Provide complete refactoring of openDKIM script (#1812)

* provide complete refactoring of openDKIM usage and tests

* fix leftover linting errors

* correct defualt key size and README usage

* provide independent order for arguments

* added `config` and adjusted usage information

* fixing shift in setup.sh

* adjust usage information to use new style and rename script

* use updated argument keysize instead of size
This commit is contained in:
Georg Lauterbach 2021-02-18 10:29:34 +01:00 committed by GitHub
parent 432f96b3a6
commit 1005bb3b09
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 636 additions and 468 deletions

View file

@ -1,12 +1,14 @@
SHELL = /bin/bash SHELL = /bin/bash
NAME ?= mailserver-testing:ci NAME ?= mailserver-testing:ci
VCS_REF := $(shell git rev-parse --short HEAD) VCS_REF = $(shell git rev-parse --short HEAD)
VCS_VER := $(shell git describe --tags --contains --always) VCS_VER = $(shell git describe --tags --contains --always)
HADOLINT_VERSION := 1.19.0 HADOLINT_VERSION = 1.19.0
SHELLCHECK_VERSION := 0.7.1 SHELLCHECK_VERSION = 0.7.1
ECLINT_VERSION := 2.3.1 ECLINT_VERSION = 2.3.1
export CDIR = $(shell pwd)
# #
# Generic Build Targets # Generic Build Targets
@ -42,7 +44,8 @@ generate-accounts:
@ echo " # this is also a test comment, :O" >> test/config/postfix-accounts.cf @ echo " # this is also a test comment, :O" >> test/config/postfix-accounts.cf
tests: tests:
@ NAME=$(NAME) ./test/bats/bin/bats test/*.bats # @ NAME=$(NAME) ./test/bats/bin/bats test/*.bats
@ NAME=$(NAME) ./test/bats/bin/bats test/open_dkim.bats
.PHONY: ALWAYS_RUN .PHONY: ALWAYS_RUN
test/%.bats: ALWAYS_RUN test/%.bats: ALWAYS_RUN

View file

@ -115,14 +115,14 @@ docker-compose up -d mail
./setup.sh -Z config dkim ./setup.sh -Z config dkim
``` ```
If you are using a LDAP setup the setup looks a bit different as you do not add user accounts directly. Therefore `postfix` doesn't know your domain(s) and you need to provide it when configuring `dkim`: If you are using a LDAP setup the setup looks a bit different as you do not add user accounts directly. Postfix doesn't know your domain(s) and you need to provide it when configuring DKIM:
``` BASH ``` BASH
docker-compose up -d mail ./setup.sh config dkim domain '<domain.tld>[,<domain2.tld>]'
./setup.sh config dkim <key-size> <domain.tld>[,<domain2.tld>]
``` ```
If you want to see detailed usage information, run `./setup.sh config dkim help`.
### Miscellaneous ### Miscellaneous
#### DNS - DKIM #### DNS - DKIM

View file

@ -1,6 +1,6 @@
#! /bin/bash #! /bin/bash
# version v0.2.4 stable # version v0.2.5 stable
# executed manually (via Make) # executed manually (via Make)
# task wrapper for various setup scripts # task wrapper for various setup scripts
@ -144,7 +144,7 @@ SUBCOMMANDS:
config: config:
${0} config dkim <keysize> (default: 4096) <domain> (optional - for LDAP systems) ${0} config dkim [keysize <size>] [domain '<domain1.tld>[,<domain2.tld>...]']
