diff --git a/Dockerfile b/Dockerfile index 7e5c312d..aeaac6f8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,6 +4,13 @@ MAINTAINER Thomas VIAL ENV DEBIAN_FRONTEND noninteractive ENV VIRUSMAILS_DELETE_DELAY=7 ENV ONE_DIR=0 +ENV ENABLE_POSTGREY=0 +ENV POSTGREY_DELAY=300 +ENV POSTGREY_MAX_AGE=35 +ENV POSTGREY_TEXT="Delayed by postgrey" + +ENV SASLAUTHD_MECHANISMS=pam +ENV SASLAUTHD_MECH_OPTIONS="" # Packages RUN apt-get update -q --fix-missing && \ @@ -58,6 +65,7 @@ RUN apt-get update -q --fix-missing && \ rsyslog \ sasl2-bin \ spamassassin \ + supervisor \ postgrey \ unrar-free \ unzip \ @@ -82,7 +90,11 @@ RUN apt-get update -q --fix-missing && \ RUN echo "0 0,6,12,18 * * * /usr/bin/freshclam --quiet" > /etc/cron.d/freshclam && \ chmod 644 /etc/clamav/freshclam.conf && \ - freshclam + freshclam && \ + sed -i 's/Foreground false/Foreground true/g' /etc/clamav/clamd.conf && \ + sed -i 's/AllowSupplementaryGroups false/AllowSupplementaryGroups true/g' /etc/clamav/clamd.conf && \ + mkdir /var/run/clamav && \ + chown -R clamav:root /var/run/clamav # Configures Dovecot COPY target/dovecot/auth-passwdfile.inc target/dovecot/??-*.conf /etc/dovecot/conf.d/ @@ -124,7 +136,7 @@ RUN sed -i -r 's/#(@| \\%)bypass/\1bypass/g' /etc/amavis/conf.d/15-content_fil # Configure Fail2ban COPY target/fail2ban/jail.conf /etc/fail2ban/jail.conf COPY target/fail2ban/filter.d/dovecot.conf /etc/fail2ban/filter.d/dovecot.conf -RUN echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf +RUN echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf && mkdir /var/run/fail2ban # Enables Pyzor and Razor USER amavis @@ -146,6 +158,7 @@ COPY target/opendmarc/ignore.hosts /etc/opendmarc/ignore.hosts # Configure fetchmail COPY target/fetchmail/fetchmailrc /etc/fetchmailrc_general RUN sed -i 's/START_DAEMON=no/START_DAEMON=yes/g' /etc/default/fetchmail +RUN mkdir /var/run/fetchmail && chown fetchmail /var/run/fetchmail # Configures Postfix COPY target/postfix/main.cf target/postfix/master.cf /etc/postfix/ @@ -173,12 +186,15 @@ RUN curl -s https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > /et COPY ./target/bin /usr/local/bin # Start-mailserver script -COPY ./target/start-mailserver.sh ./target/docker-configomat/configomat.sh /usr/local/bin/ +COPY ./target/start-mailserver.sh ./target/fail2ban-wrapper.sh ./target/postfix-wrapper.sh ./target/docker-configomat/configomat.sh /usr/local/bin/ RUN chmod +x /usr/local/bin/* +# Configure supervisor +COPY target/supervisor/* /etc/supervisor/conf.d/ + EXPOSE 25 587 143 993 110 995 4190 -CMD /usr/local/bin/start-mailserver.sh - +CMD supervisord -c /etc/supervisor/supervisord.conf ADD target/filebeat.yml.tmpl /etc/filebeat/filebeat.yml.tmpl + diff --git a/Makefile b/Makefile index e0695097..05b2db98 100644 --- a/Makefile +++ b/Makefile @@ -40,7 +40,7 @@ run: -v "`pwd`/test":/tmp/docker-mailserver-test \ -v "`pwd`/test/config/letsencrypt":/etc/letsencrypt/live \ -e ENABLE_POP3=1 \ - -e DMS_DEBUG=1 \ + -e DMS_DEBUG=0 \ -e SSL_TYPE=letsencrypt \ -h mail.my-domain.com -t $(NAME) sleep 15 @@ -49,6 +49,7 @@ run: -v "`pwd`/test":/tmp/docker-mailserver-test \ -e SMTP_ONLY=1 \ -e PERMIT_DOCKER=network \ + -e DMS_DEBUG=0 \ -e OVERRIDE_HOSTNAME=mail.my-domain.com \ -t $(NAME) sleep 15 @@ -63,6 +64,7 @@ run: -v "`pwd`/test/config":/tmp/docker-mailserver \ -v "`pwd`/test":/tmp/docker-mailserver-test \ -e PERMIT_DOCKER=network \ + -e DMS_DEBUG=0 \ -e OVERRIDE_HOSTNAME=mail.my-domain.com \ -h mail.my-domain.com \ -t $(NAME) @@ -79,6 +81,7 @@ run: -v "`pwd`/test":/tmp/docker-mailserver-test \ -e ENABLE_FETCHMAIL=1 \ --cap-add=NET_ADMIN \ + -e DMS_DEBUG=0 \ -h mail.my-domain.com -t $(NAME) sleep 15 docker run -d --name mail_disabled_clamav_spamassassin \ @@ -86,6 +89,7 @@ run: -v "`pwd`/test":/tmp/docker-mailserver-test \ -e ENABLE_CLAMAV=0 \ -e ENABLE_SPAMASSASSIN=0 \ + -e DMS_DEBUG=0 \ -h mail.my-domain.com -t $(NAME) sleep 15 docker run -d --name mail_manual_ssl \ @@ -94,6 +98,7 @@ run: -e SSL_TYPE=manual \ -e SSL_CERT_PATH=/tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem \ -e SSL_KEY_PATH=/tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem \ + -e DMS_DEBUG=0 \ -h mail.my-domain.com -t $(NAME) sleep 15 docker run -d --name ldap_for_mail \ @@ -120,6 +125,7 @@ run: -e SASLAUTHD_LDAP_PASSWORD=admin \ -e SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain \ -e POSTMASTER_ADDRESS=postmaster@localhost.localdomain \ + -e DMS_DEBUG=0 \ --link ldap_for_mail:ldap \ -h mail.my-domain.com -t $(NAME) sleep 15 @@ -130,8 +136,8 @@ run: -e SASLAUTHD_MECHANISMS=rimap \ -e SASLAUTHD_MECH_OPTIONS=127.0.0.1 \ -e POSTMASTER_ADDRESS=postmaster@localhost.localdomain \ + -e DMS_DEBUG=0 \ -h mail.my-domain.com -t $(NAME) - # Wait for containers to fully start sleep 15 docker run -d --name mail_lmtp_ip \ -v "`pwd`/test/config":/tmp/docker-mailserver \ @@ -139,6 +145,7 @@ run: -v "`pwd`/test":/tmp/docker-mailserver-test \ -e ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1 \ -e POSTFIX_DAGENT=lmtp:127.0.0.1:24 \ + -e DMS_DEBUG=0 \ -h mail.my-domain.com -t $(NAME) sleep 30 docker run -d --name mail_with_postgrey \ @@ -148,6 +155,7 @@ run: -e POSTGREY_DELAY=15 \ -e POSTGREY_MAX_AGE=35 \ -e POSTGREY_TEXT="Delayed by postgrey" \ + -e DMS_DEBUG=0 \ -h mail.my-domain.com -t $(NAME) sleep 20 @@ -179,7 +187,7 @@ fixtures: docker exec mail_override_hostname /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt" # Wait for mails to be analyzed - sleep 20 + sleep 40 tests: # Start tests diff --git a/setup.sh b/setup.sh index 3de6ae86..26da098c 100755 --- a/setup.sh +++ b/setup.sh @@ -7,7 +7,7 @@ INFO=$(docker ps \ --no-trunc \ --format="{{.Image}}\t{{.Names}}\t{{.Command}}" | \ - grep '/bin/sh -c /usr/local/bin/start-mailserver.sh') + grep "/bin/sh -c 'supervisord -c /etc/supervisor/supervisord.conf'") IMAGE_NAME=$(echo $INFO | awk '{print $1}') CONTAINER_NAME=$(echo $INFO | awk '{print $2}') diff --git a/target/fail2ban-wrapper.sh b/target/fail2ban-wrapper.sh new file mode 100644 index 00000000..9129af88 --- /dev/null +++ b/target/fail2ban-wrapper.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash +# fail2ban-wrapper.sh, version 0.0.1 +# +# You cannot start fail2ban in some foreground mode and +# it's more or less important that docker doesn't kill +# fail2ban and its chilren if you stop the container. +# +# Use this script with supervisord and it will take +# care about starting and stopping fail2ban correctly. +# +# supervisord config snippet for fail2ban-wrapper: +# +# [program:fail2ban] +# process_name = fail2ban +# command = /path/to/fail2ban-wrapper.sh +# startsecs = 0 +# autorestart = false +# + +trap "/usr/bin/fail2ban-client stop" SIGINT +trap "/usr/bin/fail2ban-client stop" SIGTERM +trap "/usr/bin/fail2ban-client reload" SIGHUP + +# start fail2ban +/usr/bin/fail2ban-client start + +# lets give fail2ban some time to start +sleep 5 + +# wait until fail2ban is dead (triggered by trap) +while kill -0 "`cat /var/run/fail2ban/fail2ban.pid`"; do + sleep 5 +done + diff --git a/target/postfix-wrapper.sh b/target/postfix-wrapper.sh new file mode 100644 index 00000000..d93ca8ce --- /dev/null +++ b/target/postfix-wrapper.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash +# postfix-wrapper.sh, version 0.1.0 +# +# You cannot start postfix in some foreground mode and +# it's more or less important that docker doesn't kill +# postfix and its chilren if you stop the container. +# +# Use this script with supervisord and it will take +# care about starting and stopping postfix correctly. +# +# supervisord config snippet for postfix-wrapper: +# +# [program:postfix] +# process_name = postfix +# command = /path/to/postfix-wrapper.sh +# startsecs = 0 +# autorestart = false +# + +trap "service postfix stop" SIGINT +trap "service postfix stop" SIGTERM +trap "service postfix reload" SIGHUP + +# start postfix +service postfix start + +# lets give postfix some time to start +sleep 5 + +# wait until postfix is dead (triggered by trap) +while kill -0 "`cat /var/spool/postfix/pid/master.pid`"; do + sleep 5 +done + diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 3cca7897..f17d5c5d 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -349,7 +349,7 @@ function _check_hostname() { if ( ! echo $HOSTNAME | grep -E '^(\S+[.]\S+)$' > /dev/null ); then notify 'err' "Setting hostname/domainname is required" - return 1 + kill -6 `cat /var/run/supervisord.pid` && return 1 else notify 'inf' "Domain has been set to $DOMAINNAME" notify 'inf' "Hostname has been set to $HOSTNAME" @@ -383,7 +383,7 @@ function _setup_default_vars() { for var in ${!DEFAULT_VARS[@]}; do echo "export $var=${DEFAULT_VARS[$var]}" >> /root/.bashrc - [ $? != 0 ] && notify 'err' "Unable to set $var=${DEFAULT_VARS[$var]}" && return 1 + [ $? != 0 ] && notify 'err' "Unable to set $var=${DEFAULT_VARS[$var]}" && kill -15 `cat /var/run/supervisord.pid` && return 1 notify 'inf' "Set $var=${DEFAULT_VARS[$var]}" done } @@ -644,18 +644,6 @@ EOF -e "/^[^#].*smtpd_sasl_path.*/s/^/#/g" \ /etc/postfix/master.cf - sed -i \ - -e "s|^START=.*|START=yes|g" \ - -e "s|^MECHANISMS=.*|MECHANISMS="\"$SASLAUTHD_MECHANISMS\""|g" \ - -e "s|^MECH_OPTIONS=.*|MECH_OPTIONS="\"$SASLAUTHD_MECH_OPTIONS\""|g" \ - /etc/default/saslauthd - - if [ "$SASLAUTHD_MECHANISMS" = rimap ]; then - sed -i \ - -e 's|^OPTIONS="|OPTIONS="-r |g' \ - /etc/default/saslauthd - fi - sed -i \ -e "/smtpd_sasl_path =.*/d" \ -e "/smtpd_sasl_type =.*/d" \ @@ -860,7 +848,7 @@ function _setup_postfix_virtual_transport() { [ -z "${POSTFIX_DAGENT}" ] && \ echo "${POSTFIX_DAGENT} not set." && \ - return 1 + kill -15 `cat /var/run/supervisord.pid` && return 1 postconf -e "virtual_transport = ${POSTFIX_DAGENT}" } @@ -1124,60 +1112,60 @@ function start_daemons() { function _start_daemons_cron() { notify 'task' 'Starting cron' 'n' - display_startup_daemon "cron" + supervisorctl start cron } function _start_daemons_rsyslog() { - notify 'task' 'Starting rsyslog' 'n' - display_startup_daemon "/etc/init.d/rsyslog start" + notify 'task' 'Starting rsyslog ' 'n' + supervisorctl start rsyslog } function _start_daemons_saslauthd() { notify 'task' 'Starting saslauthd' 'n' - display_startup_daemon "/etc/init.d/saslauthd start" + supervisorctl start "saslauthd_${SASLAUTHD_MECHANISMS}" } function _start_daemons_fail2ban() { - notify 'task' 'Starting fail2ban' 'n' + notify 'task' 'Starting fail2ban ' 'n' touch /var/log/auth.log # Delete fail2ban.sock that probably was left here after container restart if [ -e /var/run/fail2ban/fail2ban.sock ]; then rm /var/run/fail2ban/fail2ban.sock fi - display_startup_daemon "/etc/init.d/fail2ban start" + supervisorctl start fail2ban } function _start_daemons_opendkim() { - notify 'task' 'Starting opendkim' 'n' - display_startup_daemon "/etc/init.d/opendkim start" + notify 'task' 'Starting opendkim ' 'n' + supervisorctl start opendkim } function _start_daemons_opendmarc() { - notify 'task' 'Starting opendmarc' 'n' - display_startup_daemon "/etc/init.d/opendmarc start" + notify 'task' 'Starting opendmarc ' 'n' + supervisorctl start opendmarc } function _start_daemons_postfix() { notify 'task' 'Starting postfix' 'n' - display_startup_daemon "/etc/init.d/postfix start" + supervisorctl start postfix } function _start_daemons_dovecot() { # Here we are starting sasl and imap, not pop3 because it's disabled by default + notify 'task' 'Starting dovecot services' 'n' - display_startup_daemon "/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf" if [ "$ENABLE_POP3" = 1 ]; then notify 'task' 'Starting pop3 services' 'n' mv /etc/dovecot/protocols.d/pop3d.protocol.disab /etc/dovecot/protocols.d/pop3d.protocol - display_startup_daemon "/usr/sbin/dovecot reload" fi if [ -f /tmp/docker-mailserver/dovecot.cf ]; then cp /tmp/docker-mailserver/dovecot.cf /etc/dovecot/local.conf - /usr/sbin/dovecot reload fi + supervisorctl start dovecot + # @TODO fix: on integration test # doveadm: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: No such file or directory # doveadm: Fatal: user listing failed @@ -1190,30 +1178,30 @@ function _start_daemons_dovecot() { function _start_daemons_filebeat() { notify 'task' 'Starting filebeat' 'n' - display_startup_daemon "/etc/init.d/filebeat start" + supervisorctl start filebeat } function _start_daemons_fetchmail() { notify 'task' 'Starting fetchmail' 'n' /usr/local/bin/setup-fetchmail - display_startup_daemon "/etc/init.d/fetchmail start" + supervisorctl start fetchmail } function _start_daemons_clamav() { notify 'task' 'Starting clamav' 'n' - display_startup_daemon "/etc/init.d/clamav-daemon start" + supervisorctl start clamav } function _start_daemons_postgrey() { notify 'task' 'Starting postgrey' 'n' rm -f /var/run/postgrey/postgrey.pid - display_startup_daemon "/etc/init.d/postgrey start" + supervisorctl start postgrey } function _start_daemons_amavis() { notify 'task' 'Starting amavis' 'n' - display_startup_daemon "/etc/init.d/amavis start" + supervisorctl start amavis } ########################################################################## @@ -1262,7 +1250,7 @@ notify 'taskgrp' "# $HOSTNAME is up and running" notify 'taskgrp' "#" notify 'taskgrp' "" - +touch /var/log/mail/mail.log tail -fn 0 /var/log/mail/mail.log diff --git a/target/supervisor/saslauth.conf