Commit graph

52 commits

Author SHA1 Message Date
Michael Sprauer 119dbd664c revert nonsens changes 2020-07-14 15:23:36 +02:00
Michael Sprauer d61a8cd9c0 letsencrypt & traefik wildcard support
set SSL_DOMAIN=*.example.com to extract a wildcard certificate from traefiks acme.json store
2020-07-13 22:58:17 +02:00
Michael Sprauer 32c732e276 certificates from acme.json
Will extract certificates from acme.json as written by traefik for usage in dovecot and postfix.
Also watches acme.json for changes. For this to work the file has to be mounted/present at `/etc/letsencrypt/acme.json`
2020-06-30 22:43:22 +02:00
Nicholas Pepper 1b659a5574 Modified letsencrypt support to add domain name checking in addition to
hostname checking.  Added necessary tests and renamed original manual
ssl test to a name that supports adding the other SSL tests.
2020-05-15 04:52:26 +00:00
youtous d0f7257333
support comments in .cf files 2020-05-06 22:59:55 +02:00
youtous 47fac2706f
use ffdhe4096 for DHE params
use by default ffdhe4096 for DHE params 


use by default ffdhe4096 for DHE params
2020-04-26 22:23:51 +02:00
Andreas Perhab bbab4ef3fc fix: fix test setup.sh debug fetchmail on wildcard domains
on hosts that belong to wildcard domains pop3.example.com might
 actually resolve to pop3.example.com.[mydomain.com] and give a valid ip
 the return code of fetchmail then no longer is 11 (dns failure) but
 something else (2 for socket error in our case)

to make sure we always get return code 11 we use the domain name
pop3.example.com. that is not allowed to be resolved to a subdomain.
2019-11-12 15:35:03 +01:00
Sebastian Kaiser 37540509dc - test for user-patches.sh 2019-11-08 02:22:33 +01:00
Vortex def8400c17 added default "user-patches.sh" to the first container "mail" 2019-10-31 09:01:44 +01:00
Martin Schulze a20f2c4199 Add pregenerated test/config dh params 2019-09-12 00:42:04 +02:00
Erik Wramner fc8d684994 Generate dhparams at startup, not build 2019-08-09 22:13:50 +02:00
Erik Wramner 311bdfa1ba Keep checksum file outside shared/mounted area 2019-07-30 16:10:51 +02:00
millerjason 53a344a056 Support for additional postgrey options (Close: #998, #999, #1046)
* addnl postgrey whitelist support. closes #998, closes #999.

	modified:   Dockerfile
	modified:   Makefile
	modified:   README.md
	modified:   docker-compose.elk.yml.dist
	modified:   docker-compose.yml.dist
	modified:   target/start-mailserver.sh
	modified:   target/supervisor/conf.d/supervisor-app.conf
	new file:   test/config/whitelist_recipients
	new file:   test/nc_templates/postgrey_whitelist_local.txt
	new file:   test/nc_templates/postgrey_whitelist_recipients.txt
	modified:   test/tests.bats

* match existing indent convention

	modified:   target/start-mailserver.sh

* ISSUE-999: add support for header_checks

	modified:   Dockerfile
	modified:   target/postfix/main.cf

* ISSUE-999: add empty header_check file

	new file:   target/postfix/header_checks.pcre
2018-11-01 19:32:36 +01:00
Paul Adams ea848eb86f Deliver root mail (#952)
* Configure delivery of root's mail to postmaster
* Tests for delivery of root mail
* add missing email template
2018-04-23 20:35:33 +02:00
17Halbe cc7c1f8804 Introducing global filters. (#934)
* Introducing global filters
* added optional after.dovecot.sieve/before.dovecot.sieve files
* added global filter test
2018-04-05 18:54:01 +02:00
Paul Adams f28e9843ce Implementation of multi-domain relay hosts (#922, #926)
* Add new configuration for multi-domain relay hosts (#922)
 * Creates new environment variables (replacing existing AWS_SES variables)
 * Optionally allows more advanced setups using config files
* Update relay hosts during change detection (#922)
* Add helper scripts for adding relay hosts and per-domain auth
* Allow the possibility to deliver some mail directly
* adding a domain with no destination will exclude it from the
  relayhost_map and so Postfix will attempt to deliver the mail directly
* tests for setup.sh script
* tests for relay host configuration
* these tests cover the code in `start-mailserver.sh` dealing with both
  the env vars and the configuration files
2018-04-02 10:45:58 +02:00
17Halbe a7589aa353 test/config backup & restore (#907)
* backup and restore of test/config folder as done for the regular config folder as well.
* permissions fix
* preserving permissions and ownership
* new backup rule
2018-03-21 19:55:41 +01:00
17Halbe ee4b434a5c Restore userdb for tests (#913) 2018-03-20 08:17:24 +01:00
akmet ad40c00546 Backup config folder while testing (#901)
* Backup whole config while testing
2018-03-16 18:52:49 +01:00
Marek Walczak c36e878d76 Nist tls (#831)
* remove two ciphers according to https://www.htbridge.com/ssl/ (NIST, HIPAA)
* added a switch via an environment variable to choose between modern and intermediate ciphers
2018-02-22 08:36:12 +01:00
17Halbe 5e09074d58 postscreen implementation altered (#846)
* new setup.sh function, new tests, new script and some minor updates to main.cf
* fix for missing files
* removed obsolete test-files
* restart postfix if neccessary.
* see pr  #845
* fixed typo
* fixed branchmixup
* changed postfix reload command & changed to operate on container instead of image
* reload postfix only on adding new restriction
* main.cf is only changed when user is added.
 - Postfix reload changed
 - working on container instead of image now in setup.sh
 - added cleanup after tests
* moved cleanup to makefile
2018-02-18 13:29:43 +01:00
17Halbe 5394a505b9 Restrict access (Closes #452, #816)
new setup.sh function, new tests, new script
2018-02-07 21:33:07 +01:00
Marek Walczak b4b19e76b7 Stretch backport (#813)
* install dovecot from backports