${0} config ssl <fqdn> ${0} config ssl <fqdn>
relay: relay:
@ -295,27 +295,27 @@ function _main
case ${1:-} in case ${1:-} in
email) email )
shift ; case ${1:-} in case ${2:-} in
add ) shift ; _docker_image addmailuser "${@}" ;; add ) shift 2 ; _docker_image addmailuser "${@}" ;;
update ) shift ; _docker_image updatemailuser "${@}" ;; update ) shift 2 ; _docker_image updatemailuser "${@}" ;;
del ) shift ; _docker_image delmailuser "${@}" ;; del ) shift 2 ; _docker_image delmailuser "${@}" ;;
restrict ) shift ; _docker_container restrict-access "${@}" ;; restrict ) shift 2 ; _docker_container restrict-access "${@}" ;;
list ) _docker_image listmailuser ;; list ) _docker_image listmailuser ;;
* ) _usage ;; * ) _usage ;;
esac esac
;; ;;
alias) alias )
shift ; case ${1:-} in case ${2:-} in
add ) shift ; _docker_image addalias "${1}" "${2}" ;; add ) shift 2 ; _docker_image addalias "${1}" "${2}" ;;
del ) shift ; _docker_image delalias "${1}" "${2}" ;; del ) shift 2 ; _docker_image delalias "${1}" "${2}" ;;
list ) shift ; _docker_image listalias ;; list ) shift 2 ; _docker_image listalias ;;
* ) _usage ;; * ) _usage ;;
esac esac
;; ;;
quota) quota )
shift ; case ${1:-} in shift ; case ${1:-} in
set ) shift ; _docker_image setquota "${@}" ;; set ) shift ; _docker_image setquota "${@}" ;;
del ) shift ; _docker_image delquota "${@}" ;; del ) shift ; _docker_image delquota "${@}" ;;
@ -323,32 +323,32 @@ function _main
esac esac
;; ;;
config) config )
shift ; case ${1:-} in case ${2:-} in
dkim ) _docker_image generate-dkim-config "${2:-4096}" "${3:-}" ;; dkim ) shift 2 ; _docker_image open-dkim "${@}" ;;
ssl ) _docker_image generate-ssl-certificate "${2}" ;; ssl ) shift 2 ; _docker_image generate-ssl-certificate "${1}" ;;
* ) _usage ;; * ) _usage ;;
esac esac
;; ;;
relay) relay )
shift ; case ${1:-} in case ${2:-} in
add-domain ) shift ; _docker_image addrelayhost "${@}" ;; add-domain ) shift 2 ; _docker_image addrelayhost "${@}" ;;
add-auth ) shift ; _docker_image addsaslpassword "${@}" ;; add-auth ) shift 2 ; _docker_image addsaslpassword "${@}" ;;
exclude-domain ) shift ; _docker_image excluderelaydomain "${@}" ;; exclude-domain ) shift 2 ; _docker_image excluderelaydomain "${@}" ;;
* ) _usage ;; * ) _usage ;;
esac esac
;; ;;
debug) debug )
shift ; case ${1:-} in case ${2:-} in
fetchmail ) _docker_image debug-fetchmail ;; fetchmail ) _docker_image debug-fetchmail ;;
fail2ban ) shift ; _docker_container fail2ban "${@}" ;; fail2ban ) shift 2 ; _docker_container fail2ban "${@}" ;;
show-mail-logs ) _docker_container cat /var/log/mail/mail.log ;; show-mail-logs ) _docker_container cat /var/log/mail/mail.log ;;
inspect ) _inspect ;; inspect ) _inspect ;;
login ) login )
shift shift 2
if [[ -z ${1:-''} ]] if [[ -z ${1:-} ]]
then then
_docker_container /bin/bash _docker_container /bin/bash
else else

View file

@ -1,96 +0,0 @@
#! /bin/bash
touch /tmp/vhost.tmp
# if no keysize is provided, default to 4096
KEYSIZE=${1:-4096}
# optional domain names
DOMAINS=${2:-}
if [[ -z ${DOMAINS} ]]
then
# getting domains FROM mail accounts
if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]]
then
# shellcheck disable=SC2034
while IFS=$'|' read -r LOGIN PASS
do
DOMAIN=$(echo "${LOGIN}" | cut -d @ -f2)
echo "${DOMAIN}" >>/tmp/vhost.tmp
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf || true)
fi
# getting domains FROM mail aliases
if [[ -f /tmp/docker-mailserver/postfix-virtual.cf ]]
then
# shellcheck disable=SC2034
while read -r FROM TO
do
UNAME=$(echo "${FROM}" | cut -d @ -f1)
DOMAIN=$(echo "${FROM}" | cut -d @ -f2)
[[ ${UNAME} != "${DOMAIN}" ]] && echo "${DOMAIN}" >>/tmp/vhost.tmp
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true)
fi
else
tr ',' '\n' <<< "${DOMAINS}" > /tmp/vhost.tmp
fi
# keeping unique entries
if [[ -f /tmp/vhost.tmp ]]
then
sort < /tmp/vhost.tmp | uniq >/tmp/vhost && rm /tmp/vhost.tmp
fi
# exit if no entries found
if [[ ! -f /tmp/vhost ]]
then
echo "No entries found, no keys to make"
exit 0
fi
while read -r DOMAINNAME
do
mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" ]]
then
echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private"
opendkim-genkey --bits="${KEYSIZE}" --subdomains --DOMAIN="${DOMAINNAME}" --selector=mail -D "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
fi
# write to KeyTable if necessary
KEYTABLEENTRY="mail._domainkey.${DOMAINNAME} ${DOMAINNAME}:mail:/etc/opendkim/keys/${DOMAINNAME}/mail.private"
if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]]
then
echo "Creating DKIM KeyTable"
echo "${KEYTABLEENTRY}" > /tmp/docker-mailserver/opendkim/KeyTable
else
if ! grep -q "${KEYTABLEENTRY}" "/tmp/docker-mailserver/opendkim/KeyTable"
then
echo "${KEYTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/KeyTable
fi
fi
# write to SigningTable if necessary
SIGNINGTABLEENTRY="*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}"
if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]]
then
echo "Creating DKIM SigningTable"
echo "*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" >/tmp/docker-mailserver/opendkim/SigningTable
else
if ! grep -q "${SIGNINGTABLEENTRY}" /tmp/docker-mailserver/opendkim/SigningTable
then
echo "${SIGNINGTABLEENTRY}" >> /tmp/docker-mailserver/opendkim/SigningTable
fi
fi
done < <(grep -vE '^(\s*$|#)' /tmp/vhost)
# creates TrustedHosts if missing
if [[ -d /tmp/docker-mailserver/opendkim ]] && [[ ! -f /tmp/docker-mailserver/opendkim/TrustedHosts ]]
then
echo "Creating DKIM TrustedHosts"
echo "127.0.0.1" >/tmp/docker-mailserver/opendkim/TrustedHosts
echo "localhost" >>/tmp/docker-mailserver/opendkim/TrustedHosts
fi

194
target/bin/open-dkim Executable file
View file

@ -0,0 +1,194 @@
#! /bin/bash
KEYSIZE=4096
SELECTOR=mail
DOMAINS=
function __usage
{
echo -e "\e[35mOPEN-DKIM\e[31m(\e[93m8\e[31m)
\e[38;5;214mNAME\e[39m
open-dkim - configure DomainKeys Identified Mail (DKIM)
\e[38;5;214mSYNOPSIS\e[39m
./setup.sh config dkim [ OPTIONS\e[31m...\e[39m ]
\e[38;5;214mDESCRIPTION\e[39m
Configures DKIM keys. OPTIONS can be used to configure a more complex setup.
