Merge branch 'master' into update-base-image

.gitattributes

@@ -10,7 +10,7 @@
 *.yml               text
 ### Documentation (Project, Tests, Docs site)
 *.md                text
-### TLS certs (test/test-files/) + DHE params (target/shared/)
+### TLS certs (test/files/) + DHE params (target/shared/)
 *.pem               text
 *.pem.sha512sum     text
 
@@ -90,9 +90,9 @@ TrustedHosts        text
 whitelist_recipients text
 
 ## MISC
-### test/config/ + test/test-files/
+### test/config/ + test/files/
 *.txt               text
-### test/linting/ (.ecrc.json) + test/test-files/ (*.acme.json):
+### test/linting/ (.ecrc.json) + test/files/ (*.acme.json):
 *.json              text
 
 #################################################

CHANGELOG.md

@@ -2,7 +2,7 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased](https://github.com/docker-mailserver/docker-mailserver/compare/v13.0.0...HEAD)
+## [Unreleased](https://github.com/docker-mailserver/docker-mailserver/compare/v13.1.0...HEAD)
 
 > **Note**: Changes and additions listed here are contained in the `:edge` image tag. These changes may not be as stable as released changes.
 
@@ -23,6 +23,28 @@ The most noteworthy change of this release is the update of the container's base
     - `smtpd_relay_restrictions` (relay policy) is now evaluated after `smtpd_recipient_restrictions` (spam policy). Previously it was evaluated before `smtpd_recipient_restrictions`. Mail to be relayed via DMS must now pass through the spam policy first.
     - The TLS fingerprint policy has changed the default from MD5 to SHA256 (_DMS does not modify this Postfix parameter, but may affect any user customizations that do_).
 
+### Security
+
+DMS is now secured against the [recently published spoofing attack "SMTP Smuggling"](https://www.postfix.org/smtp-smuggling.html) that affected Postfix ([#3727](https://github.com/docker-mailserver/docker-mailserver/pull/3727)):
+- Postfix upgraded from `3.5.18` to `3.5.23` which provides the [long-term fix with `smtpd_forbid_bare_newline = yes`](https://www.postfix.org/smtp-smuggling.html#long)
+- If you are unable to upgrade to this release of DMS, you may follow [these instructions](https://github.com/docker-mailserver/docker-mailserver/issues/3719#issuecomment-1870865118) for applying the [short-term workaround](https://www.postfix.org/smtp-smuggling.html#short).
+- This change should not cause compatibility concerns for legitimate mail clients, however if you use software like `netcat` to send mail to DMS (_like our test-suite previously did_) it may now be rejected (_especially with the the short-term workaround `smtpd_data_restrictions = reject_unauth_pipelining`_).
+- **NOTE:** This Postfix update also includes the new parameter [`smtpd_forbid_bare_newline_exclusions`](https://www.postfix.org/postconf.5.html#smtpd_forbid_bare_newline_exclusions) which defaults to `$mynetworks` for excluding trusted mail clients excluded from the restriction.
+  - With our default `PERMIT_DOCKER=none` this is not a concern.
+  - Presently the Docker daemon config has `user-proxy: true` enabled by default.
+    - On a host that can be reached by IPv6, this will route to a DMS IPv4 only container implicitly through the Docker network bridge gateway which rewrites the source address.
+    - If your `PERMIT_DOCKER` setting allows that gateway IP, then it is part of `$mynetworks` and this attack would not be prevented from such connections.
+    - If this affects your deployment, refer to [our IPv6 docs](https://docker-mailserver.github.io/docker-mailserver/v13.2/config/advanced/ipv6/) for advice on handling IPv6 correctly in Docker. Alternatively [use our `postfix-main.cf`](https://docker-mailserver.github.io/docker-mailserver/v13.2/config/advanced/override-defaults/postfix/) to set `smtpd_forbid_bare_newline_exclusions=` as empty.
+
+### Updates
+
+- The test suite now uses `swaks` instead of `nc`, which has multiple benefits ([#3732](https://github.com/docker-mailserver/docker-mailserver/pull/3732)):
+  - `swaks` handles pipelining correctly, hence we can now use `reject_unauth_pipelining` in Postfix's configuration.
+  - `swaks` provides better CLI options that make many files superflous.
+  - `swaks` can also replace `openssl s_client` and handles authentication on submission ports better.
+
+## [v13.1.0](https://github.com/docker-mailserver/docker-mailserver/releases/tag/v13.1.0)
+
 ### Added
 
 - **Dovecot:**
@@ -35,7 +57,8 @@ The most noteworthy change of this release is the update of the container's base
 ### Updates
 
