docker-mailserver/test/tests/serial/tests.bats

340 lines
9.9 KiB
Plaintext
Raw Permalink Normal View History

tests: Extract some test cases out from `tests.bats` (#2980) While working on tests, I noticed that some of the configs being mounted were adding a few seconds to the start-up time of each container. Notably `postfix-*` and `dovecot.conf` config files, which have been extracted out into their own tests with those files moved into a separate config folder. `tests.bats` has been adapted to the common setup helper, and removed ENV no longer required to run those tests. Future PRs will extract out more tests. Review may be easier via individual commit diffs and their associated commit messages describing relevant changes. <details> <summary>Commit message history for reference</summary> ```markdown tests(chore): `tests.bats` - Remove redundant config === - ONEDIR volume support no longer relevant, this should have been dropped. - ClamAV ENV no longer relevant as related tests have been extracted already. - Same with the some of the SpamAssassin ENV config. - `VIRUSMAILS_DELETE_DELAY` is tested in the file, but doesn't use this ENV at all? (runs a separate instance to test the ENV instead) - Hostname updated in preparation for migrating to new test helpers. Relevant test lines referencing the hostname have likewise been updated. ``` ```markdown tests(chore): `tests.bats` - Convert to common setup === ENV remains the same, but required adding `ENABLE_AMAVIS=1` to bring that back, while the following became redundant as they're now defaulting to explicitly disabled in the helper method: - `ENABLE_CLAMAV=0` - `LOG_LEVEL=debug` - `ENABLE_UPDATE_CHECK=0` - `--hostname` + `--tty` + standard `--volume` lines - `-e` option expanded to long-name `--env`, and all `\` dropped as no longer necessary. `wait_for_finished_setup_in_container` is now redundant thanks to `common_container_setup`. ``` ```markdown tests(refactor): `tests.bats` - Extract out Dovecot Sieve tests === Sieve test files relocated into `test/config/dovecot-sieve/` for better isolation. `dovecot.sieve` was not using the `reject` import, and we should not encourage it? (docs still do): https://support.tigertech.net/sieve#the-sieve-reject-jmp ``` ```markdown tests: `tests.bats` - Extract out `checking smtp` tests === Migrated to the standard template and copied over the original test cases with `_run_in_container` adjustment only. Identified minimum required ENV along with which mail is required for each test case. ``` ```markdown tests(refactor): `smtp-delivery.bats` === - Disabled `ENABLE_SRS=1`, not necessary for these tests. - Added a SpamAssassin related test (X-SPAM headers) which requires `SA_TAG` to properly pass (or `ENABLE_SRS=1` to deliver into inbox). - Many lines with double quotes changed to single quote wrapping, and moving out `grep` filters into `assert_output --partial` lines instead. - Instead of `wc -l` making failures less helpful, switch to the helper method `_should_output_number_of_lines` - x2 `assert_output` with different EOF style of usage was not actually failing on tests when it should. Changed to assert partial output of each expected line, and count the number of lines instead. - Added additional comments related to the test cases with a `TODO` note about `SPAMASSASSIN_SPAM_TO_INBOX=1`. - Revised test case names, including using the common prefix var. - `tests.bats` no longer needs to send all these emails, no other test cases require them. This affects a test checking a `/mail` folder exists which has been corrected, and a quotas test case adjusted to expect an empty quota size output. ``` ```markdown tests: `tests.bats` - Extract out test cases for config overrides === Slight improvement by additionally matching `postconf` output to verify the setting is properly applied. ``` ```markdown tests: `tests.bats` - Extract out Amavis SpamAssassin test case === Removes the need for SpamAssassin ENV in `tests.bats`. ``` </details>
2023-01-06 22:36:20 +00:00
load "${REPOSITORY_ROOT}/test/helper/common"
tests(refactor): Adjust `mail_changedetector` + change detection helpers (#2997) * tests(refactor): `mail_changedetector.bats` - Leverage DRY methods `supervisorctl tail` is not the most reliably way to get logs for the latest change detection and has been known to be fragile in the past. We can instead read the full log for the service directly with `tac` and `sed` to extract all log content since the last change detection. Common asserts have also been extracted out into separate methods. * tests(chore): Remove sleep and redundant change event Container 1 is still blocked at this point from an existing lock and change event. Make the lock stale immediately and no extra sleep is required when paired with the helper method to wait until the event is processed (which should remove the stale lock). * tests(refactor): Add more DRY methods - Simplify the test case so it's easier to grok. - 2nd test case (blocking) extracts out initial setup into a separate method and merges the later service restart logic which is redundant. - Additional comments for improved context of what is going on / expected. * tests(chore): Revise