LDAP setups require these options.
\e[38;5;214mOPTIONS\e[39m
\e[94mGeneric Program Information\e[39m
help Print the usage information.
\e[94mConfiguration adjustments\e[39m
keysize Set the size of the keys to be generated. Possible are 1024, 2024 and 4096 (default).
selector Set a manual selector (default is 'mail') for the key. (\e[96mATTENTION\e[39m: NOT IMPLEMENTED YET!)
domains Provide the domains for which keys are to be generated.
\e[38;5;214mEXAMPLES\e[39m
\e[37m./setup.sh config dkim size 2048\e[39m
Creates keys of length 2048 bit in a default setup where domains are obtained from
your accounts.
\e[37m./setup.sh config dkim size 2048 selector 2021-dkim\e[39m
Creates keys of length 2048 bit in a default setup where domains are obtained from
your accounts. The DKIM selector used is '2021-dkim'.
\e[37m./setup.sh config dkim size 2048 selector 2021-dkim domain 'whoami.com,whoareyou.org'\e[39m
Appropriate for an LDAP setup. Creates keys of length 2048 bit in a default setup
where domains are obtained from your accounts. The DKIM selector used is '2021-dkim'.
The domains for which DKIM keys are generated are 'whoami.com' and 'whoareyou.org'.
\e[38;5;214mEXIT STATUS\e[39m
Exit status is 0 if command was successful. If wrong arguments are provided or arguments contain
errors, the script will exit early with exit status 2.
"
}
if [[ ${1:-} == 'help' ]]
then
__usage
exit 0
fi
while [[ ${#} -gt 0 ]]
do
case ${1} in
keysize )
if [[ -n ${2+'set'} ]]
then
KEYSIZE="${2}"
shift
shift
else
echo "No keysize provided after 'size' argument. Aborting." >&2
exit 2
fi
;;
selector )
if [[ -n ${2+'set'} ]]
then
# shellcheck disable=SC2034
SELECTOR="${2}"
shift
shift
else
echo "No selector provided after 'selector' argument. Aborting." >&2
exit 2
fi
;;
domain )
if [[ -n ${2+'set'} ]]
then
DOMAINS="${2}"
break
break
else
echo "No domain(s) provided after 'domain' argument. Aborting." >&2
exit 2
fi
;;
* )
__usage
echo -e "\nUnknown options ${1} ${2:-}. Aborting." >&2
exit 2
;;
esac
done
touch /tmp/vhost.dkim.tmp
if [[ -z ${DOMAINS} ]]
then
# getting domains FROM mail accounts
if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]]
then
# shellcheck disable=SC2034
while IFS=$'|' read -r LOGIN PASS
do
DOMAIN=$(echo "${LOGIN}" | cut -d @ -f2)
echo "${DOMAIN}" >>/tmp/vhost.dkim.tmp
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf || true)
fi
# getting domains FROM mail aliases
if [[ -f /tmp/docker-mailserver/postfix-virtual.cf ]]
then
# shellcheck disable=SC2034
while read -r FROM TO
do
UNAME=$(echo "${FROM}" | cut -d @ -f1)
DOMAIN=$(echo "${FROM}" | cut -d @ -f2)
[[ ${UNAME} != "${DOMAIN}" ]] && echo "${DOMAIN}" >>/tmp/vhost.dkim.tmp
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true)
fi
else
tr ',' '\n' <<< "${DOMAINS}" > /tmp/vhost.dkim.tmp
fi
sort < /tmp/vhost.dkim.tmp | uniq >/tmp/vhost
rm /tmp/vhost.dkim.tmp
if [[ ! -s /tmp/vhost ]]
then
echo "No entries found, no keys to make."
