mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2025-08-04 10:05:00 +02:00
tests: Use swaks
instead of nc
for sending mail (#3732)
See associated `CHANGELOG.md` entry for details. --------- Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
This commit is contained in:
parent
0889b0ff06
commit
9e81517fe3
119 changed files with 355 additions and 455 deletions
|
@ -24,11 +24,13 @@ function teardown_file() { _default_teardown ; }
|
|||
}
|
||||
|
||||
@test 'authentication works' {
|
||||
_send_email 'auth/pop3-auth' '-w 1 0.0.0.0 110'
|
||||
_nc_wrapper 'auth/pop3-auth' '-w 1 0.0.0.0 110'
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test 'added user authentication works' {
|
||||
_send_email 'auth/added-pop3-auth' '-w 1 0.0.0.0 110'
|
||||
_nc_wrapper 'auth/added-pop3-auth' '-w 1 0.0.0.0 110'
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test '/var/log/mail/mail.log is error-free' {
|
||||
|
|
|
@ -21,7 +21,8 @@ function setup_file() {
|
|||
function teardown_file() { _default_teardown ; }
|
||||
|
||||
@test '(Dovecot) LDAP RIMAP connection and authentication works' {
|
||||
_send_email 'auth/imap-auth' '-w 1 0.0.0.0 143'
|
||||
_nc_wrapper 'auth/imap-auth' '-w 1 0.0.0.0 143'
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test '(SASLauthd) SASL RIMAP authentication works' {
|
||||
|
@ -30,13 +31,30 @@ function teardown_file() { _default_teardown ; }
|
|||
}
|
||||
|
||||
@test '(SASLauthd) RIMAP SMTP authentication works' {
|
||||
_send_email 'auth/smtp-auth-login' '-w 5 0.0.0.0 25'
|
||||
assert_output --partial 'Error: authentication not enabled'
|
||||
_send_email \
|
||||
--auth LOGIN \
|
||||
--auth-user user1@localhost.localdomain \
|
||||
--auth-password mypassword \
|
||||
--quit-after AUTH
|
||||
assert_failure
|
||||
assert_output --partial 'Host did not advertise authentication'
|
||||
|
||||
_send_email 'auth/smtp-auth-login' '-w 5 0.0.0.0 465'
|
||||
_send_email \
|
||||
--port 465 \
|
||||
--auth LOGIN \
|
||||
--auth-user user1@localhost.localdomain \
|
||||
--auth-password mypassword \
|
||||
--quit-after AUTH
|
||||
assert_success
|
||||
assert_output --partial 'Authentication successful'
|
||||
|
||||
_send_email 'auth/smtp-auth-login' '-w 5 0.0.0.0 587'
|
||||
_send_email \
|
||||
--port 587 \
|
||||
--auth LOGIN \
|
||||
--auth-user user1@localhost.localdomain \
|
||||
--auth-password mypassword \
|
||||
--quit-after AUTH
|
||||
assert_success
|
||||
assert_output --partial 'Authentication successful'
|
||||
}
|
||||
|
||||
|
|
|
@ -122,7 +122,6 @@ function setup_file() {
|
|||
|
||||
# Extra ENV needed to support specific test-cases:
|
||||
local ENV_SUPPORT=(
|
||||
--env PERMIT_DOCKER=container # Required for attempting SMTP auth on port 25 via nc