the change detection helper method - Add explicit counting arg to change detection support. - Extract revised logic into it's own generic helper method. - Utilize this for a separate method that monitors for a change event having started, but not waiting for completion. This allows dropping the 40 sec of remaining `sleep` in `mail_changedetector` test. It was also required due to potentially missing the timing of a change event completing concurrently in a 2nd container that needed to be waited on and then checked. * tests(chore): Migrate to current test conventions - Switch to common container setup helpers - Update container name and change usage to variables instead. - Adopt the new convention of prefix variable for test cases (revised test case descriptions). * tests(chore): Remove legacy change detection This has since been replaced with the new helper watches the `changedetector` service logs directly instead of only detecting a change has occurred via checksum comparison. No tests use this method anymore, it was originally for `tests.bats`. Thus the tests in `test_helper.bats` are being dropped too. The new helper has test coverage in `changedetector` tests. * chore: Lock removal should not incur `sleep 5` afterwards - A new lock should be created by this script after removal. The sleep doesn't help avoid a race condition with lock file creation after removal. - Reduces test time as a bonus. - Added some additional comments to test. * tests(chore): `tls_letsencrypt.bats` leverage improved change detection - No need to wait on the change detection service anymore during container startup. - No need to count change events processed either as waiting a fixed duration is no longer relied on. - This makes the reload count method redundant, dropped. * tests(chore): Convert `setup-cli.bats` to new test conventions This test file was already adapted to the original common setup helpers. - `TEST_NAME` replaced with `CONTAINER_NAME`. - Prefix var added, test case descriptions drop explicit prefix. - No other changes. * tests(chore): Extract out helpers related to change-detection - New helper file for sharing these helpers to tests. - Includes the helpful log method from changedetector tests. - No longer need to maintain duplicate copies of these methods during the test migration. All tests that use them are now importing the separate helper file. - `tls_letsencrypt.bats` has switched to using the log helper. - Generic log count helper is removed from `test_helper/common.bash` as any test that needs it in future can adapt to `helper/common.bash`. * tests(refactor): `tls_letsencrypt.bats` remove `_get_service_logs()` This helper does not seem useful as moving away from `supervisorctl tail` and no other tests had a need for it. * tests(chore): Remove common setup methods from `test_helper/common.bash` No other tests depend on this. Future tests will adopt the revised versions from `helper/setup.bash`. Additionally updates `helper/setup.bash` comments that are no longer applicable to `TEST_TMP_CONFIG` and `CONTAINER_NAME`. * chore: Use `|| true` to simplify setting `EXPECTED_COUNT` correctly
2023-01-16 07:39:46 +00:00
load "${REPOSITORY_ROOT}/test/helper/change-detection"
tests: Extract some test cases out from `tests.bats` (#2980) While working on tests, I noticed that some of the configs being mounted were adding a few seconds to the start-up time of each container. Notably `postfix-*` and `dovecot.conf` config files, which have been extracted out into their own tests with those files moved into a separate config folder. `tests.bats` has been adapted to the common setup helper, and removed ENV no longer required to run those tests. Future PRs will extract out more tests. Review may be easier via individual commit diffs and their associated commit messages describing relevant changes. <details> <summary>Commit message history for reference</summary> ```markdown tests(chore): `tests.bats` - Remove redundant config === - ONEDIR volume support no longer relevant, this should have been dropped. - ClamAV ENV no longer relevant as related tests have been extracted already. - Same with the some of the SpamAssassin ENV config. - `VIRUSMAILS_DELETE_DELAY` is tested in the file, but doesn't use this ENV at all? (runs a separate instance to test the ENV instead) - Hostname updated in preparation for migrating to new test helpers. Relevant test lines referencing the hostname have likewise been updated. ``` ```markdown tests(chore): `tests.bats` - Convert to common setup === ENV remains the same, but required adding `ENABLE_AMAVIS=1` to bring that back, while the following became redundant as they're now defaulting to explicitly disabled in the helper method: - `ENABLE_CLAMAV=0` - `LOG_LEVEL=debug` - `ENABLE_UPDATE_CHECK=0` - `--hostname` + `--tty` + standard `--volume` lines - `-e` option expanded to long-name `--env`, and all `\` dropped as no longer necessary. `wait_for_finished_setup_in_container` is now redundant thanks to `common_container_setup`. ``` ```markdown tests(refactor): `tests.bats` - Extract out Dovecot Sieve tests === Sieve test files relocated into `test/config/dovecot-sieve/` for better