b/target/supervisor/saslauth.conf new file mode 100644 index 00000000..264fff93 --- /dev/null +++ b/target/supervisor/saslauth.conf @@ -0,0 +1,45 @@ +[program:saslauthd_ldap] +startsecs=0 +autostart=false +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log +command=/usr/sbin/saslauthd -d -a ldap -O /etc/saslauthd.conf +pidfile=/var/run/saslauthd/saslauthd.pid + +[program:saslauthd_mysql] +startsecs=0 +autostart=false +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log +command=/usr/sbin/saslauthd -d -a mysql -O %(ENV_SASLAUTHD_MECH_OPTIONS)s +pidfile=/var/run/saslauthd/saslauthd.pid + +[program:saslauthd_pam] +startsecs=0 +autostart=false +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log +command=/usr/sbin/saslauthd -d -a pam -O %(ENV_SASLAUTHD_MECH_OPTIONS)s +pidfile=/var/run/saslauthd/saslauthd.pid + +[program:saslauthd_rimap] +startsecs=0 +autostart=false +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log +command=/usr/sbin/saslauthd -d -a rimap -r -O %(ENV_SASLAUTHD_MECH_OPTIONS)s +pidfile=/var/run/saslauthd/saslauthd.pid + +[program:saslauthd_shadow] +startsecs=0 +autostart=false +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log +command=/usr/sbin/saslauthd -d -a shadow -O %(ENV_SASLAUTHD_MECH_OPTIONS)s +pidfile=/var/run/saslauthd/saslauthd.pid + diff --git a/target/supervisor/supervisor-app.conf b/target/supervisor/supervisor-app.conf new file mode 100644 index 00000000..4b196ca1 --- /dev/null +++ b/target/supervisor/supervisor-app.conf @@ -0,0 +1,116 @@ +# each program entry below is a separate terminal command. +# Each command MUST run in the foreground and stay running. +# If the command ever exits, the supervisor daemon will automatically run it again. +# Programs can be controlled like this: 'supervisorctl start fail2ban' 'supervisorctl stop fail2ban' +# supervisor writes program statuses in /var/log/supervisor + +[supervisord] +nodaemon=true + +[program:mailserver] +startsecs=0 +autostart=true +autorestart=false +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +command=/usr/local/bin/start-mailserver.sh + +[program:cron] +startsecs=0 +autostart=false +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log +command=/usr/sbin/cron -f + +[program:rsyslog] +startsecs=0 +autostart=false +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log +command=/usr/sbin/rsyslogd -n + +[program:fail2ban] +startsecs=0 +autostart=false +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log +command=/usr/local/bin/fail2ban-wrapper.sh + +[program:opendkim] +startsecs=0 +autostart=false +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log +command=/usr/sbin/opendkim -f + +[program:opendmarc] +startsecs=0 +autostart=false +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log +command=/usr/sbin/opendmarc -f -p "inet:8893@localhost" -P /var/run/opendmarc/opendmarc.pid + +[program:dovecot] +startsecs=0 +autostart=false +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log +command=/usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf + +[program:filebeat] +startsecs=0 +autostart=false +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log +command=/usr/bin/filebeat -c /etc/filebeat/filebeat.yml + +[program:clamav] +startsecs=0 +autostart=false +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log +command=/usr/sbin/clamd -c /etc/clamav/clamd.conf + +[program:postgrey] +startsecs=0 +autostart=false +autorestart=true +stdout_logfile=/var/log/mail/mail.log +stderr_logfile=/var/log/mail/mail.log +command=/usr/sbin/postgrey --inet=127.0.0.1:10023 --syslog-facility=mail --delay=%(ENV_POSTGREY_DELAY)s --max-age=%(ENV_POSTGREY_MAX_AGE)s --greylist-text="%(ENV_POSTGREY_TEXT)s" + +[program:amavis] +startsecs=0 +autostart=false +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log +command=/usr/sbin/amavisd-new foreground + +[program:fetchmail] +startsecs=0 +autostart=false +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log +user=fetchmail +command=/usr/bin/fetchmail -f /etc/fetchmailrc -v --nodetach --daemon 300 -i /var/lib/fetchmail/.fetchmail-UIDL-cache --pidfile /var/run/fetchmail/fetchmail.pid + +[program:postfix] +startsecs=0 +autostart=false +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log +command=/usr/local/bin/postfix-wrapper.sh + diff --git a/test/tests.bats b/test/tests.bats index 1afc6402..e9ad3e94 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -111,10 +111,6 @@ load 'test_helper/bats-assert/load' assert_success } -@test "checking process: saslauthd (saslauthd server enabled)" { - run docker exec mail_with_imap /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" - assert_success -} # # postgrey @@ -1194,3 +1190,54 @@ load 'test_helper/bats-assert/load' assert_success assert_output 0 } + + +# +# supervisor +# + +@test "checking restart of process: postfix" { + run docker exec mail /bin/bash -c "pkill master && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/lib/postfix/sbin/master'" + assert_success +} + +@test "checking restart of process: clamd" { + run docker exec mail /bin/bash -c "pkill clamd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" + assert_success +} + +@test "checking restart of process: amavisd-new" { + run docker exec mail /bin/bash -c "pkill amavi && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/amavisd-new (master)'" + assert_success +} + +@test "checking restart of process: opendkim" { + run docker exec mail /bin/bash -c "pkill opendkim && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/opendkim'" + assert_success +} + +@test "checking restart of process: opendmarc" { + run docker exec mail /bin/bash -c "pkill opendmarc && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/opendmarc'" + assert_success +} + +@test "checking restart of process: fail2ban (fail2ban server enabled)" { + run docker exec mail_fail2ban /bin/bash -c "pkill fail2ban && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/bin/python3 /usr/bin/fail2ban-server'" + assert_success +} + +@test "checking restart of process: fetchmail" { + run docker exec mail_fetchmail /bin/bash -c "pkill fetchmail && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'" + assert_success +} + +@test "checking restart of process: clamav (clamav disabled by ENABLED_CLAMAV=0)" { + run docker exec mail_disabled_clamav_spamassassin /bin/bash -c "pkill -f clamd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" + assert_failure +} + +@test "checking restart of process: saslauthd (saslauthd server enabled)" { + run docker exec mail_with_ldap /bin/bash -c "pkill saslauthd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" + assert_success +} +