* dovecot 2.2.33 has a slightly different TLS-configuration than 2.2.27

* want to have both images a the same time

* make use of the /etc/dovecot/ssl as mkcert.sh (2.2.33) is using that folder for certs.
2018-02-04 21:27:47 +01:00
Mathieu Brunot d270fcdd40 Added support for Dovecot and Postfix LDAP TLS (#800)
* Allow setup of LDAP STARTTLS for Dovecot and Postfix

* Added tests for TLS config override

* Add missing Postfix TLS options

* Added missing new line at the end of the file

* Added STARTTLS tests for Postfix config
2018-01-25 22:38:41 +01:00
Marek Walczak 49b3867c1b debian stretch slim (#784)
* Switch to stretch-slim as base image.
 - first step correct the testdata, as newer packages are more strict
about the mail-structure.

* Switch to stretch-slim: correcting the test-environment and the build
 - add missing build-step to make
 - clean the userdb aswell
 - use timeout of netcat, as postgrey would not close the connection
 - there is 2 extra mail-logs -> assert_output 5
 - cosmetic: use "" instead of ''

* Switch to stretch-slim:
new image:
 - smaller size
 - 0 CVEs compared to 11 CVEs in ubuntu 16.04 Image
better backport situation
 - postfix 3.1.6 vs 3.1.0
 - fail2ban 0.9.6 vs 0.9.3
 ...
changes needed because of stretch-slim:
- add missing gnupg and iproute2 package
- remove non-free rar, unrar-free should do
- rsyslog does not add syslog user and has different conf-structure
- pyzor command discover was deprecated and is missing in the new
stretch package

- dovecot does not know SSLv2 anymore. removed because of warnings in
log

- iptables does not know imap3, IMAP working group chose imap2 in favor
of imap3

* Switch to debian stretch slim:
SSLv2 seems to be a not known protocol anymore - good!

* switch to debian stretch slim:
make this test more stable. there might be more than only one mail.log
(mail.info, mail.warn, ...)

* switch to debian stretc slim:
 new openssl 1.1.0 needs stronger ciphers, removed some weekers ones.
Please, look through the new list of cipher! this needs to be done in
another commit for all other SSL/TLS-Endpoints aswell.

* Switch to debian stretch slim:
let our server pre-empt the cipher list.
Did a read through, wwwDOTpostfixDOTorg/FORWARD_SECRECY_READMEDOThtml
and
wwwDOTpostfixDOTorg/TLS_READMEDOThtml

* Switch to debian stretch slim: lets give this openssl-based test a new and independent but identical container.  many other test on the main 'mail' container might interfere here.

* Switch to debian stretch slim: remove unused lines
2017-12-31 12:33:48 +01:00
Marek Walczak d62ea049e6 Add ability to override fail2ban.conf with fail2ban.local values. (#769)
* Add ability to override fail2ban.conf with fail2ban.local values.
2017-12-07 19:27:31 +01:00
Johan Smits 9978bccbb6 Also test on the submission port if the login is succesful (#685)
Fixed location so that opendkim is happy with the correct
file location
2017-08-19 10:32:47 +02:00
MadsRC 3569aebcb6 Support for modifying Postfix' master.cf (#595)
* Support for modifying Postfix' master.cf, using the  syntax, in postfix-master.cf
2017-06-13 13:20:25 +02:00
Arne Kepp c0530491c3 Add sieve pipe and filter (#574)
* First pass at adding support for pipe and filter in Sieve, excluding unit tests.
* Reduce insight into copied scripts
* Added test
* Adjustments related to switch to 16.04
2017-05-10 09:54:02 +02:00
alinmear 26992bb66f #503 (#522)
* Add method overwrite_config()
This method takes 2 arguments:
  1.) Environment Variable Prefix
  2.) String of files separated by whitespace

e.g.
  export LDAP_SEARCH_BASE=dc=domain,dc=loc
  export LDAP_BIND_PW=test

  overwrite_config "LDAP_" "/etc/postfix/ldap-users.cf
  /etc/postfix/ldap-groups.cf"

