AUTH_MAILER_IP'" - assert_failure -} - # # system # @@ -1266,21 +1180,6 @@ function count_processed_changes() { run ./setup.sh -c mail debug login ls assert_success } -@test "checking setup.sh: setup.sh debug fail2ban" { - - run docker exec mail_fail2ban /bin/sh -c "fail2ban-client set dovecot banip 192.0.66.4" - run docker exec mail_fail2ban /bin/sh -c "fail2ban-client set dovecot banip 192.0.66.5" - sleep 10 - run ./setup.sh -c mail_fail2ban debug fail2ban - assert_output --regexp "^Banned in dovecot: 192.0.66.5 192.0.66.4.*" - run ./setup.sh -c mail_fail2ban debug fail2ban unban 192.0.66.4 - assert_output --partial "unbanned IP from dovecot: 192.0.66.4" - run ./setup.sh -c mail_fail2ban debug fail2ban - assert_output --regexp "^Banned in dovecot: 192.0.66.5.*" - run ./setup.sh -c mail_fail2ban debug fail2ban unban 192.0.66.5 - run ./setup.sh -c mail_fail2ban debug fail2ban unban - assert_output --partial "You need to specify an IP address. Run" -} @test "checking setup.sh: setup.sh relay add-domain" { mkdir -p ./test/relay/config && echo -n > ./test/relay/config/postfix-relaymap.cf @@ -1458,11 +1357,6 @@ function count_processed_changes() { assert_success } -@test "checking restart of process: fail2ban (fail2ban server enabled)" { - run docker exec mail_fail2ban /bin/bash -c "pkill fail2ban && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/bin/python3 /usr/bin/fail2ban-server'" - assert_success -} - @test "checking restart of process: clamav (clamav disabled by ENABLED_CLAMAV=0)" { run docker exec mail_disabled_clamav_spamassassin /bin/bash -c "pkill -f clamd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" assert_failure From 81fd83525c3db64fd2ec379a1961f639f4a3983f Mon Sep 17 00:00:00 2001 From: Martin Schulze Date: Tue, 8 Oct 2019 22:15:27 +0200 Subject: [PATCH 5/8] Tests: extract mail_smtponly into own .bats file --- Makefile | 9 ----- test/mail_smtponly.bats | 78 +++++++++++++++++++++++++++++++++++++++++ test/tests.bats | 28 --------------- 3 files changed, 78 insertions(+), 37 deletions(-) create mode 100644 test/mail_smtponly.bats diff --git a/Makefile b/Makefile index 87f8b389..4df825cc 100644 --- a/Makefile +++ b/Makefile @@ -74,15 +74,6 @@ run: -e SSL_TYPE=letsencrypt \ -h mail.my-domain.com -t $(NAME) sleep 15 - docker run --rm -d --name mail_smtponly \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ - -e SMTP_ONLY=1 \ - -e PERMIT_DOCKER=network \ - -e DMS_DEBUG=0 \ - -e OVERRIDE_HOSTNAME=mail.my-domain.com \ - -t $(NAME) - sleep 15 docker run --rm -d --name mail_smtponly_without_config \ -e SMTP_ONLY=1 \ -e ENABLE_LDAP=1 \ diff --git a/test/mail_smtponly.bats b/test/mail_smtponly.bats new file mode 100644 index 00000000..fbbca9ee --- /dev/null +++ b/test/mail_smtponly.bats @@ -0,0 +1,78 @@ +load 'test_helper/common' + +function setup() { + run_setup_file_if_necessary +} + +function teardown() { + run_teardown_file_if_necessary +} + +function setup_file() { + docker run --rm -d --name mail_smtponly \ + -v "`pwd`/test/config":/tmp/docker-mailserver \ + -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ + -e SMTP_ONLY=1 \ + -e PERMIT_DOCKER=network \ + -e DMS_DEBUG=0 \ + -e OVERRIDE_HOSTNAME=mail.my-domain.com \ + -t ${NAME} + + wait_for_finished_setup_in_container mail_smtponly +} + +function teardown_file() { + docker rm -f mail_smtponly +} + +@test "first" { + skip 'this test must come first to reliably identify when to run setup_file' +} + +# +# configuration checks +# + +@test "checking configuration: hostname/domainname override" { + run docker exec mail_smtponly /bin/bash -c "cat /etc/mailname | grep my-domain.com" + assert_success +} + +# +# imap +# + +@test "checking process: dovecot imaplogin (disabled using SMTP_ONLY)" { + run docker exec mail_smtponly /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" + assert_failure +} + +# +# smtp +# + +@test "checking smtp_only: mail send should work" { + run docker exec mail_smtponly /bin/sh -c "postconf -e smtp_host_lookup=no" + assert_success + run docker exec mail_smtponly /bin/sh -c "/etc/init.d/postfix reload" + assert_success + run docker exec mail_smtponly /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/smtp-only.txt" + assert_success + run docker exec mail_smtponly /bin/sh -c 'grep -cE "to=.