From 1e58f1d402c14e41d169bff522c20de3b7c6e9f8 Mon Sep 17 00:00:00 2001 From: alinmear Date: Sun, 19 Mar 2017 20:25:27 +0100 Subject: [PATCH] Fix #526: fatal: no SASL authentication mechanisms When using the container with SMTP_ONLY = 1, then the container fails on ehlo because there is no valid sasl authentication mechanism available. This happens because sasl has been enabled within postfix/main.cf per default but sasl is not configured. To fix this _setup_postfix_sasl does not depend anymore on ENABLE_SASLAUTHD and will check in it's logic, whether to enable sasl or not within postfix/main.cf. --- target/start-mailserver.sh | 14 +++++++-- test/email-templates/smtp-only.txt | 8 +++++ test/tests.bats | 50 +++++++++++++++++++++++++++++- 3 files changed, 69 insertions(+), 3 deletions(-) create mode 100644 test/email-templates/smtp-only.txt diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 9797a2b5..bf71da7a 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -90,7 +90,6 @@ function register_functions() { if [ "$ENABLE_SASLAUTHD" = 1 ];then _register_setup_function "_setup_saslauthd" - _register_setup_function "_setup_postfix_sasl" fi if [ "$ENABLE_POSTGREY" = 1 ];then @@ -107,6 +106,7 @@ function register_functions() { _register_setup_function "_setup_postfix_hostname" _register_setup_function "_setup_dovecot_hostname" + _register_setup_function "_setup_postfix_sasl" _register_setup_function "_setup_postfix_override_configuration" _register_setup_function "_setup_postfix_sasl_password" _register_setup_function "_setup_security_stack" @@ -543,11 +543,21 @@ function _setup_postgrey() { function _setup_postfix_sasl() { + if [[ ${ENABLE_SASLAUTHD} == 1 ]];then [ ! -f /etc/postfix/sasl/smtpd.conf ] && cat > /etc/postfix/sasl/smtpd.conf << EOF pwcheck_method: saslauthd mech_list: plain login EOF - return 0 + fi + + # cyrus sasl or dovecot sasl + if [[ ${ENABLE_SASLAUTHD} == 1 ]] || [[ ${SMTP_ONLY} == 0 ]];then + sed -i -e 's|^smtpd_sasl_auth_enable[[:space:]]\+.*|smtpd_sasl_auth_enable = yes|g' /etc/postfix/main.cf + else + sed -i -e 's|^smtpd_sasl_auth_enable[[:space:]]\+.*|smtpd_sasl_auth_enable = no|g' /etc/postfix/main.cf + fi + + return 0 } function _setup_saslauthd() { diff --git a/test/email-templates/smtp-only.txt b/test/email-templates/smtp-only.txt new file mode 100644 index 00000000..220ace15 --- /dev/null +++ b/test/email-templates/smtp-only.txt @@ -0,0 +1,8 @@ +HELO mail.localhost +MAIL FROM: test@localhost +RCPT TO: user2@external.tld +DATA +This is a test mail. + +. +QUIT diff --git a/test/tests.bats b/test/tests.bats index cc73742f..3587b966 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -132,7 +132,7 @@ load 'test_helper/bats-assert/load' } @test "checking postgrey: /etc/default/postgrey correctly edited and has the default values" { - run docker exec mail_with_postgrey /bin/bash -c "grep '^POSTGREY_OPTS=\"--inet=10023 --delay=15 --max-age=35\"$' /etc/default/postgrey | wc -l" + run docker exec mail_with_postgrey /bin/bash -c "grep '^POSTGREY_OPTS=\"--inet=127.0.0.1:10023 --delay=15 --max-age=35\"$' /etc/default/postgrey | wc -l" assert_success assert_output 1 run docker exec mail_with_postgrey /bin/bash -c "grep '^POSTGREY_TEXT=\"Delayed by postgrey\"$' /etc/default/postgrey | wc -l" @@ -169,6 +169,14 @@ load 'test_helper/bats-assert/load' assert_output 1 } +@test "checking postgrey: there should be a log entry about the whitelisted and passed e-mail user@whitelist.tld in /var/log/mail/mail.log" { + run docker exec mail_with_postgrey /bin/sh -c "nc 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist.txt" + sleep 8 + run docker exec mail_with_postgrey /bin/sh -c "grep -i 'action=pass, reason=client whitelist' /var/log/mail/mail.log | wc -l" + assert_success + assert_output 1 +} + # # imap # @@ -323,6 +331,19 @@ load 'test_helper/bats-assert/load' assert_output 1 } +@test "checking smtp_only: mail send should work" { + run docker exec mail_smtponly /bin/sh -c "postconf -e smtp_host_lookup=no" + assert_success + run docker exec mail_smtponly /bin/sh -c "/etc/init.d/postfix reload" + assert_success + run docker exec mail_smtponly /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/smtp-only.txt" + assert_success + run docker exec mail_smtponly /bin/sh -c 'grep -E "to=.*status\=sent" /var/log/mail/mail.log' + assert_success +} + + + # # accounts # @@ -346,6 +367,11 @@ load 'test_helper/bats-assert/load' assert_output 7 } +@test "checking accounts: comments are not parsed" { + run docker exec mail /bin/bash -c "ls /var/mail | grep 'comment'" + assert_failure +} + # # postfix # @@ -923,6 +949,28 @@ load 'test_helper/bats-assert/load' [ -z "$value" ] } +# alias +@test "checking setup.sh: setup.sh alias list" { + echo "test@example.org test@forward.com" > ./config/postfix-virtual.cf + run ./setup.sh -c mail alias list + assert_success +} +@test "checking setup.sh: setup.sh alias add" { + echo "" > ./config/postfix-virtual.cf + ./setup.sh -c mail alias add test1@example.org test1@forward.com + ./setup.sh -c mail alias add test1@example.org test2@forward.com + + run /bin/sh -c 'cat ./config/postfix-virtual.cf | grep "test1@example.org test1@forward.com, test2@forward.com," | wc -l | grep 1' + assert_success +} +@test "checking setup.sh: setup.sh alias del" { + echo 'test1@example.org test1@forward.com, test2@forward.com,' > ./config/postfix-virtual.cf + ./setup.sh -c mail alias del test1@example.org test1@forward.com + ./setup.sh -c mail alias del test1@example.org test2@forward.com + run cat ./config/postfix-virtual.cf | wc -l | grep 0 + assert_success +} + # config @test "checking setup.sh: setup.sh config dkim" { run ./setup.sh -c mail config dkim