 - **Documentation:**
-  - Raise awareness in the troubleshooting page for a common misconfiguration when deviating from our advice by using a bare domain ([#3680](https://github.com/docker-mailserver/docker-mailserver/pull/3680))
+  - Debugging - Raise awareness in the troubleshooting page for a common misconfiguration when deviating from our advice by using a bare domain ([#3680](https://github.com/docker-mailserver/docker-mailserver/pull/3680))
+  - Debugging - Raise awareness of temporary downtime during certificate renewal that can cause a failure to deliver local mail ([#3718](https://github.com/docker-mailserver/docker-mailserver/pull/3718))
 - **Internal:**
   - Postfix configures `virtual_mailbox_maps` and `virtual_transport` during startup instead of using defaults (configured for Dovecot) via our `main.cf` ([#3681](https://github.com/docker-mailserver/docker-mailserver/pull/3681))
   - Updates to `packages.sh`:
@@ -51,6 +74,7 @@ The most noteworthy change of this release is the update of the container's base
   - `VERSION` is no longer included in the image ([#3711](https://github.com/docker-mailserver/docker-mailserver/pull/3711))
   - Update-check: fix 'read' exit status ([#3688](https://github.com/docker-mailserver/docker-mailserver/pull/3688))
   - `ENABLE_QUOTAS=0` no longer tries to remove non-existent config ([#3715](https://github.com/docker-mailserver/docker-mailserver/pull/3715))
+  - The `postgrey` service now writes logs to the supervisor directory like all other services. Previously this was `/var/log/mail/mail.log` ([#3724](https://github.com/docker-mailserver/docker-mailserver/pull/3724))
 - **Rspamd:**
   - Switch to official arm64 packages to avoid segfaults ([#3686](https://github.com/docker-mailserver/docker-mailserver/pull/3686))
 - **CI / Automation:**

VERSION

@@ -1 +1 @@
-13.0.1
+13.1.0

docs/content/config/debugging.md

@@ -55,6 +55,8 @@ Common logs related to this are:
 
 If your logs look like this, you likely have [assigned the same FQDN to the DMS `hostname` and your mail accounts][gh-issues::dms-fqdn-misconfigured] which is not supported by default. You can either adjust your DMS `hostname` or follow [this FAQ advice][docs::faq-bare-domain]
 
+It is also possible that [DMS services are temporarily unavailable][gh-issues::dms-services-unavailable] when configuration changes are detected, producing the 2nd error. Certificate updates may be a less obvious trigger.
+
 ## Steps for Debugging DMS
 
 1. **Increase log verbosity**: Very helpful for troubleshooting problems during container startup. Set the environment variable [`LOG_LEVEL`][docs-environment-log-level] to `debug` or `trace`.
@@ -126,6 +128,7 @@ This could be from outdated software, or running a system that isn't able to pro
 
 [gh-issues]: https://github.com/docker-mailserver/docker-mailserver/issues
 [gh-issues::dms-fqdn-misconfigured]: https://github.com/docker-mailserver/docker-mailserver/issues/3679#issuecomment-1837609043
+[gh-issues::dms-services-unavailable]: https://github.com/docker-mailserver/docker-mailserver/issues/3679#issuecomment-1848083358
 [gh-macos-support]: https://github.com/docker-mailserver/docker-mailserver/issues/3648#issuecomment-1822774080
 [gh-discuss-roundcube-fail2ban]: https://github.com/orgs/docker-mailserver/discussions/3273#discussioncomment-5654603
 

target/postfix/main.cf

@@ -57,6 +57,12 @@ smtpd_sender_restrictions = $dms_smtpd_sender_restrictions
 smtpd_discard_ehlo_keywords = silent-discard, dsn
 disable_vrfy_command = yes
 
+# Security - Prevent SMTP Smuggling attack
+# https://www.postfix.org/smtp-smuggling.html#long
+smtpd_forbid_bare_newline = yes
+# It is possible to exclude clients on trusted networks from this restriction (the upstream default is `$mynetwork`):
+# smtpd_forbid_bare_newline_exclusions = $mynetworks
+
 # Custom defined parameters for DMS:
 dms_smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain
 # Submission ports 587 and 465 support for SPOOF_PROTECTION=1

target/scripts/build/packages.sh

@@ -117,7 +117,7 @@ function _install_packages() {
   # `bind9-dnsutils` provides the `dig` command
   # `iputils-ping` provides the `ping` command
   DEBUG_PACKAGES=(
-    bind9-dnsutils iputils-ping less nano
+    bind9-dnsutils iputils-ping less nano swaks
   )
 
   apt-get "${QUIET}" --no-install-recommends install \

target/supervisor/conf.d/supervisor-app.conf

@@ -83,8 +83,8 @@ startsecs=0
 stopwaitsecs=55
 autostart=false
 autorestart=true
-stdout_logfile=/var/log/mail/mail.log
-stderr_logfile=/var/log/mail/mail.log
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
 command=/usr/sbin/postgrey --inet=127.0.0.1:10023 --syslog-facility=mail --delay="%(ENV_POSTGREY_DELAY)s" --max-age="%(ENV_POSTGREY_MAX_AGE)s" --auto-whitelist-clients="%(ENV_POSTGREY_AUTO_WHITELIST_CLIENTS)s" --greylist-text="%(ENV_POSTGREY_TEXT)s"
 