*status\=sent" /var/log/mail/mail.log' + [ "$status" -ge 0 ] +} + +# +# PERMIT_DOCKER=network +# + +@test "checking PERMIT_DOCKER=network: opendmarc/opendkim config" { + run docker exec mail_smtponly /bin/sh -c "cat /etc/opendmarc/ignore.hosts | grep '172.16.0.0/12'" + assert_success + run docker exec mail_smtponly /bin/sh -c "cat /etc/opendkim/TrustedHosts | grep '172.16.0.0/12'" + assert_success +} + +@test "last" { + skip 'this test is only there to reliably mark the end for the teardown_file' +} \ No newline at end of file diff --git a/test/tests.bats b/test/tests.bats index 9750d281..76a04cb5 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -32,11 +32,6 @@ function count_processed_changes() { assert_success } -@test "checking configuration: hostname/domainname override" { - run docker exec mail_smtponly /bin/bash -c "cat /etc/mailname | grep my-domain.com" - assert_success -} - @test "checking configuration: hostname/domainname override: check container hostname is applied correctly" { run docker exec mail_override_hostname /bin/bash -c "hostname | grep unknown.domain.tld" assert_success @@ -128,11 +123,6 @@ function count_processed_changes() { assert_success } -@test "checking process: dovecot imaplogin (disabled using SMTP_ONLY)" { - run docker exec mail_smtponly /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" - assert_failure -} - @test "checking imap: server is ready with STARTTLS" { run docker exec mail /bin/bash -c "nc -w 2 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'ready'" assert_success @@ -303,17 +293,6 @@ function count_processed_changes() { assert_output 1 } -@test "checking smtp_only: mail send should work" { - run docker exec mail_smtponly /bin/sh -c "postconf -e smtp_host_lookup=no" - assert_success - run docker exec mail_smtponly /bin/sh -c "/etc/init.d/postfix reload" - assert_success - run docker exec mail_smtponly /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/smtp-only.txt" - assert_success - run docker exec mail_smtponly /bin/sh -c 'grep -cE "to=.*status\=sent" /var/log/mail/mail.log' - [ "$status" -ge 0 ] -} - @test "checking smtp: not advertising smtputf8" { # Dovecot does not support SMTPUTF8, so while we can send we cannot receive # Better disable SMTPUTF8 support entirely if we can't handle it correctly @@ -967,13 +946,6 @@ function count_processed_changes() { assert_success } -@test "checking PERMIT_DOCKER: opendmarc/opendkim config" { - run docker exec mail_smtponly /bin/sh -c "cat /etc/opendmarc/ignore.hosts | grep '172.16.0.0/12'" - assert_success - run docker exec mail_smtponly /bin/sh -c "cat /etc/opendkim/TrustedHosts | grep '172.16.0.0/12'" - assert_success -} - @test "checking PERMIT_DOCKER: my network value" { run docker exec mail /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.0\.0/16'" assert_success From 533ac7ed29dc4bc08c203a4e10cf8195284b35ed Mon Sep 17 00:00:00 2001 From: Martin Schulze Date: Tue, 8 Oct 2019 22:24:05 +0200 Subject: [PATCH 6/8] Tests: extract mail_pop3 into own .bats file --- Makefile | 9 ---- test/mail_pop3.bats | 115 ++++++++++++++++++++++++++++++++++++++++++++ test/tests.bats | 55 --------------------- 3 files changed, 115 insertions(+), 64 deletions(-) create mode 100644 test/mail_pop3.bats diff --git a/Makefile b/Makefile index 4df825cc..3e9f5d9c 100644 --- a/Makefile +++ b/Makefile @@ -65,15 +65,6 @@ run: -e DMS_DEBUG=0 \ -h mail.my-domain.com -t $(NAME) sleep 15 - docker run --rm -d --name mail_pop3 \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ - -v "`pwd`/test/config/letsencrypt":/etc/letsencrypt/live \ - -e ENABLE_POP3=1 \ - -e DMS_DEBUG=0 \ - -e SSL_TYPE=letsencrypt \ - -h mail.my-domain.com -t $(NAME) - sleep 15 docker run --rm -d --name mail_smtponly_without_config \ -e SMTP_ONLY=1 \ -e ENABLE_LDAP=1 \ diff --git a/test/mail_pop3.bats b/test/mail_pop3.bats new file mode 100644 index 00000000..45bbea27 --- /dev/null +++ b/test/mail_pop3.bats @@ -0,0 +1,115 @@ +load 'test_helper/common' + +function setup() { + run_setup_file_if_necessary +} + +function teardown() { + run_teardown_file_if_necessary +} + +function setup_file() { + docker run -d --name mail_pop3 \ + -v "`pwd`/test/config":/tmp/docker-mailserver \ + -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ + -v "`pwd`/test/config/letsencrypt":/etc/letsencrypt/live \ + -e ENABLE_POP3=1 \ + -e DMS_DEBUG=0 \ + -e SSL_TYPE=letsencrypt \ + -h mail.my-domain.com -t ${NAME} + + wait_for_finished_setup_in_container mail_pop3 + +} + +function teardown_file() { + docker rm -f mail_pop3 +} + +@test "first" { + skip 'this test must come first to reliably identify when to run setup_file' +} + +# +# pop +# + +@test "checking pop: server is ready" { + run docker exec mail_pop3 /bin/bash -c "nc -w 1 0.0.0.0 110 | grep '+OK'" + assert_success +} + +@test "checking pop: authentication works" { + run docker exec mail_pop3 /bin/sh -c "nc -w 1 0.0.0.0 110 < /tmp/docker-mailserver-test/auth/pop3-auth.txt" + assert_success +} + +@test "checking pop: added user authentication works" { + run docker exec mail_pop3 /bin/sh -c "nc -w 1 0.0.0.0 110 < /tmp/docker-mailserver-test/auth/added-pop3-auth.txt" + assert_success +} + +# +# spamassassin +# + +@test "checking spamassassin: docker env variables are set correctly (default)" { + run docker exec mail_pop3 /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'" + assert_success + run docker exec mail_pop3 /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" + assert_success + run docker exec mail_pop3 /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" + assert_success + run docker exec mail_pop3 /bin/sh -c "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= .\*\*\*SPAM\*\*\* .'" + assert_success +} + +# +# ssl +# + +@test "checking ssl: letsencrypt configuration is correct" { + run docker exec mail_pop3 /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/postfix/main.cf | wc -l' + assert_success + assert_output 2 + run docker exec mail_pop3 /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/dovecot/conf.d/10-ssl.conf | wc -l' + assert_success + assert_output 2 +} + +@test "checking ssl: letsencrypt cert works correctly" { + run docker exec mail_pop3 /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" + assert_success +} + +# +# system +# + +@test "checking system: /var/log/mail/mail.log is error free" { + run docker exec mail_pop3 grep 'non-null host address bits in' /var/log/mail/mail.log + assert_failure + run docker exec mail_pop3 grep ': error:' /var/log/mail/mail.log + assert_failure +} + +# +# sieve +# + +@test "checking manage sieve: disabled per default" { + run docker exec mail_pop3 /bin/bash -c "nc -z 0.0.0.0 4190" + assert_failure +} + +# +# PERMIT_DOCKER mynetworks +# +@test "checking PERMIT_DOCKER: my network value" { + run docker exec mail_pop3 /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}/32'" + assert_success +} + +@test "last" { + skip 'this test is only there to reliably mark the end for the teardown_file' +} \ No newline at end of file diff --git a/test/tests.bats b/test/tests.bats index 76a04cb5..1465dd6b 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -138,25 +138,6 @@ function count_processed_changes() { assert_success } -# -# pop -# - -@test "checking pop: server is ready" { - run docker exec mail_pop3 /bin/bash -c "nc -w 1 0.0.0.0 110 | grep '+OK'" - assert_success -} - -@test "checking pop: authentication works" { - run docker exec mail_pop3 /bin/sh -c "nc -w 1 0.0.0.0 110 < /tmp/docker-mailserver-test/auth/pop3-auth.txt" - assert_success -} - -@test "checking pop: added user authentication works" { - run docker exec mail_pop3 /bin/sh -c "nc -w 1 0.0.0.0 110 < /tmp/docker-mailserver-test/auth/added-pop3-auth.txt" - assert_success -} - # # sasl # @@ -386,17 +367,6 @@ function count_processed_changes() { assert_success } -@test "checking spamassassin: docker env variables are set correctly (default)" { - run docker exec mail_pop3 /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'" - assert_success - run docker exec mail_pop3 /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" - assert_success - run docker exec mail_pop3 /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" - assert_success - run docker exec mail_pop3 /bin/sh -c "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= .