Listen also on the ssl port 465 for clients (#709)

Dockerfile

@@ -193,7 +193,7 @@ RUN chmod +x /usr/local/bin/*
 # Configure supervisor
 COPY target/supervisor/* /etc/supervisor/conf.d/
 
-EXPOSE 25 587 143 993 110 995 4190
+EXPOSE 25 587 143 465 993 110 995 4190
 
 CMD supervisord -c /etc/supervisor/supervisord.conf
 

target/postfix/master.cf

@@ -22,6 +22,19 @@ submission inet n       -       n       -       -       smtpd
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
   -o milter_macro_daemon_name=ORIGINATING
+
+smtps     inet  n       -       n       -       -       smtpd
+  -o syslog_name=postfix/smtps
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_sasl_type=dovecot
+  -o smtpd_sasl_path=private/auth
+  -o smtpd_reject_unlisted_recipient=no
+  -o smtpd_sasl_authenticated_header=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+  -o milter_macro_daemon_name=ORIGINATING
+
 pickup    fifo  n       -       y       60      1       pickup
   -o content_filter=
   -o receive_override_options=no_header_body_checks

test/tests.bats

@@ -1141,6 +1141,8 @@ load 'test_helper/bats-assert/load'
 @test "checking saslauthd: ldap smtp authentication" {
   run docker exec mail_with_ldap /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'"
   assert_success
+  run docker exec mail_with_ldap /bin/sh -c "openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'"
+  assert_success
   run docker exec mail_with_ldap /bin/sh -c "openssl s_client -quiet -starttls smtp -connect 0.0.0.0:587 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'"
   assert_success
 }
@@ -1201,15 +1203,15 @@ load 'test_helper/bats-assert/load'
   assert_output 0
 }
 
-# postfix
+# postfix submission TLS
-@test "checking postfix: only A grade TLS ciphers are used" {
+@test "checking postfix submission: only A grade TLS ciphers are used" {
   run docker run --rm -i --link mail:postfix \
     --entrypoint sh instrumentisto/nmap -c \
       'nmap --script ssl-enum-ciphers -p 587 postfix | grep "least strength: A"'
   assert_success
 }
 
-@test "checking postfix: nmap produces no warnings on TLS ciphers verifying" {
+@test "checking postfix submission: nmap produces no warnings on TLS ciphers verifying" {
   run docker run --rm -i --link mail:postfix \
     --entrypoint sh instrumentisto/nmap -c \
       'nmap --script ssl-enum-ciphers -p 587 postfix | grep "warnings" | wc -l'
@@ -1217,6 +1219,22 @@ load 'test_helper/bats-assert/load'
   assert_output 0
 }
 
+# postfix smtps SSL
+@test "checking postfix smtps: only A grade TLS ciphers are used" {
+  run docker run --rm -i --link mail:postfix \
+    --entrypoint sh instrumentisto/nmap -c \
+      'nmap --script ssl-enum-ciphers -p 465 postfix | grep "least strength: A"'
+  assert_success
+}
+
+@test "checking postfix smtps: nmap produces no warnings on TLS ciphers verifying" {
+  run docker run --rm -i --link mail:postfix \
+    --entrypoint sh instrumentisto/nmap -c \
+      'nmap --script ssl-enum-ciphers -p 465 postfix | grep "warnings" | wc -l'
+  assert_success
+  assert_output 0
+}
+
 
 #
 # supervisor