 [program:amavis]

test/files/emails/amavis/spam.txt

@@ -1,13 +1,6 @@
-HELO mail.external.tld
-MAIL FROM: spam@external.tld
-RCPT TO: user1@localhost.localdomain
-DATA
 From: Docker Mail Server <dockermailserver@external.tld>
 To: Existing Local User <user1@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
-Subject: Test Message amavis-spam.txt
+Subject: Test Message amavis/spam.txt
 This is a test mail.
 XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
-
-.
-QUIT

test/files/emails/amavis/virus.txt

@@ -1,11 +1,7 @@
-HELO mail.external.tld
-MAIL FROM: virus@external.tld
-RCPT TO: user1@localhost.localdomain
-DATA
 From: Docker Mail Server <dockermailserver@external.tld>
 To: Existing Local User <user1@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
-Subject: Test Message amavis-virus.txt
+Subject: Test Message amavis/virus.txt
 
 Content-type: multipart/mixed; boundary="emailboundary"
 MIME-version: 1.0
@@ -27,6 +23,3 @@ ACAA/4EAAAAAZWljYXIuY29tUEsFBgAAAAABAAEANwAAAGsAAAAAAA==
 
 
 --emailboundary--
-
-.
-QUIT

test/files/emails/auth/added-smtp-auth-spoofed-alias.txt

@@ -1,14 +1,5 @@
-EHLO mail
-AUTH LOGIN dXNlcjFAbG9jYWxob3N0LmxvY2FsZG9tYWlu
-bXlwYXNzd29yZA==
-MAIL FROM: alias1@localhost.localdomain
-RCPT TO: user1@localhost.localdomain
-DATA
 From: user1_alias <alias1@localhost.localdomain>
 To: Existing Local User <user1@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message
 This is a test mail.
-
-.
-QUIT

test/files/emails/auth/added-smtp-auth-spoofed.txt

@@ -1,14 +1,5 @@
-EHLO mail
-AUTH LOGIN YWRkZWRAbG9jYWxob3N0LmxvY2FsZG9tYWlu
-bXlwYXNzd29yZA==
-MAIL FROM: user2@localhost.localdomain
-RCPT TO: user1@localhost.localdomain
-DATA
 From: Not_My_Business <user2@localhost.localdomain>
 To: Existing Local User <user1@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message
 This is a test mail.
-
-.
-QUIT

test/files/emails/auth/ldap-smtp-auth-spoofed-alias.txt

@@ -1,15 +1,5 @@
-EHLO mail
-AUTH LOGIN
-c29tZS51c2VyQGxvY2FsaG9zdC5sb2NhbGRvbWFpbg==
-c2VjcmV0
-MAIL FROM: postmaster@localhost.localdomain
-RCPT TO: some.user@localhost.localdomain
-DATA
 From: alias_address <postmaster@localhost.localdomain>
 To: Existing Local User <some.user@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message
 This is a test mail from ldap-smtp-auth-spoofed-alias.txt
-
-.
-QUIT

test/files/emails/auth/ldap-smtp-auth-spoofed-sender-with-filter-exception.txt

@@ -1,15 +1,5 @@
-EHLO mail
-AUTH LOGIN
-c29tZS51c2VyLmVtYWlsQGxvY2FsaG9zdC5sb2NhbGRvbWFpbgo=
-c2VjcmV0
-MAIL FROM: randomspoofedaddress@localhost.localdomain
-RCPT TO: some.user@localhost.localdomain
-DATA
 From: spoofed_address <randomspoofedaddress@localhost.localdomain>
 To: Existing Local User <some.user@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message
 This is a test mail from ldap-smtp-auth-spoofed-sender-with-filter-exception.txt
-
-.
-QUIT

test/files/emails/auth/ldap-smtp-auth-spoofed.txt

@@ -1,15 +1,5 @@
-EHLO mail
-AUTH LOGIN
-c29tZS51c2VyQGxvY2FsaG9zdC5sb2NhbGRvbWFpbg==
-c2VjcmV0
-MAIL FROM: ldap@localhost.localdomain
-RCPT TO: user1@localhost.localdomain
-DATA
 From: forged_address <ldap@localhost.localdomain>
 To: Existing Local User <user1@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message
 This is a test mail.
-
-.
-QUIT

test/files/emails/existing/added.txt

@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: added@localhost.localdomain
-DATA
 From: Docker Mail Server <dockermailserver@external.tld>
 To: Existing Local User <added@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message existing-added.txt
 This is a test mail.
-
-.
-QUIT

test/files/emails/existing/alias-external.txt

@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: alias1@localhost.localdomain
-DATA
 From: Docker Mail Server <dockermailserver@external.tld>
 To: Existing Local User <alias1@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message existing-alias-external.txt
 This is a test mail.
-
-.
-QUIT

