mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
672e9cf19a
* tests: Ensure excessive FD limits are avoided Processes that run as daemons (`postsrsd` and `fail2ban-server`) initialize by closing all FDs (File Descriptors). This behaviour queries that maximum limit and iterates through the entire range even if only a few FDs are open. In some environments (Docker, limit configured by distro) this can be a range exceeding 1 billion (from kernel default of 1024 soft, 4096 hard), causing an 8 minute delay with heavy CPU activity. `postsrsd` has since been updated to use `close_range()` syscall, and `fail2ban` will now iterate through `/proc/self/fd` (open FDs) which should resolve the performance hit. Until those updates reach our Docker image, we need to workaround it with `--ulimit` option. NOTE: If `docker.service` on a distro sets `LimitNOFILE=` to approx 1 million or lower, it should not be an issue. On distros such as Fedora 36, it is `LimitNOFILE=infinity` (approx 1 billion) that causes excessive delays. * chore: Use Docker host limits instead Typically on modern distros with systemd, this should equate to 1024 (soft) and 512K (hard) limits. A distro may override the built-in global defaults systemd sets via setting `DefaultLimitNOFILE=` in `/etc/systemd/user.conf` and `/etc/systemd/system.conf`. * tests(fix): Better prevent non-deterministic failures - `no_containers.bats` tests the external script `setup.sh` (without `-c`). It's expected that no existing DMS container is running - otherwise it may attempt to use that container and fail. Detect this and fail early via `setup_file()` step. - `mail_hostname.bats` had a odd timing failure with teardown due to the last tests bringing the containers down earlier (`docker stop` paired with the `docker run --rm`). Adding a moment of delay via `sleep` helps avoid that false positive scenario.
215 lines
8.3 KiB
Bash
215 lines
8.3 KiB
Bash
load 'test_helper/common'
|
|
|
|
|
|
function setup_file() {
|
|
local PRIVATE_CONFIG
|
|
|
|
PRIVATE_CONFIG=$(duplicate_config_for_container . mail_override_hostname)
|
|
docker run --rm -d --name mail_override_hostname \
|
|
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
|
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
|
-e PERMIT_DOCKER=network \
|
|
-e ENABLE_SRS=1 \
|
|
-e OVERRIDE_HOSTNAME=mail.my-domain.com \
|
|
--hostname unknown.domain.tld \
|
|
--tty \
|
|
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)" \
|
|
"${NAME}"
|
|
|
|
PRIVATE_CONFIG_TWO=$(duplicate_config_for_container . mail_non_subdomain_hostname)
|
|
docker run --rm -d --name mail_non_subdomain_hostname \
|
|
-v "${PRIVATE_CONFIG_TWO}":/tmp/docker-mailserver \
|
|
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
|
-e PERMIT_DOCKER=network \
|
|
-e ENABLE_SRS=1 \
|
|
--hostname domain.com \
|
|
--tty \
|
|
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)" \
|
|
"${NAME}"
|
|
|
|
PRIVATE_CONFIG_THREE=$(duplicate_config_for_container . mail_srs_domainname)
|
|
docker run --rm -d --name mail_srs_domainname \
|
|
-v "${PRIVATE_CONFIG_THREE}":/tmp/docker-mailserver \
|
|
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
|
-e PERMIT_DOCKER=network \
|
|
-e ENABLE_SRS=1 \
|
|
-e SRS_DOMAINNAME='srs.my-domain.com' \
|
|
--domainname 'my-domain.com' \
|
|
--hostname 'mail' \
|
|
--tty \
|
|
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)" \
|
|
"${NAME}"
|
|
|
|
PRIVATE_CONFIG_FOUR=$(duplicate_config_for_container . mail_domainname)
|
|
docker run --rm -d --name mail_domainname \
|
|
-v "${PRIVATE_CONFIG_FOUR}":/tmp/docker-mailserver \
|
|
