mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
5908d9f060
* chore: Extract out Dovecot Quota test cases into new test file Test cases are just cut + paste, no logic changed there yet. * chore: Rename test case descriptions * chore: Use `setup ...` methods instead of direct calls * chore: Adjust `_run_in_container_bash` to `_run_in_container` Plus some additional bug fixes in the disabled test case * tests(refactor): Revise ENV test cases for max mailbox and message sizes * tests(refactor): Revise ENV test cases for mailbox and message limits v2 Removes the extra variables and filtering in favour of explicit values instead of matching for comparison. - Easier at a glance to know what is actually expected. - Additionally reworks the quota limit checks in other test cases. Using a different formatter for `doveadm` is easier to match the desired value (`Limit`). * chore: Sync improvement from `tests.bats` master --- NOTE: This PR has been merged to avoid additional maintenance burden without losing the improvements. It was not considered complete, but remaining tasks were not documented in the PR.
317 lines
9.2 KiB
Bash
317 lines
9.2 KiB
Bash
load "${REPOSITORY_ROOT}/test/helper/common"
|
|
load "${REPOSITORY_ROOT}/test/helper/change-detection"
|
|
load "${REPOSITORY_ROOT}/test/helper/setup"
|
|
|
|
# TODO: These tests date back to the very beginning of DMS and therefore
|
|
# TODO: lack the more advanced test suite functions that make tests more
|
|
# TODO: robust. As a consequence, the tests should be adjusted.
|
|
|
|
BATS_TEST_NAME_PREFIX='[General] '
|
|
CONTAINER_NAME='mail'
|
|
|
|
function setup_file() {
|
|
_init_with_defaults
|
|
|
|
mv "${TEST_TMP_CONFIG}/user-patches/user-patches.sh" "${TEST_TMP_CONFIG}/user-patches.sh"
|
|
|
|
local CONTAINER_ARGS_ENV_CUSTOM=(
|
|
--env ENABLE_AMAVIS=1
|
|
--env AMAVIS_LOGLEVEL=2
|
|
--env ENABLE_SRS=1
|
|
--env PERMIT_DOCKER=host
|
|
--env PFLOGSUMM_TRIGGER=logrotate
|
|
--env REPORT_RECIPIENT=user1@localhost.localdomain
|
|
--env REPORT_SENDER=report1@mail.example.test
|
|
--env SPOOF_PROTECTION=1
|
|
--env SSL_TYPE='snakeoil'
|
|
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)"
|
|
--health-cmd "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
|
|
)
|
|
_common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
|
|
|
|
_add_mail_account_then_wait_until_ready 'added@localhost.localdomain' 'mypassword'
|
|
|
|
_wait_for_service postfix
|
|
_wait_for_smtp_port_in_container
|
|
}
|
|
|
|
function teardown_file() { _default_teardown ; }
|
|
|
|
#
|
|
# configuration checks
|
|
#
|
|
|
|
@test "configuration: user-patches.sh executed" {
|
|
run docker logs "${CONTAINER_NAME}"
|
|
assert_output --partial "Default user-patches.sh successfully executed"
|
|
}
|
|
|
|
@test "configuration: hostname/domainname" {
|
|
run docker run "${IMAGE_NAME:?}"