|
||||
# Required for openssl commands to be successul:
|
||||
# NOTE: snakeoil cert is created (for `docker-mailserver.invalid`) via Debian post-install script for Postfix package.
|
||||
# TODO: Use proper TLS cert
|
||||
|
@ -249,7 +248,7 @@ function teardown() {
|
|||
|
||||
# dovecot
|
||||
@test "dovecot: ldap imap connection and authentication works" {
|
||||
_run_in_container_bash 'nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-ldap-auth.txt'
|
||||
_nc_wrapper 'auth/imap-ldap-auth' '-w 1 0.0.0.0 143'
|
||||
assert_success
|
||||
}
|
||||
|
||||
|
@ -327,12 +326,25 @@ function teardown() {
|
|||
@test "spoofing (with LDAP): rejects sender forging" {
|
||||
_wait_for_smtp_port_in_container_to_respond dms-test_ldap
|
||||
|
||||
_run_in_container_bash 'openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/ldap-smtp-auth-spoofed.txt'
|
||||
_send_email \
|
||||
--port 465 -tlsc --auth LOGIN \
|
||||
--auth-user some.user@localhost.localdomain \
|
||||
--auth-password secret \
|
||||
--ehlo mail \
|
||||
--from ldap@localhost.localdomain \
|
||||
--data 'auth/ldap-smtp-auth-spoofed'
|
||||
assert_output --partial 'Sender address rejected: not owned by user'
|
||||
}
|
||||
|
||||
@test "spoofing (with LDAP): accepts sending as alias" {
|
||||
_run_in_container_bash 'openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/ldap-smtp-auth-spoofed-alias.txt'
|
||||
_send_email \
|
||||
--port 465 -tlsc --auth LOGIN \
|
||||
--auth-user some.user@localhost.localdomain \
|
||||
--auth-password secret \
|
||||
--ehlo mail \
|
||||
--from postmaster@localhost.localdomain \
|
||||
--to some.user@localhost.localdomain \
|
||||
--data 'auth/ldap-smtp-auth-spoofed-alias'
|
||||
assert_output --partial 'End data with'
|
||||
}
|
||||
|
||||
|
@ -341,19 +353,42 @@ function teardown() {
|
|||
# Template used has invalid AUTH: https://github.com/docker-mailserver/docker-mailserver/pull/3006#discussion_r1073321432
|
||||
skip 'TODO: This test seems to have been broken from the start (?)'
|
||||
|
||||
_run_in_container_bash 'openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/ldap-smtp-auth-spoofed-sender-with-filter-exception.txt'
|
||||
_send_email \
|
||||
--port 465 -tlsc --auth LOGIN \
|
||||
--auth-user some.user.email@localhost.localdomain \
|
||||
--auth-password secret \
|
||||
--ehlo mail \
|
||||
--from randomspoofedaddress@localhost.localdomain \
|
||||
--to some.user@localhost.localdomain \
|
||||
--data 'auth/ldap-smtp-auth-spoofed-sender-with-filter-exception'
|
||||
assert_output --partial 'Sender address rejected: not owned by user'
|
||||
}
|
||||
|
||||
@test "saslauthd: ldap smtp authentication" {
|
||||
# Requires ENV `PERMIT_DOCKER=container`
|
||||
_send_email 'auth/sasl-ldap-smtp-auth' '-w 5 0.0.0.0 25'
|
||||
assert_output --partial 'Error: authentication not enabled'
|
||||
_send_email \
|
||||
--auth LOGIN \
|
||||
--auth-user some.user@localhost.localdomain \
|
||||
--auth-password wrongpassword \
|
||||
--quit-after AUTH
|
||||
assert_failure
|
||||
assert_output --partial 'Host did not advertise authentication'
|
||||
|
||||
_run_in_container_bash 'openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt'
|
||||
_send_email \
|
||||
--port 465 -tlsc \
|
||||
--auth LOGIN \
|
||||
--auth-user some.user@localhost.localdomain \
|
||||
--auth-password secret \
|
||||
--quit-after AUTH
|
||||
assert_success
|
||||
assert_output --partial 'Authentication successful'
|
||||
|
||||
_run_in_container_bash 'openssl s_client -quiet -starttls smtp -connect 0.0.0.0:587 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt'
|
||||
_send_email \
|
||||
--port 587 -tls \
|
||||
--auth LOGIN \
|
||||
--auth-user some.user@localhost.localdomain \
|
||||
--auth-password secret \
|
||||
--quit-after AUTH
|
||||
assert_success
|
||||
