2019-08-08 22:26:20 +00:00
load 'test_helper/bats-support/load'
load 'test_helper/bats-assert/load'
2020-04-24 12:55:32 +00:00
load 'test_helper/common'
2019-08-01 13:24:47 +00:00
2020-10-18 00:24:26 +00:00
export IMAGE_NAME
IMAGE_NAME="${NAME}"
2020-09-17 22:39:32 +00:00
setup() {
run_setup_file_if_necessary
}
setup_file() {
2020-10-19 13:19:34 +00:00
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail)"
2020-10-19 10:15:44 +00:00
mv "${PRIVATE_CONFIG}/user-patches/user-patches.sh" "${PRIVATE_CONFIG}/user-patches.sh"
2020-09-17 22:39:32 +00:00
docker run --rm -d --name mail \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
2020-10-18 00:24:26 +00:00
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
-v "$(pwd)/test/onedir":/var/mail-state \
2020-09-17 22:39:32 +00:00
-e ENABLE_CLAMAV=1 \
-e SPOOF_PROTECTION=1 \
-e ENABLE_SPAMASSASSIN=1 \
-e REPORT_RECIPIENT=user1@localhost.localdomain \
-e REPORT_SENDER=report1@mail.my-domain.com \
-e SA_TAG=-5.0 \
-e SA_TAG2=2.0 \
-e SA_KILL=3.0 \
-e SA_SPAM_SUBJECT="SPAM: " \
-e VIRUSMAILS_DELETE_DELAY=7 \
-e ENABLE_SRS=1 \
-e SASL_PASSWD="external-domain.com username:password" \
-e ENABLE_MANAGESIEVE=1 \
--cap-add=SYS_PTRACE \
-e PERMIT_DOCKER=host \
-e DMS_DEBUG=0 \
2020-10-18 00:24:26 +00:00
-h mail.my-domain.com -t "${NAME}"
2020-10-01 23:20:31 +00:00
wait_for_finished_setup_in_container mail
2020-10-19 10:15:44 +00:00
2020-10-01 23:20:31 +00:00
# generate accounts after container has been started
2020-10-19 10:15:44 +00:00
docker run --rm -e MAIL_USER=added@localhost.localdomain -e MAIL_PASS=mypassword -t "${NAME}" /bin/sh -c 'echo "${MAIL_USER}|$(doveadm pw -s SHA512-CRYPT -u ${MAIL_USER} -p ${MAIL_PASS})"' >> "${PRIVATE_CONFIG}/postfix-accounts.cf"
2020-09-17 22:39:32 +00:00
docker exec mail addmailuser pass@localhost.localdomain 'may be \a `p^a.*ssword'
2020-10-19 10:15:44 +00:00
2020-09-17 22:39:32 +00:00
# setup sieve
2020-10-19 10:15:44 +00:00
docker cp "${PRIVATE_CONFIG}/sieve/dovecot.sieve" mail:/var/mail/localhost.localdomain/user1/.dovecot.sieve
2020-10-01 23:20:31 +00:00
# this relies on the checksum file beeing updated after all changes have been applied
wait_for_changes_to_be_detected_in_container mail
2020-09-17 22:39:32 +00:00
wait_for_smtp_port_in_container mail
2020-10-01 23:20:31 +00:00
2020-10-19 21:34:39 +00:00
# wait for clamav to be fully setup or we will get errors on the log
repeat_in_container_until_success_or_timeout 60 mail test -e /var/run/clamav/clamd.ctl
2020-09-17 22:39:32 +00:00
# sending test mails
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-virus.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-alias-external.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-alias-local.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-alias-recipient-delimiter.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user2.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-added.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user-and-cc-local-alias.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-regexp-alias-external.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-regexp-alias-local.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-catchall-local.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/sieve-spam-folder.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/sieve-pipe.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/non-existing-user.txt"
docker exec mail /bin/sh -c "sendmail root < /tmp/docker-mailserver-test/email-templates/root-email.txt"
2020-10-19 21:33:54 +00:00
wait_for_empty_mail_queue_in_container mail
2020-09-17 22:39:32 +00:00
}
teardown() {
run_teardown_file_if_necessary
}
teardown_file() {
docker rm -f mail
}
2020-09-19 23:09:10 +00:00
# this test must come first to reliably identify when to run setup_file
@test "first" {
skip 'Starting testing of letsencrypt SSL'
}
2016-10-30 11:42:29 +00:00
#
# configuration checks
#
2019-10-31 01:38:45 +00:00
@test "checking configuration: user-patches.sh executed" {
2020-10-18 00:24:26 +00:00
run docker logs mail
2019-11-08 01:22:33 +00:00
assert_output --partial "Default user-patches.sh successfully executed"
2019-10-31 01:38:45 +00:00
}
2016-10-30 11:42:29 +00:00
@test "checking configuration: hostname/domainname" {
2020-10-18 00:24:26 +00:00
run docker run "${IMAGE_NAME:?}"
2018-11-04 19:23:50 +00:00
assert_success
2016-10-30 11:42:29 +00:00
}
2016-02-24 23:17:01 +00:00
#
# processes
#
@test "checking process: postfix" {
2017-04-27 15:59:28 +00:00
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/lib/postfix/sbin/master'"
2017-01-10 13:15:41 +00:00
assert_success
2016-02-24 23:17:01 +00:00
}
@test "checking process: clamd" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
2017-01-10 13:15:41 +00:00
assert_success
2016-02-24 23:17:01 +00:00
}
@test "checking process: new" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/amavisd-new'"
2017-01-10 13:15:41 +00:00
assert_success
2016-02-24 23:17:01 +00:00
}
@test "checking process: opendkim" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/opendkim'"
2017-01-10 13:15:41 +00:00
assert_success
2016-02-24 23:17:01 +00:00
}
@test "checking process: opendmarc" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/opendmarc'"
2017-01-10 13:15:41 +00:00
assert_success
2016-02-24 23:17:01 +00:00
}
2016-03-31 10:33:47 +00:00
@test "checking process: fail2ban (disabled in default configuration)" {
2017-04-27 15:59:28 +00:00
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python3 /usr/bin/fail2ban-server'"
2017-01-10 13:15:41 +00:00
assert_failure
2016-03-31 10:33:47 +00:00
}
2016-08-21 20:13:13 +00:00
@test "checking process: fetchmail (disabled in default configuration)" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'"
2017-01-10 13:15:41 +00:00
assert_failure
2016-08-21 20:13:13 +00:00
}
2016-02-24 23:17:01 +00:00
#
# imap
#
2016-04-13 21:16:46 +00:00
@test "checking process: dovecot imaplogin (enabled in default configuration)" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'"
2017-01-10 13:15:41 +00:00
assert_success
2016-02-29 22:52:10 +00:00
}
2016-02-24 23:17:01 +00:00
@test "checking imap: server is ready with STARTTLS" {
2016-04-22 15:51:14 +00:00
run docker exec mail /bin/bash -c "nc -w 2 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'ready'"
2017-01-10 13:15:41 +00:00
assert_success
2016-02-24 23:17:01 +00:00
}
@test "checking imap: authentication works" {
2016-04-20 23:08:14 +00:00
run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-auth.txt"
2017-01-10 13:15:41 +00:00
assert_success
2016-02-24 23:17:01 +00:00
}
2017-10-10 06:15:18 +00:00
@test "checking imap: added user authentication works" {
run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/added-imap-auth.txt"
assert_success
}
2016-02-24 23:17:01 +00:00
#
# sasl
#
2016-04-17 10:01:05 +00:00
@test "checking sasl: doveadm auth test works with good password" {
run docker exec mail /bin/sh -c "doveadm auth test -x service=smtp user2@otherdomain.tld mypassword | grep 'auth succeeded'"
2017-01-10 13:15:41 +00:00
assert_success
2016-02-24 23:17:01 +00:00
}
2016-04-17 10:01:05 +00:00
@test "checking sasl: doveadm auth test fails with bad password" {
run docker exec mail /bin/sh -c "doveadm auth test -x service=smtp user2@otherdomain.tld BADPASSWORD | grep 'auth failed'"
2017-01-10 13:15:41 +00:00
assert_success
2016-02-24 23:17:01 +00:00
}
2016-11-15 19:48:09 +00:00
@test "checking sasl: sasl_passwd exists" {
run docker exec mail [ -f /etc/postfix/sasl_passwd ]
2017-01-10 13:15:41 +00:00
assert_success
2016-03-18 19:12:18 +00:00
}
2016-04-07 22:23:12 +00:00
#
# logs
#
@test "checking logs: mail related logs should be located in a subdirectory" {
2017-12-31 11:33:48 +00:00
run docker exec mail /bin/sh -c "ls -1 /var/log/mail/ | grep -E 'clamav|freshclam|mail.log'|wc -l"
2017-01-10 13:15:41 +00:00
assert_success
assert_output 3
2016-04-07 22:23:12 +00:00
}
2016-02-24 23:17:01 +00:00
#
# smtp
#
@test "checking smtp: authentication works with good password (plain)" {
2016-04-20 23:08:14 +00:00
run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-plain.txt | grep 'Authentication successful'"
2017-01-10 13:15:41 +00:00
assert_success
2016-02-24 23:17:01 +00:00
}
@test "checking smtp: authentication fails with wrong password (plain)" {
2020-09-21 23:09:47 +00:00
run docker exec mail /bin/sh -c "nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-plain-wrong.txt"
assert_output --partial 'authentication failed'
2017-01-10 13:15:41 +00:00
assert_success
2016-02-24 23:17:01 +00:00
}
@test "checking smtp: authentication works with good password (login)" {
2016-04-20 23:08:14 +00:00
run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login.txt | grep 'Authentication successful'"
2017-01-10 13:15:41 +00:00
assert_success
2016-02-24 23:17:01 +00:00
}
@test "checking smtp: authentication fails with wrong password (login)" {
2020-09-21 23:09:47 +00:00
run docker exec mail /bin/sh -c "nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt"
assert_output --partial 'authentication failed'
2017-01-10 13:15:41 +00:00
assert_success
2016-02-24 23:17:01 +00:00
}
2017-10-10 06:15:18 +00:00
@test "checking smtp: added user authentication works with good password (plain)" {
run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-plain.txt | grep 'Authentication successful'"
assert_success
}
@test "checking smtp: added user authentication fails with wrong password (plain)" {
run docker exec mail /bin/sh -c "nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-plain-wrong.txt | grep 'authentication failed'"
assert_success
}
@test "checking smtp: added user authentication works with good password (login)" {
run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-login.txt | grep 'Authentication successful'"