isolation. `dovecot.sieve` was not using the `reject` import, and we should not encourage it? (docs still do): https://support.tigertech.net/sieve#the-sieve-reject-jmp ``` ```markdown tests: `tests.bats` - Extract out `checking smtp` tests === Migrated to the standard template and copied over the original test cases with `_run_in_container` adjustment only. Identified minimum required ENV along with which mail is required for each test case. ``` ```markdown tests(refactor): `smtp-delivery.bats` === - Disabled `ENABLE_SRS=1`, not necessary for these tests. - Added a SpamAssassin related test (X-SPAM headers) which requires `SA_TAG` to properly pass (or `ENABLE_SRS=1` to deliver into inbox). - Many lines with double quotes changed to single quote wrapping, and moving out `grep` filters into `assert_output --partial` lines instead. - Instead of `wc -l` making failures less helpful, switch to the helper method `_should_output_number_of_lines` - x2 `assert_output` with different EOF style of usage was not actually failing on tests when it should. Changed to assert partial output of each expected line, and count the number of lines instead. - Added additional comments related to the test cases with a `TODO` note about `SPAMASSASSIN_SPAM_TO_INBOX=1`. - Revised test case names, including using the common prefix var. - `tests.bats` no longer needs to send all these emails, no other test cases require them. This affects a test checking a `/mail` folder exists which has been corrected, and a quotas test case adjusted to expect an empty quota size output. ``` ```markdown tests: `tests.bats` - Extract out test cases for config overrides === Slight improvement by additionally matching `postconf` output to verify the setting is properly applied. ``` ```markdown tests: `tests.bats` - Extract out Amavis SpamAssassin test case === Removes the need for SpamAssassin ENV in `tests.bats`. ``` </details>
2023-01-06 22:36:20 +00:00
load "${REPOSITORY_ROOT}/test/helper/setup"
# TODO: These tests date back to the very beginning of DMS and therefore
# TODO: lack the more advanced test suite functions that make tests more
# TODO: robust. As a consequence, the tests should be adjusted.
BATS_TEST_NAME_PREFIX='[General] '
tests: Extract some test cases out from `tests.bats` (#2980) While working on tests, I noticed that some of the configs being mounted were adding a few seconds to the start-up time of each container. Notably `postfix-*` and `dovecot.conf` config files, which have been extracted out into their own tests with those files moved into a separate config folder. `tests.bats` has been adapted to the common setup helper, and removed ENV no longer required to run those tests. Future PRs will extract out more tests. Review may be easier via individual commit diffs and their associated commit messages describing relevant changes. <details> <summary>Commit message history for reference</summary> ```markdown tests(chore): `tests.bats` - Remove redundant config === - ONEDIR volume support no longer relevant, this should have been dropped. - ClamAV ENV no longer relevant as related tests have been extracted already. - Same with the some of the SpamAssassin ENV config. - `VIRUSMAILS_DELETE_DELAY` is tested in the file, but doesn't use this ENV at all? (runs a separate instance to test the ENV instead) - Hostname updated in preparation for migrating to new test helpers. Relevant test lines referencing the hostname have likewise been updated. ``` ```markdown tests(chore): `tests.bats` - Convert to common setup === ENV remains the same, but required adding `ENABLE_AMAVIS=1` to bring that back, while the following became redundant as they're now defaulting to explicitly disabled in the helper method: - `ENABLE_CLAMAV=0` - `LOG_LEVEL=debug` - `ENABLE_UPDATE_CHECK=0` - `--hostname` + `--tty` + standard `--volume` lines - `-e` option expanded to long-name `--env`, and all `\` dropped as no longer necessary. `wait_for_finished_setup_in_container` is now redundant thanks to `common_container_setup`. ``` ```markdown tests(refactor): `tests.bats` - Extract out Dovecot Sieve tests === Sieve test files relocated into `test/config/dovecot-sieve/` for better isolation. `dovecot.sieve` was not using the `reject` import, and we should not encourage it? (docs still do): https://support.tigertech.net/sieve#the-sieve-reject-jmp ``` ```markdown tests: `tests.bats` - Extract out `checking smtp` tests === Migrated to the standard template and copied over the original test cases with `_run_in_container` adjustment only. Identified minimum required ENV along with which mail is required for each test case. ``` ```markdown tests(refactor): `smtp-delivery.bats` === - Disabled `ENABLE_SRS=1`, not necessary for these tests. - Added a SpamAssassin related test (X-SPAM headers) which requires `SA_TAG` to properly pass (or `ENABLE_SRS=1` to deliver into inbox). - Many lines with double quotes changed to single quote wrapping, and moving out `grep` filters into `assert_output --partial` lines instead. - Instead of `wc -l` making failures less helpful, switch to the helper method `_should_output_number_of_lines` - x2 `assert_output` with different EOF style