From e97ce868ebdc49ee7726052a2c65212daf7fcce6 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Fri, 22 Jan 2016 17:51:58 +0100 Subject: [PATCH 1/2] Added tests for SMTP auth --- postfix/main.cf | 4 ++- .../test-imap.txt => auth/imap-auth.txt} | 0 test/auth/smtp-auth-cram-md5.txt | 26 +++++++++++++++++++ test/auth/smtp-auth-login.txt | 4 +++ test/auth/smtp-auth-plain.txt | 3 +++ test/test.sh | 5 ++-- 6 files changed, 39 insertions(+), 3 deletions(-) rename test/{email-templates/test-imap.txt => auth/imap-auth.txt} (100%) create mode 100644 test/auth/smtp-auth-cram-md5.txt create mode 100644 test/auth/smtp-auth-login.txt create mode 100644 test/auth/smtp-auth-plain.txt diff --git a/postfix/main.cf b/postfix/main.cf index 32ba810e..68eca62a 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -30,7 +30,6 @@ smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject smtpd_sender_restrictions = permit_mynetworks smtp_tls_security_level = may smtp_tls_loglevel = 1 -smtpd_tls_auth_only = yes tls_ssl_options = NO_COMPRESSION tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA smtpd_tls_protocols=!SSLv2,!SSLv3 @@ -40,6 +39,9 @@ smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL # SASL +smtp_sasl_auth_enable = yes +smtp_sasl_type = cyrus +smtp_sasl_security_options = noanonymous smtpd_sasl_auth_enable = yes smtpd_sasl_path = smtpd smtpd_sasl_type = cyrus diff --git a/test/email-templates/test-imap.txt b/test/auth/imap-auth.txt similarity index 100% rename from test/email-templates/test-imap.txt rename to test/auth/imap-auth.txt diff --git a/test/auth/smtp-auth-cram-md5.txt b/test/auth/smtp-auth-cram-md5.txt new file mode 100644 index 00000000..5707eecd --- /dev/null +++ b/test/auth/smtp-auth-cram-md5.txt @@ -0,0 +1,26 @@ +# This is the output of a manual test. +# CRAM-MD5 is not (yet) testable with telnet. +# +# # telnet localhost 25 +# Trying ::1... +# Connected to localhost. +# Escape character is '^]'. +# 220 mail.my-domain.com ESMTP Postfix (Ubuntu) +# ehlo test +# 250-mail.my-domain.com +# 250-PIPELINING +# 250-SIZE 10240000 +# 250-VRFY +# 250-ETRN +# 250-STARTTLS +# 250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5 +# 250-AUTH=PLAIN LOGIN CRAM-MD5 DIGEST-MD5 +# 250-ENHANCEDSTATUSCODES +# 250-8BITMIME +# 250 DSN +# AUTH CRAM-MD5 +# 334 PDIxMDMyODkzMTMuMTA2Mzg2MjhAbWFpbC5teS1kb21haW4uY29tPg== +# dXNlcjFAbG9jYWxob3N0LmxvY2FsZG9tYWluIGJlYjUxNzg4OGE5ZWI0OGM1NjQ2MTYwZGY3NTY1ZWNh +# 235 2.7.0 Authentication successful +# QUIT +# 221 2.0.0 Bye \ No newline at end of file diff --git a/test/auth/smtp-auth-login.txt b/test/auth/smtp-auth-login.txt new file mode 100644 index 00000000..50ff99f3 --- /dev/null +++ b/test/auth/smtp-auth-login.txt @@ -0,0 +1,4 @@ +EHLO mail +AUTH LOGIN dXNlcjFAbG9jYWxob3N0LmxvY2FsZG9tYWlu +bXlwYXNzd29yZA== +QUIT diff --git a/test/auth/smtp-auth-plain.txt b/test/auth/smtp-auth-plain.txt new file mode 100644 index 00000000..2e60fdc3 --- /dev/null +++ b/test/auth/smtp-auth-plain.txt @@ -0,0 +1,3 @@ +EHLO mail +AUTH PLAIN dXNlcjFAbG9jYWxob3N0LmxvY2FsZG9tYWluAHVzZXIxQGxvY2FsaG9zdC5sb2NhbGRvbWFpbgBteXBhc3N3b3Jk +QUIT diff --git a/test/test.sh b/test/test.sh index 13a648ee..555338b2 100644 --- a/test/test.sh +++ b/test/test.sh @@ -1,7 +1,6 @@ #!/bin/bash # Set up test framework -wget -q https://raw.github.com/lehmannro/assert.sh/master/assert.sh -O assert.sh source assert.sh # Testing that services are running @@ -12,11 +11,13 @@ assert_raises "docker exec mail ps aux --forest | grep '/usr/sbin/amavisd-new'" # Testing IMAP server assert_raises "docker exec mail nc -w 1 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'Courier-IMAP ready'" 0 -assert_raises "docker exec mail /bin/sh -c 'nc -w 1 0.0.0.0 143 < /tmp/test/email-templates/test-imap.txt'" 0 +assert_raises "docker exec mail /bin/sh -c 'nc -w 1 0.0.0.0 143 < /tmp/test/auth/imap-auth.txt'" 0 # Testing SASL assert_raises "docker exec mail testsaslauthd -u user2 -r otherdomain.tld -p mypassword | grep 'OK \"Success.\"'" 0 assert_raises "docker exec mail testsaslauthd -u user2 -r otherdomain.tld -p BADPASSWORD | grep 'NO \"authentication failed\"'" 0 +assert_raises "docker exec mail /bin/sh -c 'nc -w 1 0.0.0.0 25 < /tmp/test/auth/smtp-auth-plain.txt' | grep 'Authentication successful'" +assert_raises "docker exec mail /bin/sh -c 'nc -w 1 0.0.0.0 25 < /tmp/test/auth/smtp-auth-login.txt' | grep 'Authentication successful'" # Testing user creation assert "docker exec mail sasldblistusers2" "user1@localhost.localdomain: userPassword\nuser2@otherdomain.tld: userPassword" From 8eeda6f2a7f5822ad87918bacf09803371929d10 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Fri, 22 Jan 2016 18:47:43 +0100 Subject: [PATCH 2/2] Fixed tests --- Makefile | 4 ++++ postfix/main.cf | 3 --- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index a019057e..3e97440a 100644 --- a/Makefile +++ b/Makefile @@ -32,3 +32,7 @@ fixtures: tests: # Start tests /bin/bash ./test/test.sh + +clean: + # Get default files back + git checkout postfix/accounts.cf postfix/virtual diff --git a/postfix/main.cf b/postfix/main.cf index 68eca62a..38b4bedc 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -39,9 +39,6 @@ smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL # SASL -smtp_sasl_auth_enable = yes -smtp_sasl_type = cyrus -smtp_sasl_security_options = noanonymous smtpd_sasl_auth_enable = yes smtpd_sasl_path = smtpd smtpd_sasl_type = cyrus