|
|
assert_success
|
|
}
|
|
|
|
#
|
|
# healthcheck
|
|
#
|
|
|
|
# NOTE: Healthcheck defaults an interval of 30 seconds
|
|
# If Postfix is temporarily down (eg: restart triggered by `check-for-changes.sh`),
|
|
# it may result in a false-positive `unhealthy` state.
|
|
# Be careful with re-locating this test if earlier tests could potentially fail it by
|
|
# triggering the `changedetector` service.
|
|
@test "container healthcheck" {
|
|
# ensure, that at least 30 seconds have passed since container start
|
|
while [[ "$(docker inspect --format='{{.State.Health.Status}}' "${CONTAINER_NAME}")" == "starting" ]]; do
|
|
sleep 1
|
|
done
|
|
run docker inspect --format='{{.State.Health.Status}}' "${CONTAINER_NAME}"
|
|
assert_output "healthy"
|
|
assert_success
|
|
}
|
|
|
|
#
|
|
# imap
|
|
#
|
|
|
|
@test "imap: server is ready with STARTTLS" {
|
|
_run_in_container_bash "nc -w 2 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'ready'"
|
|
assert_success
|
|
}
|
|
|
|
@test "imap: authentication works" {
|
|
_send_email 'auth/imap-auth' '-w 1 0.0.0.0 143'
|
|
}
|
|
|
|
@test "imap: added user authentication works" {
|
|
_send_email 'auth/added-imap-auth' '-w 1 0.0.0.0 143'
|
|
}
|
|
|
|
#
|
|
# sasl
|
|
#
|
|
|
|
@test "sasl: doveadm auth test works with good password" {
|
|
_run_in_container_bash "doveadm auth test -x service=smtp user2@otherdomain.tld mypassword | grep 'auth succeeded'"
|
|
assert_success
|
|
}
|
|
|
|
@test "sasl: doveadm auth test fails with bad password" {
|
|
_run_in_container_bash "doveadm auth test -x service=smtp user2@otherdomain.tld BADPASSWORD | grep 'auth failed'"
|
|
assert_success
|
|
}
|
|
|
|
#
|
|
# logs
|
|
#
|
|
|
|
@test "logs: mail related logs should be located in a subdirectory" {
|
|
_run_in_container_bash "ls -1 /var/log/mail/ | grep -E 'mail.log'"
|
|
assert_success
|
|
}
|
|
|
|
#
|
|
# postfix
|
|
#
|
|
|
|
@test "postfix: vhost file is correct" {
|
|
_run_in_container cat /etc/postfix/vhost
|
|
assert_success
|
|
assert_line --index 0 "localdomain2.com"
|
|
assert_line --index 1 "localhost.localdomain"
|
|
assert_line --index 2 "otherdomain.tld"
|
|
}
|
|
|
|
#
|
|
# postsrsd
|
|
#
|
|
|
|
@test "SRS: main.cf entries" {
|
|
_run_in_container grep "sender_canonical_maps = tcp:localhost:10001" /etc/postfix/main.cf
|
|
assert_success
|
|
_run_in_container grep "sender_canonical_classes = envelope_sender" /etc/postfix/main.cf
|
|
assert_success
|
|
_run_in_container grep "recipient_canonical_maps = tcp:localhost:10002" /etc/postfix/main.cf
|
|
assert_success
|
|
_run_in_container grep "recipient_canonical_classes = envelope_recipient,header_recipient" /etc/postfix/main.cf
|
|
assert_success
|
|
}
|
|
|
|
@test "SRS: fallback to hostname is handled correctly" {
|
|
_run_in_container grep "SRS_DOMAIN=example.test" /etc/default/postsrsd
|
|
assert_success
|
|
}
|
|
|
|
#
|
|
# system
|
|
#
|
|
|
|
@test "system: freshclam cron is disabled" {
|
|
_run_in_container_bash "grep '/usr/bin/freshclam' -r /etc/cron.d"
|
|
assert_failure
|
|
}
|
|
|
|
@test "amavis: virusmail wiper cron exists" {
|
|
_run_in_container_bash "crontab -l | grep '/usr/local/bin/virus-wiper'"
|
|
assert_success
|
|
}
|
|
|
|
@test "amavis: VIRUSMAILS_DELETE_DELAY override works as expected" {
|
|
# shellcheck disable=SC2016
|
|
run docker run --rm -e VIRUSMAILS_DELETE_DELAY=2 "${IMAGE_NAME:?}" /bin/bash -c 'echo "${VIRUSMAILS_DELETE_DELAY}"'
|
|
assert_output 2
|
|
}
|
|
|
|
@test "amavis: old virusmail is wipped by cron" {
|
|
# shellcheck disable=SC2016
|
|
_exec_in_container_bash 'touch -d "`date --date=2000-01-01`" /var/lib/amavis/virusmails/should-be-deleted'
|
|
_run_in_container_bash '/usr/local/bin/virus-wiper'
|
|
assert_success
|
|
_run_in_container_bash 'ls -la /var/lib/amavis/virusmails/ | grep should-be-deleted'
|
|
assert_failure
|
|
}
|
|
|
|
@test "amavis: recent virusmail is not wipped by cron" {
|
|
# shellcheck disable=SC2016
|
|
_exec_in_container_bash 'touch -d "`date`" /var/lib/amavis/virusmails/should-not-be-deleted'
|
|
_run_in_container_bash '/usr/local/bin/virus-wiper'
|
|
assert_success
|
|
_run_in_container_bash 'ls -la /var/lib/amavis/virusmails/ | grep should-not-be-deleted'
|
|
assert_success
|
|
}
|
|
|
|
@test "system: /var/log/mail/mail.log is error free" {
|
|
