From 1005bb3b0998761aa1bc8396e8faee0f845832c0 Mon Sep 17 00:00:00 2001 From: Georg Lauterbach <44545919+aendeavor@users.noreply.github.com> Date: Thu, 18 Feb 2021 10:29:34 +0100 Subject: [PATCH] Provide complete refactoring of openDKIM script (#1812) * provide complete refactoring of openDKIM usage and tests * fix leftover linting errors * correct defualt key size and README usage * provide independent order for arguments * added `config` and adjusted usage information * fixing shift in setup.sh * adjust usage information to use new style and rename script * use updated argument keysize instead of size --- Makefile | 17 +- README.md | 8 +- setup.sh | 58 ++--- target/bin/generate-dkim-config | 96 -------- target/bin/open-dkim | 194 ++++++++++++++++ test/default_relay_host.bats | 2 +- test/open_dkim.bats | 380 ++++++++++++++++++++++++++++++++ test/tests.bats | 349 ++--------------------------- 8 files changed, 636 insertions(+), 468 deletions(-) delete mode 100755 target/bin/generate-dkim-config create mode 100755 target/bin/open-dkim create mode 100644 test/open_dkim.bats diff --git a/Makefile b/Makefile index 9ca04b34..eb4f3db9 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,14 @@ SHELL = /bin/bash -NAME ?= mailserver-testing:ci -VCS_REF := $(shell git rev-parse --short HEAD) -VCS_VER := $(shell git describe --tags --contains --always) +NAME ?= mailserver-testing:ci +VCS_REF = $(shell git rev-parse --short HEAD) +VCS_VER = $(shell git describe --tags --contains --always) -HADOLINT_VERSION := 1.19.0 -SHELLCHECK_VERSION := 0.7.1 -ECLINT_VERSION := 2.3.1 +HADOLINT_VERSION = 1.19.0 +SHELLCHECK_VERSION = 0.7.1 +ECLINT_VERSION = 2.3.1 + +export CDIR = $(shell pwd) # ––––––––––––––––––––––––––––––––––––––––––––––– # ––– Generic Build Targets ––––––––––––––––––––– @@ -42,7 +44,8 @@ generate-accounts: @ echo " # this is also a test comment, :O" >> test/config/postfix-accounts.cf tests: - @ NAME=$(NAME) ./test/bats/bin/bats test/*.bats +# @ NAME=$(NAME) ./test/bats/bin/bats test/*.bats + @ NAME=$(NAME) ./test/bats/bin/bats test/open_dkim.bats .PHONY: ALWAYS_RUN test/%.bats: ALWAYS_RUN diff --git a/README.md b/README.md index 52b6e266..20a6f55f 100644 --- a/README.md +++ b/README.md @@ -115,14 +115,14 @@ docker-compose up -d mail ./setup.sh -Z config dkim ``` -If you are using a LDAP setup the setup looks a bit different as you do not add user accounts directly. Therefore `postfix` doesn't know your domain(s) and you need to provide it when configuring `dkim`: +If you are using a LDAP setup the setup looks a bit different as you do not add user accounts directly. Postfix doesn't know your domain(s) and you need to provide it when configuring DKIM: ``` BASH -docker-compose up -d mail - -./setup.sh config dkim [,] +./setup.sh config dkim domain '[,]' ``` +If you want to see detailed usage information, run `./setup.sh config dkim help`. + ### Miscellaneous #### DNS - DKIM diff --git a/setup.sh b/setup.sh index 9cbcef5b..3487184a 100755 --- a/setup.sh +++ b/setup.sh @@ -1,6 +1,6 @@ #! /bin/bash -# version v0.2.4 stable +# version v0.2.5 stable # executed manually (via Make) # task wrapper for various setup scripts @@ -144,7 +144,7 @@ SUBCOMMANDS: config: - ${0} config dkim (default: 4096) (optional - for LDAP systems) + ${0} config dkim [keysize ] [domain '[,...]'] ${0} config ssl relay: @@ -295,27 +295,27 @@ function _main case ${1:-} in - email) - shift ; case ${1:-} in - add ) shift ; _docker_image addmailuser "${@}" ;; - update ) shift ; _docker_image updatemailuser "${@}" ;; - del ) shift ; _docker_image delmailuser "${@}" ;; - restrict ) shift ; _docker_container restrict-access "${@}" ;; + email ) + case ${2:-} in + add ) shift 2 ; _docker_image addmailuser "${@}" ;; + update ) shift 2 ; _docker_image updatemailuser "${@}" ;; + del ) shift 2 ; _docker_image delmailuser "${@}" ;; + restrict ) shift 2 ; _docker_container restrict-access "${@}" ;; list ) _docker_image listmailuser ;; * ) _usage ;; esac ;; - alias) - shift ; case ${1:-} in - add ) shift ; _docker_image addalias "${1}" "${2}" ;; - del ) shift ; _docker_image delalias "${1}" "${2}" ;; - list ) shift ; _docker_image listalias ;; + alias ) + case ${2:-} in + add ) shift 2 ; _docker_image addalias "${1}" "${2}" ;; + del ) shift 2 ; _docker_image delalias "${1}" "${2}" ;; + list ) shift 2 ; _docker_image listalias ;; * ) _usage ;; esac ;; - quota) + quota ) shift ; case ${1:-} in set ) shift ; _docker_image setquota "${@}" ;; del ) shift ; _docker_image delquota "${@}" ;; @@ -323,39 +323,39 @@ function _main esac ;; - config) - shift ; case ${1:-} in - dkim ) _docker_image generate-dkim-config "${2:-4096}" "${3:-}" ;; - ssl ) _docker_image generate-ssl-certificate "${2}" ;; + config ) + case ${2:-} in + dkim ) shift 2 ; _docker_image open-dkim "${@}" ;; + ssl ) shift 2 ; _docker_image generate-ssl-certificate "${1}" ;; * ) _usage ;; esac ;; - relay) - shift ; case ${1:-} in - add-domain ) shift ; _docker_image addrelayhost "${@}" ;; - add-auth ) shift ; _docker_image addsaslpassword "${@}" ;; - exclude-domain ) shift ; _docker_image excluderelaydomain "${@}" ;; + relay ) + case ${2:-} in + add-domain ) shift 2 ; _docker_image addrelayhost "${@}" ;; + add-auth ) shift 2 ; _docker_image addsaslpassword "${@}" ;; + exclude-domain ) shift 2 ; _docker_image excluderelaydomain "${@}" ;; * ) _usage ;; esac ;; - debug) - shift ; case ${1:-} in + debug ) + case ${2:-} in fetchmail ) _docker_image debug-fetchmail ;; - fail2ban ) shift ; _docker_container fail2ban "${@}" ;; + fail2ban ) shift 2 ; _docker_container fail2ban "${@}" ;; show-mail-logs ) _docker_container cat /var/log/mail/mail.log ;; inspect ) _inspect ;; login ) - shift - if [[ -z ${1:-''} ]] + shift 2 + if [[ -z ${1:-} ]] then _docker_container /bin/bash else _docker_container /bin/bash -c "${@}" fi ;; - * ) _usage ; exit 1 ;; + * ) _usage ; exit 1 ;; esac ;; diff --git a/target/bin/generate-dkim-config b/target/bin/generate-dkim-config deleted file mode 100755 index dc1f702e..00000000 --- a/target/bin/generate-dkim-config +++ /dev/null @@ -1,96 +0,0 @@ -#! /bin/bash - -touch /tmp/vhost.tmp - -# if no keysize is provided, default to 4096 -KEYSIZE=${1:-4096} -# optional domain names -DOMAINS=${2:-} - -if [[ -z ${DOMAINS} ]] -then - # getting domains FROM mail accounts - if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]] - then - # shellcheck disable=SC2034 - while IFS=$'|' read -r LOGIN PASS - do - DOMAIN=$(echo "${LOGIN}" | cut -d @ -f2) - echo "${DOMAIN}" >>/tmp/vhost.tmp - done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf || true) - fi - - # getting domains FROM mail aliases - if [[ -f /tmp/docker-mailserver/postfix-virtual.cf ]] - then - # shellcheck disable=SC2034 - while read -r FROM TO - do - UNAME=$(echo "${FROM}" | cut -d @ -f1) - DOMAIN=$(echo "${FROM}" | cut -d @ -f2) - - [[ ${UNAME} != "${DOMAIN}" ]] && echo "${DOMAIN}" >>/tmp/vhost.tmp - done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true) - fi -else - tr ',' '\n' <<< "${DOMAINS}" > /tmp/vhost.tmp -fi - -# keeping unique entries -if [[ -f /tmp/vhost.tmp ]] -then - sort < /tmp/vhost.tmp | uniq >/tmp/vhost && rm /tmp/vhost.tmp -fi - -# exit if no entries found -if [[ ! -f /tmp/vhost ]] -then - echo "No entries found, no keys to make" - exit 0 -fi - -while read -r DOMAINNAME -do - mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}" - - if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" ]] - then - echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" - - opendkim-genkey --bits="${KEYSIZE}" --subdomains --DOMAIN="${DOMAINNAME}" --selector=mail -D "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}" - fi - - # write to KeyTable if necessary - KEYTABLEENTRY="mail._domainkey.${DOMAINNAME} ${DOMAINNAME}:mail:/etc/opendkim/keys/${DOMAINNAME}/mail.private" - if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]] - then - echo "Creating DKIM KeyTable" - echo "${KEYTABLEENTRY}" > /tmp/docker-mailserver/opendkim/KeyTable - else - if ! grep -q "${KEYTABLEENTRY}" "/tmp/docker-mailserver/opendkim/KeyTable" - then - echo "${KEYTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/KeyTable - fi - fi - - # write to SigningTable if necessary - SIGNINGTABLEENTRY="*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" - if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]] - then - echo "Creating DKIM SigningTable" - echo "*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" >/tmp/docker-mailserver/opendkim/SigningTable - else - if ! grep -q "${SIGNINGTABLEENTRY}" /tmp/docker-mailserver/opendkim/SigningTable - then - echo "${SIGNINGTABLEENTRY}" >> /tmp/docker-mailserver/opendkim/SigningTable - fi - fi -done < <(grep -vE '^(\s*$|#)' /tmp/vhost) - -# creates TrustedHosts if missing -if [[ -d /tmp/docker-mailserver/opendkim ]] && [[ ! -f /tmp/docker-mailserver/opendkim/TrustedHosts ]] -then - echo "Creating DKIM TrustedHosts" - echo "127.0.0.1" >/tmp/docker-mailserver/opendkim/TrustedHosts - echo "localhost" >>/tmp/docker-mailserver/opendkim/TrustedHosts -fi diff --git a/target/bin/open-dkim b/target/bin/open-dkim new file mode 100755 index 00000000..699199f5 --- /dev/null +++ b/target/bin/open-dkim @@ -0,0 +1,194 @@ +#! /bin/bash + +KEYSIZE=4096 +SELECTOR=mail +DOMAINS= + +function __usage +{ + echo -e "\e[35mOPEN-DKIM\e[31m(\e[93m8\e[31m) + +\e[38;5;214mNAME\e[39m + open-dkim - configure DomainKeys Identified Mail (DKIM) + +\e[38;5;214mSYNOPSIS\e[39m + ./setup.sh config dkim [ OPTIONS\e[31m...\e[39m ] + +\e[38;5;214mDESCRIPTION\e[39m + Configures DKIM keys. OPTIONS can be used to configure a more complex setup. + LDAP setups require these options. + +\e[38;5;214mOPTIONS\e[39m + \e[94mGeneric Program Information\e[39m + help Print the usage information. + + \e[94mConfiguration adjustments\e[39m + keysize Set the size of the keys to be generated. Possible are 1024, 2024 and 4096 (default). + selector Set a manual selector (default is 'mail') for the key. (\e[96mATTENTION\e[39m: NOT IMPLEMENTED YET!) + domains Provide the domains for which keys are to be generated. + +\e[38;5;214mEXAMPLES\e[39m + \e[37m./setup.sh config dkim size 2048\e[39m + Creates keys of length 2048 bit in a default setup where domains are obtained from + your accounts. + + \e[37m./setup.sh config dkim size 2048 selector 2021-dkim\e[39m + Creates keys of