chore: Merge helpers/sasl.sh into helpers/relay.sh (#2605)

This helper was to support an earlier ENV for SASL auth support. When extracting logic into individual helpers, it was assumed this was separate from relay support, which it appears was not the case.

---

The `SASL_PASSWD` ENV is specified in tests but no longer used. There is no `external-domain.com` relay configured or tested against anywhere in the project.

The ENV was likely used in tests prior to improved relay support that allowed for adding more than a single set of relay credentials.

---

It likewise has no real relevance anywhere else outside of `relay.sh` as it's the only portion of code to operate with it.

It's only relevant for SASL auth as an SMTP client, not the SMTP server (`smtpd`) SASL support that is delegated to Dovecot. Functionality has been completely migrated into `relay.sh` as a result.

Documentation is poor for this ENV, it is unlikely in wide use? Should consider for removal.

---

The ENV has been dependent upon `RELAY_HOST` to actually enable postfix to use `/etc/postfix/sasl_passwd`, thus not likely relevant in existing setups?

---

Migrate `/etc/postfix/sasl_passwd` check from `tests.bats` as it belongs to relay tests.

target/scripts/helpers/index.sh

@@ -17,7 +17,6 @@ function _import_scripts
   source "${PATH_TO_SCRIPTS}/network.sh"
   source "${PATH_TO_SCRIPTS}/postfix.sh"
   source "${PATH_TO_SCRIPTS}/relay.sh"
-  source "${PATH_TO_SCRIPTS}/sasl.sh"
   source "${PATH_TO_SCRIPTS}/ssl.sh"
   source "${PATH_TO_SCRIPTS}/utils.sh"
 }

target/scripts/helpers/relay.sh

@@ -64,16 +64,36 @@ function _env_relay_host
 # `/etc/postfix/sasl_passwd` example at end of file.
 function _relayhost_sasl
 {
-  if [[ ! -f /tmp/docker-mailserver/postfix-sasl-password.cf ]] && [[ -z ${RELAY_USER} || -z ${RELAY_PASSWORD} ]]
+  if [[ ! -f /tmp/docker-mailserver/postfix-sasl-password.cf ]] \
+    && [[ -z ${RELAY_USER} || -z ${RELAY_PASSWORD} ]] \
+    && [[ -z ${SASL_PASSWD} ]]
   then
-    _log 'warn' "No relay auth file found and no default set"
+    _log 'warn' "Missing relay-host mapped credentials provided via ENV, or from postfix-sasl-password.cf"
     return 1
   fi
 
+  _log 'trace' "Adding relay-host credential mappings to Postfix"
+
+  # Start from a new `/etc/postfix/sasl_passwd`:
+  : >/etc/postfix/sasl_passwd
+  chown root:root /etc/postfix/sasl_passwd
+  chmod 0600 /etc/postfix/sasl_passwd
+
+  # SASL_PASSWD is a legacy ENV, not likely in use by any users.
+  #
+  # Single ENV for specifying `<DEFAULT_RELAY_HOST>    <RELAY_USER>:<RELAY_PASSWORD>`,
+  # Where `<DEFAULT_RELAY_HOST>` must match the equivalent ENV,
+  # while the other two have no dependency to their equivalent ENV.
+  # SASL_PASSWD requires `smtp_sasl_password_maps` to be enabled - but that has only
+  # ever been via this function which relies upon RELAY_HOST. Hence redundant.
+  # TODO: Deprecate. Remove on next major version?
+  if [[ -n ${SASL_PASSWD} ]]
+  then
+    echo "${SASL_PASSWD}" >> /etc/postfix/sasl_passwd
+  fi
+
   if [[ -f /tmp/docker-mailserver/postfix-sasl-password.cf ]]
   then
-    _log 'trace' "Adding relay authentication from postfix-sasl-password.cf"
-
     # Add domain-specific auth from config file:
     while read -r LINE
     do
@@ -93,8 +113,6 @@ function _relayhost_sasl
     echo "$(_env_relay_host)    ${RELAY_USER}:${RELAY_PASSWORD}" >> /etc/postfix/sasl_passwd
   fi
 