_run_in_container grep 'non-null host address bits in' /var/log/mail/mail.log
|
|
assert_failure
|
|
_run_in_container grep 'mail system configuration error' /var/log/mail/mail.log
|
|
assert_failure
|
|
_run_in_container grep ': error:' /var/log/mail/mail.log
|
|
assert_failure
|
|
_run_in_container grep -i 'is not writable' /var/log/mail/mail.log
|
|
assert_failure
|
|
_run_in_container grep -i 'permission denied' /var/log/mail/mail.log
|
|
assert_failure
|
|
_run_in_container grep -i '(!)connect' /var/log/mail/mail.log
|
|
assert_failure
|
|
_run_in_container grep -i 'using backwards-compatible default setting' /var/log/mail/mail.log
|
|
assert_failure
|
|
_run_in_container grep -i 'connect to 127.0.0.1:10023: Connection refused' /var/log/mail/mail.log
|
|
assert_failure
|
|
}
|
|
|
|
@test "system: /var/log/auth.log is error free" {
|
|
_run_in_container grep 'Unable to open env file: /etc/default/locale' /var/log/auth.log
|
|
assert_failure
|
|
}
|
|
|
|
@test "system: postfix should not log to syslog" {
|
|
_run_in_container grep 'postfix' /var/log/syslog
|
|
assert_failure
|
|
}
|
|
|
|
@test "system: amavis decoders installed and available" {
|
|
_run_in_container_bash "grep -E '.*(Internal decoder|Found decoder) for\s+\..*' /var/log/mail/mail.log*|grep -Eo '(mail|Z|gz|bz2|xz|lzma|lrz|lzo|lz4|rpm|cpio|tar|deb|rar|arj|arc|zoo|doc|cab|tnef|zip|kmz|7z|jar|swf|lha|iso|exe)' | sort | uniq"
|
|
assert_success
|
|
# Support for doc and zoo removed in buster
|
|
cat <<'EOF' | assert_output
|
|
7z
|
|
Z
|
|
arc
|
|
arj
|
|
bz2
|
|
cab
|
|
cpio
|
|
deb
|
|
exe
|
|
gz
|
|
iso
|
|
jar
|
|
kmz
|
|
lha
|
|
lrz
|
|
lz4
|
|
lzma
|
|
lzo
|
|
mail
|
|
rar
|
|
rpm
|
|
swf
|
|
tar
|
|
tnef
|
|
xz
|
|
zip
|
|
EOF
|
|
}
|
|
|
|
#
|
|
# PERMIT_DOCKER mynetworks
|
|
#
|
|
|
|
@test "PERMIT_DOCKER: can get container ip" {
|
|
_run_in_container_bash "ip addr show eth0 | grep 'inet ' | sed 's/[^0-9\.\/]*//g' | cut -d '/' -f 1 | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}'"
|
|
assert_success
|
|
}
|
|
|
|
@test "PERMIT_DOCKER: my network value" {
|
|
_run_in_container_bash "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.0\.0/16'"
|
|
assert_success
|
|
}
|
|
|
|
#
|
|
# amavis
|
|
#
|
|
|
|
@test "amavis: config overrides" {
|
|
_run_in_container_bash "grep 'Test Verification' /etc/amavis/conf.d/50-user | wc -l"
|
|
assert_success
|
|
assert_output 1
|
|
}
|
|
|
|
# TODO investigate why this test fails
|
|
@test "user login: predefined user can login" {
|
|
skip 'disabled as it fails randomly: https://github.com/docker-mailserver/docker-mailserver/pull/2177'
|
|
_run_in_container_bash "doveadm auth test -x service=smtp pass@localhost.localdomain 'may be \\a \`p^a.*ssword' | grep 'passdb'"
|
|
assert_output "passdb: pass@localhost.localdomain auth succeeded"
|
|
}
|
|
|
|
#
|
|
# LDAP
|
|
#
|
|
|
|
# postfix
|
|
|
|
@test "dovecot: postmaster address" {
|
|
_run_in_container_bash "grep 'postmaster_address = postmaster@example.test' /etc/dovecot/conf.d/15-lda.conf"
|
|
assert_success
|
|
}
|
|
|
|
@test "spoofing: rejects sender forging" {
|
|
# rejection of spoofed sender
|
|
_wait_for_smtp_port_in_container_to_respond
|
|
_run_in_container_bash "openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/added-smtp-auth-spoofed.txt"
|
|
assert_output --partial 'Sender address rejected: not owned by user'
|
|
}
|
|
|
|
@test "spoofing: accepts sending as alias" {
|
|
_run_in_container_bash "openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/added-smtp-auth-spoofed-alias.txt | grep 'End data with'"
|
|
assert_success
|
|
}
|
|
|
|
#
|
|
# Pflogsumm delivery check
|
|
#
|
|
|
|
@test "pflogsum delivery" {
|
|
# logrotation working and report being sent
|
|
_exec_in_container logrotate --force /etc/logrotate.d/maillog
|
|
sleep 10
|
|
_run_in_container grep "Subject: Postfix Summary for " /var/mail/localhost.localdomain/user1/new/ -R
|
|
assert_success
|
|
# check sender is the one specified in REPORT_SENDER
|
|
_run_in_container grep "From: report1@mail.example.test" /var/mail/localhost.localdomain/user1/new/ -R
|
|
assert_success
|
|
# check sender is not the default one.
|
|
_run_in_container grep "From: mailserver-report@mail.example.test" /var/mail/localhost.localdomain/user1/new/ -R
|
|
assert_failure
|
|
}
|