length 2048 bit in a default setup where domains are obtained from + your accounts. The DKIM selector used is '2021-dkim'. + + \e[37m./setup.sh config dkim size 2048 selector 2021-dkim domain 'whoami.com,whoareyou.org'\e[39m + Appropriate for an LDAP setup. Creates keys of length 2048 bit in a default setup + where domains are obtained from your accounts. The DKIM selector used is '2021-dkim'. + The domains for which DKIM keys are generated are 'whoami.com' and 'whoareyou.org'. + +\e[38;5;214mEXIT STATUS\e[39m + Exit status is 0 if command was successful. If wrong arguments are provided or arguments contain + errors, the script will exit early with exit status 2. +" +} + +if [[ ${1:-} == 'help' ]] +then + __usage + exit 0 +fi + +while [[ ${#} -gt 0 ]] +do + case ${1} in + keysize ) + if [[ -n ${2+'set'} ]] + then + KEYSIZE="${2}" + shift + shift + else + echo "No keysize provided after 'size' argument. Aborting." >&2 + exit 2 + fi + ;; + + selector ) + if [[ -n ${2+'set'} ]] + then + # shellcheck disable=SC2034 + SELECTOR="${2}" + shift + shift + else + echo "No selector provided after 'selector' argument. Aborting." >&2 + exit 2 + fi + ;; + + domain ) + if [[ -n ${2+'set'} ]] + then + DOMAINS="${2}" + break + break + else + echo "No domain(s) provided after 'domain' argument. Aborting." >&2 + exit 2 + fi + ;; + + * ) + __usage + echo -e "\nUnknown options ${1} ${2:-}. Aborting." >&2 + exit 2 + ;; + + esac +done + +touch /tmp/vhost.dkim.tmp + +if [[ -z ${DOMAINS} ]] +then + # getting domains FROM mail accounts + if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]] + then + # shellcheck disable=SC2034 + while IFS=$'|' read -r LOGIN PASS + do + DOMAIN=$(echo "${LOGIN}" | cut -d @ -f2) + echo "${DOMAIN}" >>/tmp/vhost.dkim.tmp + done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf || true) + fi + + # getting domains FROM mail aliases + if [[ -f /tmp/docker-mailserver/postfix-virtual.cf ]] + then + # shellcheck disable=SC2034 + while read -r FROM TO + do + UNAME=$(echo "${FROM}" | cut -d @ -f1) + DOMAIN=$(echo "${FROM}" | cut -d @ -f2) + + [[ ${UNAME} != "${DOMAIN}" ]] && echo "${DOMAIN}" >>/tmp/vhost.dkim.tmp + done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true) + fi +else + tr ',' '\n' <<< "${DOMAINS}" > /tmp/vhost.dkim.tmp +fi + +sort < /tmp/vhost.dkim.tmp | uniq >/tmp/vhost +rm /tmp/vhost.dkim.tmp + +if [[ ! -s /tmp/vhost ]] +then + echo "No entries found, no keys to make." + exit 0 +fi + +while read -r DOMAINNAME +do + mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}" + + if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" ]] + then + echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" + + opendkim-genkey \ + --bits="${KEYSIZE}" \ + --subdomains \ + --DOMAIN="${DOMAINNAME}" \ + --selector=mail \ + -D "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}" + fi + + # write to KeyTable if necessary + KEYTABLEENTRY="mail._domainkey.${DOMAINNAME} ${DOMAINNAME}:mail:/etc/opendkim/keys/${DOMAINNAME}/mail.private" + if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]] + then + echo "Creating DKIM KeyTable" + echo "${KEYTABLEENTRY}" >/tmp/docker-mailserver/opendkim/KeyTable + else + if ! grep -q "${KEYTABLEENTRY}" "/tmp/docker-mailserver/opendkim/KeyTable" + then + echo "${KEYTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/KeyTable + fi + fi + + # write to SigningTable if necessary + SIGNINGTABLEENTRY="*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" + if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]] + then + echo "Creating DKIM SigningTable" + echo "*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" >/tmp/docker-mailserver/opendkim/SigningTable + else + if ! grep -q "${SIGNINGTABLEENTRY}" /tmp/docker-mailserver/opendkim/SigningTable + then + echo "${SIGNINGTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/SigningTable + fi + fi +done < <(grep -vE '^(\s*$|#)' /tmp/vhost) + +# create TrustedHosts if missing +if [[ -d /tmp/docker-mailserver/opendkim ]] && [[ ! -f /tmp/docker-mailserver/opendkim/TrustedHosts ]] +then + echo "Creating DKIM TrustedHosts" + echo "127.0.0.1" >/tmp/docker-mailserver/opendkim/TrustedHosts + echo "localhost" >>/tmp/docker-mailserver/opendkim/TrustedHosts +fi diff --git a/test/default_relay_host.bats b/test/default_relay_host.bats index 7f865e62..f39a2ea2 100644 --- a/test/default_relay_host.bats +++ b/test/default_relay_host.bats @@ -15,7 +15,7 @@ function setup() { } function teardown() { - docker rm -f mail_with_default_relay + docker rm -f mail_with_default_relay } # diff --git a/test/open_dkim.bats b/test/open_dkim.bats new file mode 100644 index 00000000..ee97bf5d --- /dev/null +++ b/test/open_dkim.bats @@ -0,0 +1,380 @@ +load 'test_helper/common' + +export IMAGE_NAME CONTAINER_NAME TEST_FILE + +IMAGE_NAME="${NAME:?Image name must be set}" +CONTAINER_NAME='open-dkim' +TEST_FILE='OpenDKIM :: ' + +function setup +{ + run_setup_file_if_necessary +} + +# WHY IS THIS CONTAINER EVEN CREATED WHEN MOST TESTS DO NOT USE IT? +function setup_file +{ + local PRIVATE_CONFIG + PRIVATE_CONFIG="$(duplicate_config_for_container . "${CONTAINER_NAME}")" + + docker run -d \ + --name "${CONTAINER_NAME}" \ + --cap-add=SYS_PTRACE \ + -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ + -v "${CDIR}/test/test-files":/tmp/docker-mailserver-test:ro \ + -e DEFAULT_RELAY_HOST=default.relay.host.invalid:25 \ + -e PERMIT_DOCKER=host \ + -e DMS_DEBUG=0 \ + -h mail.my-domain.com \ + -t "${IMAGE_NAME}" + + wait_for_finished_setup_in_container "${CONTAINER_NAME}" +} + +function teardown +{ + run_teardown_file_if_necessary +} + +function teardown_file +{ + docker rm -f "${CONTAINER_NAME}" +} + +# ––––––––––––––––––––––––––––––––––––––––––––––– +# ––– Actual Tests –––––––––––––––––––––––––––––– +# ––––––––––––––––––––––––––––––––––––––––––––––– + +@test "${TEST_FILE}/etc/opendkim/KeyTable dummy file generated without keys provided" { + docker run --rm -d \ + --name mail_smtponly_without_config \ + -e SMTP_ONLY=1 \ + -e ENABLE_LDAP=1 \ + -e PERMIT_DOCKER=network \ + -e OVERRIDE_HOSTNAME=mail.mydomain.com \ + -t "${IMAGE_NAME}" + + function teardown + { + docker rm -f mail_smtponly_without_config + } + + run repeat_in_container_until_success_or_timeout 15 \ + mail_smtponly_without_config /bin/bash -c "cat /etc/opendkim/KeyTable" + assert_success +} + +@test "${TEST_FILE}/etc/opendkim/KeyTable should contain 2 entries" { + run docker exec "${CONTAINER_NAME}" /bin/bash -c "cat /etc/opendkim/KeyTable | wc -l" + assert_success + assert_output 2 +} + +# TODO piping ls into grep ... +@test "${TEST_FILE}/etc/opendkim/keys/ should contain 2 entries" { + run docker exec "${CONTAINER_NAME}" /bin/bash -c "ls -l /etc/opendkim/keys/ | grep '^d' | wc -l" + assert_success + assert_output 2 +} + +@test "${TEST_FILE}/etc/opendkim.conf contains nameservers copied from /etc/resolv.conf" { + run docker exec "${CONTAINER_NAME}" /bin/bash -c \ + "grep -E '^Nameservers ((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' \ + /etc/opendkim.conf" + assert_success +} + +# this set of tests is of low quality. WHAT? <- DELETE AFTER REWRITE +# It does not test the RSA-Key size properly via openssl or similar WHAT??? <- DELETE AFTER REWRITE +# Instead it tests the file-size (here 861) - which may differ with a different domain names WWHHHHHHAAAT??? <- DELETE AFTER REWRITE + +# TODO Needs complete re-write +@test "${TEST_FILE}generator creates default keys size" { + local PRIVATE_CONFIG + PRIVATE_CONFIG="$(duplicate_config_for_container . mail_default_key_size)" + + # Prepare default key size 4096 + rm -rf "${PRIVATE_CONFIG}/keyDefault" + mkdir -p "${PRIVATE_CONFIG}/keyDefault" + + run docker run --rm \ + -v "${PRIVATE_CONFIG}/keyDefault/":/tmp/docker-mailserver/ \ + -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ + -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ + "${IMAGE_NAME}" /bin/bash -c 'open-dkim | wc -l' + + assert_success + assert_output 6 + + run docker run --rm \ + -v "${PRIVATE_CONFIG}/keyDefault/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" \ + /bin/bash -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt' + + assert_success + assert_output 861 +} + +# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar <- DELETE AFTER REWRITE +# Instead it tests the file-size (here 861) - which may differ with a different domain names <- DELETE AFTER REWRITE + +# TODO Needs complete re-write +@test "${TEST_FILE}generator creates key size 4096" { + local PRIVATE_CONFIG + PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_4096)" + + rm -rf "${PRIVATE_CONFIG}/key4096" + mkdir -p "${PRIVATE_CONFIG}/config/key4096" + + run docker run --rm \ + -v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \ + -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ + -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ + "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 4096 | wc -l' + assert_success + assert_output 6 + + run docker run --rm \ + -v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" \ + /bin/bash -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt' + + assert_success + assert_output 861 +} + +# Instead it tests the file-size (here 511) - which may differ with a different domain names <- DELETE AFTER REWRITE +# This test may be re-used as a global test to provide better test coverage. <- DELETE AFTER REWRITE + +# TODO Needs complete re-write +@test "${TEST_FILE}generator creates key size 2048" { + local PRIVATE_CONFIG + PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_2048)" + + rm -rf "${PRIVATE_CONFIG}/key2048" + mkdir -p "${PRIVATE_CONFIG}/config/key2048" + + run docker run --rm \ + -v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \ + -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ + -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ + "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 2048 | wc -l' + assert_success + assert_output 6 + + run docker run --rm \ + -v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" \ + /bin/bash -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt' + + assert_success + assert_output 511 +} + +# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar <- DELETE AFTER REWRITE +# Instead it tests the file-size (here 329) - which may differ with a different domain names <- DELETE