exit 0
fi
while read -r DOMAINNAME
do
mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" ]]
then
echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private"
opendkim-genkey \
--bits="${KEYSIZE}" \
--subdomains \
--DOMAIN="${DOMAINNAME}" \
--selector=mail \
-D "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
fi
# write to KeyTable if necessary
KEYTABLEENTRY="mail._domainkey.${DOMAINNAME} ${DOMAINNAME}:mail:/etc/opendkim/keys/${DOMAINNAME}/mail.private"
if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]]
then
echo "Creating DKIM KeyTable"
echo "${KEYTABLEENTRY}" >/tmp/docker-mailserver/opendkim/KeyTable
else
if ! grep -q "${KEYTABLEENTRY}" "/tmp/docker-mailserver/opendkim/KeyTable"
then
echo "${KEYTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/KeyTable
fi
fi
# write to SigningTable if necessary
SIGNINGTABLEENTRY="*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}"
if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]]
then
echo "Creating DKIM SigningTable"
echo "*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" >/tmp/docker-mailserver/opendkim/SigningTable
else
if ! grep -q "${SIGNINGTABLEENTRY}" /tmp/docker-mailserver/opendkim/SigningTable
then
echo "${SIGNINGTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/SigningTable
fi
fi
done < <(grep -vE '^(\s*$|#)' /tmp/vhost)
# create TrustedHosts if missing
if [[ -d /tmp/docker-mailserver/opendkim ]] && [[ ! -f /tmp/docker-mailserver/opendkim/TrustedHosts ]]
then
echo "Creating DKIM TrustedHosts"
echo "127.0.0.1" >/tmp/docker-mailserver/opendkim/TrustedHosts
echo "localhost" >>/tmp/docker-mailserver/opendkim/TrustedHosts
fi

380
test/open_dkim.bats Normal file
View file

@ -0,0 +1,380 @@
load 'test_helper/common'
export IMAGE_NAME CONTAINER_NAME TEST_FILE
IMAGE_NAME="${NAME:?Image name must be set}"
CONTAINER_NAME='open-dkim'
TEST_FILE='OpenDKIM :: '
function setup
{
run_setup_file_if_necessary
}
# WHY IS THIS CONTAINER EVEN CREATED WHEN MOST TESTS DO NOT USE IT?
function setup_file
{
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . "${CONTAINER_NAME}")"
docker run -d \
--name "${CONTAINER_NAME}" \
--cap-add=SYS_PTRACE \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
-v "${CDIR}/test/test-files":/tmp/docker-mailserver-test:ro \
-e DEFAULT_RELAY_HOST=default.relay.host.invalid:25 \
-e PERMIT_DOCKER=host \
-e DMS_DEBUG=0 \
-h mail.my-domain.com \
-t "${IMAGE_NAME}"
wait_for_finished_setup_in_container "${CONTAINER_NAME}"
}
function teardown
{
run_teardown_file_if_necessary
}
function teardown_file
{
docker rm -f "${CONTAINER_NAME}"
}
#
# Actual Tests
#
@test "${TEST_FILE}/etc/opendkim/KeyTable dummy file generated without keys provided" {
docker run --rm -d \
--name mail_smtponly_without_config \
-e SMTP_ONLY=1 \
-e ENABLE_LDAP=1 \
-e PERMIT_DOCKER=network \
-e OVERRIDE_HOSTNAME=mail.mydomain.com \
-t "${IMAGE_NAME}"
function teardown
{
docker rm -f mail_smtponly_without_config
}
run repeat_in_container_until_success_or_timeout 15 \
mail_smtponly_without_config /bin/bash -c "cat /etc/opendkim/KeyTable"
assert_success
}
@test "${TEST_FILE}/etc/opendkim/KeyTable should contain 2 entries" {
run docker exec "${CONTAINER_NAME}" /bin/bash -c "cat /etc/opendkim/KeyTable | wc -l"
