From a83f8388c1ea0bc0143e481cac374559f356a81b Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Tue, 27 Dec 2016 16:41:02 +0100 Subject: [PATCH 01/30] WIP --- .travis.yml | 4 + test/tests.bats | 210 +++++++++++++++++++++++++++++++++++++++--------- 2 files changed, 177 insertions(+), 37 deletions(-) diff --git a/.travis.yml b/.travis.yml index ec3bc887..62583dfa 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,6 +11,10 @@ script: - make generate-accounts run fixtures tests after_script: - make clean +env: +- ENABLE_CLAMAV=1 ENABLE_SPAMASSASSIN=1 ENABLE_FAIL2BAN=1 SA_TAG=1.0 SA_TAG2=2.0 SA_KILL=3.0 VIRUSMAILS_DELETE_DELAY=7 ENABLE_MANAGESIEVE=1 PERMIT_DOCKER=host DMS_DEBUG=0 SASL_PASSWD="external domain.com username:password" +- ENABLE_CLAMAV=0 ENABLE_SPAMASSASSIN=0 ENABLE_FAIL2BAN=0 SA_TAG= SA_TAG2= SA_KILL= VIRUSMAILS_DELETE_DELAY= ENABLE_MANAGESIEVE=0 PERMIT_DOCKER=network DMS_DEBUG=1 + notifications: slack: secure: TTo1z9nbZCWcIdfPwypubNa3y+pwvfgDGlzEVAGEuK7uuIpmEoAcAUNSSPTnbewDGHnDl8t/ml93MtvP+a+IVuAKytMqF39PHyoZO7aUl9J62V+G75OmnyGjXGJm40pQosCS6LzqoRRYXotl9+fwH568Kf4ifXCrMZX1d+ir7Ww= diff --git a/test/tests.bats b/test/tests.bats index c9cd111a..3cf02715 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -16,12 +16,25 @@ [ "$status" -eq 0 ] } -@test "checking process: clamd" { - run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" - [ "$status" -eq 0 ] +@test "checking process: clamav (enabled by ENABLE_CLAMAV=1)" { + if [ $ENABLE_CLAMAV = 0 ]; then + skip + elif [ $ENABLE_CLAMAV = 1 ]; then + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" + [ "$status" -eq 0 ] + fi } -@test "checking process: new" { +@test "checking process: clamav (disabled by ENABLE_CLAMAV=0)" { + if [ $ENABLE_CLAMAV = 0 ]; then + run docker exec mail_disabled_clamav_spamassassin /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" + [ "$status" -eq 1 ] + elif [ $ENABLE_CLAMAV = 1 ]; then + skip + fi +} + +@test "checking process: amavisd-new" { run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/amavisd-new'" [ "$status" -eq 0 ] } @@ -36,34 +49,58 @@ [ "$status" -eq 0 ] } -@test "checking process: fail2ban (disabled in default configuration)" { - run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" - [ "$status" -eq 1 ] +@test "checking process: fail2ban (disabled by ENABLE_FAIL2BAN=0)" { + if [ $ENABLE_FAIL2BAN = 0 ]; then + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" + [ "$status" -eq 1 ] + elif [ $ENABLE_FAIL2BAN = 1 ]; then + skip + fi } -@test "checking process: fail2ban (fail2ban server enabled)" { - run docker exec mail_fail2ban /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" - [ "$status" -eq 0 ] +@test "checking process: fail2ban (enabled by ENABLE_FAIL2BAN=1)" { + if [ $ENABLE_FAIL2BAN = 0 ]; then + skip + elif [ $ENABLE_FAIL2BAN = 1 ]; then + run docker exec mail_fail2ban /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" + [ "$status" -eq 0 ] + fi } -@test "checking process: fetchmail (disabled in default configuration)" { +@test "checking process: fetchmail (disabled by ENABLE_FETCHMAIL=0)" { + if [ $ENABLE_FETCHMAIL = 0 ]; then + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'" + [ "$status" -eq 1 ] + elif [ $ENABLE_FETCHMAIL = 1 ]; then + skip + fi +} + +@test "checking process: fetchmail (enabled by ENABLE_FETCHMAIL=1)" { + if [ $ENABLE_FETCHMAIL = 0 ]; then + skip + elif [ $ENABLE_FETCHMAIL = 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'" - [ "$status" -eq 1 ] -} - -@test "checking process: fetchmail (fetchmail server enabled)" { - run docker exec