assert_success
}
@test "checking smtp: added user authentication fails with wrong password (login)" {
run docker exec mail /bin/sh -c "nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-login-wrong.txt | grep 'authentication failed'"
assert_success
}
2016-02-24 23:17:01 +00:00
@test "checking smtp: delivers mail to existing account" {
2020-01-20 20:59:34 +00:00
run docker exec mail /bin/sh -c "grep 'postfix/lmtp' /var/log/mail/mail.log | grep 'status=sent' | grep ' Saved)' | sed 's/.* to=</</g' | sed 's/, relay.*//g' | sort | uniq -c | tr -s \" \""
2017-01-10 13:15:41 +00:00
assert_success
2020-09-19 23:09:10 +00:00
assert_output <<'EOF'
2020-01-20 20:59:34 +00:00
1 <added@localhost.localdomain>
6 <user1@localhost.localdomain>
1 <user1@localhost.localdomain>, orig_to=<postmaster@my-domain.com>
1 <user1@localhost.localdomain>, orig_to=<root>
1 <user1~test@localhost.localdomain>
2 <user2@otherdomain.tld>
EOF
2016-02-24 23:17:01 +00:00
}
@test "checking smtp: delivers mail to existing alias" {
2016-04-01 15:18:13 +00:00
run docker exec mail /bin/sh -c "grep 'to=<user1@localhost.localdomain>, orig_to=<alias1@localhost.localdomain>' /var/log/mail/mail.log | grep 'status=sent' | wc -l"
2017-01-10 13:15:41 +00:00
assert_success
assert_output 1
2016-02-24 23:17:01 +00:00
}
2017-03-03 17:27:22 +00:00
@test "checking smtp: delivers mail to existing alias with recipient delimiter" {
run docker exec mail /bin/sh -c "grep 'to=<user1~test@localhost.localdomain>, orig_to=<alias1~test@localhost.localdomain>' /var/log/mail/mail.log | grep 'status=sent' | wc -l"
assert_success
assert_output 1
run docker exec mail /bin/sh -c "grep 'to=<user1~test@localhost.localdomain>' /var/log/mail/mail.log | grep 'status=bounced'"
assert_failure
}
2016-07-23 21:42:18 +00:00
@test "checking smtp: delivers mail to existing catchall" {
run docker exec mail /bin/sh -c "grep 'to=<user1@localhost.localdomain>, orig_to=<wildcard@localdomain2.com>' /var/log/mail/mail.log | grep 'status=sent' | wc -l"
2017-01-10 13:15:41 +00:00
assert_success
assert_output 1
2016-07-23 21:42:18 +00:00
}
2016-05-24 04:30:22 +00:00
@test "checking smtp: delivers mail to regexp alias" {
run docker exec mail /bin/sh -c "grep 'to=<user1@localhost.localdomain>, orig_to=<test123@localhost.localdomain>' /var/log/mail/mail.log | grep 'status=sent' | wc -l"
2017-01-10 13:15:41 +00:00
assert_success
assert_output 1
2016-05-24 04:30:22 +00:00
}
2018-04-23 18:35:33 +00:00
@test "checking smtp: user1 should have received 9 mails" {
2020-01-20 20:59:34 +00:00
run docker exec mail /bin/sh -c "grep Subject /var/mail/localhost.localdomain/user1/new/* | sed 's/.*Subject: //g' | sed 's/\.txt.*//g' | sed 's/VIRUS.*/VIRUS/g' | sort"
assert_success
# 9 messages, the virus mail has three subject lines
cat <<'EOF' | assert_output
Root Test Message
Test Message amavis-virus
Test Message amavis-virus
Test Message existing-alias-external
Test Message existing-alias-recipient-delimiter
Test Message existing-catchall-local
Test Message existing-regexp-alias-local
Test Message existing-user-and-cc-local-alias
Test Message existing-user1
Test Message sieve-spam-folder
VIRUS
EOF
2016-02-24 23:17:01 +00:00
}
@test "checking smtp: rejects mail to unknown user" {
2016-04-01 15:18:13 +00:00
run docker exec mail /bin/sh -c "grep '<nouser@localhost.localdomain>: Recipient address rejected: User unknown in virtual mailbox table' /var/log/mail/mail.log | wc -l"
2017-01-10 13:15:41 +00:00
assert_success
assert_output 1
2016-02-24 23:17:01 +00:00
}
2016-05-24 04:30:22 +00:00
@test "checking smtp: redirects mail to external aliases" {
2020-01-26 20:05:24 +00:00
run docker exec mail /bin/sh -c "grep -- '-> <external1@otherdomain.tld>' /var/log/mail/mail.log* | grep RelayedInbound | wc -l"
2017-01-10 13:15:41 +00:00
assert_success
assert_output 2
2016-02-24 23:17:01 +00:00
}
@test "checking smtp: rejects spam" {
2018-02-06 07:11:57 +00:00
run docker exec mail /bin/sh -c "grep 'Blocked SPAM' /var/log/mail/mail.log | grep external.tld=spam@my-domain.com | wc -l"
2017-01-10 13:15:41 +00:00
assert_success
assert_output 1
2016-02-24 23:17:01 +00:00
}
@test "checking smtp: rejects virus" {
2018-02-06 07:11:57 +00:00
run docker exec mail /bin/sh -c "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep external.tld=virus@my-domain.com | wc -l"
2017-01-10 13:15:41 +00:00
assert_success
assert_output 1
2016-02-24 23:17:01 +00:00
}
2019-08-11 15:14:00 +00:00
@test "checking smtp: not advertising smtputf8" {
# Dovecot does not support SMTPUTF8, so while we can send we cannot receive
# Better disable SMTPUTF8 support entirely if we can't handle it correctly
run docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/smtp-ehlo.txt | grep SMTPUTF8 | wc -l"
assert_success
assert_output 0
}
2016-02-24 23:17:01 +00:00
#
# accounts
#
@test "checking accounts: user accounts" {
2016-04-17 10:01:05 +00:00
run docker exec mail doveadm user '*'
2017-01-10 13:15:41 +00:00
assert_success
2020-09-21 23:09:47 +00:00
assert_line --index 0 "user1@localhost.localdomain"
assert_line --index 1 "user2@otherdomain.tld"
assert_line --index 2 "added@localhost.localdomain"
2016-02-24 23:17:01 +00:00
}
2019-10-17 07:04:14 +00:00
@test "checking accounts: user mail folder for user1" {
run docker exec mail /bin/bash -c "ls -d /var/mail/localhost.localdomain/user1"
2017-01-10 13:15:41 +00:00
assert_success
2016-02-24 23:17:01 +00:00
}
2019-10-17 07:04:14 +00:00
@test "checking accounts: user mail folder for user2" {
run docker exec mail /bin/bash -c "ls -d /var/mail/otherdomain.tld/user2"
2017-01-10 13:15:41 +00:00
assert_success
2016-02-24 23:17:01 +00:00
}
2019-10-17 07:04:14 +00:00
@test "checking accounts: user mail folder for added user" {
run docker exec mail /bin/bash -c "ls -d /var/mail/localhost.localdomain/added"
2017-10-10 06:15:18 +00:00
assert_success
}
2017-03-28 08:59:02 +00:00
@test "checking accounts: comments are not parsed" {
run docker exec mail /bin/bash -c "ls /var/mail | grep 'comment'"
assert_failure
}
2016-02-24 23:17:01 +00:00
#
# postfix
#
@test "checking postfix: vhost file is correct" {
run docker exec mail cat /etc/postfix/vhost
2017-01-10 13:15:41 +00:00
assert_success
2020-10-19 10:15:44 +00:00
assert_line --index 0 "localdomain2.com"
2020-10-18 00:24:26 +00:00
assert_line --index 1 "localhost.localdomain"
assert_line --index 2 "otherdomain.tld"
2016-02-24 23:17:01 +00:00
}
2016-03-18 19:07:58 +00:00
@test "checking postfix: main.cf overrides" {
2016-04-17 10:01:05 +00:00
run docker exec mail grep -q 'max_idle = 600s' /tmp/docker-mailserver/postfix-main.cf
2017-01-10 13:15:41 +00:00
assert_success
2016-04-17 10:01:05 +00:00
run docker exec mail grep -q 'readme_directory = /tmp' /tmp/docker-mailserver/postfix-main.cf
2017-01-10 13:15:41 +00:00
assert_success
2016-03-18 19:07:58 +00:00
}
2017-06-13 11:20:25 +00:00
@test "checking postfix: master.cf overrides" {
run docker exec mail grep -q 'submission/inet/smtpd_sasl_security_options=noanonymous' /tmp/docker-mailserver/postfix-master.cf
assert_success
}
2016-05-29 20:36:06 +00:00
#
# dovecot
#
@test "checking dovecot: config additions" {
run docker exec mail grep -q 'mail_max_userip_connections = 69' /tmp/docker-mailserver/dovecot.cf
2017-01-10 13:15:41 +00:00
assert_success
2016-05-29 20:36:06 +00:00
run docker exec mail /bin/sh -c "doveconf | grep 'mail_max_userip_connections = 69'"
2017-01-10 13:15:41 +00:00
assert_success
assert_output 'mail_max_userip_connections = 69'
2016-05-29 20:36:06 +00:00
}
2016-02-24 23:17:01 +00:00
#
# spamassassin
#
2016-12-25 21:54:37 +00:00
@test "checking spamassassin: should be listed in amavis when enabled" {
run docker exec mail /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'"
2017-01-10 13:15:41 +00:00
assert_failure
2016-12-25 21:54:37 +00:00
}
2017-04-18 12:18:42 +00:00
@test "checking spamassassin: all registered domains should see spam headers" {
run docker exec mail /bin/sh -c "grep -ir 'X-Spam-' /var/mail/localhost.localdomain/user1/new"
assert_success
run docker exec mail /bin/sh -c "grep -ir 'X-Spam-' /var/mail/otherdomain.tld/user2/new"
assert_success
}
2016-12-25 14:41:02 +00:00
#
# clamav
#
@test "checking clamav: should be listed in amavis when enabled" {
run docker exec mail grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log
2017-01-10 13:15:41 +00:00
assert_success
2016-12-25 14:41:02 +00:00
}
2016-02-24 23:17:01 +00:00
#
# opendkim
#
@test "checking opendkim: /etc/opendkim/KeyTable should contain 2 entries" {
run docker exec mail /bin/sh -c "cat /etc/opendkim/KeyTable | wc -l"
2017-01-10 13:15:41 +00:00
assert_success
assert_output 2
2016-02-24 23:17:01 +00:00
}
2017-06-07 13:35:42 +00:00
@test "checking opendkim: /etc/opendkim/KeyTable dummy file generated without keys provided" {
2020-09-17 22:02:38 +00:00
docker run --rm -d --name mail_smtponly_without_config \
-e SMTP_ONLY=1 \
-e ENABLE_LDAP=1 \
-e PERMIT_DOCKER=network \
-e OVERRIDE_HOSTNAME=mail.mydomain.com \
2020-10-18 00:24:26 +00:00
-t "${NAME}"
2020-09-17 22:02:38 +00:00
teardown() { docker rm -f mail_smtponly_without_config; }
run repeat_in_container_until_success_or_timeout 15 mail_smtponly_without_config /bin/bash -c "cat /etc/opendkim/KeyTable"
2017-06-07 13:35:42 +00:00
assert_success
}
2016-02-24 23:17:01 +00:00
@test "checking opendkim: /etc/opendkim/keys/ should contain 2 entries" {
run docker exec mail /bin/sh -c "ls -l /etc/opendkim/keys/ | grep '^d' | wc -l"
2017-01-10 13:15:41 +00:00
assert_success
assert_output 2
2016-02-24 23:17:01 +00:00
}
2019-08-04 10:29:39 +00:00
@test "checking opendkim: /etc/opendkim.conf contains nameservers copied from /etc/resolv.conf" {
run docker exec mail /bin/bash -c "grep -E '^Nameservers ((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' /etc/opendkim.conf"