AFTER REWRITE + +# TODO Needs complete re-write +@test "${TEST_FILE}generator creates key size 1024" { + local PRIVATE_CONFIG + PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_1024)" + + rm -rf "${PRIVATE_CONFIG}/key1024" + mkdir -p "${PRIVATE_CONFIG}/key1024" + + run docker run --rm \ + -v "${PRIVATE_CONFIG}/key1024/":/tmp/docker-mailserver/ \ + -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ + -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ + "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 1024 | wc -l' + assert_success + assert_output 6 + + run docker run --rm \ + -v "${PRIVATE_CONFIG}/key1024/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" \ + /bin/bash -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt' + + assert_success + assert_output 329 +} + +@test "${TEST_FILE}generator creates keys, tables and TrustedHosts" { + local PRIVATE_CONFIG + PRIVATE_CONFIG="$(duplicate_config_for_container . mail_dkim_generator_creates_keys_tables_TrustedHosts)" + rm -rf "${PRIVATE_CONFIG}/empty" + mkdir -p "${PRIVATE_CONFIG}/empty" + run docker run --rm \ + -v "${PRIVATE_CONFIG}/empty/":/tmp/docker-mailserver/ \ + -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ + -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ + "${IMAGE_NAME}" /bin/bash -c 'open-dkim | wc -l' + assert_success + assert_output 6 + + # check keys for localhost.localdomain + run docker run --rm \ + -v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l' + assert_success + assert_output 2 + + # check keys for otherdomain.tld + run docker run --rm \ + -v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l' + assert_success + assert_output 2 + + # check presence of tables and TrustedHosts + run docker run --rm \ + -v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" /bin/bash -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l" + assert_success + assert_output 4 +} + +@test "${TEST_FILE}generator creates keys, tables and TrustedHosts without postfix-accounts.cf" { + local PRIVATE_CONFIG + PRIVATE_CONFIG="$(duplicate_config_for_container . )" + rm -rf "${PRIVATE_CONFIG}/without-accounts" + mkdir -p "${PRIVATE_CONFIG}/without-accounts" + run docker run --rm \ + -v "${PRIVATE_CONFIG}/without-accounts/":/tmp/docker-mailserver/ \ + -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ + "${IMAGE_NAME}" /bin/bash -c 'open-dkim | wc -l' + assert_success + assert_output 5 + + # check keys for localhost.localdomain + run docker run --rm \ + -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l' + assert_success + assert_output 2 + + # check keys for otherdomain.tld + # run docker run --rm \ + # -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \ + # "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l' + # assert_success + # [ "${output}" -eq 0 ] + # check presence of tables and TrustedHosts + run docker run --rm \ + -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" /bin/bash -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l" + assert_success + assert_output 4 +} + +@test "${TEST_FILE}generator creates keys, tables and TrustedHosts without postfix-virtual.cf" { + local PRIVATE_CONFIG + PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")" + rm -rf "${PRIVATE_CONFIG}/without-virtual" + mkdir -p "${PRIVATE_CONFIG}/without-virtual" + run docker run --rm \ + -v "${PRIVATE_CONFIG}/without-virtual/":/tmp/docker-mailserver/ \ + -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ + "${IMAGE_NAME}" /bin/bash -c 'open-dkim | wc -l' + assert_success + assert_output 5 + + # check keys for localhost.localdomain + run docker run --rm \ + -v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l' + assert_success + assert_output 2 + + # check keys for otherdomain.tld + run docker run --rm \ + -v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l' + assert_success + assert_output 2 + + # check presence of tables and TrustedHosts + run docker run --rm \ + -v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" /bin/bash -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l" + assert_success + assert_output 4 +} + +@test "${TEST_FILE}generator creates keys, tables and TrustedHosts using manual provided domain name" { + local PRIVATE_CONFIG + PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")" + rm -rf "${PRIVATE_CONFIG}/with-domain" && mkdir -p "${PRIVATE_CONFIG}/with-domain" + + # generate first key + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \ + "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 2048 domain domain1.tld | wc -l' + assert_success + assert_output 4 + + # generate two additional keys different to the previous one + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \ + "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 2048 domain "domain2.tld,domain3.tld" | wc -l' + assert_success + assert_output 2 + + # generate an additional key whilst providing already existing domains + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \ + "${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 2048 domain "domain3.tld,domain4.tld" | wc -l' + assert_success + assert_output 1 + + # check keys for domain1.tld + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/domain1.tld/ | wc -l' + assert_success + assert_output 2 + + # check keys for domain2.tld + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/domain2.tld | wc -l' + assert_success + assert_output 2 + + # check keys for domain3.tld + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/domain3.tld | wc -l' + assert_success + assert_output 2 + + # check keys for domain4.tld + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/domain4.tld | wc -l' + assert_success + assert_output 2 + + # check presence of tables and TrustedHosts + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" /bin/bash -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys' | wc -l" + assert_success + assert_output 4 + + # check valid entries actually present in KeyTable + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" /bin/bash -c \ + "egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/KeyTable | wc -l" + assert_success + assert_output 4 + + # check valid entries actually present in SigningTable + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ + "${IMAGE_NAME}" /bin/bash -c \ + "egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/SigningTable | wc -l" + assert_success + assert_output 4 +} diff --git a/test/tests.bats b/test/tests.bats index ebbb1a13..f809e2c6 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -431,310 +431,6 @@ EOF assert_success } -# -# opendkim -# - -@test "checking opendkim: /etc/opendkim/KeyTable should contain 2 entries" { - run docker exec mail /bin/sh -c "cat /etc/opendkim/KeyTable | wc -l" - assert_success - assert_output 2 -} - -@test "checking opendkim: /etc/opendkim/KeyTable dummy file generated without keys provided" { - docker run --rm -d --name mail_smtponly_without_config \ - -e SMTP_ONLY=1 \ - -e ENABLE_LDAP=1 \ - -e PERMIT_DOCKER=network \ - -e OVERRIDE_HOSTNAME=mail.mydomain.com \ - -t "${NAME}" - - teardown() { docker rm -f mail_smtponly_without_config; } - - run repeat_in_container_until_success_or_timeout 15 mail_smtponly_without_config /bin/bash -c "cat /etc/opendkim/KeyTable" - assert_success -} - - -@test "checking opendkim: /etc/opendkim/keys/ should contain 2 entries" { - run docker exec mail /bin/sh -c "ls -l /etc/opendkim/keys/ | grep '^d' | wc -l" - assert_success - assert_output 2 -} - -@test "checking opendkim: /etc/opendkim.conf contains nameservers copied from /etc/resolv.conf" { - run docker exec mail /bin/bash -c "grep -E '^Nameservers ((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' /etc/opendkim.conf" - assert_success -} - - -# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar -# Instead it tests the file-size (here 861) - which may differ with a different domain names -# This test may be re-used as a global test to provide better test coverage. -@test "checking opendkim: generator creates default keys size" { - local PRIVATE_CONFIG - PRIVATE_CONFIG="$(duplicate_config_for_container . mail_default_key_size)" - # Prepare default key size 4096 - rm -rf "${PRIVATE_CONFIG}/keyDefault" - mkdir -p "${PRIVATE_CONFIG}/keyDefault" - - run docker run --rm \ - -v "${PRIVATE_CONFIG}/keyDefault/":/tmp/docker-mailserver/ \ - -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ - -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ - "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l' - assert_success - assert_output 6 - - run docker run --rm \ - -v "${PRIVATE_CONFIG}/keyDefault/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" \ - /bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt' - - assert_success - assert_output 861 -} - -# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar -# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar -# Instead it tests the file-size (here 861) - which may differ with a different domain names -# This test may be re-used as a global test to provide better test coverage. -@test "checking opendkim: generator creates key size 4096" { - local PRIVATE_CONFIG - PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_4096)" - # Prepare set key size 4096 - rm -rf "${PRIVATE_CONFIG}/key4096" - mkdir -p "${PRIVATE_CONFIG}/config/key4096" - run docker run --rm \ - -v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \ - -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ - -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ - "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 4096 | wc -l' - assert_success - assert_output 6 - - run docker run --rm \ - -v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" \ - /bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt' - - assert_success - assert_output 861 -} - -# Instead it tests the file-size (here 511) - which may differ with a different domain names -# This test may be re-used as a global test to provide better test coverage. -@test "checking opendkim: generator creates key size 2048" { - local PRIVATE_CONFIG - PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_2048)" - # Prepare set key size 2048 - rm -rf "${PRIVATE_CONFIG}/key2048" - mkdir -p "${PRIVATE_CONFIG}/config/key2048" - run docker run --rm \ - -v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \ - -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ - -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ - "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 | wc -l' - assert_success - assert_output 6 - - run docker run --rm \ - -v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" \ - /bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt' - - assert_success - assert_output 511 -} - -# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar -# Instead it tests the file-size (here 329) - which may differ with a different domain names -# This test may be re-used as a global test to provide better test coverage. -@test "checking opendkim: generator creates key size 1024" { - local PRIVATE_CONFIG - PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_1024)" - # Prepare set key size 1024 - rm -rf "${PRIVATE_CONFIG}/key1024" - mkdir -p "${PRIVATE_CONFIG}/key1024" - run docker run --rm \ - -v "${PRIVATE_CONFIG}/key1024/":/tmp/docker-mailserver/ \ - -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ - -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ - "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 1024 | wc -l' - assert_success - assert_output 6 - - run docker run --rm \ - -v "${PRIVATE_CONFIG}/key1024/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" \ - /bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt' - - assert_success - assert_output 329 -} - -@test "checking opendkim: generator creates keys, tables and TrustedHosts" { - local PRIVATE_CONFIG - PRIVATE_CONFIG="$(duplicate_config_for_container . mail_dkim_generator_creates_keys_tables_TrustedHosts)" - rm -rf "${PRIVATE_CONFIG}/empty" - mkdir -p "${PRIVATE_CONFIG}/empty" - run docker run --rm \ - -v "${PRIVATE_CONFIG}/empty/":/tmp/docker-mailserver/ \ - -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ - -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ - "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l' - assert_success - assert_output 6 - # Check keys for localhost.localdomain - run docker run --rm \ - -v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l' - assert_success - assert_output 2 - # Check keys for otherdomain.tld - run docker run --rm \ - -v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l' - assert_success - assert_output 2 - # Check presence of tables and TrustedHosts - run docker run --rm \ - -v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l" - assert_success - assert_output 4 -} - -@test "checking opendkim: generator creates keys, tables and TrustedHosts without postfix-accounts.cf" { - local PRIVATE_CONFIG - PRIVATE_CONFIG="$(duplicate_config_for_container . )" - rm -rf "${PRIVATE_CONFIG}/without-accounts" - mkdir -p "${PRIVATE_CONFIG}/without-accounts" - run docker run --rm \ - -v "${PRIVATE_CONFIG}/without-accounts/":/tmp/docker-mailserver/ \ - -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ - "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l' - assert_success - assert_output 5 - # Check keys for localhost.localdomain - run docker run --rm \ - -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l' - assert_success - assert_output 2 - # Check keys for otherdomain.tld - # run docker run --rm \ - # -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \ - # "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l' - # assert_success - # [ "${output}" -eq 0 ] - # Check presence of tables and TrustedHosts - run docker run --rm \ - -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l" - assert_success - assert_output 4 -} - -@test "checking opendkim: generator creates keys, tables and TrustedHosts without postfix-virtual.cf" { - local PRIVATE_CONFIG - PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")" - rm -rf "${PRIVATE_CONFIG}/without-virtual" - mkdir -p "${PRIVATE_CONFIG}/without-virtual" - run docker run --rm \ - -v "${PRIVATE_CONFIG}/without-virtual/":/tmp/docker-mailserver/ \ - -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ - "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l' - assert_success - assert_output 5 - # Check keys for localhost.localdomain - run docker run --rm \ - -v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l' - assert_success - assert_output 2 - # Check keys for otherdomain.tld - run docker run --rm \ - -v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l' - assert_success - assert_output 2 - # Check presence of tables and TrustedHosts - run docker run --rm \ - -v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l" - assert_success - assert_output 4 -} - -@test "checking opendkim: generator creates keys, tables and TrustedHosts using manual provided domain name" { - local PRIVATE_CONFIG - PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")" - rm -rf "${PRIVATE_CONFIG}/with-domain" && mkdir -p "${PRIVATE_CONFIG}/with-domain" - # Generate first key - run docker run --rm \ - -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \ - "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 domain1.tld| wc -l' - assert_success - assert_output 4 - # Generate two additional keys different to the previous one - run docker run --rm \ - -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \ - "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 'domain2.tld,domain3.tld' | wc -l' - assert_success - assert_output 2 - # Generate an additional key whilst providing already existing domains - run docker run --rm \ - -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \ - "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 'domain3.tld,domain4.tld' | wc -l' - assert_success - assert_output 1 - # Check keys for domain1.tld - run docker run --rm \ - -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain1.tld/ | wc -l' - assert_success - assert_output 2 - # Check keys for domain2.tld - run docker run --rm \ - -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain2.tld | wc -l' - assert_success - assert_output 2 - # Check keys for domain3.tld - run docker run --rm \ - -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain3.tld | wc -l' - assert_success - assert_output 2 - # Check keys for domain4.tld - run docker run --rm \ - -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain4.tld | wc -l' - assert_success - assert_output 2 - # Check presence of tables and TrustedHosts - run docker run --rm \ - -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys' | wc -l" - assert_success - assert_output 4 - # Check valid entries actually present in KeyTable - run docker run --rm \ - -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c \ - "egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/KeyTable | wc -l" - assert_success - assert_output 4 - # Check valid entries actually present in SigningTable - run docker run --rm \ - -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c \ - "egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/SigningTable | wc -l" - assert_success - assert_output 4 -} - # # ssl # @@ -1238,11 +934,10 @@ EOF assert_output "passdb: pass@localhost.localdomain auth succeeded" } -# -# setup.sh -# +# ––––––––––––––––––––––––––––––––––––––––––––––– +# ––– setup.sh –––––––––––––––––––––––––––––––––– +# ––––––––––––––––––––––––––––––––––––––––––––––– -# CLI interface @test "checking setup.sh: Without arguments: status 1, show help text" { run ./setup.sh assert_failure @@ -1255,7 +950,6 @@ EOF assert_line --index 1 "Usage: ./setup.sh [-i IMAGE_NAME] [-c CONTAINER_NAME] [args]" } -# email @test "checking setup.sh: setup.sh email add and login" { wait_for_service mail changedetector assert_success @@ -1269,9 +963,6 @@ EOF wait_for_changes_to_be_detected_in_container mail - # Dovecot has been restarted, but this test often fails so presumably it may not be ready - # Add a short sleep to see if that helps to make the test more stable - # Alternatively we could login with a known good user to make sure that the service is up wait_for_service mail postfix wait_for_service mail dovecot sleep 5 @@ -1307,15 +998,16 @@ EOF @test "checking setup.sh: setup.sh email del" { run ./setup.sh -c mail email del -y lorem@impsum.org assert_success -# -# TODO delmailuser does not work as expected. -# Its implementation is not functional, you cannot delete a user data -# directory in the running container by running a new docker container -# and not mounting the mail folders (persistance is broken). -# The add script is only adding the user to account file. -# -# run docker exec mail ls /var/mail/impsum.org/lorem -# assert_failure + + # TODO + # delmailuser does not work as expected. + # Its implementation is not functional, you cannot delete a user data + # directory in the running container by running a new docker container + # and not mounting the mail folders (persistance is broken). + # The add script is only adding the user to account file. + + # run docker exec mail ls /var/mail/impsum.org/lorem + # assert_failure run grep lorem@impsum.org "$(private_config_path mail)/postfix-accounts.cf" assert_failure } @@ -1347,6 +1039,7 @@ EOF run ./setup.sh -p ./test/alias/config alias list assert_success } + @test "checking setup.sh: setup.sh alias add" { mkdir -p ./test/alias/config && echo "" > ./test/alias/config/postfix-virtual.cf ./setup.sh -p ./test/alias/config alias add alias@example.com target1@forward.com @@ -1355,6 +1048,7 @@ EOF run /bin/sh -c 'cat ./test/alias/config/postfix-virtual.cf | grep "alias@example.com target1@forward.com,target2@forward.com" | wc -l | grep 1' assert_success } + @test "checking setup.sh: setup.sh alias del" { # start with a1 -> t1,t2 and a2 -> t1 mkdir -p ./test/alias/config && echo -e 'alias1@example.org target1@forward.com,target2@forward.com\nalias2@example.org target1@forward.com' > ./test/alias/config/postfix-virtual.cf @@ -1433,18 +1127,11 @@ EOF assert_failure } - - -# config -@test "checking setup.sh: setup.sh config dkim" { - run ./setup.sh -c mail config dkim +@test "checking setup.sh: setup.sh dkim help" { + run ./setup.sh -c mail dkim help assert_success + assert_line --index 1 "Generate DKIM Configuration" } -# TODO: To create a test generate-ssl-certificate must be non interactive -#@test "checking setup.sh: setup.sh config ssl" { -# run ./setup.sh -c mail_ssl config ssl -# assert_success -#} # debug @test "checking setup.sh: setup.sh debug fetchmail" {