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
|
-e PERMIT_DOCKER=network \
|
|
-e ENABLE_SRS=1 \
|
|
--domainname 'my-domain.com' \
|
|
--hostname 'mail' \
|
|
--tty \
|
|
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)" \
|
|
"${NAME}"
|
|
|
|
wait_for_smtp_port_in_container mail_override_hostname
|
|
wait_for_smtp_port_in_container mail_non_subdomain_hostname
|
|
wait_for_smtp_port_in_container mail_srs_domainname
|
|
wait_for_smtp_port_in_container mail_domainname
|
|
|
|
# postfix virtual transport lmtp
|
|
docker exec mail_override_hostname /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt"
|
|
docker exec mail_non_subdomain_hostname /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt"
|
|
}
|
|
|
|
function teardown_file() {
|
|
# Running `docker rm -f` too soon after `docker stop` can result in failure during teardown with:
|
|
# "Error response from daemon: removal of container mail_domainname is already in progress"
|
|
sleep 1
|
|
|
|
docker rm -f mail_override_hostname mail_non_subdomain_hostname mail_srs_domainname mail_domainname
|
|
}
|
|
|
|
@test "checking SRS: SRS_DOMAINNAME is used correctly" {
|
|
repeat_until_success_or_timeout 15 docker exec mail_srs_domainname grep "SRS_DOMAIN=srs.my-domain.com" /etc/default/postsrsd
|
|
}
|
|
|
|
@test "checking SRS: DOMAINNAME is handled correctly" {
|
|
repeat_until_success_or_timeout 15 docker exec mail_domainname grep "SRS_DOMAIN=my-domain.com" /etc/default/postsrsd
|
|
}
|
|
|
|
@test "checking configuration: hostname/domainname override: check container hostname is applied correctly" {
|
|
run docker exec mail_override_hostname /bin/bash -c "hostname | grep unknown.domain.tld"
|
|
assert_success
|
|
}
|
|
|
|
@test "checking configuration: hostname/domainname override: check overriden hostname is applied to all configs" {
|
|
run docker exec mail_override_hostname /bin/bash -c "cat /etc/mailname | grep my-domain.com"
|
|
assert_success
|
|
|
|
run docker exec mail_override_hostname /bin/bash -c "postconf -n | grep mydomain | grep my-domain.com"
|
|
assert_success
|
|
|
|
run docker exec mail_override_hostname /bin/bash -c "postconf -n | grep myhostname | grep mail.my-domain.com"
|
|
assert_success
|
|
|
|
run docker exec mail_override_hostname /bin/bash -c "doveconf | grep hostname | grep mail.my-domain.com"
|
|
assert_success
|
|
|
|
run docker exec mail_override_hostname /bin/bash -c "cat /etc/opendmarc.conf | grep AuthservID | grep mail.my-domain.com"
|
|
assert_success
|
|
|
|
run docker exec mail_override_hostname /bin/bash -c "cat /etc/opendmarc.conf | grep TrustedAuthservIDs | grep mail.my-domain.com"
|
|
assert_success
|
|
|
|
run docker exec mail_override_hostname /bin/bash -c "cat /etc/amavis/conf.d/05-node_id | grep myhostname | grep mail.my-domain.com"
|
|
assert_success
|
|
}
|
|
|
|
@test "checking configuration: hostname/domainname override: check hostname in postfix HELO message" {
|
|
run docker exec mail_override_hostname /bin/bash -c "nc -w 1 0.0.0.0 25 | grep mail.my-domain.com"
|
|
assert_success
|
|
}
|
|
|
|
@test "checking configuration: hostname/domainname override: check headers of received mail" {
|
|
run docker exec mail_override_hostname /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/new | wc -l | grep 1"
|
|
assert_success
|
|
|
|
run docker exec mail_override_hostname /bin/sh -c "cat /var/mail/localhost.localdomain/user1/new/* | grep mail.my-domain.com"
|
|
assert_success
|
|
|
|
# test whether the container hostname is not found in received mail
|
|
run docker exec mail_override_hostname /bin/sh -c "cat /var/mail/localhost.localdomain/user1/new/* | grep unknown.domain.tld"