assert_success
}
2018-03-03 08:20:23 +00:00
# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
2021-01-27 13:09:24 +00:00
# Instead it tests the file-size (here 861) - which may differ with a different domain names
2018-03-03 08:20:23 +00:00
# This test may be re-used as a global test to provide better test coverage.
@test "checking opendkim: generator creates default keys size" {
2020-10-19 13:19:34 +00:00
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_default_key_size)"
2021-01-27 13:09:24 +00:00
# Prepare default key size 4096
2020-10-19 10:15:44 +00:00
rm -rf "${PRIVATE_CONFIG}/keyDefault"
mkdir -p "${PRIVATE_CONFIG}/keyDefault"
2020-09-17 23:37:42 +00:00
2018-03-03 08:20:23 +00:00
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/keyDefault/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l'
2018-03-03 08:20:23 +00:00
assert_success
assert_output 6
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/keyDefault/opendkim":/etc/opendkim \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" \
2018-03-03 08:20:23 +00:00
/bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
assert_success
2021-01-27 13:09:24 +00:00
assert_output 861
2018-03-03 08:20:23 +00:00
}
# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
2021-01-27 13:09:24 +00:00
# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
# Instead it tests the file-size (here 861) - which may differ with a different domain names
# This test may be re-used as a global test to provide better test coverage.
@test "checking opendkim: generator creates key size 4096" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_4096)"
# Prepare set key size 4096
rm -rf "${PRIVATE_CONFIG}/key4096"
mkdir -p "${PRIVATE_CONFIG}/config/key4096"
run docker run --rm \
-v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 4096 | wc -l'
assert_success
assert_output 6
run docker run --rm \
-v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" \
/bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
assert_success
assert_output 861
}
2018-03-03 08:20:23 +00:00
# Instead it tests the file-size (here 511) - which may differ with a different domain names
# This test may be re-used as a global test to provide better test coverage.
@test "checking opendkim: generator creates key size 2048" {
2020-10-19 13:19:34 +00:00
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_2048)"
2018-03-03 08:20:23 +00:00
# Prepare set key size 2048
2020-10-19 10:15:44 +00:00
rm -rf "${PRIVATE_CONFIG}/key2048"
mkdir -p "${PRIVATE_CONFIG}/config/key2048"
2018-03-03 08:20:23 +00:00
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 | wc -l'
2018-03-03 08:20:23 +00:00
assert_success
assert_output 6
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" \
2018-03-03 08:20:23 +00:00
/bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
assert_success
assert_output 511
}
# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
# Instead it tests the file-size (here 329) - which may differ with a different domain names
# This test may be re-used as a global test to provide better test coverage.
@test "checking opendkim: generator creates key size 1024" {
2020-10-19 13:19:34 +00:00
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_1024)"
2018-03-03 08:20:23 +00:00
# Prepare set key size 1024
2020-10-19 10:15:44 +00:00
rm -rf "${PRIVATE_CONFIG}/key1024"
mkdir -p "${PRIVATE_CONFIG}/key1024"
2018-03-03 08:20:23 +00:00
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/key1024/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 1024 | wc -l'
2018-03-03 08:20:23 +00:00
assert_success
assert_output 6
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/key1024/opendkim":/etc/opendkim \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" \
2018-03-03 08:20:23 +00:00
/bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
assert_success
assert_output 329
}
2016-04-20 23:08:14 +00:00
@test "checking opendkim: generator creates keys, tables and TrustedHosts" {
2020-10-19 13:19:34 +00:00
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_dkim_generator_creates_keys_tables_TrustedHosts)"
2020-10-19 10:15:44 +00:00
rm -rf "${PRIVATE_CONFIG}/empty"
mkdir -p "${PRIVATE_CONFIG}/empty"
2016-04-20 21:01:32 +00:00
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/empty/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l'
2017-01-10 13:15:41 +00:00
assert_success
assert_output 6
2016-04-21 09:42:41 +00:00
# Check keys for localhost.localdomain
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
2017-01-10 13:15:41 +00:00
assert_success
assert_output 2
2016-04-21 09:42:41 +00:00
# Check keys for otherdomain.tld
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
2017-01-10 13:15:41 +00:00
assert_success
assert_output 2
2016-04-21 09:42:41 +00:00
# Check presence of tables and TrustedHosts
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
2017-01-10 13:15:41 +00:00
assert_success
assert_output 4
2016-04-20 21:01:32 +00:00
}
2016-08-24 08:06:59 +00:00
@test "checking opendkim: generator creates keys, tables and TrustedHosts without postfix-accounts.cf" {
2020-10-19 13:19:34 +00:00
local PRIVATE_CONFIG
2020-10-20 07:33:14 +00:00
PRIVATE_CONFIG="$(duplicate_config_for_container . )"
2020-10-19 10:15:44 +00:00
rm -rf "${PRIVATE_CONFIG}/without-accounts"
mkdir -p "${PRIVATE_CONFIG}/without-accounts"
2016-08-24 08:06:59 +00:00
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/without-accounts/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l'
2017-01-10 13:15:41 +00:00
assert_success
assert_output 5
2016-08-24 08:06:59 +00:00
# Check keys for localhost.localdomain
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
2017-01-10 13:15:41 +00:00
assert_success
assert_output 2
2016-08-24 08:06:59 +00:00
# Check keys for otherdomain.tld
# run docker run --rm \
2020-10-19 10:15:44 +00:00
# -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \
2020-10-18 00:24:26 +00:00
# "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
2017-01-10 13:15:41 +00:00
# assert_success
2020-10-18 00:08:11 +00:00
# [ "${output}" -eq 0 ]
2016-08-24 08:06:59 +00:00
# Check presence of tables and TrustedHosts
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
2017-01-10 13:15:41 +00:00
assert_success
assert_output 4
2016-08-24 08:06:59 +00:00
}
@test "checking opendkim: generator creates keys, tables and TrustedHosts without postfix-virtual.cf" {
2020-10-19 13:19:34 +00:00
local PRIVATE_CONFIG
2020-10-20 10:05:40 +00:00
PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")"
2020-10-19 10:15:44 +00:00
rm -rf "${PRIVATE_CONFIG}/without-virtual"
mkdir -p "${PRIVATE_CONFIG}/without-virtual"
2016-08-24 08:06:59 +00:00
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/without-virtual/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l'
2017-01-10 13:15:41 +00:00
assert_success
assert_output 5
2016-08-24 08:06:59 +00:00
# Check keys for localhost.localdomain
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
2017-01-10 13:15:41 +00:00
assert_success
assert_output 2
2016-08-24 08:06:59 +00:00
# Check keys for otherdomain.tld
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
2017-01-10 13:15:41 +00:00
assert_success
assert_output 2
2016-08-24 08:06:59 +00:00
# Check presence of tables and TrustedHosts
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
2017-01-10 13:15:41 +00:00
assert_success
assert_output 4
2016-08-24 08:06:59 +00:00
}
2021-01-27 13:09:24 +00:00
@test "checking opendkim: generator creates keys, tables and TrustedHosts using manual provided domain name" {
2020-10-19 13:19:34 +00:00
local PRIVATE_CONFIG
2020-10-20 10:05:40 +00:00
PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")"
2020-10-19 10:15:44 +00:00
rm -rf "${PRIVATE_CONFIG}/with-domain" && mkdir -p "${PRIVATE_CONFIG}/with-domain"
2021-01-27 13:09:24 +00:00
# Generate first key
2017-08-12 16:09:11 +00:00
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
2021-01-27 13:09:24 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 domain1.tld| wc -l'
2017-08-12 16:09:11 +00:00
assert_success
2021-01-27 13:09:24 +00:00
assert_output 4
# Generate two additional keys different to the previous one
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 'domain2.tld,domain3.tld' | wc -l'
assert_success
assert_output 2
# Generate an additional key whilst providing already existing domains
2017-08-12 16:09:11 +00:00
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
2021-01-27 13:09:24 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 'domain3.tld,domain4.tld' | wc -l'
2017-08-12 16:09:11 +00:00
assert_success
assert_output 1
2021-01-27 13:09:24 +00:00
# Check keys for domain1.tld
2017-08-12 16:09:11 +00:00
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
2021-01-27 13:09:24 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain1.tld/ | wc -l'
2017-08-12 16:09:11 +00:00
assert_success
assert_output 2