\*\*\*SPAM\*\*\* .'" - assert_success -} - @test "checking spamassassin: all registered domains should see spam headers" { run docker exec mail /bin/sh -c "grep -ir 'X-Spam-' /var/mail/localhost.localdomain/user1/new" assert_success @@ -675,20 +645,6 @@ function count_processed_changes() { assert_success } -@test "checking ssl: letsencrypt configuration is correct" { - run docker exec mail_pop3 /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/postfix/main.cf | wc -l' - assert_success - assert_output 2 - run docker exec mail_pop3 /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/dovecot/conf.d/10-ssl.conf | wc -l' - assert_success - assert_output 2 -} - -@test "checking ssl: letsencrypt cert works correctly" { - run docker exec mail_pop3 /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" - assert_success -} - # # postsrsd # @@ -780,10 +736,6 @@ function count_processed_changes() { assert_failure run docker exec mail grep -i 'connect to 127.0.0.1:10023: Connection refused' /var/log/mail/mail.log assert_failure - run docker exec mail_pop3 grep 'non-null host address bits in' /var/log/mail/mail.log - assert_failure - run docker exec mail_pop3 grep ': error:' /var/log/mail/mail.log - assert_failure } @test "checking system: /var/log/auth.log is error free" { @@ -830,11 +782,6 @@ function count_processed_changes() { assert_success } -@test "checking manage sieve: disabled per default" { - run docker exec mail_pop3 /bin/bash -c "nc -z 0.0.0.0 4190" - assert_failure -} - @test "checking sieve: user2 should have piped 1 email to /tmp/" { run docker exec mail /bin/sh -c "ls -A /tmp/pipe-test.out | wc -l" assert_success @@ -949,8 +896,6 @@ function count_processed_changes() { @test "checking PERMIT_DOCKER: my network value" { run docker exec mail /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.0\.0/16'" assert_success - run docker exec mail_pop3 /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}/32'" - assert_success } # From 604a65024e4acb9c87326d86278beb6e08d8a77a Mon Sep 17 00:00:00 2001 From: Martin Schulze Date: Tue, 8 Oct 2019 23:11:27 +0200 Subject: [PATCH 7/8] Tests: extract mail_privacy into own .bats file --- Makefile | 18 ----------- test/mail_privacy.bats | 61 ++++++++++++++++++++++++++++++++++++ test/test_helper/common.bash | 13 +++++++- test/tests.bats | 9 ------ 4 files changed, 73 insertions(+), 28 deletions(-) create mode 100644 test/mail_privacy.bats diff --git a/Makefile b/Makefile index 3e9f5d9c..749a99eb 100644 --- a/Makefile +++ b/Makefile @@ -48,23 +48,6 @@ run: -e DMS_DEBUG=0 \ -h mail.my-domain.com -t $(NAME) sleep 15 - docker run --rm -d --name mail_privacy \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ - -e ENABLE_CLAMAV=1 \ - -e ENABLE_SPAMASSASSIN=1 \ - -e SA_TAG=-5.0 \ - -e SA_TAG2=2.0 \ - -e SA_KILL=3.0 \ - -e SA_SPAM_SUBJECT="SPAM: " \ - -e VIRUSMAILS_DELETE_DELAY=7 \ - -e SASL_PASSWD="external-domain.com username:password" \ - -e ENABLE_MANAGESIEVE=1 \ - --cap-add=SYS_PTRACE \ - -e PERMIT_DOCKER=host \ - -e DMS_DEBUG=0 \ - -h mail.my-domain.com -t $(NAME) - sleep 15 docker run --rm -d --name mail_smtponly_without_config \ -e SMTP_ONLY=1 \ -e ENABLE_LDAP=1 \ @@ -143,7 +126,6 @@ fixtures: docker exec mail_disabled_clamav_spamassassin /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt" docker exec mail /bin/sh -c "sendmail root < /tmp/docker-mailserver-test/email-templates/root-email.txt" # postfix virtual transport lmtp - docker exec mail_privacy /bin/sh -c "openssl s_client -quiet -starttls smtp -connect 0.0.0.0:587 < /tmp/docker-mailserver-test/email-templates/send-privacy-email.txt" docker exec mail_override_hostname /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt" # Wait for mails to be analyzed sleep 80 diff --git