test/files/emails/existing/alias-local.txt

@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: alias2@localhost.localdomain
-DATA
 From: Docker Mail Server <dockermailserver@external.tld>
 To: Existing Local Alias <alias2@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message existing-alias-local.txt
 This is a test mail.
-
-.
-QUIT

test/files/emails/existing/alias-recipient-delimiter.txt

@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: alias1~test@localhost.localdomain
-DATA
 From: Docker Mail Server <dockermailserver@external.tld>
 To: Existing Local Alias With Delimiter <alias1+test@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message existing-alias-recipient-delimiter.txt
 This is a test mail.
-
-.
-QUIT

test/files/emails/existing/catchall-local.txt

@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: wildcard@localdomain2.com
-DATA
 From: Docker Mail Server <dockermailserver@external.tld>
 To: Existing Local User <wildcard@localdomain2.com>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message existing-catchall-local.txt
 This is a test mail.
-
-.
-QUIT

test/files/emails/existing/regexp-alias-external.txt

@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: bounce-always@localhost.localdomain
-DATA
 From: Docker Mail Server <dockermailserver@external.tld>
 To: Existing Local User <bounce-always@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message existing-regexp-alias-external.txt
 This is a test mail.
-
-.
-QUIT

test/files/emails/existing/regexp-alias-local.txt

@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: test123@localhost.localdomain
-DATA
 From: Docker Mail Server <dockermailserver@external.tld>
 To: Existing Local User <test123@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message existing-regexp-alias-local.txt
 This is a test mail.
-
-.
-QUIT

test/files/emails/existing/user-and-cc-local-alias.txt

@@ -1,13 +1,6 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: user1@localhost.localdomain
-DATA
 From: Docker Mail Server <dockermailserver@external.tld>
 To: Existing Local User <user1@localhost.localdomain>
 Cc: Existing Local Alias <alias2@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message existing-user-and-cc-local-alias.txt
 This is a test mail.
-
-.
-QUIT

test/files/emails/existing/user1.txt

@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: user1@localhost.localdomain
-DATA
 From: Docker Mail Server <dockermailserver@external.tld>
 To: Existing Local User <user1@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message existing-user1.txt
 This is a test mail.
-
-.
-QUIT

test/files/emails/non-existing-user.txt

@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: nouser@localhost.localdomain
-DATA
 From: Docker Mail Server <dockermailserver@external.tld>
 To: Existing Local User <user1@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message non-existing-user.txt
 This is a test mail.
-
-.
-QUIT

test/files/emails/postgrey.txt

@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: user1@localhost.localdomain
-DATA
 From: Docker Mail Server <dockermailserver@external.tld>
 To: Existing Local User <user1@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Postgrey Test Message
 This is a test mail.
-
-.
-QUIT

test/files/emails/postscreen.txt

@@ -0,0 +1,5 @@
+From: Docker Mail Server <user@external.tld>
+To: Existing Local User <user1@localhost.localdomain>
+Date: Sat, 22 May 2010 07:43:25 -0400
+Subject: Test Message postscreen.txt
+This is a test mail for postscreen.

test/files/emails/privacy.txt

@@ -1,15 +1,6 @@
-EHLO mail
-AUTH LOGIN dXNlcjFAbG9jYWxob3N0LmxvY2FsZG9tYWlu
-bXlwYXNzd29yZA==
-mail from: <user1@localhost.localdomain>
-rcpt to: <user1@localhost.localdomain>
-data
 From: Some User <user1@localhost.localdomain>
 To: Some User <user1@localhost.localdomain>
 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0)
   Gecko/20100101 Thunderbird/52.2.1
 Subject: Test ESMTP Auth LOGIN and remove privacy
 This is a test mail.
-
-.
-QUIT

test/files/emails/quota-exceeded.txt

@@ -1,7 +1,3 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: quotauser@otherdomain.tld
-DATA
 From: Docker Mail Server <user@external.tld>
 To: Existing Local User <quotauser@otherdomain.tld>
 Date: Sat, 22 May 2010 07:43:25 -0400
@@ -20,6 +16,3 @@ Et voluptatum nobis ut odio voluptatem et quibusdam fugit ut libero sapiente vel
 Sit sint obcaecati et reiciendis tenetur aut dolorum culpa. Ab veritatis maxime qui necessitatibus facilis eum voluptate asperiores non totam omnis. Nam modi officia in reiciendis odit sit rerum laudantium est rerum voluptatem ut fugit cupiditate! Sit atque sint aut delectus omnis ut asperiores enim quo reprehenderit quae! In quasi nemo ut error totam ut quia harum ut commodi tenetur? Non quod dolorum eum explicabo labore vel asperiores quas est perferendis nulla eum nemo tenetur. Ut libero blanditiis ex voluptatibus repudiandae ab reiciendis nemo id debitis impedit hic quia incidunt sed quam excepturi ut magnam odit. Qui dolor deleniti aut sunt voluptas aut blanditiis distinctio nam omnis deleniti hic omnis rerum eum magni voluptatem. Nam labore facere eum molestiae dolorum ea consectetur praesentium ut cupiditate iste ad magnam aut neque maiores! Et excepturi ducimus ut nemo voluptas eum voluptas nihil hic perferendis quos vel quasi nesciunt est praesentium dolore hic quia quis. Et maxime ducimus ea cupiditate voluptatem ad quia dolores!
 
