Listen also on the ssl port 465 for clients (#709)

2024-01-19 02:48:50 +00:00 · 2017-09-07 18:08:25 +02:00 · 2017-09-07 18:08:25 +02:00 · 0fe86e796b
parent 1c75cabcfd
commit 0fe86e796b
3 changed files with 35 additions and 4 deletions
--- a/2
+++ b/2
@ -193,7 +193,7 @@ RUN chmod +x /usr/local/bin/*
 # Configure supervisor
 COPY target/supervisor/* /etc/supervisor/conf.d/

-EXPOSE 25 587 143 993 110 995 4190
+EXPOSE 25 587 143 465 993 110 995 4190

 CMD supervisord -c /etc/supervisor/supervisord.conf

--- a/target/postfix/master.cf
+++ b/target/postfix/master.cf
@ -22,6 +22,19 @@ submission inet n       -       n       -       -       smtpd
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
+
+smtps     inet  n       -       n       -       -       smtpd
+  -o syslog_name=postfix/smtps
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_sasl_type=dovecot
+  -o smtpd_sasl_path=private/auth
+  -o smtpd_reject_unlisted_recipient=no
+  -o smtpd_sasl_authenticated_header=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+  -o milter_macro_daemon_name=ORIGINATING
+
 pickup    fifo  n       -       y       60      1       pickup
  -o content_filter=
  -o receive_override_options=no_header_body_checks
--- a/test/tests.bats
+++ b/test/tests.bats
@ -1141,6 +1141,8 @@ load 'test_helper/bats-assert/load'
@test "checking saslauthd: ldap smtp authentication" {
  run docker exec mail_with_ldap /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'"
  assert_success
+  run docker exec mail_with_ldap /bin/sh -c "openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'"
+  assert_success
  run docker exec mail_with_ldap /bin/sh -c "openssl s_client -quiet -starttls smtp -connect 0.0.0.0:587 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'"
  assert_success
 }
@ -1201,15 +1203,15 @@ load 'test_helper/bats-assert/load'
  assert_output 0
 }

-# postfix
-@test "checking postfix: only A grade TLS ciphers are used" {
+# postfix submission TLS
+@test "checking postfix submission: only A grade TLS ciphers are used" {
  run docker run --rm -i --link mail:postfix \
    --entrypoint sh instrumentisto/nmap -c \
      'nmap --script ssl-enum-ciphers -p 587 postfix | grep "least strength: A"'
  assert_success
 }

-@test "checking postfix: nmap produces no warnings on TLS ciphers verifying" {
+@test "checking postfix submission: nmap produces no warnings on TLS ciphers verifying" {
  run docker run --rm -i --link mail:postfix \
    --entrypoint sh instrumentisto/nmap -c \
      'nmap --script ssl-enum-ciphers -p 587 postfix | grep "warnings" | wc -l'
@ -1217,6 +1219,22 @@ load 'test_helper/bats-assert/load'
  assert_output 0
 }

+# postfix smtps SSL
+@test "checking postfix smtps: only A grade TLS ciphers are used" {
+  run docker run --rm -i --link mail:postfix \
+    --entrypoint sh instrumentisto/nmap -c \
+      'nmap --script ssl-enum-ciphers -p 465 postfix | grep "least strength: A"'
+  assert_success
+}
+
+@test "checking postfix smtps: nmap produces no warnings on TLS ciphers verifying" {
+  run docker run --rm -i --link mail:postfix \
+    --entrypoint sh instrumentisto/nmap -c \
+      'nmap --script ssl-enum-ciphers -p 465 postfix | grep "warnings" | wc -l'
+  assert_success
+  assert_output 0
+}
+

 #
 # supervisor