of usage was not actually failing on tests when it should. Changed to assert partial output of each expected line, and count the number of lines instead. - Added additional comments related to the test cases with a `TODO` note about `SPAMASSASSIN_SPAM_TO_INBOX=1`. - Revised test case names, including using the common prefix var. - `tests.bats` no longer needs to send all these emails, no other test cases require them. This affects a test checking a `/mail` folder exists which has been corrected, and a quotas test case adjusted to expect an empty quota size output. ``` ```markdown tests: `tests.bats` - Extract out test cases for config overrides === Slight improvement by additionally matching `postconf` output to verify the setting is properly applied. ``` ```markdown tests: `tests.bats` - Extract out Amavis SpamAssassin test case === Removes the need for SpamAssassin ENV in `tests.bats`. ``` </details>
2023-01-06 22:36:20 +00:00
CONTAINER_NAME='mail'
function setup_file() {
_init_with_defaults
tests: Extract some test cases out from `tests.bats` (#2980) While working on tests, I noticed that some of the configs being mounted were adding a few seconds to the start-up time of each container. Notably `postfix-*` and `dovecot.conf` config files, which have been extracted out into their own tests with those files moved into a separate config folder. `tests.bats` has been adapted to the common setup helper, and removed ENV no longer required to run those tests. Future PRs will extract out more tests. Review may be easier via individual commit diffs and their associated commit messages describing relevant changes. <details> <summary>Commit message history for reference</summary> ```markdown tests(chore): `tests.bats` - Remove redundant config === - ONEDIR volume support no longer relevant, this should have been dropped. - ClamAV ENV no longer relevant as related tests have been extracted already. - Same with the some of the SpamAssassin ENV config. - `VIRUSMAILS_DELETE_DELAY` is tested in the file, but doesn't use this ENV at all? (runs a separate instance to test the ENV instead) - Hostname updated in preparation for migrating to new test helpers. Relevant test lines referencing the hostname have likewise been updated. ``` ```markdown tests(chore): `tests.bats` - Convert to common setup === ENV remains the same, but required adding `ENABLE_AMAVIS=1` to bring that back, while the following became redundant as they're now defaulting to explicitly disabled in the helper method: - `ENABLE_CLAMAV=0` - `LOG_LEVEL=debug` - `ENABLE_UPDATE_CHECK=0` - `--hostname` + `--tty` + standard `--volume` lines - `-e` option expanded to long-name `--env`, and all `\` dropped as no longer necessary. `wait_for_finished_setup_in_container` is now redundant thanks to `common_container_setup`. ``` ```markdown tests(refactor): `tests.bats` - Extract out Dovecot Sieve tests === Sieve test files relocated into `test/config/dovecot-sieve/` for better isolation. `dovecot.sieve` was not using the `reject` import, and we should not encourage it? (docs still do): https://support.tigertech.net/sieve#the-sieve-reject-jmp ``` ```markdown tests: `tests.bats` - Extract out `checking smtp` tests === Migrated to the standard template and copied over the original test cases with `_run_in_container` adjustment only. Identified minimum required ENV along with which mail is required for each test case. ``` ```markdown tests(refactor): `smtp-delivery.bats` === - Disabled `ENABLE_SRS=1`, not necessary for these tests. - Added a SpamAssassin related test (X-SPAM headers) which requires `SA_TAG` to properly pass (or `ENABLE_SRS=1` to deliver into inbox). - Many lines with double quotes changed to single quote wrapping, and moving out `grep` filters into `assert_output --partial` lines instead. - Instead of `wc -l` making failures less helpful, switch to the helper method `_should_output_number_of_lines` - x2 `assert_output` with different EOF style of usage was not actually failing on tests when it should. Changed to assert partial output of each expected line, and count the number of lines instead. - Added additional comments related to the test cases with a `TODO` note about `SPAMASSASSIN_SPAM_TO_INBOX=1`. - Revised test case names, including using the common prefix var. - `tests.bats` no longer needs to send all these emails, no other test cases require them. This affects a test checking a `/mail` folder exists which has been corrected, and a quotas test case adjusted to expect an empty quota size output. ``` ```markdown tests: `tests.bats` - Extract out test cases for config overrides === Slight improvement by additionally matching `postconf` output to verify the setting is properly applied. ``` ```markdown tests: `tests.bats` - Extract out Amavis SpamAssassin test case === Removes the need for SpamAssassin ENV in `tests.bats`. ``` </details>
2023-01-06 22:36:20 +00:00
mv "${TEST_TMP_CONFIG}/user-patches/user-patches.sh" "${TEST_TMP_CONFIG}/user-patches.sh"
local CONTAINER_ARGS_ENV_CUSTOM=(
--env ENABLE_AMAVIS=1
--env AMAVIS_LOGLEVEL=2
--env ENABLE_SRS=1
--env PERMIT_DOCKER=host
--env PFLOGSUMM_TRIGGER=logrotate
--env REPORT_RECIPIENT=user1@localhost.localdomain