assert_output --partial 'Authentication successful'
|
||||
}
|
||||
|
||||
|
@ -391,7 +426,7 @@ function _should_successfully_deliver_mail_to() {
|
|||
local SENDER_ADDRESS='user@external.tld'
|
||||
local RECIPIENT_ADDRESS=${1:?Recipient address is required}
|
||||
local MAIL_STORAGE_RECIPIENT=${2:?Recipient storage location is required}
|
||||
local MAIL_TEMPLATE='/tmp/docker-mailserver-test/email-templates/test-email.txt'
|
||||
local MAIL_TEMPLATE='/tmp/docker-mailserver-test/emails/test-email.txt'
|
||||
|
||||
_run_in_container_bash "sendmail -f ${SENDER_ADDRESS} ${RECIPIENT_ADDRESS} < ${MAIL_TEMPLATE}"
|
||||
_wait_for_empty_mail_queue_in_container
|
||||
|
|
|
@ -13,7 +13,7 @@ setup_file() {
|
|||
PRIVATE_CONFIG=$(duplicate_config_for_container . mail_smtponly_second_network)
|
||||
docker create --name mail_smtponly_second_network \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-v "$(pwd)/test/files":/tmp/docker-mailserver-test:ro \
|
||||
-e SMTP_ONLY=1 \
|
||||
-e PERMIT_DOCKER=connected-networks \
|
||||
-e OVERRIDE_HOSTNAME=mail.my-domain.com \
|
||||
|
@ -26,7 +26,7 @@ setup_file() {
|
|||
PRIVATE_CONFIG=$(duplicate_config_for_container . mail_smtponly_second_network_sender)
|
||||
docker run -d --name mail_smtponly_second_network_sender \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-v "$(pwd)/test/files":/tmp/docker-mailserver-test:ro \
|
||||
-e SMTP_ONLY=1 \
|
||||
-e PERMIT_DOCKER=connected-networks \
|
||||
-e OVERRIDE_HOSTNAME=mail.my-domain.com \
|
||||
|
@ -39,7 +39,7 @@ setup_file() {
|
|||
# create another container that enforces authentication even on local connections
|
||||
docker run -d --name mail_smtponly_force_authentication \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-v "$(pwd)/test/files":/tmp/docker-mailserver-test:ro \
|
||||
-e SMTP_ONLY=1 \
|
||||
-e PERMIT_DOCKER=none \
|
||||
-e OVERRIDE_HOSTNAME=mail.my-domain.com \
|
||||
|
@ -68,7 +68,7 @@ teardown_file() {
|
|||
_reload_postfix mail_smtponly_second_network
|
||||
|
||||
# we should be able to send from the other container on the second network!
|
||||
run docker exec mail_smtponly_second_network_sender /bin/sh -c "nc mail_smtponly_second_network 25 < /tmp/docker-mailserver-test/email-templates/smtp-only.txt"
|
||||
run docker exec mail_smtponly_second_network_sender /bin/sh -c "nc mail_smtponly_second_network 25 < /tmp/docker-mailserver-test/emails/nc_raw/smtp-only.txt"
|
||||
assert_output --partial "250 2.0.0 Ok: queued as "
|
||||
repeat_in_container_until_success_or_timeout 60 mail_smtponly_second_network /bin/sh -c 'grep -cE "to=<user2\@external.tld>.*status\=sent" /var/log/mail/mail.log'
|
||||
}
|
||||
|
@ -80,7 +80,7 @@ teardown_file() {
|
|||
_reload_postfix mail_smtponly_force_authentication
|
||||
|
||||
# the mailserver should require authentication and a protocol error should occur when using TLS
|
||||
run docker exec mail_smtponly_force_authentication /bin/sh -c "nc localhost 25 < /tmp/docker-mailserver-test/email-templates/smtp-only.txt"
|
||||
run docker exec mail_smtponly_force_authentication /bin/sh -c "nc localhost 25 < /tmp/docker-mailserver-test/emails/nc_raw/smtp-only.txt"
|
||||
assert_output --partial "550 5.5.1 Protocol error"
|
||||
[[ ${status} -ge 0 ]]
|
||||
}
|
||||
|
|
|
@ -171,7 +171,7 @@ BATS_TEST_NAME_PREFIX='test helper functions:'
|
|||
# enable ClamAV to make message delivery slower, so we can detect it
|
||||
CONTAINER_NAME=$(docker run -d --rm \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-v "$(pwd)/test/files":/tmp/docker-mailserver-test:ro \
|
||||
-e ENABLE_CLAMAV=1 \
|
||||
-h mail.my-domain.com \
|
||||
-t "${NAME}")
|
||||
|
@ -186,7 +186,7 @@ BATS_TEST_NAME_PREFIX='test helper functions:'
|
|||
[[ ${SECONDS} -lt 5 ]]
|
||||
|
||||
# fill the queue with a message
|
||||
docker exec "${CONTAINER_NAME}" /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-virus.txt"