2021-01-27 13:09:24 +00:00
# Check keys for domain2.tld
2017-08-12 16:09:11 +00:00
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
2021-01-27 13:09:24 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain2.tld | wc -l'
assert_success
assert_output 2
# Check keys for domain3.tld
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain3.tld | wc -l'
2017-08-12 16:09:11 +00:00
assert_success
assert_output 2
2021-01-27 13:09:24 +00:00
# Check keys for domain4.tld
2017-08-12 16:09:11 +00:00
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
2021-01-27 13:09:24 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain4.tld | wc -l'
2017-08-12 16:09:11 +00:00
assert_success
assert_output 2
# Check presence of tables and TrustedHosts
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys' | wc -l"
2017-08-12 16:09:11 +00:00
assert_success
assert_output 4
# Check valid entries actually present in KeyTable
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c \
2021-01-27 13:09:24 +00:00
"egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/KeyTable | wc -l"
2017-08-12 16:09:11 +00:00
assert_success
assert_output 4
# Check valid entries actually present in SigningTable
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c \
2021-01-27 13:09:24 +00:00
"egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/SigningTable | wc -l"
2017-08-12 16:09:11 +00:00
assert_success
assert_output 4
}
2016-02-24 23:17:01 +00:00
#
2016-04-26 17:39:08 +00:00
# ssl
2016-02-24 23:17:01 +00:00
#
2016-04-26 17:39:08 +00:00
@test "checking ssl: generated default cert works correctly" {
run docker exec mail /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 0 (ok)'"
2017-01-10 13:15:41 +00:00
assert_success
2016-04-26 17:39:08 +00:00
}
2016-12-23 22:56:39 +00:00
@test "checking ssl: lets-encrypt-x3-cross-signed.pem is installed" {
run docker exec mail grep 'BEGIN CERTIFICATE' /etc/ssl/certs/lets-encrypt-x3-cross-signed.pem
2017-01-10 13:15:41 +00:00
assert_success
2016-02-24 23:17:01 +00:00
}
2018-03-18 19:15:06 +00:00
#
# postsrsd
#
@test "checking SRS: main.cf entries" {
run docker exec mail grep "sender_canonical_maps = tcp:localhost:10001" /etc/postfix/main.cf
assert_success
run docker exec mail grep "sender_canonical_classes = envelope_sender" /etc/postfix/main.cf
assert_success
run docker exec mail grep "recipient_canonical_maps = tcp:localhost:10002" /etc/postfix/main.cf
assert_success
run docker exec mail grep "recipient_canonical_classes = envelope_recipient,header_recipient" /etc/postfix/main.cf
assert_success
}
@test "checking SRS: postsrsd running" {
run docker exec mail /bin/sh -c "ps aux | grep ^postsrsd"
assert_success
}
2020-09-17 21:46:31 +00:00
2018-06-19 06:17:32 +00:00
@test "checking SRS: fallback to hostname is handled correctly" {
run docker exec mail grep "SRS_DOMAIN=my-domain.com" /etc/default/postsrsd
assert_success
}
2016-02-24 23:17:01 +00:00
#
# system
#
@test "checking system: freshclam cron is enabled" {
2017-07-23 19:31:41 +00:00
run docker exec mail bash -c "grep '/usr/bin/freshclam' -r /etc/cron.d"
2017-01-10 13:15:41 +00:00
assert_success
2016-10-08 17:02:47 +00:00
}
@test "checking amavis: virusmail wiper cron exists" {
2017-01-11 09:52:39 +00:00
run docker exec mail bash -c "crontab -l | grep '/usr/local/bin/virus-wiper'"
2017-01-10 13:15:41 +00:00
assert_success
2016-10-08 17:02:47 +00:00
}
@test "checking amavis: VIRUSMAILS_DELETE_DELAY override works as expected" {
2020-11-05 12:32:42 +00:00
# shellcheck disable=SC2016
2020-10-18 00:24:26 +00:00
run docker run --rm -e VIRUSMAILS_DELETE_DELAY=2 "${IMAGE_NAME:?}" /bin/bash -c 'echo "${VIRUSMAILS_DELETE_DELAY}"'
assert_output 2
2016-10-08 17:02:47 +00:00
}
@test "checking amavis: old virusmail is wipped by cron" {
docker exec mail bash -c 'touch -d "`date --date=2000-01-01`" /var/lib/amavis/virusmails/should-be-deleted'
2019-10-21 08:43:04 +00:00
run docker exec mail bash -c '/usr/local/bin/virus-wiper'
2017-01-10 13:15:41 +00:00
assert_success
2016-10-08 17:02:47 +00:00
run docker exec mail bash -c 'ls -la /var/lib/amavis/virusmails/ | grep should-be-deleted'
2017-01-10 13:15:41 +00:00
assert_failure
2016-10-08 17:02:47 +00:00
}
@test "checking amavis: recent virusmail is not wipped by cron" {
docker exec mail bash -c 'touch -d "`date`" /var/lib/amavis/virusmails/should-not-be-deleted'
2019-10-21 08:43:04 +00:00
run docker exec mail bash -c '/usr/local/bin/virus-wiper'
2017-01-10 13:15:41 +00:00
assert_success
2016-10-08 17:02:47 +00:00
run docker exec mail bash -c 'ls -la /var/lib/amavis/virusmails/ | grep should-not-be-deleted'
2017-01-10 13:15:41 +00:00
assert_success
2016-02-24 23:17:01 +00:00
}
2016-04-01 15:18:13 +00:00
@test "checking system: /var/log/mail/mail.log is error free" {
run docker exec mail grep 'non-null host address bits in' /var/log/mail/mail.log
2017-01-10 13:15:41 +00:00
assert_failure
2016-07-23 19:01:01 +00:00
run docker exec mail grep 'mail system configuration error' /var/log/mail/mail.log
2017-01-10 13:15:41 +00:00
assert_failure
2016-04-01 15:18:13 +00:00
run docker exec mail grep ': error:' /var/log/mail/mail.log
2017-01-10 13:15:41 +00:00
assert_failure
2016-09-11 12:26:04 +00:00
run docker exec mail grep -i 'is not writable' /var/log/mail/mail.log
2017-01-10 13:15:41 +00:00
assert_failure
2016-09-11 12:26:04 +00:00
run docker exec mail grep -i 'permission denied' /var/log/mail/mail.log
2017-01-10 13:15:41 +00:00
assert_failure
2016-12-23 22:56:39 +00:00
run docker exec mail grep -i '(!)connect' /var/log/mail/mail.log
2017-01-10 13:15:41 +00:00
assert_failure
2017-05-22 07:28:32 +00:00
run docker exec mail grep -i 'backwards-compatible default setting chroot=y' /var/log/mail/mail.log
assert_failure
run docker exec mail grep -i 'connect to 127.0.0.1:10023: Connection refused' /var/log/mail/mail.log
assert_failure
2016-02-24 23:17:01 +00:00
}
2016-12-17 20:53:09 +00:00
@test "checking system: /var/log/auth.log is error free" {
run docker exec mail grep 'Unable to open env file: /etc/default/locale' /var/log/auth.log
2017-01-10 13:15:41 +00:00
assert_failure
2016-12-17 20:53:09 +00:00
}
2016-02-24 23:17:01 +00:00
@test "checking system: sets the server fqdn" {
run docker exec mail hostname
2017-01-10 13:15:41 +00:00
assert_success
assert_output "mail.my-domain.com"
2016-02-24 23:17:01 +00:00
}
@test "checking system: sets the server domain name in /etc/mailname" {
run docker exec mail cat /etc/mailname
2017-01-10 13:15:41 +00:00
assert_success
assert_output "my-domain.com"
2016-02-24 23:17:01 +00:00
}
2016-04-28 06:57:50 +00:00
2016-09-23 06:22:57 +00:00
@test "checking system: postfix should not log to syslog" {
run docker exec mail grep 'postfix' /var/log/syslog
2017-01-10 13:15:41 +00:00
assert_failure
2016-09-23 06:22:57 +00:00
}
2017-08-07 15:37:16 +00:00
@test "checking system: amavis decoders installed and available" {
2020-01-26 15:39:58 +00:00
run docker exec mail /bin/sh -c "grep -E '.*(Internal decoder|Found decoder) for\s+\..*' /var/log/mail/mail.log*|grep -Eo '(mail|Z|gz|bz2|xz|lzma|lrz|lzo|lz4|rpm|cpio|tar|deb|rar|arj|arc|zoo|doc|cab|tnef|zip|kmz|7z|jar|swf|lha|iso|exe)' | sort | uniq"
2017-08-07 15:37:16 +00:00
assert_success
2020-01-26 15:39:58 +00:00
# Support for doc and zoo removed in buster
cat <<'EOF' | assert_output
7z
Z
arc
arj
bz2
cab
cpio
deb
exe
gz
iso
jar
kmz
lha
lrz
lz4
lzma
lzo
mail
rar
rpm
swf
tar
tnef
xz
zip
EOF
2017-08-07 15:37:16 +00:00
}
2016-04-28 06:57:50 +00:00
#
# sieve
#
2016-04-28 08:25:11 +00:00
@test "checking sieve: user1 should have received 1 email in folder INBOX.spam" {
2016-04-28 06:57:50 +00:00
run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/.INBOX.spam/new | wc -l"
2017-01-10 13:15:41 +00:00
assert_success
assert_output 1
2016-04-28 06:57:50 +00:00
}
2016-04-29 13:24:10 +00:00
2016-04-29 15:09:48 +00:00
@test "checking manage sieve: server is ready when ENABLE_MANAGESIEVE has been set" {
2016-04-29 13:24:10 +00:00
run docker exec mail /bin/bash -c "nc -z 0.0.0.0 4190"
2017-01-10 13:15:41 +00:00
assert_success
2016-04-29 13:24:10 +00:00
}
2017-05-10 07:54:02 +00:00
@test "checking sieve: user2 should have piped 1 email to /tmp/" {
run docker exec mail /bin/sh -c "ls -A /tmp/pipe-test.out | wc -l"
assert_success
assert_output 1
}
2018-04-05 16:54:01 +00:00
@test "checking sieve global: user1 should have gotten a copy of his spam mail" {
run docker exec mail /bin/sh -c "grep 'Spambot <spam@spam.com>' -R /var/mail/localhost.localdomain/user1/new/"
assert_success
}
2018-04-28 08:27:42 +00:00
2016-06-14 14:17:06 +00:00
#
# accounts
#
2018-04-04 16:59:28 +00:00
@test "checking accounts: user_without_domain creation should be rejected since user@domain format is required" {
run docker exec mail /bin/sh -c "addmailuser user_without_domain mypassword"
assert_failure
assert_output --partial "username must include the domain"
}
2016-06-14 14:17:06 +00:00