--env REPORT_SENDER=report1@mail.example.test
--env SPOOF_PROTECTION=1
--env SSL_TYPE='snakeoil'
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)"
--health-cmd "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
)
_common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
_add_mail_account_then_wait_until_ready 'added@localhost.localdomain' 'mypassword'
_wait_for_service postfix
_wait_for_smtp_port_in_container
}
function teardown_file() { _default_teardown ; }
#
# configuration checks
#
@test "configuration: user-patches.sh executed" {
run docker logs "${CONTAINER_NAME}"
2019-11-08 01:22:33 +00:00
assert_output --partial "Default user-patches.sh successfully executed"
}
@test "configuration: hostname/domainname" {
2020-10-18 00:24:26 +00:00
run docker run "${IMAGE_NAME:?}"
assert_success
}
chore: `addmailuser` - Remove delaying completion until `/var/mail` is ready (#2729) ## Quick Summary Resolves a `TODO` task with `addmailuser`. ## Overview The main change is adding three new methods in `common.bash`, which replace the completion delay in `addmailuser` / `setup email add` command. Other than that: - I swapped `sh -c 'addmailuser ...'` to `setup email add ...`. - Improved three tests in `setup-cli.bats` for `setup email add|update|del` (_logic remains effectively the same still_). - Rewrote the `TODO` comment for `setup-cli.bats` test on `setup email del` to better clarify the concern, but the test itself was no longer affected due to changes prior to this PR, so I enabled the commented out assertion. - Removed unnecessary waits. The two `skip` tests in `test/tests.bats` could be enabled again after this PR. - Additional fixes to tests were made during the PR (see discussion comments for details), resolving race conditions. Individual commit messages of the PR provide additional details if helpful. --- ## Relevant commit messages * chore: Remove creation delay in `addmailuser` This was apparently only for supporting tests that need to wait on account creation being ready to test against. As per the removed inline docs, it should be fine to remove once tests are updated to work correctly without it. * tests(feat): Add two new common helper methods `wait_until_account_maildir_exists()` provides the same logic `addmailuser` command was carrying, to wait upon the account dir creation in `/var/mail`. As this was specifically to support tests, it makes more sense as a test method. `add_mail_account_then_wait_until_ready()` was added to handle the common pattern of creating account and waiting on it. An internal assert will ensure the account was successfully created first during the test before attempting to wait. * tests(feat): Add common helper for waiting on change event to be processed The current helper is more complicated for no real benefit, it only detects when a change is made that would trigger a change event in the `changedetector` service. Our usage of this in tests however is only interested in waiting out the completion of the change event. Remove unnecessary change event waits. These waits should not be necessary if handled correctly. * tests: `addmailuser` to `add_mail_account_then_wait_until_ready mail()` This helper method is used where appropriate. - A password is not relevant (optional). - We need to wait on the creation on the account (Dovecot and `/var/mail` directory). * tests: `setup-cli` revise `add`, `update`, `del` tests The delete test was failing as the `/var/mail` directory did not yet exist. There is now a proper delay imposed in the `add` test now shares the same account for both `update` and `del` tests resolving that failure. Additionally tests use better asserts where appropriate and the wait + sleep logic in `add` has been improved (now takes 10 seconds to complete, approx half the time than before). The `del` test TODO while not technically addressed is no longer relevant due to the tests being switched to `-c` option (there is a separate `no container` test file, but it doesn't provide a `del` test). * tests(fix): Ensure Postfix is reachable after waiting on ClamAV There is not much reason to check before waiting on ClamAV. It is more helpful to debug failures from `nc` mail send commands if we know that nothing went wrong inbetween the ClamAV wait time. Additionally added an assertion which should provide more information if this part of the test setup fails again. * tests(fix): Move health check to the top This test is a bit fragile. It relies on defaults for the healthcheck with intervals of 30 seconds. If the check occurs while Postfix is down due a change event from earlier tests and the healthcheck kicks in at that point, then if there is not enough time to refresh the health status from `unhealthy`, the test will fail with a false-positive as Postfix is actually working and up again.. * tests(fix): Wait on directory to be removed Workaround that tries not to introduce heavier delays by waiting on a full change event to complete in the previous `email update` if possible. There is a chance that the account has the folder deleted, but restored from an active change event (for password update, then the account delete).