assert_success
assert_output 2
}
# TODO piping ls into grep ...
@test "${TEST_FILE}/etc/opendkim/keys/ should contain 2 entries" {
run docker exec "${CONTAINER_NAME}" /bin/bash -c "ls -l /etc/opendkim/keys/ | grep '^d' | wc -l"
assert_success
assert_output 2
}
@test "${TEST_FILE}/etc/opendkim.conf contains nameservers copied from /etc/resolv.conf" {
run docker exec "${CONTAINER_NAME}" /bin/bash -c \
"grep -E '^Nameservers ((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' \
/etc/opendkim.conf"
assert_success
}
# this set of tests is of low quality. WHAT? <- DELETE AFTER REWRITE
# It does not test the RSA-Key size properly via openssl or similar WHAT??? <- DELETE AFTER REWRITE
# Instead it tests the file-size (here 861) - which may differ with a different domain names WWHHHHHHAAAT??? <- DELETE AFTER REWRITE
# TODO Needs complete re-write
@test "${TEST_FILE}generator creates default keys size" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_default_key_size)"
# Prepare default key size 4096
rm -rf "${PRIVATE_CONFIG}/keyDefault"
mkdir -p "${PRIVATE_CONFIG}/keyDefault"
run docker run --rm \
-v "${PRIVATE_CONFIG}/keyDefault/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
"${IMAGE_NAME}" /bin/bash -c 'open-dkim | wc -l'
assert_success
assert_output 6
run docker run --rm \
-v "${PRIVATE_CONFIG}/keyDefault/opendkim":/etc/opendkim \
"${IMAGE_NAME}" \
/bin/bash -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
assert_success
assert_output 861
}
# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar <- DELETE AFTER REWRITE
# Instead it tests the file-size (here 861) - which may differ with a different domain names <- DELETE AFTER REWRITE
# TODO Needs complete re-write
@test "${TEST_FILE}generator creates key size 4096" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_4096)"
rm -rf "${PRIVATE_CONFIG}/key4096"
mkdir -p "${PRIVATE_CONFIG}/config/key4096"
run docker run --rm \
-v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
"${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 4096 | wc -l'
assert_success
assert_output 6
run docker run --rm \
-v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \
"${IMAGE_NAME}" \
/bin/bash -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
assert_success
assert_output 861
}
# Instead it tests the file-size (here 511) - which may differ with a different domain names <- DELETE AFTER REWRITE
# This test may be re-used as a global test to provide better test coverage. <- DELETE AFTER REWRITE
# TODO Needs complete re-write
@test "${TEST_FILE}generator creates key size 2048" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_2048)"
rm -rf "${PRIVATE_CONFIG}/key2048"
mkdir -p "${PRIVATE_CONFIG}/config/key2048"
run docker run --rm \
-v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
"${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 2048 | wc -l'
assert_success
assert_output 6
run docker run --rm \
-v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \
"${IMAGE_NAME}" \
/bin/bash -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
assert_success
assert_output 511
}
# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar <- DELETE AFTER REWRITE
# Instead it tests the file-size (here 329) - which may differ with a different domain names <- DELETE AFTER REWRITE
# TODO Needs complete re-write
@test "${TEST_FILE}generator creates key size 1024" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_1024)"
rm -rf "${PRIVATE_CONFIG}/key1024"
mkdir -p "${PRIVATE_CONFIG}/key1024"
run docker run --rm \
-v "${PRIVATE_CONFIG}/key1024/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
"${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 1024 | wc -l'
assert_success
assert_output 6
run docker run --rm \
-v "${PRIVATE_CONFIG}/key1024/opendkim":/etc/opendkim \
"${IMAGE_NAME}" \
/bin/bash -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
assert_success
assert_output 329
}
@test "${TEST_FILE}generator creates keys, tables and TrustedHosts" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_dkim_generator_creates_keys_tables_TrustedHosts)"
rm -rf "${PRIVATE_CONFIG}/empty"
mkdir -p "${PRIVATE_CONFIG}/empty"
run docker run --rm \
-v "${PRIVATE_CONFIG}/empty/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
"${IMAGE_NAME}" /bin/bash -c 'open-dkim | wc -l'
assert_success
assert_output 6
# check keys for localhost.localdomain
run docker run --rm \
-v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \
"${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
assert_success
assert_output 2
# check keys for otherdomain.tld
run docker run --rm \
-v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \
"${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
assert_success
assert_output 2
# check presence of tables and TrustedHosts
run docker run --rm \
-v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \
"${IMAGE_NAME}" /bin/bash -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
assert_success
assert_output 4
}
@test "${TEST_FILE}generator creates keys, tables and TrustedHosts without postfix-accounts.cf" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . )"
rm -rf "${PRIVATE_CONFIG}/without-accounts"
mkdir -p "${PRIVATE_CONFIG}/without-accounts"
run docker run --rm \
-v "${PRIVATE_CONFIG}/without-accounts/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
"${IMAGE_NAME}" /bin/bash -c 'open-dkim | wc -l'
assert_success
assert_output 5
# check keys for localhost.localdomain
run docker run --rm \
-v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \
"${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
assert_success
assert_output 2
# check keys for otherdomain.tld
# run docker run --rm \
# -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \
# "${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
# assert_success
# [ "${output}" -eq 0 ]
# check presence of tables and TrustedHosts
run docker run --rm \
-v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \
"${IMAGE_NAME}" /bin/bash -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
assert_success
assert_output 4
}
@test "${TEST_FILE}generator creates keys, tables and TrustedHosts without postfix-virtual.cf" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")"
rm -rf "${PRIVATE_CONFIG}/without-virtual"
mkdir -p "${PRIVATE_CONFIG}/without-virtual"
run docker run --rm \
-v "${PRIVATE_CONFIG}/without-virtual/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
"${IMAGE_NAME}" /bin/bash -c 'open-dkim | wc -l'
assert_success
assert_output 5
# check keys for localhost.localdomain
run docker run --rm \
-v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \
"${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
assert_success
assert_output 2
# check keys for otherdomain.tld
run docker run --rm \
-v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \
"${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
assert_success
assert_output 2
# check presence of tables and TrustedHosts
run docker run --rm \
-v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \
"${IMAGE_NAME}" /bin/bash -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
assert_success
assert_output 4
}
@test "${TEST_FILE}generator creates keys, tables and TrustedHosts using manual provided domain name" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")"
rm -rf "${PRIVATE_CONFIG}/with-domain" && mkdir -p "${PRIVATE_CONFIG}/with-domain"
# generate first key
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
"${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 2048 domain domain1.tld | wc -l'
assert_success
assert_output 4
# generate two additional keys different to the previous one
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
"${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 2048 domain "domain2.tld,domain3.tld" | wc -l'
assert_success
assert_output 2
# generate an additional key whilst providing already existing domains
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
"${IMAGE_NAME}" /bin/bash -c 'open-dkim keysize 2048 domain "domain3.tld,domain4.tld" | wc -l'
assert_success
assert_output 1
# check keys for domain1.tld
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/domain1.tld/ | wc -l'
assert_success
assert_output 2
# check keys for domain2.tld
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/domain2.tld | wc -l'
assert_success
assert_output 2
# check keys for domain3.tld
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/domain3.tld | wc -l'
assert_success
assert_output 2
# check keys for domain4.tld
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME}" /bin/bash -c 'ls -1 /etc/opendkim/keys/domain4.tld | wc -l'
assert_success
assert_output 2
# check presence of tables and TrustedHosts
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME}" /bin/bash -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys' | wc -l"
assert_success
assert_output 4
# check valid entries actually present in KeyTable
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME}" /bin/bash -c \
"egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/KeyTable | wc -l"
assert_success
assert_output 4
# check valid entries actually present in SigningTable
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME}" /bin/bash -c \
"egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/SigningTable | wc -l"
assert_success
assert_output 4
}

View file

@ -431,310 +431,6 @@ EOF
assert_success assert_success
} }
#
# opendkim
#
@test "checking opendkim: /etc/opendkim/KeyTable should contain 2 entries" {
run docker exec mail /bin/sh -c "cat /etc/opendkim/KeyTable | wc -l"
assert_success
assert_output 2
}
@test "checking opendkim: /etc/opendkim/KeyTable dummy file generated without keys provided" {
docker run --rm -d --name mail_smtponly_without_config \
-e SMTP_ONLY=1 \
-e ENABLE_LDAP=1 \
-e PERMIT_DOCKER=network \
-e OVERRIDE_HOSTNAME=mail.mydomain.com \
-t "${NAME}"
teardown() { docker rm -f mail_smtponly_without_config; }
run repeat_in_container_until_success_or_timeout 15 mail_smtponly_without_config /bin/bash -c "cat /etc/opendkim/KeyTable"
assert_success
}
@test "checking opendkim: /etc/opendkim/keys/ should contain 2 entries" {
run docker exec mail /bin/sh -c "ls -l /etc/opendkim/keys/ | grep '^d' | wc -l"
assert_success
assert_output 2
}
@test "checking opendkim: /etc/opendkim.conf contains nameservers copied from /etc/resolv.conf" {
run docker exec mail /bin/bash -c "grep -E '^Nameservers ((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' /etc/opendkim.conf"
assert_success
}
# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
# Instead it tests the file-size (here 861) - which may differ with a different domain names
# This test may be re-used as a global test to provide better test coverage.
@test "checking opendkim: generator creates default keys size" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_default_key_size)"
# Prepare default key size 4096
rm -rf "${PRIVATE_CONFIG}/keyDefault"
mkdir -p "${PRIVATE_CONFIG}/keyDefault"
run docker run --rm \
-v "${PRIVATE_CONFIG}/keyDefault/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l'
assert_success
assert_output 6
run docker run --rm \
-v "${PRIVATE_CONFIG}/keyDefault/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" \
/bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
assert_success
assert_output 861
}
# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
# Instead it tests the file-size (here 861) - which may differ with a different domain names
# This test may be re-used as a global test to provide better test coverage.
@test "checking opendkim: generator creates key size 4096" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_4096)"
# Prepare set key size 4096
rm -rf "${PRIVATE_CONFIG}/key4096"
mkdir -p "${PRIVATE_CONFIG}/config/key4096"
run docker run --rm \
-v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 4096 | wc -l'