@test "checking accounts: user3 should have been added to /tmp/docker-mailserver/postfix-accounts.cf" {
docker exec mail /bin/sh -c "addmailuser user3@domain.tld mypassword"
2016-12-30 19:06:44 +00:00
run docker exec mail /bin/sh -c "grep '^user3@domain\.tld|' -i /tmp/docker-mailserver/postfix-accounts.cf"
2017-01-10 13:15:41 +00:00
assert_success
2020-10-18 00:24:26 +00:00
[ -n "${output}" ]
2016-06-14 14:17:06 +00:00
}
2016-12-30 19:06:44 +00:00
@test "checking accounts: auser3 should have been added to /tmp/docker-mailserver/postfix-accounts.cf" {
docker exec mail /bin/sh -c "addmailuser auser3@domain.tld mypassword"
run docker exec mail /bin/sh -c "grep '^auser3@domain\.tld|' -i /tmp/docker-mailserver/postfix-accounts.cf"
2017-01-10 13:15:41 +00:00
assert_success
2020-10-18 00:24:26 +00:00
[ -n "${output}" ]
2016-12-30 19:06:44 +00:00
}
@test "checking accounts: a.ser3 should have been added to /tmp/docker-mailserver/postfix-accounts.cf" {
docker exec mail /bin/sh -c "addmailuser a.ser3@domain.tld mypassword"
run docker exec mail /bin/sh -c "grep '^a\.ser3@domain\.tld|' -i /tmp/docker-mailserver/postfix-accounts.cf"
2017-01-10 13:15:41 +00:00
assert_success
2020-10-18 00:24:26 +00:00
[ -n "${output}" ]
2016-12-30 19:06:44 +00:00
}
@test "checking accounts: user3 should have been removed from /tmp/docker-mailserver/postfix-accounts.cf but not auser3" {
2018-03-14 19:00:38 +00:00
docker exec mail /bin/sh -c "delmailuser -y user3@domain.tld"
2016-06-14 14:17:06 +00:00
2016-12-30 19:06:44 +00:00
run docker exec mail /bin/sh -c "grep '^user3@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf"
2017-01-10 13:15:41 +00:00
assert_failure
2020-10-18 00:08:11 +00:00
[ -z "${output}" ]
2016-12-30 19:06:44 +00:00
run docker exec mail /bin/sh -c "grep '^auser3@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf"
2017-01-10 13:15:41 +00:00
assert_success
2020-10-18 00:24:26 +00:00
[ -n "${output}" ]
2016-06-14 14:17:06 +00:00
}
2016-08-21 20:10:13 +00:00
2016-12-21 19:12:05 +00:00
@test "checking user updating password for user in /tmp/docker-mailserver/postfix-accounts.cf" {
2016-12-30 19:06:44 +00:00
docker exec mail /bin/sh -c "addmailuser user4@domain.tld mypassword"
2016-12-21 19:12:05 +00:00
2020-10-18 00:24:26 +00:00
initialpass=$(docker exec mail /bin/sh -c "grep '^user4@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf")
2016-12-21 19:12:05 +00:00
sleep 2
2016-12-30 19:06:44 +00:00
docker exec mail /bin/sh -c "updatemailuser user4@domain.tld mynewpassword"
2016-12-21 19:12:05 +00:00
sleep 2
2020-10-18 00:24:26 +00:00
changepass=$(docker exec mail /bin/sh -c "grep '^user4@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf")
2016-12-21 19:12:05 +00:00
2020-11-05 12:32:42 +00:00
[ "${initialpass}" != "${changepass}" ]
2016-12-21 19:12:05 +00:00
2018-03-14 19:00:38 +00:00
docker exec mail /bin/sh -c "delmailuser -y auser3@domain.tld"
2016-12-21 19:12:05 +00:00
2017-01-10 13:15:41 +00:00
assert_success
2016-12-21 19:12:05 +00:00
}
2016-08-29 11:44:36 +00:00
@test "checking accounts: listmailuser" {
run docker exec mail /bin/sh -c "listmailuser | head -n 1"
2017-01-10 13:15:41 +00:00
assert_success
assert_output 'user1@localhost.localdomain'
2016-08-29 11:44:36 +00:00
}
2016-08-24 08:06:59 +00:00
@test "checking accounts: no error is generated when deleting a user if /tmp/docker-mailserver/postfix-accounts.cf is missing" {
run docker run --rm \
2020-09-17 23:37:42 +00:00
-v "$(duplicate_config_for_container without-accounts/ without-accounts-deleting-user)":/tmp/docker-mailserver/ \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'delmailuser -y user3@domain.tld'
2017-01-10 13:15:41 +00:00
assert_success
2020-10-18 00:08:11 +00:00
[ -z "${output}" ]
2016-08-24 08:06:59 +00:00
}
@test "checking accounts: user3 should have been added to /tmp/docker-mailserver/postfix-accounts.cf even when that file does not exist" {
2020-10-19 13:19:34 +00:00
local PRIVATE_CONFIG
PRIVATE_CONFIG=$(duplicate_config_for_container without-accounts/ without-accounts_file_does_not_exist)
2016-08-24 08:06:59 +00:00
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/without-accounts/":/tmp/docker-mailserver/ \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'addmailuser user3@domain.tld mypassword'
2017-01-10 13:15:41 +00:00
assert_success
2016-08-24 08:06:59 +00:00
run docker run --rm \
2020-10-19 10:15:44 +00:00
-v "${PRIVATE_CONFIG}/without-accounts/":/tmp/docker-mailserver/ \
2020-10-18 00:24:26 +00:00
"${IMAGE_NAME:?}" /bin/sh -c 'grep user3@domain.tld -i /tmp/docker-mailserver/postfix-accounts.cf'
2017-01-10 13:15:41 +00:00
assert_success
2020-10-18 00:24:26 +00:00
[ -n "${output}" ]
2016-08-24 08:06:59 +00:00
}
2020-04-24 12:55:32 +00:00
@test "checking quota: setquota user must be existing" {
run docker exec mail /bin/sh -c "addmailuser quota_user@domain.tld mypassword"
assert_success
run docker exec mail /bin/sh -c "setquota quota_user 50M"
assert_failure
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 50M"
assert_success
run docker exec mail /bin/sh -c "setquota username@fulldomain 50M"
assert_failure
run docker exec mail /bin/sh -c "delmailuser -y quota_user@domain.tld"
assert_success
}
@test "checking quota: setquota <quota> must be well formatted" {
run docker exec mail /bin/sh -c "addmailuser quota_user@domain.tld mypassword"
assert_success
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 26GIGOTS"
assert_failure
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 123"
assert_failure
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld M"
assert_failure
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld -60M"
assert_failure
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 10B"
assert_success
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 10k"
assert_success
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 10M"
assert_success
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 10G"
assert_success
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 10T"
assert_success
run docker exec mail /bin/sh -c "delmailuser -y quota_user@domain.tld"
assert_success
}
@test "checking quota: delquota user must be existing" {
run docker exec mail /bin/sh -c "addmailuser quota_user@domain.tld mypassword"
assert_success
run docker exec mail /bin/sh -c "delquota uota_user@domain.tld"
assert_failure
run docker exec mail /bin/sh -c "delquota quota_user"
assert_failure
run docker exec mail /bin/sh -c "delquota dontknowyou@domain.tld"
assert_failure
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 10T"
assert_success
run docker exec mail /bin/sh -c "delquota quota_user@domain.tld"
assert_success
run docker exec mail /bin/sh -c "grep -i 'quota_user@domain.tld' /tmp/docker-mailserver/dovecot-quotas.cf"
assert_failure
run docker exec mail /bin/sh -c "delmailuser -y quota_user@domain.tld"
assert_success
}
@test "checking quota: delquota allow when no quota for existing user" {
run docker exec mail /bin/sh -c "addmailuser quota_user@domain.tld mypassword"
assert_success
run docker exec mail /bin/sh -c "grep -i 'quota_user@domain.tld' /tmp/docker-mailserver/dovecot-quotas.cf"
assert_failure
run docker exec mail /bin/sh -c "delquota quota_user@domain.tld"
assert_success
run docker exec mail /bin/sh -c "delquota quota_user@domain.tld"
assert_success
run docker exec mail /bin/sh -c "delmailuser -y quota_user@domain.tld"
assert_success
}
@test "checking quota: dovecot quota present in postconf" {
run docker exec mail /bin/bash -c "postconf | grep 'check_policy_service inet:localhost:65265'"
assert_success
}
@test "checking quota: dovecot mailbox max size must be equal to postfix mailbox max size" {
postfix_mailbox_size=$(docker exec mail sh -c "postconf | grep -Po '(?<=mailbox_size_limit = )[0-9]+'")
2020-10-18 00:08:11 +00:00
run echo "${postfix_mailbox_size}"
2020-04-24 12:55:32 +00:00
refute_output ""
# dovecot relies on virtual_mailbox_size by default
postfix_virtual_mailbox_size=$(docker exec mail sh -c "postconf | grep -Po '(?<=virtual_mailbox_limit = )[0-9]+'")
2020-10-18 00:08:11 +00:00
assert_equal "${postfix_virtual_mailbox_size}" "${postfix_mailbox_size}"
2020-04-24 12:55:32 +00:00
2020-10-18 00:08:11 +00:00
postfix_mailbox_size_mb=$(( postfix_mailbox_size / 1000000))
2020-04-24 12:55:32 +00:00
dovecot_mailbox_size_mb=$(docker exec mail sh -c "doveconf | grep -oP '(?<=quota_rule \= \*\:storage=)[0-9]+'")
2020-10-18 00:08:11 +00:00
run echo "${dovecot_mailbox_size_mb}"
2020-04-24 12:55:32 +00:00
refute_output ""
2020-10-18 00:08:11 +00:00
assert_equal "${postfix_mailbox_size_mb}" "${dovecot_mailbox_size_mb}"
2020-04-24 12:55:32 +00:00
}
@test "checking quota: dovecot message max size must be equal to postfix messsage max size" {
postfix_message_size=$(docker exec mail sh -c "postconf | grep -Po '(?<=message_size_limit = )[0-9]+'")
2020-10-18 00:08:11 +00:00
run echo "${postfix_message_size}"
2020-04-24 12:55:32 +00:00