a/test/mail_privacy.bats b/test/mail_privacy.bats new file mode 100644 index 00000000..ae6400a5 --- /dev/null +++ b/test/mail_privacy.bats @@ -0,0 +1,61 @@ +load 'test_helper/common' + +function setup() { + run_setup_file_if_necessary +} + +function teardown() { + run_teardown_file_if_necessary +} + +function setup_file() { + docker run -d --name mail_privacy \ + -v "`pwd`/test/config":/tmp/docker-mailserver \ + -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ + -e ENABLE_CLAMAV=1 \ + -e ENABLE_SPAMASSASSIN=1 \ + -e SA_TAG=-5.0 \ + -e SA_TAG2=2.0 \ + -e SA_KILL=3.0 \ + -e SA_SPAM_SUBJECT="SPAM: " \ + -e VIRUSMAILS_DELETE_DELAY=7 \ + -e SASL_PASSWD="external-domain.com username:password" \ + -e ENABLE_MANAGESIEVE=1 \ + --cap-add=SYS_PTRACE \ + -e PERMIT_DOCKER=host \ + -e DMS_DEBUG=0 \ + -h mail.my-domain.com -t ${NAME} + + wait_for_amavis_port_in_container mail_privacy +} + +function teardown_file() { + docker rm -f mail_privacy +} + +@test "first" { + skip 'this test must come first to reliably identify when to run setup_file' +} + +# +# LDAP +# + +# postfix + +@test "checking postfix: remove privacy details of the sender" { + docker exec mail_privacy /bin/sh -c "openssl s_client -quiet -starttls smtp -connect 0.0.0.0:587 < /tmp/docker-mailserver-test/email-templates/send-privacy-email.txt" + repeat_until_success_or_timeout 120 docker exec mail_privacy /bin/sh -c '[ $(ls /var/mail/localhost.localdomain/user1/new | wc -l) -eq 1 ]' + docker logs mail_privacy + run docker exec mail_privacy /bin/sh -c "ls /var/mail/localhost.localdomain/user1/new | wc -l" + assert_success + assert_output 1 + run docker exec mail_privacy /bin/sh -c "grep -rE "^User-Agent:" /var/mail/localhost.localdomain/user1/new | wc -l" + assert_success + assert_output 0 +} + + +@test "last" { + skip 'this test is only there to reliably mark the end for the teardown_file' +} \ No newline at end of file diff --git a/test/test_helper/common.bash b/test/test_helper/common.bash index 00d1635f..eeb27a13 100644 --- a/test/test_helper/common.bash +++ b/test/test_helper/common.bash @@ -25,9 +25,20 @@ function repeat_until_success_or_timeout { done } +# @param $1 port +# @param $2 container name +function wait_for_tcp_port_in_container() { + repeat_until_success_or_timeout $TEST_TIMEOUT_IN_SECONDS docker exec $2 /bin/sh -c "nc -z 0.0.0.0 $1" +} + # @param $1 name of the postfix container function wait_for_smtp_port_in_container() { - repeat_until_success_or_timeout $TEST_TIMEOUT_IN_SECONDS docker exec $1 /bin/sh -c "nc -z 0.0.0.0 25" + wait_for_tcp_port_in_container 25 $1 +} + +# @param $1 name of the postfix container +function wait_for_amavis_port_in_container() { + wait_for_tcp_port_in_container 10024 $1 } # @param $1 name of the postfix container diff --git a/test/tests.bats b/test/tests.bats index 1465dd6b..c130c46f 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -1144,15 +1144,6 @@ function count_processed_changes() { # postfix -@test "checking postfix: remove privacy details of the sender" { - run docker exec mail_privacy /bin/sh -c "ls /var/mail/localhost.localdomain/user1/new | wc -l" - assert_success - assert_output 1 - run docker exec mail_privacy /bin/sh -c "grep -rE "^User-Agent:" /var/mail/localhost.localdomain/user1/new | wc -l" - assert_success - assert_output 0 -} - @test "checking dovecot: postmaster address" { run docker exec mail /bin/sh -c "grep 'postmaster_address = postmaster@my-domain.com' /etc/dovecot/conf.d/15-lda.conf" assert_success From e2bbf12524cc5dca2881bcfde8bd7cd70e4cc507 Mon Sep 17 00:00:00 2001 From: Martin Schulze Date: Tue, 8 Oct 2019 23:39:04 +0200 Subject: [PATCH 8/8] Tests fx: Also wait for smtp port --- test/mail_privacy.bats | 1 + 1 file changed, 1 insertion(+) diff --git a/test/mail_privacy.bats b/test/mail_privacy.bats index ae6400a5..2169a6fb 100644 --- a/test/mail_privacy.bats +++ b/test/mail_privacy.bats @@ -27,6 +27,7 @@ function setup_file() { -h mail.my-domain.com -t ${NAME} wait_for_amavis_port_in_container mail_privacy + wait_for_smtp_port_in_container mail_privacy } function teardown_file() {