2022-08-22 22:15:06 +00:00
#
# healthcheck
#
# NOTE: Healthcheck defaults an interval of 30 seconds
# If Postfix is temporarily down (eg: restart triggered by `check-for-changes.sh`),
# it may result in a false-positive `unhealthy` state.
# Be careful with re-locating this test if earlier tests could potentially fail it by
# triggering the `changedetector` service.
@test "container healthcheck" {
# ensure, that at least 30 seconds have passed since container start
while [[ "$(docker inspect --format='{{.State.Health.Status}}' "${CONTAINER_NAME}")" == "starting" ]]; do
sleep 1
done
run docker inspect --format='{{.State.Health.Status}}' "${CONTAINER_NAME}"
chore: `addmailuser` - Remove delaying completion until `/var/mail` is ready (#2729) ## Quick Summary Resolves a `TODO` task with `addmailuser`. ## Overview The main change is adding three new methods in `common.bash`, which replace the completion delay in `addmailuser` / `setup email add` command. Other than that: - I swapped `sh -c 'addmailuser ...'` to `setup email add ...`. - Improved three tests in `setup-cli.bats` for `setup email add|update|del` (_logic remains effectively the same still_). - Rewrote the `TODO` comment for `setup-cli.bats` test on `setup email del` to better clarify the concern, but the test itself was no longer affected due to changes prior to this PR, so I enabled the commented out assertion. - Removed unnecessary waits. The two `skip` tests in `test/tests.bats` could be enabled again after this PR. - Additional fixes to tests were made during the PR (see discussion comments for details), resolving race conditions. Individual commit messages of the PR provide additional details if helpful. --- ## Relevant commit messages * chore: Remove creation delay in `addmailuser` This was apparently only for supporting tests that need to wait on account creation being ready to test against. As per the removed inline docs, it should be fine to remove once tests are updated to work correctly without it. * tests(feat): Add two new common helper methods `wait_until_account_maildir_exists()` provides the same logic `addmailuser` command was carrying, to wait upon the account dir creation in `/var/mail`. As this was specifically to support tests, it makes more sense as a test method. `add_mail_account_then_wait_until_ready()` was added to handle the common pattern of creating account and waiting on it. An internal assert will ensure the account was successfully created first during the test before attempting to wait. * tests(feat): Add common helper for waiting on change event to be processed The current helper is more complicated for no real benefit, it only detects when a change is made that would trigger a change event in the `changedetector` service. Our usage of this in tests however is only interested in waiting out the completion of the change event. Remove unnecessary change event waits. These waits should not be necessary if handled correctly. * tests: `addmailuser` to `add_mail_account_then_wait_until_ready mail()` This helper method is used where appropriate. - A password is not relevant (optional). - We need to wait on the creation on the account (Dovecot and `/var/mail` directory). * tests: `setup-cli` revise `add`, `update`, `del` tests The delete test was failing as the `/var/mail` directory did not yet exist. There is now a proper delay imposed in the `add` test now shares the same account for both `update` and `del` tests resolving that failure. Additionally tests use better asserts where appropriate and the wait + sleep logic in `add` has been improved (now takes 10 seconds to complete, approx half the time than before). The `del` test TODO while not technically addressed is no longer relevant due to the tests being switched to `-c` option (there is a separate `no container` test file, but it doesn't provide a `del` test). * tests(fix): Ensure Postfix is reachable after waiting on ClamAV There is not much reason to check before waiting on ClamAV. It is more helpful to debug failures from `nc` mail send commands if we know that nothing went wrong inbetween the ClamAV wait time. Additionally added an assertion which should provide more information if this part of the test setup fails again. * tests(fix): Move health check to the top This test is a bit fragile. It relies on defaults for the healthcheck with intervals of 30 seconds. If the check occurs while Postfix is down due a change event from earlier tests and the healthcheck kicks in at that point, then if there is not enough time to refresh the health status from `unhealthy`, the test will fail with a false-positive as Postfix is actually working and up again.. * tests(fix): Wait on directory to be removed Workaround that tries not to introduce heavier delays by waiting on a full change event to complete in the previous `email update` if possible. There is a chance that the account has the folder deleted, but restored from an active change event (for password update, then the account delete).