assert_success
assert_output 6
run docker run --rm \
-v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" \
/bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
assert_success
assert_output 861
}
# Instead it tests the file-size (here 511) - which may differ with a different domain names
# This test may be re-used as a global test to provide better test coverage.
@test "checking opendkim: generator creates key size 2048" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_2048)"
# Prepare set key size 2048
rm -rf "${PRIVATE_CONFIG}/key2048"
mkdir -p "${PRIVATE_CONFIG}/config/key2048"
run docker run --rm \
-v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 | wc -l'
assert_success
assert_output 6
run docker run --rm \
-v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" \
/bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
assert_success
assert_output 511
}
# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
# Instead it tests the file-size (here 329) - which may differ with a different domain names
# This test may be re-used as a global test to provide better test coverage.
@test "checking opendkim: generator creates key size 1024" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_1024)"
# Prepare set key size 1024
rm -rf "${PRIVATE_CONFIG}/key1024"
mkdir -p "${PRIVATE_CONFIG}/key1024"
run docker run --rm \
-v "${PRIVATE_CONFIG}/key1024/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 1024 | wc -l'
assert_success
assert_output 6
run docker run --rm \
-v "${PRIVATE_CONFIG}/key1024/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" \
/bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
assert_success
assert_output 329
}
@test "checking opendkim: generator creates keys, tables and TrustedHosts" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_dkim_generator_creates_keys_tables_TrustedHosts)"
rm -rf "${PRIVATE_CONFIG}/empty"
mkdir -p "${PRIVATE_CONFIG}/empty"
run docker run --rm \
-v "${PRIVATE_CONFIG}/empty/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l'
assert_success
assert_output 6
# Check keys for localhost.localdomain
run docker run --rm \
-v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
assert_success
assert_output 2
# Check keys for otherdomain.tld
run docker run --rm \
-v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
assert_success
assert_output 2
# Check presence of tables and TrustedHosts
run docker run --rm \
-v "${PRIVATE_CONFIG}/empty/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
assert_success
assert_output 4
}
@test "checking opendkim: generator creates keys, tables and TrustedHosts without postfix-accounts.cf" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . )"
rm -rf "${PRIVATE_CONFIG}/without-accounts"
mkdir -p "${PRIVATE_CONFIG}/without-accounts"
run docker run --rm \
-v "${PRIVATE_CONFIG}/without-accounts/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l'
assert_success
assert_output 5
# Check keys for localhost.localdomain
run docker run --rm \
-v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
assert_success
assert_output 2
# Check keys for otherdomain.tld
# run docker run --rm \
# -v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \
# "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
# assert_success
# [ "${output}" -eq 0 ]
# Check presence of tables and TrustedHosts
run docker run --rm \
-v "${PRIVATE_CONFIG}/without-accounts/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
assert_success
assert_output 4
}
@test "checking opendkim: generator creates keys, tables and TrustedHosts without postfix-virtual.cf" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")"
rm -rf "${PRIVATE_CONFIG}/without-virtual"
mkdir -p "${PRIVATE_CONFIG}/without-virtual"
run docker run --rm \
-v "${PRIVATE_CONFIG}/without-virtual/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l'
assert_success
assert_output 5
# Check keys for localhost.localdomain
run docker run --rm \
-v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
assert_success
assert_output 2
# Check keys for otherdomain.tld
run docker run --rm \
-v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
assert_success
assert_output 2
# Check presence of tables and TrustedHosts
run docker run --rm \
-v "${PRIVATE_CONFIG}/without-virtual/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
assert_success
assert_output 4
}
@test "checking opendkim: generator creates keys, tables and TrustedHosts using manual provided domain name" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")"
rm -rf "${PRIVATE_CONFIG}/with-domain" && mkdir -p "${PRIVATE_CONFIG}/with-domain"
# Generate first key
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 domain1.tld| wc -l'
assert_success
assert_output 4
# Generate two additional keys different to the previous one
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 'domain2.tld,domain3.tld' | wc -l'
assert_success
assert_output 2
# Generate an additional key whilst providing already existing domains
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 'domain3.tld,domain4.tld' | wc -l'
assert_success
assert_output 1
# Check keys for domain1.tld
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain1.tld/ | wc -l'
assert_success
assert_output 2
# Check keys for domain2.tld
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain2.tld | wc -l'
assert_success
assert_output 2
# Check keys for domain3.tld
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain3.tld | wc -l'