 Sed quos quaerat vel aperiam minus non sapiente quia ut ratione dolore eum officiis rerum. Non dolor vitae qui facilis dignissimos aut voluptate odit et ullam consequuntur. Et laudantium perspiciatis sit nisi temporibus a temporibus itaque ut iure dolor a voluptatum mollitia eos officia nobis et quibusdam voluptas. Amet eligendi eos nulla corporis et blanditiis nihil vel eveniet veritatis et sunt perferendis id molestiae eius! Quo harum quod aut nemo autem ut adipisci sint sed quia sunt. Aut voluptas error ut quae perferendis eos adipisci internos. Nam rerum fugiat aut minima nostrum quo repellendus quas exercitationem tenetur. Et molestiae architecto id quibusdam reprehenderit et magnam aliquam! Quo tempora veritatis At dolorem sint ex nulla blanditiis At voluptas laudantium est molestiae exercitationem et sequi voluptates aut ipsa atque. Et animi ipsum aut atque recusandae ea nemo ullam non quisquam quos sit libero sint vel libero delectus. Eos labore quidem a velit obcaecati nam explicabo consequatur eos maxime blanditiis? Et ipsam molestiae non quia explicabo ex galisum repudiandae et tempora veniam. Sed optio repellendus ut consequatur temporibus et harum quas hic ipsa officia? Aut dolores ipsum sit nulla dignissimos id quia perferendis aut dolores dolor et quibusdam porro aut Quis consequatur.
-
-.
-QUIT

test/files/emails/rspamd/pass.txt

@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: pass@example.test
-RCPT TO: user1@localhost.localdomain
-DATA
 From: Docker Mail Server <pass@example.test>
 To: Existing Local User <user1@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
-Subject: Test Message rspamd-pass.txt
+Subject: Test Message rspamd/pass.txt
 This mail should pass and Rspamd should not mark it.
-
-.
-QUIT

test/files/emails/rspamd/spam-header.txt

@@ -1,12 +1,5 @@
-HELO mail.example.test
-MAIL FROM: spam-header@example.test
-RCPT TO: user1@localhost.localdomain
-DATA
 From: Docker Mail Server <spam-header@example.test>
 To: Existing Local User <user1@localhost.localdomain>
 Date: Sat, 21 Jan 2023 11:11:11 +0000
 Subject: Test Message rspamd-spam-header.txt
 YJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
-
-.
-QUIT

test/files/emails/rspamd/spam.txt

@@ -1,12 +1,5 @@
-HELO mail.example.test
-MAIL FROM: spam@example.test
-RCPT TO: user1@localhost.localdomain
-DATA
 From: Docker Mail Server <spam@example.test>
 To: Existing Local User <user1@localhost.localdomain>
 Date: Sat, 21 Jan 2023 11:11:11 +0000
 Subject: Test Message rspamd-spam.txt
 XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
-
-.
-QUIT

test/files/emails/rspamd/virus.txt

@@ -1,12 +1,5 @@
-HELO mail.example.test
-MAIL FROM: virus@example.test
-RCPT TO: user1@localhost.localdomain
-DATA
 From: Docker Mail Server <virus@example.test>
 To: Existing Local User <user1@localhost.localdomain>
 Date: Sat, 21 Jan 2023 11:11:11 +0000
 Subject: Test Message rspamd-virus.txt
 X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
-
-.
-QUIT

test/files/emails/sieve/pipe.txt

@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: user2@otherdomain.tld
-DATA
 From: Sieve-pipe-test <sieve.pipe@external.tld>
 To: Existing Local User <user2@otherdomain.tld>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Sieve pipe test message
 This is a test mail to sieve pipe.
-
-.
-QUIT

test/files/emails/sieve/spam-folder.txt

@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: user1@localhost.localdomain
-DATA
 From: Spambot <spam@spam.com>
 To: Existing Local User <alias2@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message sieve-spam-folder.txt
 This is a test mail.
-
-.
-QUIT

test/helper/common.bash

@@ -469,5 +469,19 @@ function _print_mail_log_for_id() {
   _run_in_container grep -F "${MAIL_ID}" /var/log/mail.log
 }
 
+# A simple wrapper for netcat (`nc`). This is useful when sending
+# "raw" e-mails or doing IMAP-related work.
+#
+# @param ${1} = the file that is given to `nc`
+# @param ${1} = custom parameters for `nc` [OPTIONAL] (default: 0.0.0.0 25)
+function _nc_wrapper() {
+  local FILE=${1:?Must provide name of template file}
+  local NC_PARAMETERS=${2:-0.0.0.0 25}
+
+  [[ -v CONTAINER_NAME ]] || return 1
+
+  _run_in_container_bash "nc ${NC_PARAMETERS} < /tmp/docker-mailserver-test/${FILE}.txt"
+}
+
 # ? << Miscellaneous helper functions
 # ! -------------------------------------------------------------------

test/helper/sending.bash

@@ -8,11 +8,12 @@
 # ! ATTENTION: This file requires helper functions from `common.sh`!
 