2022-08-22 22:15:06 +00:00
assert_output "healthy"
assert_success
}
#
# imap
#
@test "imap: server is ready with STARTTLS" {
_run_in_container_bash "nc -w 2 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'ready'"
assert_success
}
@test "imap: authentication works" {
_nc_wrapper 'auth/imap-auth.txt' '-w 1 0.0.0.0 143'
assert_success
}
@test "imap: added user authentication works" {
_nc_wrapper 'auth/added-imap-auth.txt' '-w 1 0.0.0.0 143'
assert_success
}
#
# sasl
#
@test "sasl: doveadm auth test works with good password" {
_run_in_container_bash "doveadm auth test -x service=smtp user2@otherdomain.tld mypassword | grep 'auth succeeded'"
assert_success
}
@test "sasl: doveadm auth test fails with bad password" {
_run_in_container_bash "doveadm auth test -x service=smtp user2@otherdomain.tld BADPASSWORD | grep 'auth failed'"
assert_success
}
#
# logs
#
@test "logs: mail related logs should be located in a subdirectory" {
_run_in_container_bash "ls -1 /var/log/mail/ | grep -E 'mail.log'"
assert_success
}
#
# postfix
#
@test "postfix: vhost file is correct" {
_run_in_container cat /etc/postfix/vhost
assert_success
assert_line --index 0 "localdomain2.com"
2020-10-18 00:24:26 +00:00
assert_line --index 1 "localhost.localdomain"
assert_line --index 2 "otherdomain.tld"
}
#
# postsrsd
#
@test "SRS: main.cf entries" {
_run_in_container grep "sender_canonical_maps = tcp:localhost:10001" /etc/postfix/main.cf
assert_success
_run_in_container grep "sender_canonical_classes = envelope_sender" /etc/postfix/main.cf
assert_success
_run_in_container grep "recipient_canonical_maps = tcp:localhost:10002" /etc/postfix/main.cf
assert_success
_run_in_container grep "recipient_canonical_classes = envelope_recipient,header_recipient" /etc/postfix/main.cf
assert_success
}
@test "SRS: fallback to hostname is handled correctly" {
_run_in_container grep "SRS_DOMAIN=example.test" /etc/default/postsrsd
assert_success
}
#
# system
#
@test "system: freshclam cron is disabled" {
_run_in_container_bash "grep '/usr/bin/freshclam' -r /etc/cron.d"
assert_failure
}
@test "amavis: virusmail wiper cron exists" {
_run_in_container_bash "crontab -l | grep '/usr/local/bin/virus-wiper'"
assert_success
}
@test "amavis: VIRUSMAILS_DELETE_DELAY override works as expected" {
# shellcheck disable=SC2016
2020-10-18 00:24:26 +00:00
run docker run --rm -e VIRUSMAILS_DELETE_DELAY=2 "${IMAGE_NAME:?}" /bin/bash -c 'echo "${VIRUSMAILS_DELETE_DELAY}"'
assert_output 2
}
@test "amavis: old virusmail is wipped by cron" {
# shellcheck disable=SC2016
_exec_in_container_bash 'touch -d "`date --date=2000-01-01`" /var/lib/amavis/virusmails/should-be-deleted'
_run_in_container_bash '/usr/local/bin/virus-wiper'
assert_success
_run_in_container_bash 'ls -la /var/lib/amavis/virusmails/ | grep should-be-deleted'
assert_failure
}
@test "amavis: recent virusmail is not wipped by cron" {
# shellcheck disable=SC2016
_exec_in_container_bash 'touch -d "`date`" /var/lib/amavis/virusmails/should-not-be-deleted'
_run_in_container_bash '/usr/local/bin/virus-wiper'
assert_success
_run_in_container_bash 'ls -la /var/lib/amavis/virusmails/ | grep should-not-be-deleted'
assert_success
}
@test "system: /var/log/mail/mail.log is error free" {
_run_in_container grep 'non-null host address bits in' /var/log/mail/mail.log
assert_failure
_run_in_container grep 'mail system configuration error' /var/log/mail/mail.log
assert_failure
_run_in_container grep ': error:' /var/log/mail/mail.log
assert_failure
_run_in_container grep -i 'is not writable' /var/log/mail/mail.log
assert_failure
_run_in_container grep -i 'permission denied' /var/log/mail/mail.log
assert_failure
_run_in_container grep -i '(!)connect' /var/log/mail/mail.log
assert_failure
_run_in_container grep -i 'using backwards-compatible default setting' /var/log/mail/mail.log
assert_failure