refute_output ""
2020-10-18 00:24:26 +00:00
postfix_message_size_mb=$(( postfix_message_size / 1000000))
2020-04-24 12:55:32 +00:00
dovecot_message_size_mb=$(docker exec mail sh -c "doveconf | grep -oP '(?<=quota_max_mail_size = )[0-9]+'")
2020-10-18 00:08:11 +00:00
run echo "${dovecot_message_size_mb}"
2020-04-24 12:55:32 +00:00
refute_output ""
2020-10-18 00:08:11 +00:00
assert_equal "${postfix_message_size_mb}" "${dovecot_message_size_mb}"
2020-04-24 12:55:32 +00:00
}
@test "checking quota: quota directive is removed when mailbox is removed" {
run docker exec mail /bin/sh -c "addmailuser quserremoved@domain.tld mypassword"
assert_success
run docker exec mail /bin/sh -c "setquota quserremoved@domain.tld 12M"
assert_success
run docker exec mail /bin/sh -c 'cat /tmp/docker-mailserver/dovecot-quotas.cf | grep -E "^quserremoved@domain.tld\:12M\$" | wc -l | grep 1'
assert_success
run docker exec mail /bin/sh -c "delmailuser -y quserremoved@domain.tld"
assert_success
run docker exec mail /bin/sh -c 'cat /tmp/docker-mailserver/dovecot-quotas.cf | grep -E "^quserremoved@domain.tld\:12M\$"'
assert_failure
}
@test "checking quota: dovecot applies user quota" {
2020-10-16 23:15:37 +00:00
wait_for_changes_to_be_detected_in_container mail
2020-04-24 12:55:32 +00:00
run docker exec mail /bin/sh -c "doveadm quota get -u 'user1@localhost.localdomain' | grep 'User quota STORAGE'"
assert_output --partial "- 0"
run docker exec mail /bin/sh -c "setquota user1@localhost.localdomain 50M"
assert_success
2020-10-16 23:15:37 +00:00
wait_for_changes_to_be_detected_in_container mail
2020-04-24 12:55:32 +00:00
2020-04-24 15:03:09 +00:00
# wait until quota has been updated
run repeat_until_success_or_timeout 20 sh -c "docker exec mail sh -c 'doveadm quota get -u user1@localhost.localdomain | grep -oP \"(User quota STORAGE\s+[0-9]+\s+)51200(.*)\"'"
2020-04-24 12:55:32 +00:00
assert_success
run docker exec mail /bin/sh -c "delquota user1@localhost.localdomain"
assert_success
2020-10-16 23:15:37 +00:00
wait_for_changes_to_be_detected_in_container mail
2020-04-24 12:55:32 +00:00
2020-04-24 15:03:09 +00:00
# wait until quota has been updated
run repeat_until_success_or_timeout 20 sh -c "docker exec mail sh -c 'doveadm quota get -u user1@localhost.localdomain | grep -oP \"(User quota STORAGE\s+[0-9]+\s+)-(.*)\"'"
2020-04-24 12:55:32 +00:00
assert_success
}
@test "checking quota: warn message received when quota exceeded" {
2020-10-16 23:15:37 +00:00
wait_for_changes_to_be_detected_in_container mail
2020-04-24 12:55:32 +00:00
# create user
run docker exec mail /bin/sh -c "addmailuser quotauser@otherdomain.tld mypassword && setquota quotauser@otherdomain.tld 10k"
assert_success
2020-10-16 23:15:37 +00:00
wait_for_changes_to_be_detected_in_container mail
2020-04-24 12:55:32 +00:00
2020-04-24 15:03:09 +00:00
# wait until quota has been updated
run repeat_until_success_or_timeout 20 sh -c "docker exec mail sh -c 'doveadm quota get -u quotauser@otherdomain.tld | grep -oP \"(User quota STORAGE\s+[0-9]+\s+)10(.*)\"'"
2020-04-24 12:55:32 +00:00
assert_success
2020-04-24 16:53:38 +00:00
# dovecot and postfix has been restarted
wait_for_service mail postfix
wait_for_service mail dovecot
2021-01-16 09:16:05 +00:00
sleep 10
2020-04-24 16:53:38 +00:00
2020-04-24 12:55:32 +00:00
# send some big emails
2020-04-24 16:53:38 +00:00
run docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/quota-exceeded.txt"
assert_success
run docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/quota-exceeded.txt"
assert_success
run docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/quota-exceeded.txt"
2020-04-24 12:55:32 +00:00
assert_success
# check for quota warn message existence
run repeat_until_success_or_timeout 20 sh -c "docker exec mail sh -c 'grep \"Subject: quota warning\" /var/mail/otherdomain.tld/quotauser/new/ -R'"
assert_success
2021-01-16 09:16:05 +00:00
2020-04-24 13:53:44 +00:00
run repeat_until_success_or_timeout 20 sh -c "docker logs mail | grep 'Quota exceeded (mailbox for user is full)'"
assert_success
2020-04-24 12:55:32 +00:00
# ensure only the first big message and the warn message are present (other messages are rejected: mailbox is full)
run docker exec mail sh -c 'ls /var/mail/otherdomain.tld/quotauser/new/ | wc -l'
assert_success
assert_output "2"
run docker exec mail /bin/sh -c "delmailuser -y quotauser@otherdomain.tld"
assert_success
}
2016-08-21 20:10:13 +00:00
#
# PERMIT_DOCKER mynetworks
#
2016-08-24 08:06:59 +00:00
2016-08-21 20:10:13 +00:00
@test "checking PERMIT_DOCKER: can get container ip" {
run docker exec mail /bin/sh -c "ip addr show eth0 | grep 'inet ' | sed 's/[^0-9\.\/]*//g' | cut -d '/' -f 1 | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}'"
2017-01-10 13:15:41 +00:00
assert_success
2016-08-21 20:10:13 +00:00
}
@test "checking PERMIT_DOCKER: my network value" {
run docker exec mail /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.0\.0/16'"
2017-01-10 13:15:41 +00:00
assert_success
2016-08-21 20:10:13 +00:00
}
2016-09-01 10:10:23 +00:00
2016-09-02 07:08:41 +00:00
#
# amavis
#
@test "checking amavis: config overrides" {
run docker exec mail /bin/sh -c "grep 'Test Verification' /etc/amavis/conf.d/50-user | wc -l"
2017-01-10 13:15:41 +00:00
assert_success
assert_output 1
2016-09-02 07:08:41 +00:00
}
2018-04-28 08:27:42 +00:00
@test "checking user login: predefined user can login" {
2019-08-16 10:02:23 +00:00
run docker exec mail /bin/bash -c "doveadm auth test -x service=smtp pass@localhost.localdomain 'may be \\a \`p^a.*ssword' | grep 'passdb'"
assert_output "passdb: pass@localhost.localdomain auth succeeded"
2018-04-28 08:27:42 +00:00
}
2016-09-01 10:10:23 +00:00
#
# setup.sh
#
# CLI interface
@test "checking setup.sh: Without arguments: status 1, show help text" {
2016-09-02 07:08:41 +00:00
run ./setup.sh
2017-01-10 13:15:41 +00:00
assert_failure
2020-10-18 00:24:26 +00:00
assert_line --index 1 "Usage: ./setup.sh [-i IMAGE_NAME] [-c CONTAINER_NAME] <subcommand> <subcommand> [args]"
2016-09-01 10:10:23 +00:00
}
2018-04-28 08:27:42 +00:00
2016-09-01 10:10:23 +00:00
@test "checking setup.sh: Wrong arguments" {
run ./setup.sh lol troll
2017-01-10 13:15:41 +00:00
assert_failure
2020-10-18 00:24:26 +00:00
assert_line --index 1 "Usage: ./setup.sh [-i IMAGE_NAME] [-c CONTAINER_NAME] <subcommand> <subcommand> [args]"
2016-09-01 10:10:23 +00:00
}
# email
2019-08-01 13:24:47 +00:00
@test "checking setup.sh: setup.sh email add and login" {
wait_for_service mail changedetector
assert_success
2018-04-28 08:27:42 +00:00
run ./setup.sh -c mail email add setup_email_add@example.com test_password
2017-01-10 13:15:41 +00:00
assert_success
2018-04-02 14:55:54 +00:00
2020-10-18 00:24:26 +00:00
value=$(grep setup_email_add@example.com "$(private_config_path mail)/postfix-accounts.cf" | awk -F '|' '{print $1}')
2020-10-18 00:08:11 +00:00
[ "${value}" = "setup_email_add@example.com" ]
2019-08-01 13:24:47 +00:00
assert_success
2018-04-28 08:27:42 +00:00
2020-10-16 23:15:37 +00:00
wait_for_changes_to_be_detected_in_container mail
2019-08-01 13:24:47 +00:00
2019-08-10 06:34:18 +00:00
# Dovecot has been restarted, but this test often fails so presumably it may not be ready
# Add a short sleep to see if that helps to make the test more stable
# Alternatively we could login with a known good user to make sure that the service is up
2020-04-26 21:07:34 +00:00
wait_for_service mail postfix
wait_for_service mail dovecot
2020-04-24 13:53:44 +00:00
sleep 5
2019-08-10 06:34:18 +00:00
2019-08-16 10:02:23 +00:00
run docker exec mail /bin/bash -c "doveadm auth test -x service=smtp setup_email_add@example.com 'test_password' | grep 'passdb'"
assert_output "passdb: setup_email_add@example.com auth succeeded"
2016-09-01 10:10:23 +00:00
}
2018-04-02 14:55:54 +00:00
2016-09-01 10:10:23 +00:00
@test "checking setup.sh: setup.sh email list" {
run ./setup.sh -c mail email list
2017-01-10 13:15:41 +00:00
assert_success
2016-09-01 10:10:23 +00:00
}
2018-04-02 14:55:54 +00:00
2016-12-21 19:12:05 +00:00
@test "checking setup.sh: setup.sh email update" {
2019-07-28 17:32:01 +00:00
run ./setup.sh -c mail email add lorem@impsum.org test_test
assert_success
2020-10-18 00:24:26 +00:00
initialpass=$(grep lorem@impsum.org "$(private_config_path mail)/postfix-accounts.cf" | awk -F '|' '{print $2}')
2020-10-18 00:08:11 +00:00
[ "${initialpass}" != "" ]
2019-07-28 17:32:01 +00:00
assert_success
2018-04-28 08:27:42 +00:00
run ./setup.sh -c mail email update lorem@impsum.org my password
2019-07-28 17:32:01 +00:00
assert_success
2020-10-18 00:24:26 +00:00
updatepass=$(grep lorem@impsum.org "$(private_config_path mail)/postfix-accounts.cf" | awk -F '|' '{print $2}')
2020-10-18 00:08:11 +00:00
[ "${updatepass}" != "" ]
[ "${initialpass}" != "${updatepass}" ]
2018-04-02 14:55:54 +00:00
2020-10-18 00:08:11 +00:00
docker exec mail doveadm pw -t "${updatepass}" -p 'my password' | grep 'verified'