 # Sends a mail from localhost (127.0.0.1) to a container. To send
-# a custom email, create a file at `test/test-files/<TEST FILE>`,
+# a custom email, create a file at `test/files/<TEST FILE>`,
 # and provide `<TEST FILE>` as an argument to this function.
 #
-# @param ${1} = template file (path) name
-# @param ${2} = parameters for `nc` [OPTIONAL] (default: `0.0.0.0 25`)
+# Parameters include all options that one can supply to `swaks`
+# itself. The `--data` parameter expects a relative path from `emails/`
+# where the contents will be implicitly provided to `swaks` via STDIN.
 #
 # ## Attention
 #
@@ -23,17 +24,42 @@
 # send the email but it will not make sure the mail queue is empty after the mail
 # has been sent.
 function _send_email() {
-  local TEMPLATE_FILE=${1:?Must provide name of template file}
-  local NC_PARAMETERS=${2:-0.0.0.0 25}
+  [[ -v CONTAINER_NAME ]] || return 1
 
-  assert_not_equal "${NC_PARAMETERS}" ''
-  assert_not_equal "${CONTAINER_NAME:-}" ''
+  # Parameter defaults common to our testing needs:
+  local EHLO='mail.external.tld'
+  local FROM='user@external.tld'
+  local TO='user1@localhost.localdomain'
+  local SERVER='0.0.0.0'
+  local PORT=25
+  # Extra options for `swaks` that aren't covered by the default options above:
+  local ADDITIONAL_SWAKS_OPTIONS=()
+  # Specifically for handling `--data` option below:
+  local FINAL_SWAKS_OPTIONS=()
 
-  _run_in_container_bash "nc ${NC_PARAMETERS} < /tmp/docker-mailserver-test/${TEMPLATE_FILE}.txt"
-  assert_success
+  while [[ ${#} -gt 0 ]]; do
+    case "${1}" in
+      ( '--ehlo' )   EHLO=${2:?--ehlo given but no argument}     ; shift 2 ;;
+      ( '--from' )   FROM=${2:?--from given but no argument}     ; shift 2 ;;
+      ( '--to' )     TO=${2:?--to given but no argument}         ; shift 2 ;;
+      ( '--server' ) SERVER=${2:?--server given but no argument} ; shift 2 ;;
+      ( '--port' )   PORT=${2:?--port given but no argument}     ; shift 2 ;;
+      ( '--data' )
+        local TEMPLATE_FILE="/tmp/docker-mailserver-test/emails/${2:?--data given but no argument provided}.txt"
+        FINAL_SWAKS_OPTIONS+=('--data')
+        FINAL_SWAKS_OPTIONS+=('-')
+        FINAL_SWAKS_OPTIONS+=('<')
+        FINAL_SWAKS_OPTIONS+=("${TEMPLATE_FILE}")
+        shift 2
+        ;;
+      ( * ) ADDITIONAL_SWAKS_OPTIONS+=("${1}") ; shift 1 ;;
+    esac
+  done
+
+  _run_in_container_bash "swaks --server ${SERVER} --port ${PORT} --ehlo ${EHLO} --from ${FROM} --to ${TO} ${ADDITIONAL_SWAKS_OPTIONS[*]} ${FINAL_SWAKS_OPTIONS[*]}"
 }
 
-# Like `_send_mail` with two major differences:
+# Like `_send_email` with two major differences:
 #
 # 1. this function waits for the mail to be processed; there is no asynchronicity
 #    because filtering the logs in a synchronous way is easier and safer!
@@ -42,8 +68,7 @@ function _send_email() {
 # No. 2 is especially useful in case you send more than one email in a single
 # test file and need to assert certain log entries for each mail individually.
 #
-# @param ${1} = template file (path) name
-# @param ${2} = parameters for `nc` [OPTIONAL] (default: `0.0.0.0 25`)
+# This function takes the same arguments as `_send_mail`.
 #
 # ## Attention
 #
@@ -57,17 +82,13 @@ function _send_email() {
 # chosen. Sending more than one mail at any given point in time with this function
 # is UNDEFINED BEHAVIOR!
 function _send_email_and_get_id() {
-  local TEMPLATE_FILE=${1:?Must provide name of template file}
-  local NC_PARAMETERS=${2:-0.0.0.0 25}
+  [[ -v CONTAINER_NAME ]] || return 1
+
+  _wait_for_empty_mail_queue_in_container
+  _send_email "${@}"
+  _wait_for_empty_mail_queue_in_container
+
   local MAIL_ID
-
-  assert_not_equal "${NC_PARAMETERS}" ''
-  assert_not_equal "${CONTAINER_NAME:-}" ''
-
-  _wait_for_empty_mail_queue_in_container
-  _send_email "${TEMPLATE_FILE}"
-  _wait_for_empty_mail_queue_in_container
-
   # The unique ID Postfix (and other services) use may be different in length
   # on different systems (e.g. amd64 (11) vs aarch64 (10)). Hence, we use a
   # range to safely capture it.