_run_in_container grep -i 'connect to 127.0.0.1:10023: Connection refused' /var/log/mail/mail.log
assert_failure
}
@test "system: /var/log/auth.log is error free" {
_run_in_container grep 'Unable to open env file: /etc/default/locale' /var/log/auth.log
assert_failure
2016-12-17 20:53:09 +00:00
}
@test "system: postfix should not log to syslog" {
_run_in_container grep 'postfix' /var/log/syslog
assert_failure
2016-09-23 06:22:57 +00:00
}
@test "system: amavis decoders installed and available" {
_run_in_container_bash "grep -E '.*(Internal decoder|Found decoder) for\s+\..*' /var/log/mail/mail.log*|grep -Eo '(mail|Z|gz|bz2|xz|lzma|lrz|lzo|lz4|rpm|cpio|tar|deb|rar|arj|arc|zoo|doc|cab|tnef|zip|kmz|7z|jar|swf|lha|iso|exe)' | sort | uniq"
assert_success
# Support for doc and zoo removed in buster
cat <<'EOF' | assert_output
7z
Z
arc
arj
bz2
cab
cpio
deb
exe
gz
iso
jar
kmz
lha
lrz
lz4
lzma
lzo
mail
rar
rpm
swf
tar
tnef
xz
zip
EOF
}
#
# PERMIT_DOCKER mynetworks
#
@test "PERMIT_DOCKER: can get container ip" {
_run_in_container_bash "ip addr show eth0 | grep 'inet ' | sed 's/[^0-9\.\/]*//g' | cut -d '/' -f 1 | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}'"
assert_success
}
@test "PERMIT_DOCKER: my network value" {
_run_in_container_bash "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.0\.0/16'"
assert_success
}
#
# amavis
#
@test "amavis: config overrides" {
_run_in_container_bash "grep -c 'Test Verification' /etc/amavis/conf.d/50-user"
assert_success
assert_output 1
}
# TODO investigate why this test fails
@test "user login: predefined user can login" {
skip 'disabled as it fails randomly: https://github.com/docker-mailserver/docker-mailserver/pull/2177'
_run_in_container_bash "doveadm auth test -x service=smtp pass@localhost.localdomain 'may be \\a \`p^a.*ssword' | grep 'passdb'"
assert_output "passdb: pass@localhost.localdomain auth succeeded"
}
#
# LDAP
#
# postfix
@test "dovecot: postmaster address" {
_run_in_container_bash "grep 'postmaster_address = postmaster@example.test' /etc/dovecot/conf.d/15-lda.conf"
assert_success
}
@test "spoofing: rejects sender forging" {
# rejection of spoofed sender
_wait_for_smtp_port_in_container_to_respond
# An authenticated user cannot use an envelope sender (MAIL FROM)
# address they do not own according to `main.cf:smtpd_sender_login_maps` lookup
_send_email --expect-rejection \
--port 465 -tlsc --auth PLAIN \
--auth-user added@localhost.localdomain \
--auth-password mypassword \
--ehlo mail \
--from user2@localhost.localdomain \
--data 'auth/added-smtp-auth-spoofed.txt'
2020-09-21 23:09:47 +00:00
assert_output --partial 'Sender address rejected: not owned by user'
}
@test "spoofing: accepts sending as alias" {
# An authenticated account should be able to send mail from an alias,
# Verifies `main.cf:smtpd_sender_login_maps` includes /etc/postfix/virtual
# The envelope sender address (MAIL FROM) is the lookup key
# to each table. Address is authorized when a result that maps to
# the DMS account is returned.
_send_email \
--port 465 -tlsc --auth PLAIN \
--auth-user user1@localhost.localdomain \
--auth-password mypassword \
--ehlo mail \
--from alias1@localhost.localdomain \
--data 'auth/added-smtp-auth-spoofed-alias.txt'
assert_success
assert_output --partial 'End data with'
}
#
# Pflogsumm delivery check
#
@test "pflogsum delivery" {
# logrotation working and report being sent
_exec_in_container logrotate --force /etc/logrotate.d/maillog
sleep 10
_run_in_container grep "Subject: Postfix Summary for " /var/mail/localhost.localdomain/user1/new/ -R
assert_success
# check sender is the one specified in REPORT_SENDER
_run_in_container grep "From: report1@mail.example.test" /var/mail/localhost.localdomain/user1/new/ -R
assert_success
# check sender is not the default one.
_run_in_container grep "From: mailserver-report@mail.example.test" /var/mail/localhost.localdomain/user1/new/ -R
assert_failure
}