|
|
assert_failure
|
|
}
|
|
|
|
@test "checking SRS: OVERRIDE_HOSTNAME is handled correctly" {
|
|
run docker exec mail_override_hostname grep "SRS_DOMAIN=my-domain.com" /etc/default/postsrsd
|
|
assert_success
|
|
}
|
|
|
|
@test "checking dovecot: postmaster address" {
|
|
run docker exec mail_override_hostname /bin/sh -c "grep 'postmaster_address = postmaster@my-domain.com' /etc/dovecot/conf.d/15-lda.conf"
|
|
assert_success
|
|
}
|
|
|
|
#
|
|
# non-subdomain tests
|
|
#
|
|
|
|
@test "checking configuration: non-subdomain: check container hostname is applied correctly" {
|
|
run docker exec mail_non_subdomain_hostname /bin/bash -c "hostname | grep domain.com"
|
|
assert_success
|
|
}
|
|
|
|
@test "checking configuration: non-subdomain: check overriden hostname is applied to all configs" {
|
|
run docker exec mail_non_subdomain_hostname /bin/bash -c "cat /etc/mailname | grep domain.com"
|
|
assert_success
|
|
|
|
run docker exec mail_non_subdomain_hostname /bin/bash -c "postconf -n | grep mydomain | grep domain.com"
|
|
assert_success
|
|
|
|
run docker exec mail_non_subdomain_hostname /bin/bash -c "postconf -n | grep myhostname | grep domain.com"
|
|
assert_success
|
|
|
|
run docker exec mail_non_subdomain_hostname /bin/bash -c "doveconf | grep hostname | grep domain.com"
|
|
assert_success
|
|
|
|
run docker exec mail_non_subdomain_hostname /bin/bash -c "cat /etc/opendmarc.conf | grep AuthservID | grep domain.com"
|
|
assert_success
|
|
|
|
run docker exec mail_non_subdomain_hostname /bin/bash -c "cat /etc/opendmarc.conf | grep TrustedAuthservIDs | grep domain.com"
|
|
assert_success
|
|
|
|
run docker exec mail_non_subdomain_hostname /bin/bash -c "cat /etc/amavis/conf.d/05-node_id | grep myhostname | grep domain.com"
|
|
assert_success
|
|
}
|
|
|
|
@test "checking configuration: non-subdomain: check hostname in postfix HELO message" {
|
|
run docker exec mail_non_subdomain_hostname /bin/bash -c "nc -w 1 0.0.0.0 25 | grep domain.com"
|
|
assert_success
|
|
}
|
|
|
|
@test "checking configuration: non-subdomain: check headers of received mail" {
|
|
run docker exec mail_non_subdomain_hostname /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/new | wc -l | grep 1"
|
|
assert_success
|
|
|
|
run docker exec mail_non_subdomain_hostname /bin/sh -c "cat /var/mail/localhost.localdomain/user1/new/* | grep domain.com"
|
|
assert_success
|
|
}
|
|
|
|
@test "checking SRS: non-subdomain is handled correctly" {
|
|
docker exec mail_non_subdomain_hostname cat /etc/default/postsrsd
|
|
run docker exec mail_non_subdomain_hostname grep "SRS_DOMAIN=domain.com" /etc/default/postsrsd
|
|
assert_success
|
|
}
|
|
|
|
@test "checking dovecot: non-subdomain postmaster address" {
|
|
run docker exec mail_non_subdomain_hostname /bin/sh -c "grep 'postmaster_address = postmaster@domain.com' /etc/dovecot/conf.d/15-lda.conf"
|
|
assert_success
|
|
}
|
|
|
|
#
|
|
# clean exit
|
|
#
|
|
|
|
@test "checking that the container stops cleanly: mail_override_hostname" {
|
|
run docker stop -t 60 mail_override_hostname
|
|
assert_success
|
|
}
|
|
|
|
@test "checking that the container stops cleanly: mail_non_subdomain_hostname" {
|
|
run docker stop -t 60 mail_non_subdomain_hostname
|
|
assert_success
|
|
}
|
|
|
|
@test "checking that the container stops cleanly: mail_srs_domainname" {
|
|
run docker stop -t 60 mail_srs_domainname
|
|
assert_success
|
|
}
|
|
|
|
@test "checking that the container stops cleanly: mail_domainname" {
|
|
run docker stop -t 60 mail_domainname
|
|
assert_success
|
|
}
|