Merge pull request #74 from tomav/add-default-ssl-tests-and-letsencrypt-certs

Added test on default ssl certs and added letsencrypt X1 and X2 certificates
This commit is contained in:
Thomas VIAL 2016-02-08 23:56:41 +01:00
commit d555f46c99
3 changed files with 22 additions and 2 deletions

View file

@ -7,7 +7,7 @@ RUN apt-get -y upgrade
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl \ RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl \
courier-pop courier-pop-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \ courier-pop courier-pop-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \
pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \ pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \
opendkim opendkim-tools opendmarc opendkim opendkim-tools opendmarc curl
RUN apt-get autoclean && rm -rf /var/lib/apt/lists/* RUN apt-get autoclean && rm -rf /var/lib/apt/lists/*
# Configures Saslauthd # Configures Saslauthd
@ -44,7 +44,6 @@ ADD postfix/default-opendkim /etc/default/opendkim
ADD postfix/opendmarc.conf /etc/opendmarc.conf ADD postfix/opendmarc.conf /etc/opendmarc.conf
ADD postfix/default-opendmarc /etc/default/opendmarc ADD postfix/default-opendmarc /etc/default/opendmarc
# Configures Postfix # Configures Postfix
ADD postfix/main.cf /etc/postfix/main.cf ADD postfix/main.cf /etc/postfix/main.cf
ADD postfix/master.cf /etc/postfix/master.cf ADD postfix/master.cf /etc/postfix/master.cf
@ -52,6 +51,10 @@ ADD postfix/sasl/smtpd.conf /etc/postfix/sasl/smtpd.conf
ADD bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate ADD bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate
RUN chmod +x /usr/local/bin/generate-ssl-certificate RUN chmod +x /usr/local/bin/generate-ssl-certificate
# Get LetsEncrypt signed certificate
RUN curl https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem
RUN curl https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem
# Start-mailserver script # Start-mailserver script
ADD start-mailserver.sh /usr/local/bin/start-mailserver.sh ADD start-mailserver.sh /usr/local/bin/start-mailserver.sh
RUN chmod +x /usr/local/bin/start-mailserver.sh RUN chmod +x /usr/local/bin/start-mailserver.sh

10
SSL.md
View file

@ -48,3 +48,13 @@ To use the certificate:
* add an `DMS_SSL=self-signed` to your container environment variables * add an `DMS_SSL=self-signed` to your container environment variables
* if a matching certificate (files listed above) is found in `postfix/ssl`, it will be automatically setup in postfix and courier-imap-ssl. You just have to place them in `postfix/ssl` folder. * if a matching certificate (files listed above) is found in `postfix/ssl`, it will be automatically setup in postfix and courier-imap-ssl. You just have to place them in `postfix/ssl` folder.
### Testing certificate
From your host:
docker exec mail openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/
And you should see the certificate chain, the server certificate and:
Verify return code: 0 (ok)

View file

@ -78,5 +78,12 @@ assert "docker exec mail cat /etc/opendmarc.conf | grep ^TrustedAuthservID | wc
# Testing hostname config # Testing hostname config
assert "docker exec mail cat /etc/mailname" "my-domain.com" assert "docker exec mail cat /etc/mailname" "my-domain.com"
# Testing presence of LetsEncrypt signed certs
assert_raises "docker exec mail grep 'BEGIN CERTIFICATE' /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem" "0"
assert_raises "docker exec mail grep 'BEGIN CERTIFICATE' /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem" "0"
# Testing generated ssl certs
assert_raises "docker exec mail openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 0 (ok)'" "0"
# Ending tests # Ending tests
assert_end assert_end