test/helper/setup.bash

@@ -98,7 +98,7 @@ function _init_with_defaults() {
 
   # Common complimentary test files, read-only safe to share across containers:
   export TEST_FILES_CONTAINER_PATH='/tmp/docker-mailserver-test'
-  export TEST_FILES_VOLUME="${REPOSITORY_ROOT}/test/test-files:${TEST_FILES_CONTAINER_PATH}:ro"
+  export TEST_FILES_VOLUME="${REPOSITORY_ROOT}/test/files:${TEST_FILES_CONTAINER_PATH}:ro"
 
   # The config volume cannot be read-only as some data needs to be written at container startup
   #

test/test-files/auth/added-smtp-auth-login-wrong.txt

@@ -1,4 +0,0 @@
-EHLO mail
-AUTH LOGIN YWRkZWRAbG9jYWxob3N0LmxvY2FsZG9tYWlu
-Bn3JKisq4HQ2RO==
-QUIT

test/test-files/auth/added-smtp-auth-login.txt

@@ -1,4 +0,0 @@
-EHLO mail
-AUTH LOGIN YWRkZWRAbG9jYWxob3N0LmxvY2FsZG9tYWlu
-bXlwYXNzd29yZA==
-QUIT

test/test-files/auth/added-smtp-auth-plain-wrong.txt

@@ -1,3 +0,0 @@
-EHLO mail
-AUTH PLAIN YWRkZWRAbG9jYWxob3N0LmxvY2FsZG9tYWluAGFkZGVkQGxvY2FsaG9zdC5sb2NhbGRvbWFpbgBCQURQQVNTV09SRA==
-QUIT

test/test-files/auth/added-smtp-auth-plain.txt

@@ -1,3 +0,0 @@
-EHLO mail
-AUTH PLAIN YWRkZWRAbG9jYWxob3N0LmxvY2FsZG9tYWluAGFkZGVkQGxvY2FsaG9zdC5sb2NhbGRvbWFpbgBteXBhc3N3b3Jk
-QUIT

test/test-files/auth/sasl-ldap-smtp-auth.txt

@@ -1,5 +0,0 @@
-EHLO mail
-AUTH LOGIN
-c29tZS51c2VyQGxvY2FsaG9zdC5sb2NhbGRvbWFpbg==
-c2VjcmV0
-QUIT

test/test-files/auth/smtp-auth-login-wrong.txt

@@ -1,4 +0,0 @@
-EHLO mail
-AUTH LOGIN dXNlcjFAbG9jYWxob3N0LmxvY2FsZG9tYWlu
-Bn3JKisq4HQ2RO==
-QUIT

test/test-files/auth/smtp-auth-login.txt

@@ -1,4 +0,0 @@
-EHLO mail
-AUTH LOGIN dXNlcjFAbG9jYWxob3N0LmxvY2FsZG9tYWlu
-bXlwYXNzd29yZA==
-QUIT

test/test-files/auth/smtp-auth-plain-wrong.txt

@@ -1,3 +0,0 @@
-EHLO mail
-AUTH PLAIN WRONGPASSWORD
-QUIT

test/test-files/auth/smtp-auth-plain.txt

@@ -1,3 +0,0 @@
-EHLO mail
-AUTH PLAIN dXNlcjFAbG9jYWxob3N0LmxvY2FsZG9tYWluAHVzZXIxQGxvY2FsaG9zdC5sb2NhbGRvbWFpbgBteXBhc3N3b3Jk
-QUIT

test/test-files/email-templates/existing-user2.txt

@@ -1,12 +0,0 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: user2@otherdomain.tld
-DATA
-From: Docker Mail Server <dockermailserver@external.tld>
-To: Existing Local User <user2@otherdomain.tld>
-Date: Sat, 22 May 2010 07:43:25 -0400
-Subject: Test Message existing-user2.txt
-This is a test mail.
-
-.
-QUIT

test/test-files/email-templates/existing-user3.txt

@@ -1,12 +0,0 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: user3@localhost.localdomain
-DATA
-From: Docker Mail Server <dockermailserver@external.tld>
-To: Existing Local User <user1@localhost.localdomain>
-Date: Sat, 22 May 2010 07:43:33 -0400
-Subject: Test Message existing-user1.txt
-This is a test mail.
-
-.
-QUIT

test/test-files/email-templates/smtp-ehlo.txt

@@ -1,2 +0,0 @@
-EHLO mail.localhost
-QUIT

test/tests/parallel/set1/dovecot/dovecot_quotas.bats

@@ -225,9 +225,12 @@ function teardown_file() { _default_teardown ; }
   sleep 10
 
