diff --git a/.travis.yml b/.travis.yml index 3d271e53..6bf3a6e6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,5 +2,28 @@ language: bash sudo: required services: - docker +before_script: + - make build-no-cache generate-accounts run fixtures script: - - make all + - make tests +after_script: + - make clean +env: + - ENABLE_POP3=0 + - ENABLE_POP3=1 + - SA_TAG= SA_TAG2= SA_KILL= + - SA_TAG=1.0 SA_TAG2=2.0 SA_KILL=3.0 + - SASL_PASSWD= + - SASL_PASSWD="external-domain.com username:password" + - SMTP_ONLY=0 + - SMTP_ONLY=1 + # - ENABLE_FAIL2BAN=0 + # - ENABLE_FAIL2BAN=1 + # - ENABLE_MANAGESIEVE=0 + # - ENABLE_MANAGESIEVE=1 + # - ONE_DIR=0 + # - ONE_DIR=1 + # - SSL_TYPE + # - DISABLE_AMAVIS=0 + # - DISABLE_SPAMASSASSIN=1 + # - DISABLE_CLAMAV=1 diff --git a/Makefile b/Makefile index c8bd2498..6a2b8df6 100644 --- a/Makefile +++ b/Makefile @@ -20,51 +20,15 @@ run: -v "`pwd`/test/config":/tmp/docker-mailserver \ -v "`pwd`/test":/tmp/docker-mailserver-test \ -v "`pwd`/test/onedir":/var/mail-state \ - -e SA_TAG=1.0 \ - -e SA_TAG2=2.0 \ - -e SA_KILL=3.0 \ - -e SASL_PASSWD="external-domain.com username:password" \ - -e ENABLE_MANAGESIEVE=1 \ - -e ONE_DIR=1 \ - -h mail.my-domain.com -t $(NAME) - sleep 20 - docker run -d --name mail_pop3 \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test":/tmp/docker-mailserver-test \ - -v "`pwd`/test/config/letsencrypt":/etc/letsencrypt/live \ - -e ENABLE_POP3=1 \ - -e SSL_TYPE=letsencrypt \ - -h mail.my-domain.com -t $(NAME) - sleep 20 - docker run -d --name mail_smtponly \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test":/tmp/docker-mailserver-test \ - -e SMTP_ONLY=1 \ - -h mail.my-domain.com -t $(NAME) - sleep 20 - docker run -d --name mail_fail2ban \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test":/tmp/docker-mailserver-test \ - -e ENABLE_FAIL2BAN=1 \ - --cap-add=NET_ADMIN \ - -h mail.my-domain.com -t $(NAME) - sleep 20 - docker run -d --name mail_disabled_amavis \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test":/tmp/docker-mailserver-test \ - -e DISABLE_AMAVIS=1 \ - -h mail.my-domain.com -t $(NAME) - sleep 20 - docker run -d --name mail_disabled_spamassassin \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test":/tmp/docker-mailserver-test \ - -e DISABLE_SPAMASSASSIN=1 \ - -h mail.my-domain.com -t $(NAME) - sleep 20 - docker run -d --name mail_disabled_clamav \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test":/tmp/docker-mailserver-test \ - -e DISABLE_CLAMAV=1 \ + -e ENABLE_POP3=$(ENABLE_POP3) \ + -e ENABLE_FAIL2BAN=$(ENABLE_FAIL2BAN) \ + -e ENABLE_MANAGESIEVE=$(ENABLE_MANAGESIEVE) \ + -e SMTP_ONLY=$(SMTP_ONLY) \ + -e SA_TAG=$(SA_TAG) \ + -e SA_TAG2=$(SA_TAG2) \ + -e SA_KILL=$(SA_KILL) \ + -e SASL_PASSWD="$(SASL_PASSWD)" \ + -e ONE_DIR=$(ONE_DIR) \ -h mail.my-domain.com -t $(NAME) # Wait for containers to fully start sleep 20 @@ -91,8 +55,8 @@ fixtures: tests: # Start tests - ./test/bats/bats test/tests.bats + ./test/bats/bats test/*.bats clean: - # Remove running test containers - docker rm -f mail mail_pop3 mail_smtponly mail_fail2ban fail-auth-mailer mail_disabled_amavis mail_disabled_spamassassin mail_disabled_clamav + # Remove running test container + docker rm -f mail diff --git a/test/env_ENABLE_POP3.bats b/test/env_ENABLE_POP3.bats new file mode 100644 index 00000000..b1e1fbcc --- /dev/null +++ b/test/env_ENABLE_POP3.bats @@ -0,0 +1,52 @@ +#################################################################################################### +# +# ENABLE_POP3=1 +# +#################################################################################################### + +@test "checking pop: process is running" { + if [ "$ENABLE_POP3" != 1 ]; then + skip + fi + run docker exec mail /bin/bash -c "ps aux | grep 