load "${REPOSITORY_ROOT}/test/test_helper/common" NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME=non-default-docker-mail-network setup_file() { docker network create --driver bridge "${NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME}" docker network create --driver bridge "${NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME}2" # use two networks (default ("bridge") and our custom network) to recreate problematic test case where PERMIT_DOCKER=host would not help # currently we cannot use --network in `docker run` multiple times, it will just use the last one # instead we need to use create, network connect and start (see https://success.docker.com/article/multiple-docker-networks) local PRIVATE_CONFIG PRIVATE_CONFIG=$(duplicate_config_for_container . mail_smtponly_second_network) docker create --name mail_smtponly_second_network \ -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ -v "$(pwd)/test/files":/tmp/docker-mailserver-test:ro \ -e SMTP_ONLY=1 \ -e PERMIT_DOCKER=connected-networks \ -e OVERRIDE_HOSTNAME=mail.my-domain.com \ --network "${NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME}" \ -t "${NAME}" docker network connect "${NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME}2" mail_smtponly_second_network docker start mail_smtponly_second_network PRIVATE_CONFIG=$(duplicate_config_for_container . mail_smtponly_second_network_sender) docker run -d --name mail_smtponly_second_network_sender \ -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ -v "$(pwd)/test/files":/tmp/docker-mailserver-test:ro \ -e SMTP_ONLY=1 \ -e PERMIT_DOCKER=connected-networks \ -e OVERRIDE_HOSTNAME=mail.my-domain.com \ --network "${NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME}2" \ -t "${NAME}" # wait until postfix is up wait_for_smtp_port_in_container mail_smtponly_second_network # create another container that enforces authentication even on local connections docker run -d --name mail_smtponly_force_authentication \ -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ -v "$(pwd)/test/files":/tmp/docker-mailserver-test:ro \ -e SMTP_ONLY=1 \ -e PERMIT_DOCKER=none \ -e OVERRIDE_HOSTNAME=mail.my-domain.com \ -t "${NAME}" # wait until postfix is up wait_for_smtp_port_in_container mail_smtponly_force_authentication } teardown_file() { docker logs mail_smtponly_second_network docker rm -f mail_smtponly_second_network mail_smtponly_second_network_sender mail_smtponly_force_authentication docker network rm "${NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME}" "${NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME}2" } @test "checking PERMIT_DOCKER: connected-networks" { IPNET1=$(docker network inspect --format '{{(index .IPAM.Config 0).Subnet}}' non-default-docker-mail-network) IPNET2=$(docker network inspect --format '{{(index .IPAM.Config 0).Subnet}}' non-default-docker-mail-network2) run docker exec mail_smtponly_second_network /bin/sh -c "postconf | grep '^mynetworks ='" assert_output --partial "${IPNET1}" assert_output --partial "${IPNET2}" run docker exec mail_smtponly_second_network /bin/sh -c "postconf smtp_host_lookup=no" assert_success _reload_postfix mail_smtponly_second_network # we should be able to send from the other container on the second network! run docker exec mail_smtponly_second_network_sender /bin/sh -c "nc mail_smtponly_second_network 25 < /tmp/docker-mailserver-test/emails/nc_raw/smtp-only.txt" assert_output --partial "250 2.0.0 Ok: queued as " repeat_in_container_until_success_or_timeout 60 mail_smtponly_second_network /bin/sh -c 'grep -cE "to=.*status\=sent" /var/log/mail/mail.log' } @test "checking PERMIT_DOCKER: none" { run docker exec mail_smtponly_force_authentication /bin/sh -c "postconf smtp_host_lookup=no" assert_success _reload_postfix mail_smtponly_force_authentication # the mailserver should require authentication and a protocol error should occur when using TLS run docker exec mail_smtponly_force_authentication /bin/sh -c "nc localhost 25 < /tmp/docker-mailserver-test/emails/nc_raw/smtp-only.txt" assert_output --partial "550 5.5.1 Protocol error" [[ ${status} -ge 0 ]] } @test "checking PERMIT_DOCKER=network: opendmarc/opendkim config" { skip 'TODO: this test was taken from mail_smtponly, where it did not actually belong to' run docker exec mail_smtponly /bin/sh -c "cat /etc/opendmarc/ignore.hosts | grep '172.16.0.0/12'" assert_success run docker exec mail_smtponly /bin/sh -c "cat /etc/opendkim/TrustedHosts | grep '172.16.0.0/12'" assert_success }