   # send some big emails
-  _send_email 'email-templates/quota-exceeded' '0.0.0.0 25'
-  _send_email 'email-templates/quota-exceeded' '0.0.0.0 25'
-  _send_email 'email-templates/quota-exceeded' '0.0.0.0 25'
+  _send_email --to 'quotauser@otherdomain.tld' --data 'quota-exceeded'
+  assert_success
+  _send_email --to 'quotauser@otherdomain.tld' --data 'quota-exceeded'
+  assert_success
+  _send_email --to 'quotauser@otherdomain.tld' --data 'quota-exceeded'
+  assert_success
   # check for quota warn message existence
   run _repeat_until_success_or_timeout 20 _exec_in_container grep -R 'Subject: quota warning' /var/mail/otherdomain.tld/quotauser/new/
   assert_success

test/tests/parallel/set1/dovecot/dovecot_sieve.bats

@@ -26,9 +26,11 @@ function setup_file() {
   _wait_for_smtp_port_in_container
 
   # Single mail sent from 'spam@spam.com' that is handled by User (relocate) and Global (copy) sieves for user1:
-  _send_email 'email-templates/sieve-spam-folder'
+  _send_email --data 'sieve/spam-folder'
+  assert_success
   # Mail for user2 triggers the sieve-pipe:
-  _send_email 'email-templates/sieve-pipe'
+  _send_email --to 'user2@otherdomain.tld' --data 'sieve/pipe'
+  assert_success
 
   _wait_for_empty_mail_queue_in_container
 }

test/tests/parallel/set1/dovecot/mailbox_format_dbox.bats

@@ -26,7 +26,8 @@ function teardown() { _default_teardown ; }
   _common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
   _wait_for_smtp_port_in_container
 
-  _send_email 'email-templates/existing-user1'
+  _send_email --data 'existing/user1'
+  assert_success
   _wait_for_empty_mail_queue_in_container
 
   # Mail received should be stored as `u.1` (one file per message)
@@ -47,7 +48,8 @@ function teardown() { _default_teardown ; }
   _common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
   _wait_for_smtp_port_in_container
 
-  _send_email 'email-templates/existing-user1'
+  _send_email --data 'existing/user1'
+  assert_success
   _wait_for_empty_mail_queue_in_container
 
   # Mail received should be stored in `m.1` (1 or more messages)

test/tests/parallel/set1/dovecot/special_use_folders.bats

@@ -14,7 +14,8 @@ function setup_file() {
 function teardown_file() { _default_teardown ; }
 
 @test 'normal delivery works' {
-  _send_email 'email-templates/existing-user1'
+  _send_email --data 'existing/user1'
+  assert_success
   _count_files_in_directory_in_container /var/mail/localhost.localdomain/user1/new 1
 }
 
@@ -26,7 +27,7 @@ function teardown_file() { _default_teardown ; }
 }
 
 @test "(IMAP) special-use folders should be created when necessary" {
-  _send_email 'nc_templates/imap_special_use_folders' '-w 8 0.0.0.0 143'
+  _nc_wrapper 'nc/imap_special_use_folders' '-w 8 0.0.0.0 143'
   assert_output --partial 'Drafts'
   assert_output --partial 'Junk'
   assert_output --partial 'Trash'

test/tests/parallel/set1/spam_virus/clamav.bats

@@ -25,34 +25,35 @@ function setup_file() {
 
   _wait_for_service postfix
   _wait_for_smtp_port_in_container
-  _send_email 'email-templates/amavis-virus'
+  _send_email --from 'virus@external.tld' --data 'amavis/virus'
+  assert_success
   _wait_for_empty_mail_queue_in_container
 }
 
 function teardown_file() { _default_teardown ; }
 
-@test "log files exist at /var/log/mail directory" {
+@test 'log files exist at /var/log/mail directory' {
   _run_in_container_bash "ls -1 /var/log/mail/ | grep -E 'clamav|freshclam|mail.log' | wc -l"
   assert_success
   assert_output 3
 }
 
-@test "should be identified by Amavis" {
+@test 'should be identified by Amavis' {
   _run_in_container grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log
   assert_success
 }
 
-@test "freshclam cron is enabled" {
+@test 'freshclam cron is enabled' {
   _run_in_container_bash "grep '/usr/bin/freshclam' -r /etc/cron.d"
   assert_success
 }
 
-@test "env CLAMAV_MESSAGE_SIZE_LIMIT is set correctly" {
+@test 'env CLAMAV_MESSAGE_SIZE_LIMIT is set correctly' {
   _run_in_container grep -q '^MaxFileSize 30M$' /etc/clamav/clamd.conf
   assert_success
 }
 
-@test "rejects virus" {
+@test 'rejects virus' {
   _run_in_container_bash "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep '<virus@external.tld> -> <user1@localhost.localdomain>'"
   assert_success
 }