'dovecot/pop'" + [ "$status" -eq 0 ] +} + +@test "checking pop: server responds on port 110" { + if [ "$ENABLE_POP3" != 1 ]; then + skip + fi + run docker exec mail /bin/bash -c "nc -w 1 0.0.0.0 110 | grep '+OK'" + [ "$status" -eq 0 ] +} + +@test "checking pop: authentication works" { + if [ "$ENABLE_POP3" != 1 ]; then + skip + fi + run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 110 < /tmp/docker-mailserver-test/auth/pop3-auth.txt" + [ "$status" -eq 0 ] +} + +#################################################################################################### +# +# ENABLE_POP3!=1 +# +#################################################################################################### + +@test "checking pop: process is not running" { + if [ "$ENABLE_POP3" = 1 ]; then + skip + fi + run docker exec mail /bin/bash -c "ps aux | grep -v grep | grep 'dovecot/pop'" + [ "$status" -eq 1 ] +} + +@test "checking pop: server does not respond on port 110" { + if [ "$ENABLE_POP3" = 1 ]; then + skip + fi + run docker exec mail /bin/bash -c "nc -w 1 0.0.0.0 110" + [ "$status" -eq 1 ] +} + diff --git a/test/env_SASL_PASSWD.bats b/test/env_SASL_PASSWD.bats new file mode 100644 index 00000000..ac7111eb --- /dev/null +++ b/test/env_SASL_PASSWD.bats @@ -0,0 +1,43 @@ +#################################################################################################### +# +# SASL_PASSWD provided +# +#################################################################################################### + +@test "checking sasl: doveadm auth test works with good password" { + if [ -z "$SASL_PASSWD" ]; then + skip + fi + run docker exec mail /bin/sh -c "doveadm auth test -x service=smtp user2@otherdomain.tld mypassword | grep 'auth succeeded'" + [ "$status" -eq 0 ] +} + +@test "checking sasl: doveadm auth test fails with bad password" { + if [ -z "$SASL_PASSWD" ]; then + skip + fi + run docker exec mail /bin/sh -c "doveadm auth test -x service=smtp user2@otherdomain.tld BADPASSWORD | grep 'auth failed'" + [ "$status" -eq 0 ] +} + +@test "checking sasl: sasl_passwd.db exists" { + if [ -z "$SASL_PASSWD" ]; then + skip + fi + run docker exec mail [ -f /etc/postfix/sasl_passwd.db ] + [ "$status" -eq 0 ] +} + +#################################################################################################### +# +# SASL_PASSWD not provided +# +#################################################################################################### + +@test "checking sasl: sasl_passwd.db should not exist" { + if [ -n "$SASL_PASSWD" ]; then + skip + fi + run docker exec mail [ -f /etc/postfix/sasl_passwd.db ] + [ "$status" -eq 1 ] +} diff --git a/test/env_SA_XXX.bats b/test/env_SA_XXX.bats new file mode 100644 index 00000000..920c0f17 --- /dev/null +++ b/test/env_SA_XXX.bats @@ -0,0 +1,59 @@ +#################################################################################################### +# +# SA_XXX with default configuraton +# +#################################################################################################### + +@test "checking spamassassin: sa_tag_level_deflt is set correctly (default)" { + if [ -n "$SA_TAG" ]; then + skip + fi + run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'" + [ "$status" -eq 0 ] +} + +@test "checking spamassassin: sa_tag2_level_deflt is set correctly (default)" { + if [ -n "$SA_TAG2" ]; then + skip + fi + run docker exec mail /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" + [ "$status" -eq 0 ] +} + +@test "checking spamassassin: sa_kill_level_deflt is set correctly (default)" { + if [ -n "$SA_KILL" ]; then + skip + fi + run docker exec mail /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" + [ "$status" -eq 0 ] +} + +#################################################################################################### +# +# SA_XXX with custom configuraton +# +#################################################################################################### + +@test "checking spamassassin: sa_tag_level_deflt is set correctly (custom)" { + if [ -z "$SA_TAG" ]; then + skip + fi + run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= $SA_TAG'" + [ "$status" -eq 0 ] +} + +@test "checking spamassassin: sa_tag2_level_deflt is set correctly (custom)" { + if [ -z "$SA_TAG" ]; then + skip + fi + run docker exec mail /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= $SA_TAG2'" + [ "$status" -eq 0 ] +} + +@test "checking spamassassin: sa_kill_level_deflt is set correctly (custom)" { + if [ -z "$SA_TAG" ]; then + skip + fi + run docker exec mail /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= $SA_KILL'" + [ "$status" -eq 0 ] +} diff --git a/test/env_SMTP_ONLY.bats b/test/env_SMTP_ONLY.bats new file mode 100644 index 00000000..339ea76c --- /dev/null +++ b/test/env_SMTP_ONLY.bats @@ -0,0 +1,7 @@ +@test "checking process: dovecot imaplogin (disabled using SMTP_ONLY)" { + if [ "$SMTP_ONLY" != 1 ]; then + skip + fi + run docker exec mail_smtponly /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" + [ "$status" -eq 1 ] +} \ No newline at end of file diff --git a/test/global.bats b/test/global.bats new file mode 100644 index 00000000..23204c78 --- /dev/null +++ b/test/global.bats @@ -0,0 +1,160 @@ +# +# imap +# + +@test "checking process: dovecot imaplogin (enabled in default configuration)" { + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" + [ "$status" -eq 0 ] +} + +@test "checking imap: server is ready with STARTTLS" { + run docker exec mail /bin/bash -c "nc -w 2 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'ready'" + [ "$status" -eq 0 ] +} + +@test "checking imap: authentication works" { + run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-auth.txt" + [ "$status" -eq 0 ] +} + +# +# logs +# + +@test "checking logs: mail related logs should be located in a subdirectory" { + run docker exec mail /bin/sh -c "ls -1 /var/log/mail/ | grep -E 'clamav|freshclam|mail'|wc -l" + [ "$status" -eq 0 ] + [ "$output" = 3 ] +} + +# +# smtp +# + +@test "checking smtp: authentication works with good password (plain)" { + run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-plain.txt | grep 'Authentication successful'" + [ "$status" -eq 0 ] +} + +@test "checking smtp: authentication fails with wrong password (plain)" { + run docker exec mail /bin/sh -c "nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-plain-wrong.txt | grep 'authentication failed'" + [ "$status" -eq 0 ] +} + +@test "checking smtp: authentication works with good password (login)" { + run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login.txt | grep 'Authentication successful'" + [ "$status" -eq 0 ] +} + +@test "checking smtp: authentication fails with wrong password (login)" { + run docker exec mail /bin/sh -c "nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt | grep 'authentication failed'" + [ "$status" -eq 0 ] +} + +@test "checking smtp: delivers mail to existing account" { + run docker exec mail /bin/sh -c "grep 'status=sent (delivered via dovecot service)' /var/log/mail/mail.log | wc -l" + [ "$status" -eq 0 ] + [ "$output" -eq 6 ] +} + +@test "checking smtp: delivers mail to existing alias" { + run docker exec mail /bin/sh -c "grep 'to=, orig_to=' /var/log/mail/mail.log | grep 'status=sent' | wc -l" + [ "$status" -eq 0 ] + [ "$output" = 1 ] +} + +@test "checking smtp: delivers mail to existing catchall" { + run docker exec mail /bin/sh -c "grep 'to=, orig_to=' /var/log/mail/mail.log | grep 'status=sent' | wc -l" + [ "$status" -eq 0 ] + [ "$output" = 1 ] +} + +@test "checking smtp: delivers mail to regexp alias" { + run docker exec mail /bin/sh -c "grep 'to=, orig_to=' /var/log/mail/mail.log | grep 'status=sent' | wc -l" + [ "$status" -eq 0 ] + [ "$output" = 1 ] +} + +@test "checking smtp: user1 should have received 5 mails" { + run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/new | wc -l" + [ "$status" -eq 0 ] + [ "$output" = 5 ] +} + +@test "checking smtp: rejects mail to unknown user" { + run docker exec mail /bin/sh -c "grep ': Recipient address rejected: User unknown in virtual mailbox table' /var/log/mail/mail.log | wc -l" + [ "$status" -eq 0 ] + [ "$output" = 1 ] +} + +@test "checking smtp: redirects mail to external aliases" { + run docker exec mail /bin/sh -c "grep -- '-> ' /var/log/mail/mail.log | wc -l" + [ "$status" -eq 0 ] + [ "$output" = 2 ] +} + +@test "checking smtp: rejects spam" { + run docker exec mail /bin/sh -c "grep 'Blocked SPAM' /var/log/mail/mail.log | grep spam@external.tld | wc -l" + [ "$status" -eq 0 ] + [ "$output" = 1 ] +} + +@test "checking smtp: rejects virus" { + run docker exec mail /bin/sh -c "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep virus@external.tld | wc -l" + [ "$status" -eq 0 ] + [ "$output" = 1 ] +} + +# +# accounts +# + +@test "checking accounts: user accounts" { + run docker exec mail doveadm user '*' + [ "$status" -eq 0 ] + [ "${lines[0]}" = "user1@localhost.localdomain" ] + [ "${lines[1]}" = "user2@otherdomain.tld" ] +} + +@test "checking accounts: user mail folders for user1" { + run docker exec mail /bin/bash -c "ls -A /var/mail/localhost.localdomain/user1 | grep -E '.Drafts|.Sent|.Trash|cur|new|subscriptions|tmp' | wc -l" + [ "$status" -eq 0 ] + [ "$output" -eq 7 ] +} + +@test "checking accounts: user mail folders for user2" { + run docker exec mail /bin/bash -c "ls -A /var/mail/otherdomain.tld/user2 | grep -E '.Drafts|.Sent|.Trash|cur|new|subscriptions|tmp' | wc -l" + [ "$status" -eq 0 ] + [ "$output" -eq 7 ] +} + +# +# postfix +# + +@test "checking postfix: vhost file is correct" { + run docker exec mail cat /etc/postfix/vhost + [ "$status" -eq 0 ] + [ "${lines[0]}" = "localdomain2.com" ] + [ "${lines[1]}" = "localhost.localdomain" ] + [ "${lines[2]}" = "otherdomain.tld" ] +} + +@test "checking postfix: main.cf overrides" { + run docker exec mail grep -q 'max_idle = 600s' /tmp/docker-mailserver/postfix-main.cf + [ "$status" -eq 0 ] + run docker exec mail grep -q 'readme_directory = /tmp' /tmp/docker-mailserver/postfix-main.cf + [ "$status" -eq 0 ] +} + +# +# dovecot +# + +@test "checking dovecot: config additions" { + run docker exec mail grep -q 'mail_max_userip_connections = 69' /tmp/docker-mailserver/dovecot.cf + [ "$status" -eq 0 ] + run docker exec mail /bin/sh -c "doveconf | grep 'mail_max_userip_connections = 69'" + [ "$status" -eq 0 ] + [ "$output" = 'mail_max_userip_connections = 69' ] +} \ No newline at end of file diff --git a/test/tests.bats b/test/tests._bats similarity index 55% rename from test/tests.bats rename to test/tests._bats index f19a8542..5d24a7d8 100644 --- a/test/tests.bats +++ b/test/tests._bats @@ -27,15 +27,23 @@ [ "$status" -eq 0 ] } -@test "checking process: fail2ban (disabled in default configuration)" { - run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" - [ "$status" -eq 1 ] -} +if [ $ENABLE_FAIL2BAN = 0 ]; then -@test "checking process: fail2ban (fail2ban server enabled)" { - run docker exec mail_fail2ban /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" - [ "$status" -eq 0 ] -} + @test "checking process: fail2ban (disabled in default configuration)" { + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" + [ "$status" -eq 1 ] + } + +fi + +if [ $ENABLE_FAIL2BAN = 1 ]; then + + @test "checking process: fail2ban (fail2ban server enabled)" { + run docker exec mail_fail2ban /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" + [ "$status" -eq 0 ] + } + +fi @test "checking process: amavis (amavis disabled by DISABLE_AMAVIS)" { run docker exec mail_disabled_amavis /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/amavisd-new'" @@ -52,227 +60,6 @@ [ "$status" -eq 1 ] } -# -# imap -# - -@test "checking process: dovecot imaplogin (enabled in default configuration)" { - run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" - [ "$status" -eq 0 ] -} - -@test "checking process: dovecot imaplogin (disabled using SMTP_ONLY)" { - run docker exec mail_smtponly /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" - [ "$status" -eq 1 ] -} - -@test "checking imap: server is ready with STARTTLS" { - run docker exec mail /bin/bash -c "nc -w 2 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'ready'" - [ "$status" -eq 0 ] -} - -@test "checking imap: authentication works" { - run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-auth.txt" - [ "$status" -eq 0 ] -} - -# -# pop -# - -@test "checking pop: server is ready" { - run docker exec mail_pop3 /bin/bash -c "nc -w 1 0.0.0.0 110 | grep '+OK'" - [ "$status" -eq 0 ] -} - -@test "checking pop: authentication works" { - run docker exec mail_pop3 /bin/sh -c "nc -w 1 0.0.0.0 110 < /tmp/docker-mailserver-test/auth/pop3-auth.txt" - [ "$status" -eq 0 ] -} - -# -# sasl -# - -@test "checking sasl: doveadm auth test works with good password" { - run docker exec mail /bin/sh -c "doveadm auth test -x service=smtp user2@otherdomain.tld mypassword | grep 'auth succeeded'" - [ "$status" -eq 0 ] -} - -@test "checking sasl: doveadm auth test fails with bad password" { - run docker exec mail /bin/sh -c "doveadm auth test -x service=smtp user2@otherdomain.tld BADPASSWORD | grep 'auth failed'" - [ "$status" -eq 0 ] -} - -@test "checking sasl: sasl_passwd.db exists" { - run docker exec mail [ -f /etc/postfix/sasl_passwd.db ] - [ "$status" -eq 0 ] -} - -# -# logs -# - -@test "checking logs: mail related logs should be located in a subdirectory" { - run docker exec mail /bin/sh -c "ls -1 /var/log/mail/ | grep -E 'clamav|freshclam|mail'|wc -l" - [ "$status" -eq 0 ] - [ "$output" = 3 ] -} - -# -# smtp -# - -@test "checking smtp: authentication works with good password (plain)" { - run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-plain.txt | grep 'Authentication successful'" - [ "$status" -eq 0 ] -} - -@test "checking smtp: authentication fails with wrong password (plain)" { - run docker exec mail /bin/sh -c "nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-plain-wrong.txt | grep 'authentication failed'" - [ "$status" -eq 0 ] -} - -@test "checking smtp: authentication works with good password (login)" { - run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login.txt | grep 'Authentication successful'" - [ "$status" -eq 0 ] -} - -@test "checking smtp: authentication fails with wrong password (login)" { - run docker exec mail /bin/sh -c "nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt | grep 'authentication failed'" - [ "$status" -eq 0 ] -} - -@test "checking smtp: delivers mail to existing account" { - run docker exec mail /bin/sh -c "grep 'status=sent (delivered via dovecot service)' /var/log/mail/mail.log | wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 6 ] -} - -@test "checking smtp: delivers mail to existing alias" { - run docker exec mail /bin/sh -c "grep 'to=, orig_to=' /var/log/mail/mail.log | grep 'status=sent' | wc -l" - [ "$status" -eq 0 ] - [ "$output" = 1 ] -} - -@test "checking smtp: delivers mail to existing catchall" { - run docker exec mail /bin/sh -c "grep 'to=, orig_to=' /var/log/mail/mail.log | grep 'status=sent' | wc -l" - [ "$status" -eq 0 ] - [ "$output" = 1 ] -} - -@test "checking smtp: delivers mail to regexp alias" { - run docker exec mail /bin/sh -c "grep 'to=, orig_to=' /var/log/mail/mail.log | grep 'status=sent' | wc -l" - [ "$status" -eq 0 ] - [ "$output" = 1 ] -} - -@test "checking smtp: user1 should have received 5 mails" { - run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/new | wc -l" - [ "$status" -eq 0 ] - [ "$output" = 5 ] -} - -@test "checking smtp: rejects mail to unknown user" { - run docker exec mail /bin/sh -c "grep ': Recipient address rejected: User unknown in virtual mailbox table' /var/log/mail/mail.log | wc -l" - [ "$status" -eq 0 ] - [ "$output" = 1 ] -} - -@test "checking smtp: redirects mail to external aliases" { - run docker exec mail /bin/sh -c "grep -- '-> ' /var/log/mail/mail.log | wc -l" - [ "$status" -eq 0 ] - [ "$output" = 2 ] -} - -@test "checking smtp: rejects spam" { - run docker exec mail /bin/sh -c "grep 'Blocked SPAM' /var/log/mail/mail.log | grep spam@external.tld | wc -l" - [ "$status" -eq 0 ] - [ "$output" = 1 ] -} - -@test "checking smtp: rejects virus" { - run docker exec mail /bin/sh -c "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep virus@external.tld | wc -l" - [ "$status" -eq 0 ] - [ "$output" = 1 ] -} - -# -# accounts -# - -@test "checking accounts: user accounts" { - run docker exec mail doveadm user '*' - [ "$status" -eq 0 ] - [ "${lines[0]}" = "user1@localhost.localdomain" ] - [ "${lines[1]}" = "user2@otherdomain.tld" ] -} - -@test "checking accounts: user mail folders for user1" { - run docker exec mail /bin/bash -c "ls -A /var/mail/localhost.localdomain/user1 | grep -E '.Drafts|.Sent|.Trash|cur|new|subscriptions|tmp' | wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 7 ] -} - -@test "checking accounts: user mail folders for user2" { - run docker exec mail /bin/bash -c "ls -A /var/mail/otherdomain.tld/user2 | grep -E '.Drafts|.Sent|.Trash|cur|new|subscriptions|tmp' | wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 7 ] -} - -# -# postfix -# - -@test "checking postfix: vhost file is correct" { - run docker exec mail cat /etc/postfix/vhost - [ "$status" -eq 0 ] - [ "${lines[0]}" = "localdomain2.com" ] - [ "${lines[1]}" = "localhost.localdomain" ] - [ "${lines[2]}" = "otherdomain.tld" ] -} - -@test "checking postfix: main.cf overrides" { - run docker exec mail grep -q 'max_idle = 600s' /tmp/docker-mailserver/postfix-main.cf - [ "$status" -eq 0 ] - run docker exec mail grep -q 'readme_directory = /tmp' /tmp/docker-mailserver/postfix-main.cf - [ "$status" -eq 0 ] -} - -# -# dovecot -# - -@test "checking dovecot: config additions" { - run docker exec mail grep -q 'mail_max_userip_connections = 69' /tmp/docker-mailserver/dovecot.cf - [ "$status" -eq 0 ] - run docker exec mail /bin/sh -c "doveconf | grep 'mail_max_userip_connections = 69'" - [ "$status" -eq 0 ] - [ "$output" = 'mail_max_userip_connections = 69' ] -} - -# -# spamassassin -# - -@test "checking spamassassin: docker env variables are set correctly (default)" { - run docker exec mail_pop3 /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'" - [ "$status" -eq 0 ] - run docker exec mail_pop3 /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" - [ "$status" -eq 0 ] - run docker exec mail_pop3 /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" - [ "$status" -eq 0 ] -} - -@test "checking spamassassin: docker env variables are set correctly (custom)" { - run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 1.0'" - [ "$status" -eq 0 ] - run docker exec mail /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'" - [ "$status" -eq 0 ] - run docker exec mail /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 3.0'" - [ "$status" -eq 0 ] -} - # # opendkim #