|
||||
docker exec "${CONTAINER_NAME}" /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/emails/amavis-virus.txt"
|
||||
|
||||
# that should still be stuck in the queue
|
||||
! TEST_TIMEOUT_IN_SECONDS=0 wait_for_empty_mail_queue_in_container "${CONTAINER_NAME}"
|
||||
|
@ -203,7 +203,7 @@ BATS_TEST_NAME_PREFIX='test helper functions:'
|
|||
# enable ClamAV to make message delivery slower, so we can detect it
|
||||
CONTAINER_NAME=$(docker run -d --rm \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-v "$(pwd)/test/files":/tmp/docker-mailserver-test:ro \
|
||||
-e ENABLE_CLAMAV=1 \
|
||||
-h mail.my-domain.com \
|
||||
-t "${NAME}")
|
||||
|
@ -213,7 +213,7 @@ BATS_TEST_NAME_PREFIX='test helper functions:'
|
|||
wait_for_smtp_port_in_container "${CONTAINER_NAME}" || docker logs "${CONTAINER_NAME}"
|
||||
|
||||
# fill the queue with a message
|
||||
docker exec "${CONTAINER_NAME}" /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-virus.txt"
|
||||
docker exec "${CONTAINER_NAME}" /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/emails/amavis-virus.txt"
|
||||
|
||||
# give it some time to clear the queue
|
||||
SECONDS=0
|
||||
|
|
|
@ -80,11 +80,13 @@ function teardown_file() { _default_teardown ; }
|
|||
}
|
||||
|
||||
@test "imap: authentication works" {
|
||||
_send_email 'auth/imap-auth' '-w 1 0.0.0.0 143'
|
||||
_nc_wrapper 'auth/imap-auth' '-w 1 0.0.0.0 143'
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "imap: added user authentication works" {
|
||||
_send_email 'auth/added-imap-auth' '-w 1 0.0.0.0 143'
|
||||
_nc_wrapper 'auth/added-imap-auth' '-w 1 0.0.0.0 143'
|
||||
assert_success
|
||||
}
|
||||
|
||||
#
|
||||
|
@ -288,13 +290,34 @@ EOF
|
|||
@test "spoofing: rejects sender forging" {
|
||||
# rejection of spoofed sender
|
||||
_wait_for_smtp_port_in_container_to_respond
|
||||
_run_in_container_bash "openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/added-smtp-auth-spoofed.txt"
|
||||
|
||||
# An authenticated user cannot use an envelope sender (MAIL FROM)
|
||||
# address they do not own according to `main.cf:smtpd_sender_login_maps` lookup
|
||||
_send_email \
|
||||
--port 465 -tlsc --auth LOGIN \
|
||||
--auth-user added@localhost.localdomain \
|
||||
--auth-password mypassword \
|
||||
--ehlo mail \
|
||||
--from user2@localhost.localdomain \
|
||||
--data 'auth/added-smtp-auth-spoofed'
|
||||
assert_output --partial 'Sender address rejected: not owned by user'
|
||||
}
|
||||
|
||||
@test "spoofing: accepts sending as alias" {
|
||||
_run_in_container_bash "openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/added-smtp-auth-spoofed-alias.txt | grep 'End data with'"
|
||||
# An authenticated account should be able to send mail from an alias,
|
||||
# Verifies `main.cf:smtpd_sender_login_maps` includes /etc/postfix/virtual
|
||||
# The envelope sender address (MAIL FROM) is the lookup key
|
||||
# to each table. Address is authorized when a result that maps to
|
||||
# the DMS account is returned.
|
||||
_send_email \
|
||||
--port 465 -tlsc --auth LOGIN \
|
||||
--auth-user user1@localhost.localdomain \
|
||||
--auth-password mypassword \
|
||||
--ehlo mail \
|
||||
--from alias1@localhost.localdomain \
|
||||
--data 'auth/added-smtp-auth-spoofed-alias'
|
||||
assert_success
|
||||
assert_output --partial 'End data with'
|
||||
}
|
||||
|
||||
#
|
||||
|
|
|
@ -20,7 +20,7 @@ function setup_file() {
|
|||
function teardown_file() { _default_teardown ; }
|
||||
|
||||
@test 'should successfully deliver mail' {
|
||||
_send_email 'email-templates/existing-user1'
|
||||
_send_email --data 'existing/user1'
|
||||
_wait_for_empty_mail_queue_in_container
|
||||
|
||||
# Should be successfully sent (received) by Postfix:
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue