mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Merge pull request #74 from tomav/add-default-ssl-tests-and-letsencrypt-certs
Added test on default ssl certs and added letsencrypt X1 and X2 certificates
This commit is contained in:
commit
d555f46c99
|
@ -7,7 +7,7 @@ RUN apt-get -y upgrade
|
||||||
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl \
|
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl \
|
||||||
courier-pop courier-pop-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \
|
courier-pop courier-pop-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \
|
||||||
pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \
|
pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \
|
||||||
opendkim opendkim-tools opendmarc
|
opendkim opendkim-tools opendmarc curl
|
||||||
RUN apt-get autoclean && rm -rf /var/lib/apt/lists/*
|
RUN apt-get autoclean && rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
# Configures Saslauthd
|
# Configures Saslauthd
|
||||||
|
@ -44,7 +44,6 @@ ADD postfix/default-opendkim /etc/default/opendkim
|
||||||
ADD postfix/opendmarc.conf /etc/opendmarc.conf
|
ADD postfix/opendmarc.conf /etc/opendmarc.conf
|
||||||
ADD postfix/default-opendmarc /etc/default/opendmarc
|
ADD postfix/default-opendmarc /etc/default/opendmarc
|
||||||
|
|
||||||
|
|
||||||
# Configures Postfix
|
# Configures Postfix
|
||||||
ADD postfix/main.cf /etc/postfix/main.cf
|
ADD postfix/main.cf /etc/postfix/main.cf
|
||||||
ADD postfix/master.cf /etc/postfix/master.cf
|
ADD postfix/master.cf /etc/postfix/master.cf
|
||||||
|
@ -52,6 +51,10 @@ ADD postfix/sasl/smtpd.conf /etc/postfix/sasl/smtpd.conf
|
||||||
ADD bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate
|
ADD bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate
|
||||||
RUN chmod +x /usr/local/bin/generate-ssl-certificate
|
RUN chmod +x /usr/local/bin/generate-ssl-certificate
|
||||||
|
|
||||||
|
# Get LetsEncrypt signed certificate
|
||||||
|
RUN curl https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem
|
||||||
|
RUN curl https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem
|
||||||
|
|
||||||
# Start-mailserver script
|
# Start-mailserver script
|
||||||
ADD start-mailserver.sh /usr/local/bin/start-mailserver.sh
|
ADD start-mailserver.sh /usr/local/bin/start-mailserver.sh
|
||||||
RUN chmod +x /usr/local/bin/start-mailserver.sh
|
RUN chmod +x /usr/local/bin/start-mailserver.sh
|
||||||
|
|
10
SSL.md
10
SSL.md
|
@ -48,3 +48,13 @@ To use the certificate:
|
||||||
|
|
||||||
* add an `DMS_SSL=self-signed` to your container environment variables
|
* add an `DMS_SSL=self-signed` to your container environment variables
|
||||||
* if a matching certificate (files listed above) is found in `postfix/ssl`, it will be automatically setup in postfix and courier-imap-ssl. You just have to place them in `postfix/ssl` folder.
|
* if a matching certificate (files listed above) is found in `postfix/ssl`, it will be automatically setup in postfix and courier-imap-ssl. You just have to place them in `postfix/ssl` folder.
|
||||||
|
|
||||||
|
### Testing certificate
|
||||||
|
|
||||||
|
From your host:
|
||||||
|
|
||||||
|
docker exec mail openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/
|
||||||
|
|
||||||
|
And you should see the certificate chain, the server certificate and:
|
||||||
|
|
||||||
|
Verify return code: 0 (ok)
|
|
@ -78,5 +78,12 @@ assert "docker exec mail cat /etc/opendmarc.conf | grep ^TrustedAuthservID | wc
|
||||||
# Testing hostname config
|
# Testing hostname config
|
||||||
assert "docker exec mail cat /etc/mailname" "my-domain.com"
|
assert "docker exec mail cat /etc/mailname" "my-domain.com"
|
||||||
|
|
||||||
|
# Testing presence of LetsEncrypt signed certs
|
||||||
|
assert_raises "docker exec mail grep 'BEGIN CERTIFICATE' /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem" "0"
|
||||||
|
assert_raises "docker exec mail grep 'BEGIN CERTIFICATE' /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem" "0"
|
||||||
|
|
||||||
|
# Testing generated ssl certs
|
||||||
|
assert_raises "docker exec mail openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 0 (ok)'" "0"
|
||||||
|
|
||||||
# Ending tests
|
# Ending tests
|
||||||
assert_end
|
assert_end
|
||||||
|
|
Loading…
Reference in a new issue