Logic:
  + all env vars will be search for vars with the prefix LDAP_
  + afterwards they will be dissembled in key value pairs
    LDAP_BIND_PW=test --> bind_pw test
  + the key and value will be substituted within the provided files
  via sed

* Fix #503 added logic for custom configs provided at container
provisioning within /tmp/docker-mailserver

* Add additional unit tests for postfix ldap integration

    * check custom configs copied
    * check environment variables substituted

* Fix quoting problems in tests.bats

* Fix missing brackets in function _fix_var_amavis_permissions()

* Fix typo in _setup_ldap

* Fix notify in overwrite_config

* Fix typo

* Fix added dovecot ldap config provisioning again and Add notify for tasks
2017-04-26 14:56:08 +02:00
Michael Als ec6e5eea39 Include whitelist_clients.local in postgrey setup from config folder (#564) 2017-04-12 17:59:04 +02:00
mplx 4536113a30 allow accounts which do not start with a-z (#568) 2017-04-07 22:28:19 +02:00
Thomas VIAL 912cb5676b Fixes #546 & #560 - comments and new lines should not be parsed (#562)
* Fixes #546 & #560 - comments and new lines should not be parsed
2017-03-28 10:59:02 +02:00
Kai Ren cb0714ff77 Integration test for extension address delivery (#528)
* Add integration test for extension address Dovecot LMTP delivery
2017-03-03 18:27:22 +01:00
alinmear a7670ac5c1 Add #394: Postfix Virtual Transport (#461)
* Add #394: Postfix Virtual Transport
This makes it possible to specify a lmtp config file, by providing
POSTFIX_DAGENT.

Update - Readme with informations about #394

    * Add Variable ENABLE_POSTFIX_VIRTUAL_TRANSPORT (task)
    * Add Variable POSTFIX_DAGENT (section)

Added Unit tests for virtual transport

* Fix syntax error in test/tests.bats

* Fix Unit Test
2017-01-09 23:52:36 +01:00
Dennis Stumm d3cd407295 Improve LDAP integration (#379)
* Move ldap files to target dir

* Move ldap files to target dir

* Update start-mailser.sh to use copied files

* Add the domainname from container to vhost

* Fix unary operator error

* List dovecot users only when LDAP disabled

* Minor
2016-11-13 11:39:45 +01:00
Dennis Stumm 3ec1fb202d Add ldap auth for postfix and dovecot (#352)
* Add ldap support for postfix and dovecot

* Add SASLAUTHD

* Update README.md

* Add necessary packages to dockerfile

* Add config files for ldap

* Add tests for ldap auth
2016-10-30 14:11:36 +01:00
Morgan Kesler 02f854f4e9 Allow user to provide Amavis configuration (#299)
* Add the option of manually specifying paths to SSL certificates

* Adding tests for manual SSL changes

* Allow user provided configuration of amavis
2016-09-02 09:08:41 +02:00
Josef Friedrich e7de8b9245 Implement fetchmail (#260) (#271)
To retrieve emails from external mail accounts.
2016-08-21 22:13:13 +02:00
Thomas VIAL c813e6a4b3
Added test on catchall 2016-07-23 23:42:18 +02:00
shim_ d0380ec74f comparing salted passwords is impossible 2016-06-14 16:38:57 +02:00
shim_ 63fd58a7cb switch to SHA512 2016-06-14 13:00:51 +02:00
Dominik Winter e3b65aea7a corrected test cases 2016-06-04 02:46:33 +02:00
Josef Friedrich bcd844b568 Add tests for additional dovecot configs 2016-05-29 22:36:06 +02:00
Thorsten von Eicken 288e79f59e tests for regexp alias 2016-05-23 20:38:11 -07:00
André Stein 2f9f6b1002 Implement basic sieve support using Dovecot.
The dovecot-sieve plugin is installed and configured to apply sieve
as soon as a .dovecot.sieve file is encountered in the virtual user's
home directory (that is /var/mail/${domain}/${username}/.dovecot.sieve).

Transport has been changed in the postfix configuration to use
Dovecot LDA (see http://wiki.dovecot.org/LDA/Postfix) to actually
enable sieve filtering.

Tests have been added.
2016-04-28 08:57:50 +02:00
Thomas VIAL 9fbe20f3d0
Added tests on letsencrypt - #109 2016-04-26 19:39:08 +02:00
Thomas VIAL 9415c099cc
Fixed #159: postfix-accounts.cf now generated with script + fixed line endings using sed in start-mailserver.sh 2016-04-25 16:00:39 +02:00
Thomas VIAL b58d0d33d6 Fixing #143 2016-04-21 01:08:14 +02:00
Thomas VIAL 4f611eec1d Fixed #143 adding a OpenDKIM keys generator and its integration tests 2016-04-20 23:01:32 +02:00