2018-04-02 14:55:54 +00:00
assert_success
2016-12-21 19:12:05 +00:00
}
2018-04-02 14:55:54 +00:00
2016-09-01 10:10:23 +00:00
@test "checking setup.sh: setup.sh email del" {
2018-03-14 19:00:38 +00:00
run ./setup.sh -c mail email del -y lorem@impsum.org
2017-01-10 13:15:41 +00:00
assert_success
2018-04-28 08:27:42 +00:00
#
# TODO delmailuser does not work as expected.
# Its implementation is not functional, you cannot delete a user data
# directory in the running container by running a new docker container
# and not mounting the mail folders (persistance is broken).
# The add script is only adding the user to account file.
#
# run docker exec mail ls /var/mail/impsum.org/lorem
# assert_failure
2020-10-18 00:24:26 +00:00
run grep lorem@impsum.org "$(private_config_path mail)/postfix-accounts.cf"
2018-03-14 19:00:38 +00:00
assert_failure
2016-09-01 10:10:23 +00:00
}
2018-02-07 20:33:07 +00:00
@test "checking setup.sh: setup.sh email restrict" {
2018-02-13 07:31:12 +00:00
run ./setup.sh -c mail email restrict
2018-02-07 20:33:07 +00:00
assert_failure
run ./setup.sh -c mail email restrict add
assert_failure
./setup.sh -c mail email restrict add send lorem@impsum.org
run ./setup.sh -c mail email restrict list send
assert_output --regexp "^lorem@impsum.org.*REJECT"
run ./setup.sh -c mail email restrict del send lorem@impsum.org
assert_success
run ./setup.sh -c mail email restrict list send
assert_output --partial "Everyone is allowed"
2018-02-13 07:31:12 +00:00
2018-02-07 20:33:07 +00:00
./setup.sh -c mail email restrict add receive rec_lorem@impsum.org
run ./setup.sh -c mail email restrict list receive
assert_output --regexp "^rec_lorem@impsum.org.*REJECT"
run ./setup.sh -c mail email restrict del receive rec_lorem@impsum.org
assert_success
}
2017-04-17 16:27:28 +00:00
# alias
@test "checking setup.sh: setup.sh alias list" {
2018-04-28 08:27:42 +00:00
mkdir -p ./test/alias/config && echo "test@example.org test@forward.com" > ./test/alias/config/postfix-virtual.cf
run ./setup.sh -p ./test/alias/config alias list
2017-04-17 16:27:28 +00:00
assert_success
}
@test "checking setup.sh: setup.sh alias add" {
2018-04-28 08:27:42 +00:00
mkdir -p ./test/alias/config && echo "" > ./test/alias/config/postfix-virtual.cf
./setup.sh -p ./test/alias/config alias add alias@example.com target1@forward.com
./setup.sh -p ./test/alias/config alias add alias@example.com target2@forward.com
sleep 5
run /bin/sh -c 'cat ./test/alias/config/postfix-virtual.cf | grep "alias@example.com target1@forward.com,target2@forward.com" | wc -l | grep 1'
2017-04-17 16:27:28 +00:00
assert_success
}
@test "checking setup.sh: setup.sh alias del" {
2018-04-28 08:27:42 +00:00
# start with a1 -> t1,t2 and a2 -> t1
mkdir -p ./test/alias/config && echo -e 'alias1@example.org target1@forward.com,target2@forward.com\nalias2@example.org target1@forward.com' > ./test/alias/config/postfix-virtual.cf
2018-03-19 19:26:10 +00:00
2018-04-28 08:27:42 +00:00
# we remove a1 -> t1 ==> a1 -> t2 and a2 -> t1
./setup.sh -p ./test/alias/config alias del alias1@example.org target1@forward.com
run grep "target1@forward.com" ./test/alias/config/postfix-virtual.cf
assert_output --regexp "^alias2@example.org +target1@forward.com$"
2018-03-19 19:26:10 +00:00
2018-04-28 08:27:42 +00:00
run grep "target2@forward.com" ./test/alias/config/postfix-virtual.cf
assert_output --regexp "^alias1@example.org +target2@forward.com$"
2018-03-19 19:26:10 +00:00
2018-04-28 08:27:42 +00:00
# we remove a1 -> t2 ==> a2 -> t1
./setup.sh -p ./test/alias/config alias del alias1@example.org target2@forward.com
run grep "alias1@example.org" ./test/alias/config/postfix-virtual.cf
2018-03-19 19:26:10 +00:00
assert_failure
2018-04-28 08:27:42 +00:00
run grep "alias2@example.org" ./test/alias/config/postfix-virtual.cf
2017-04-17 16:27:28 +00:00
assert_success
2018-03-19 19:26:10 +00:00
2018-04-28 08:27:42 +00:00
# we remove a2 -> t1 ==> empty
./setup.sh -p ./test/alias/config alias del alias2@example.org target1@forward.com
run grep "alias2@example.org" ./test/alias/config/postfix-virtual.cf
2018-03-19 19:26:10 +00:00
assert_failure
2017-04-17 16:27:28 +00:00
}
2020-04-24 12:55:32 +00:00
# quota
@test "checking setup.sh: setup.sh setquota" {
mkdir -p ./test/quota/config && echo "" > ./test/quota/config/dovecot-quotas.cf
run ./setup.sh -p ./test/quota/config email add quota_user@example.com test_password
run ./setup.sh -p ./test/quota/config email add quota_user2@example.com test_password
run ./setup.sh -p ./test/quota/config quota set quota_user@example.com 12M
assert_success
run ./setup.sh -p ./test/quota/config quota set 51M quota_user@example.com
assert_failure
run ./setup.sh -p ./test/quota/config quota set unknown@domain.com 150M
assert_failure
run ./setup.sh -p ./test/quota/config quota set quota_user2 51M
assert_failure
run /bin/sh -c 'cat ./test/quota/config/dovecot-quotas.cf | grep -E "^quota_user@example.com\:12M\$" | wc -l | grep 1'
assert_success
run ./setup.sh -p ./test/quota/config quota set quota_user@example.com 26M
assert_success
run /bin/sh -c 'cat ./test/quota/config/dovecot-quotas.cf | grep -E "^quota_user@example.com\:26M\$" | wc -l | grep 1'
assert_success
run grep "quota_user2@example.com" ./test/alias/config/dovecot-quotas.cf
assert_failure
}
@test "checking setup.sh: setup.sh delquota" {
mkdir -p ./test/quota/config && echo "" > ./test/quota/config/dovecot-quotas.cf
run ./setup.sh -p ./test/quota/config email add quota_user@example.com test_password
run ./setup.sh -p ./test/quota/config email add quota_user2@example.com test_password
run ./setup.sh -p ./test/quota/config quota set quota_user@example.com 12M
assert_success
run /bin/sh -c 'cat ./test/quota/config/dovecot-quotas.cf | grep -E "^quota_user@example.com\:12M\$" | wc -l | grep 1'
assert_success
run ./setup.sh -p ./test/quota/config quota del unknown@domain.com
assert_failure
run /bin/sh -c 'cat ./test/quota/config/dovecot-quotas.cf | grep -E "^quota_user@example.com\:12M\$" | wc -l | grep 1'
assert_success
run ./setup.sh -p ./test/quota/config quota del quota_user@example.com
assert_success
run grep "quota_user@example.com" ./test/alias/config/dovecot-quotas.cf
assert_failure
}
2016-09-01 10:10:23 +00:00
# config
@test "checking setup.sh: setup.sh config dkim" {
run ./setup.sh -c mail config dkim
2017-01-10 13:15:41 +00:00
assert_success
2016-09-01 10:10:23 +00:00
}
# TODO: To create a test generate-ssl-certificate must be non interactive
#@test "checking setup.sh: setup.sh config ssl" {
# run ./setup.sh -c mail_ssl config ssl
2017-01-10 13:15:41 +00:00
# assert_success
2016-09-01 10:10:23 +00:00
#}
# debug
@test "checking setup.sh: setup.sh debug fetchmail" {
run ./setup.sh -c mail debug fetchmail
2020-10-18 00:24:26 +00:00
assert_failure 11
assert_output --partial "fetchmail: normal termination, status 11"
2016-09-01 10:10:23 +00:00
}
@test "checking setup.sh: setup.sh debug inspect" {
run ./setup.sh -c mail debug inspect
2017-01-10 13:15:41 +00:00
assert_success
2021-01-16 09:16:05 +00:00
assert_line --index 0 "Image: ${NAME}"
2020-10-18 00:24:26 +00:00
assert_line --index 1 "Container: mail"
2016-09-01 10:10:23 +00:00
}
@test "checking setup.sh: setup.sh debug login ls" {
run ./setup.sh -c mail debug login ls
2017-01-10 13:15:41 +00:00
assert_success
2016-09-01 10:10:23 +00:00
}
2016-10-30 13:11:36 +00:00
2018-04-02 08:45:58 +00:00