-  _sasl_set_passwd_permissions
-
   # Technically if only a single relay host is configured, a `static` lookup table could be used instead?:
   # postconf "smtp_sasl_password_maps = static:${RELAY_USER}:${RELAY_PASSWORD}"
   postconf 'smtp_sasl_password_maps = texthash:/etc/postfix/sasl_passwd'
@@ -196,7 +214,6 @@ function _setup_relayhost
   then
     _log 'trace' "Setting up relay hosts (default: ${RELAY_HOST})"
 
-    # Expects `_sasl_passwd_create` was called prior in `setup-stack.sh`
     _relayhost_sasl
     _populate_relayhost_map
 
@@ -208,9 +225,6 @@ function _rebuild_relayhost
 {
   if [[ -n ${RELAY_HOST} ]]
   then
-    # Start from a new `/etc/postfix/sasl_passwd` state:
-    _sasl_passwd_create
-
     _relayhost_sasl
     _populate_relayhost_map
   fi

target/scripts/helpers/sasl.sh

@@ -1,22 +0,0 @@
-#! /bin/bash
-
-function _sasl_passwd_create
-{
-  if [[ -n ${SASL_PASSWD} ]]
-  then
-    # create SASL password
-    echo "${SASL_PASSWD}" > /etc/postfix/sasl_passwd
-    _sasl_set_passwd_permissions
-  else
-    rm -f /etc/postfix/sasl_passwd
-  fi
-}
-
-function _sasl_set_passwd_permissions
-{
-  if [[ -f /etc/postfix/sasl_passwd ]]
-  then
-    chown root:root /etc/postfix/sasl_passwd
-    chmod 0600 /etc/postfix/sasl_passwd
-  fi
-}

target/scripts/start-mailserver.sh

@@ -215,7 +215,6 @@ function _register_functions
   _register_setup_function '_setup_dovecot_hostname'
   _register_setup_function '_setup_postfix_smtputf8'
   _register_setup_function '_setup_postfix_sasl'
-  _register_setup_function '_setup_postfix_sasl_password'
   _register_setup_function '_setup_security_stack'
   _register_setup_function '_setup_postfix_aliases'
   _register_setup_function '_setup_postfix_vhost'

target/scripts/startup/setup-stack.sh

@@ -764,21 +764,6 @@ function _setup_postfix_override_configuration
   fi
 }
 
-function _setup_postfix_sasl_password
-{
-  _log 'debug' 'Setting up Postfix SASL Password'
-
-  # support general SASL password
-  _sasl_passwd_create
-
-  if [[ -f /etc/postfix/sasl_passwd ]]
-  then
-    _log 'trace' 'Loaded SASL_PASSWD'
-  else
-    _log 'debug' "SASL_PASSWD was not provided - '/etc/postfix/sasl_passwd' not created"
-  fi
-}
-
 function _setup_postfix_relay_hosts
 {
   _setup_relayhost

test/mail_privacy.bats

@@ -7,7 +7,6 @@ function setup_file() {
   docker run -d --name mail_privacy \
     -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
     -v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
-    -e SASL_PASSWD="external-domain.com username:password" \
     -e ENABLE_MANAGESIEVE=1 \
     --cap-add=SYS_PTRACE \
     -e PERMIT_DOCKER=host \

test/mail_with_relays.bats

@@ -64,6 +64,11 @@ function teardown_file() {
   assert_output ''
 }
 
+@test "checking relay hosts: sasl_passwd exists" {
+  run docker exec mail_with_relays [ -f /etc/postfix/sasl_passwd ]
+  assert_success
+}
+
 @test "checking relay hosts: auth entry is added" {
   run docker exec mail_with_relays /bin/sh -c 'cat /etc/postfix/sasl_passwd | grep -e "^@domaintwo.tld\s\+smtp_user_2:smtp_password_2" | wc -l'
   assert_success

test/tests.bats

@@ -31,7 +31,6 @@ setup_file() {
     -e SA_SPAM_SUBJECT="SPAM: " \
     -e SA_TAG=-5.0 \
     -e SA_TAG2=2.0 \
-    -e SASL_PASSWD="external-domain.com username:password" \
     -e SPAMASSASSIN_SPAM_TO_INBOX=0 \
     -e SPOOF_PROTECTION=1 \
     -e SSL_TYPE='snakeoil' \
@@ -175,11 +174,6 @@ teardown_file() {
   assert_success
 }
 
-@test "checking sasl: sasl_passwd exists" {
-  run docker exec mail [ -f /etc/postfix/sasl_passwd ]
-  assert_success
-}
-
 #
 # logs
 #