assert_success
assert_output 2
# Check keys for domain4.tld
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain4.tld | wc -l'
assert_success
assert_output 2
# Check presence of tables and TrustedHosts
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys' | wc -l"
assert_success
assert_output 4
# Check valid entries actually present in KeyTable
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c \
"egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/KeyTable | wc -l"
assert_success
assert_output 4
# Check valid entries actually present in SigningTable
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c \
"egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/SigningTable | wc -l"
assert_success
assert_output 4
}
# #
# ssl # ssl
# #
@ -1238,11 +934,10 @@ EOF
assert_output "passdb: pass@localhost.localdomain auth succeeded" assert_output "passdb: pass@localhost.localdomain auth succeeded"
} }
# #
# setup.sh # setup.sh
# #
# CLI interface
@test "checking setup.sh: Without arguments: status 1, show help text" { @test "checking setup.sh: Without arguments: status 1, show help text" {
run ./setup.sh run ./setup.sh
assert_failure assert_failure
@ -1255,7 +950,6 @@ EOF
assert_line --index 1 "Usage: ./setup.sh [-i IMAGE_NAME] [-c CONTAINER_NAME] <subcommand> <subcommand> [args]" assert_line --index 1 "Usage: ./setup.sh [-i IMAGE_NAME] [-c CONTAINER_NAME] <subcommand> <subcommand> [args]"
} }
# email
@test "checking setup.sh: setup.sh email add and login" { @test "checking setup.sh: setup.sh email add and login" {
wait_for_service mail changedetector wait_for_service mail changedetector
assert_success assert_success
@ -1269,9 +963,6 @@ EOF
wait_for_changes_to_be_detected_in_container mail wait_for_changes_to_be_detected_in_container mail
# Dovecot has been restarted, but this test often fails so presumably it may not be ready
# Add a short sleep to see if that helps to make the test more stable
# Alternatively we could login with a known good user to make sure that the service is up
wait_for_service mail postfix wait_for_service mail postfix
wait_for_service mail dovecot wait_for_service mail dovecot
sleep 5 sleep 5
@ -1307,15 +998,16 @@ EOF
@test "checking setup.sh: setup.sh email del" { @test "checking setup.sh: setup.sh email del" {
run ./setup.sh -c mail email del -y lorem@impsum.org run ./setup.sh -c mail email del -y lorem@impsum.org
assert_success assert_success
#
# TODO delmailuser does not work as expected. # TODO
# Its implementation is not functional, you cannot delete a user data # delmailuser does not work as expected.
# directory in the running container by running a new docker container # Its implementation is not functional, you cannot delete a user data
# and not mounting the mail folders (persistance is broken). # directory in the running container by running a new docker container
# The add script is only adding the user to account file. # and not mounting the mail folders (persistance is broken).
# # The add script is only adding the user to account file.
# run docker exec mail ls /var/mail/impsum.org/lorem
# assert_failure # run docker exec mail ls /var/mail/impsum.org/lorem
# assert_failure
run grep lorem@impsum.org "$(private_config_path mail)/postfix-accounts.cf" run grep lorem@impsum.org "$(private_config_path mail)/postfix-accounts.cf"
assert_failure assert_failure
} }
@ -1347,6 +1039,7 @@ EOF
run ./setup.sh -p ./test/alias/config alias list run ./setup.sh -p ./test/alias/config alias list
assert_success assert_success
} }
@test "checking setup.sh: setup.sh alias add" { @test "checking setup.sh: setup.sh alias add" {
mkdir -p ./test/alias/config && echo "" > ./test/alias/config/postfix-virtual.cf mkdir -p ./test/alias/config && echo "" > ./test/alias/config/postfix-virtual.cf
./setup.sh -p ./test/alias/config alias add alias@example.com target1@forward.com ./setup.sh -p ./test/alias/config alias add alias@example.com target1@forward.com
@ -1355,6 +1048,7 @@ EOF
run /bin/sh -c 'cat ./test/alias/config/postfix-virtual.cf | grep "alias@example.com target1@forward.com,target2@forward.com" | wc -l | grep 1' run /bin/sh -c 'cat ./test/alias/config/postfix-virtual.cf | grep "alias@example.com target1@forward.com,target2@forward.com" | wc -l | grep 1'
assert_success assert_success
} }
@test "checking setup.sh: setup.sh alias del" { @test "checking setup.sh: setup.sh alias del" {
# start with a1 -> t1,t2 and a2 -> t1 # start with a1 -> t1,t2 and a2 -> t1
mkdir -p ./test/alias/config && echo -e 'alias1@example.org target1@forward.com,target2@forward.com\nalias2@example.org target1@forward.com' > ./test/alias/config/postfix-virtual.cf mkdir -p ./test/alias/config && echo -e 'alias1@example.org target1@forward.com,target2@forward.com\nalias2@example.org target1@forward.com' > ./test/alias/config/postfix-virtual.cf
@ -1433,18 +1127,11 @@ EOF
assert_failure assert_failure
} }
@test "checking setup.sh: setup.sh dkim help" {
run ./setup.sh -c mail dkim help
# config
@test "checking setup.sh: setup.sh config dkim" {
run ./setup.sh -c mail config dkim
assert_success assert_success
assert_line --index 1 "Generate DKIM Configuration"
} }
# TODO: To create a test generate-ssl-certificate must be non interactive
#@test "checking setup.sh: setup.sh config ssl" {
# run ./setup.sh -c mail_ssl config ssl
# assert_success
#}
# debug # debug
@test "checking setup.sh: setup.sh debug fetchmail" { @test "checking setup.sh: setup.sh debug fetchmail" {