@test "checking setup.sh: setup.sh relay add-domain" {
2018-04-28 08:27:42 +00:00
mkdir -p ./test/relay/config && echo -n > ./test/relay/config/postfix-relaymap.cf
./setup.sh -p ./test/relay/config relay add-domain example1.org smtp.relay1.com 2525
./setup.sh -p ./test/relay/config relay add-domain example2.org smtp.relay2.com
./setup.sh -p ./test/relay/config relay add-domain example3.org smtp.relay3.com 2525
./setup.sh -p ./test/relay/config relay add-domain example3.org smtp.relay.com 587
2018-04-02 08:45:58 +00:00
# check adding
2018-04-28 08:27:42 +00:00
run /bin/sh -c 'cat ./test/relay/config/postfix-relaymap.cf | grep -e "^@example1.org\s\+\[smtp.relay1.com\]:2525" | wc -l | grep 1'
2018-04-02 08:45:58 +00:00
assert_success
# test default port
2018-04-28 08:27:42 +00:00
run /bin/sh -c 'cat ./test/relay/config/postfix-relaymap.cf | grep -e "^@example2.org\s\+\[smtp.relay2.com\]:25" | wc -l | grep 1'
2018-04-02 08:45:58 +00:00
assert_success
# test modifying
2018-04-28 08:27:42 +00:00
run /bin/sh -c 'cat ./test/relay/config/postfix-relaymap.cf | grep -e "^@example3.org\s\+\[smtp.relay.com\]:587" | wc -l | grep 1'
2018-04-02 08:45:58 +00:00
assert_success
}
@test "checking setup.sh: setup.sh relay add-auth" {
2018-04-28 08:27:42 +00:00
mkdir -p ./test/relay/config && echo -n > ./test/relay/config/postfix-sasl-password.cf
./setup.sh -p ./test/relay/config relay add-auth example.org smtp_user smtp_pass
./setup.sh -p ./test/relay/config relay add-auth example2.org smtp_user2 smtp_pass2
./setup.sh -p ./test/relay/config relay add-auth example2.org smtp_user2 smtp_pass_new
2018-04-02 08:45:58 +00:00
# test adding
2018-04-28 08:27:42 +00:00
run /bin/sh -c 'cat ./test/relay/config/postfix-sasl-password.cf | grep -e "^@example.org\s\+smtp_user:smtp_pass" | wc -l | grep 1'
2018-04-02 08:45:58 +00:00
assert_success
# test updating
2018-04-28 08:27:42 +00:00
run /bin/sh -c 'cat ./test/relay/config/postfix-sasl-password.cf | grep -e "^@example2.org\s\+smtp_user2:smtp_pass_new" | wc -l | grep 1'
2018-04-02 08:45:58 +00:00
assert_success
}
@test "checking setup.sh: setup.sh relay exclude-domain" {
2018-04-28 08:27:42 +00:00
mkdir -p ./test/relay/config && echo -n > ./test/relay/config/postfix-relaymap.cf
./setup.sh -p ./test/relay/config relay exclude-domain example.org
2018-04-02 08:45:58 +00:00
2018-04-28 08:27:42 +00:00
run /bin/sh -c 'cat ./test/relay/config/postfix-relaymap.cf | grep -e "^@example.org\s*$" | wc -l | grep 1'
2018-04-02 08:45:58 +00:00
assert_success
}
2016-10-30 13:11:36 +00:00
#
# LDAP
#
# postfix
2017-08-09 21:19:00 +00:00
2018-02-27 19:44:45 +00:00
@test "checking dovecot: postmaster address" {
2018-04-05 17:04:55 +00:00
run docker exec mail /bin/sh -c "grep 'postmaster_address = postmaster@my-domain.com' /etc/dovecot/conf.d/15-lda.conf"
2018-02-27 19:44:45 +00:00
assert_success
}
2018-03-07 18:33:43 +00:00
@test "checking spoofing: rejects sender forging" {
# checking rejection of spoofed sender
2020-09-21 23:09:47 +00:00
run docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-spoofed.txt"
assert_output --partial 'Sender address rejected: not owned by user'
2018-03-07 18:33:43 +00:00
}
@test "checking spoofing: accepts sending as alias" {
run docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-spoofed-alias.txt | grep 'End data with'"
assert_success
2016-10-30 13:11:36 +00:00
}
2017-01-03 09:55:03 +00:00
2018-03-18 18:52:28 +00:00
#
# Pflogsumm delivery check
#
@test "checking pflogsum delivery" {
# checking logrotation working and report being sent
docker exec mail logrotate --force /etc/logrotate.d/maillog
sleep 10
run docker exec mail grep "Subject: Postfix Summary for " /var/mail/localhost.localdomain/user1/new/ -R
assert_success
2018-05-01 17:57:31 +00:00
# check sender is the one specified in REPORT_SENDER
run docker exec mail grep "From: report1@mail.my-domain.com" /var/mail/localhost.localdomain/user1/new/ -R
assert_success
# check sender is not the default one.
run docker exec mail grep "From: mailserver-report@mail.my-domain.com" /var/mail/localhost.localdomain/user1/new/ -R
assert_failure
2018-03-18 18:52:28 +00:00
}
2017-01-25 13:10:40 +00:00
#
# PCI compliance
#
# dovecot
@test "checking dovecot: only A grade TLS ciphers are used" {
run docker run --rm -i --link mail:dovecot \
--entrypoint sh instrumentisto/nmap -c \
'nmap --script ssl-enum-ciphers -p 993 dovecot | grep "least strength: A"'
assert_success
}
@test "checking dovecot: nmap produces no warnings on TLS ciphers verifying" {
run docker run --rm -i --link mail:dovecot \
--entrypoint sh instrumentisto/nmap -c \
'nmap --script ssl-enum-ciphers -p 993 dovecot | grep "warnings" | wc -l'
assert_success
assert_output 0
}
2017-09-07 16:08:25 +00:00
# postfix submission TLS
@test "checking postfix submission: only A grade TLS ciphers are used" {
2017-01-25 13:10:40 +00:00
run docker run --rm -i --link mail:postfix \
--entrypoint sh instrumentisto/nmap -c \
'nmap --script ssl-enum-ciphers -p 587 postfix | grep "least strength: A"'
assert_success
}
2017-09-07 16:08:25 +00:00
@test "checking postfix submission: nmap produces no warnings on TLS ciphers verifying" {
2017-01-25 13:10:40 +00:00
run docker run --rm -i --link mail:postfix \
--entrypoint sh instrumentisto/nmap -c \
'nmap --script ssl-enum-ciphers -p 587 postfix | grep "warnings" | wc -l'
assert_success
assert_output 0
}
2017-08-07 15:39:40 +00:00
2017-09-07 16:08:25 +00:00
# postfix smtps SSL
@test "checking postfix smtps: only A grade TLS ciphers are used" {
run docker run --rm -i --link mail:postfix \
--entrypoint sh instrumentisto/nmap -c \
'nmap --script ssl-enum-ciphers -p 465 postfix | grep "least strength: A"'
assert_success
}
@test "checking postfix smtps: nmap produces no warnings on TLS ciphers verifying" {
run docker run --rm -i --link mail:postfix \
--entrypoint sh instrumentisto/nmap -c \
'nmap --script ssl-enum-ciphers -p 465 postfix | grep "warnings" | wc -l'
assert_success
assert_output 0
}
2017-08-07 15:39:40 +00:00
#
# supervisor
#
@test "checking restart of process: postfix" {
run docker exec mail /bin/bash -c "pkill master && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/lib/postfix/sbin/master'"
assert_success
}
@test "checking restart of process: clamd" {
run docker exec mail /bin/bash -c "pkill clamd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
assert_success
}
@test "checking restart of process: amavisd-new" {
2017-10-10 06:15:18 +00:00
run docker exec mail /bin/bash -c "pkill amavi && sleep 12 && ps aux --forest | grep -v grep | grep '/usr/sbin/amavisd-new (master)'"
2017-08-07 15:39:40 +00:00
assert_success
}
@test "checking restart of process: opendkim" {
run docker exec mail /bin/bash -c "pkill opendkim && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/opendkim'"
assert_success
}
@test "checking restart of process: opendmarc" {
run docker exec mail /bin/bash -c "pkill opendmarc && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/opendmarc'"
assert_success
}
2018-04-23 18:35:33 +00:00
#
# root mail delivery
#
@test "checking that mail for root was delivered" {
run docker exec mail grep "Subject: Root Test Message" /var/mail/localhost.localdomain/user1/new/ -R
assert_success
}
2020-09-19 23:09:10 +00:00
@test "last" {
2020-11-05 12:32:42 +00:00
skip 'this test is only there to reliably mark the end for the teardown_file (test.bats finished)'
2020-09-19 23:09:10 +00:00
}