mail_fetchmail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'" [ "$status" -eq 0 ] + fi } -@test "checking process: clamav (clamav disabled by ENABLED_CLAMAV=0)" { - run docker exec mail_disabled_clamav_spamassassin /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" - [ "$status" -eq 1 ] +@test "checking process: saslauthd (enabled by ENABLE_SASLAUTHD=0)" { + if [ $ENABLE_FETCHMAIL = 0 ]; then + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" + [ "$status" -eq 1 ] + elif [ $ENABLE_FETCHMAIL = 1 ]; then + skip + fi } -@test "checking process: saslauthd (saslauthd server enabled)" { - run docker exec mail_with_ldap /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" - [ "$status" -eq 0 ] +@test "checking process: saslauthd (enabled by ENABLE_SASLAUTHD=1)" { + if [ $ENABLE_FETCHMAIL = 0 ]; then + skip + elif [ $ENABLE_FETCHMAIL = 1 ]; then + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" + [ "$status" -eq 0 ] + fi } # @@ -71,21 +108,35 @@ # @test "checking process: dovecot imaplogin (enabled in default configuration)" { - run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" - [ "$status" -eq 0 ] + if [ $SMTP_ONLY = 0 ]; then + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" + [ "$status" -eq 0 ] + elif [ $SMTP_ONLY = 1 ]; then + skip + fi } @test "checking process: dovecot imaplogin (disabled using SMTP_ONLY)" { - run docker exec mail_smtponly /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" - [ "$status" -eq 1 ] + if [ $SMTP_ONLY = 0 ]; then + skip + elif [ $SMTP_ONLY = 1 ]; then + run docker exec mail_smtponly /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" + [ "$status" -eq 1 ] + fi } @test "checking imap: server is ready with STARTTLS" { + if [ $SMTP_ONLY = 1 ]; then + skip + fi run docker exec mail /bin/bash -c "nc -w 2 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'ready'" [ "$status" -eq 0 ] } @test "checking imap: authentication works" { + if [ $SMTP_ONLY = 1 ]; then + skip + fi run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-auth.txt" [ "$status" -eq 0 ] } @@ -95,11 +146,17 @@ # @test "checking pop: server is ready" { + if [ $ENABLE_POP3 = 0 ]; then + skip + fi run docker exec mail_pop3 /bin/bash -c "nc -w 1 0.0.0.0 110 | grep '+OK'" [ "$status" -eq 0 ] } @test "checking pop: authentication works" { + if [ $ENABLE_POP3 = 0 ]; then + skip + fi run docker exec mail_pop3 /bin/sh -c "nc -w 1 0.0.0.0 110 < /tmp/docker-mailserver-test/auth/pop3-auth.txt" [ "$status" -eq 0 ] } @@ -109,16 +166,25 @@ # @test "checking sasl: doveadm auth test works with good password" { + if [ -z $SASL_PASSWD ]; then + skip + fi run docker exec mail /bin/sh -c "doveadm auth test -x service=smtp user2@otherdomain.tld mypassword | grep 'auth succeeded'" [ "$status" -eq 0 ] } @test "checking sasl: doveadm auth test fails with bad password" { + if [ -z $SASL_PASSWD ]; then + skip + fi run docker exec mail /bin/sh -c "doveadm auth test -x service=smtp user2@otherdomain.tld BADPASSWORD | grep 'auth failed'" [ "$status" -eq 0 ] } @test "checking sasl: sasl_passwd exists" { + if [ -z $SASL_PASSWD ]; then + skip + fi run docker exec mail [ -f /etc/postfix/sasl_passwd ] [ "$status" -eq 0 ] } @@ -200,12 +266,18 @@ } @test "checking smtp: rejects spam" { + if [ $ENABLE_CLAMAV = 0 ]; then + skip + fi run docker exec mail /bin/sh -c "grep 'Blocked SPAM' /var/log/mail/mail.log | grep spam@external.tld | wc -l" [ "$status" -eq 0 ] [ "$output" = 1 ] } @test "checking smtp: rejects virus" { + if [ $ENABLE_SPAMASSASSIN = 0 ]; then + skip + fi run docker exec mail /bin/sh -c "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep virus@external.tld | wc -l" [ "$status" -eq 0 ] [ "$output" = 1 ] @@ -270,25 +342,37 @@ # @test "checking spamassassin: should be listed in amavis when enabled" { + if [ $ENABLE_SPAMASSASSIN = 0 ]; then + skip + fi run docker exec mail /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'" [ "$status" -eq 1 ] } @test "checking spamassassin: should not be listed in amavis when disabled" { - run docker exec mail_disabled_clamav_spamassassin /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'" + if [ $ENABLE_SPAMASSASSIN = 1 ]; then + skip + fi + run docker exec mail /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'" [ "$status" -eq 0 ] } @test "checking spamassassin: docker env variables are set correctly (default)" { - run docker exec mail_pop3 /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'" + if [ $ENABLE_SPAMASSASSIN = 0 || ! -z $SA_TAG ]; then + skip + fi + run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'" [ "$status" -eq 0 ] - run docker exec mail_pop3 /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" + run docker exec mail /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" [ "$status" -eq 0 ] - run docker exec mail_pop3 /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" + run docker exec mail /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" [ "$status" -eq 0 ] } @test "checking spamassassin: docker env variables are set correctly (custom)" { + if [ $ENABLE_SPAMASSASSIN = 1 || -z $SA_TAG ]; then + skip + fi run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 1.0'" [ "$status" -eq 0 ] run docker exec mail /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'" @@ -302,17 +386,26 @@ # @test "checking clamav: should be listed in amavis when enabled" { + if [ $ENABLE_CLAMAV = 0 ]; then + skip + fi run docker exec mail grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log [ "$status" -eq 0 ] } @test "checking clamav: should not be listed in amavis when disabled" { - run docker exec mail_disabled_clamav_spamassassin grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log + if [ $ENABLE_CLAMAV = 1 ]; then + skip + fi + run docker exec mail grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log [ "$status" -eq 1 ] } @test "checking clamav: should not be called when disabled" { - run docker exec mail_disabled_clamav_spamassassin grep -i 'connect to /var/run/clamav/clamd.ctl failed' /var/log/mail/mail.log + if [ $ENABLE_CLAMAV = 1 ]; then + skip + fi + run docker exec mail grep -i 'connect to /var/run/clamav/clamd.ctl failed' /var/log/mail/mail.log [ "$status" -eq 1 ] } @@ -422,6 +515,9 @@ # @test "checking ssl: generated default cert works correctly" { + if [ ! -z $SSL_TYPE ]; then + skip + fi run docker exec mail /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 0 (ok)'" [ "$status" -eq 0 ] } @@ -432,6 +528,9 @@ } @test "checking ssl: letsencrypt configuration is correct" { + if [ $SSL_TYPE != "letsencrypt" ]; then + skip + fi run docker exec mail_pop3 /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/postfix/main.cf | wc -l' [ "$status" -eq 0 ] [ "$output" -eq 2 ] @@ -441,11 +540,17 @@ } @test "checking ssl: letsencrypt cert works correctly" { + if [ $SSL_TYPE != "letsencrypt" ]; then + skip + fi run docker exec mail_pop3 /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" [ "$status" -eq 0 ] } @test "checking ssl: manual configuration is correct" { + if [ $SSL_TYPE != "manual" ]; then + skip + fi run docker exec mail_manual_ssl /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/postfix/main.cf | wc -l' [ "$status" -eq 0 ] [ "$output" -eq 1 ] @@ -461,6 +566,9 @@ } @test "checking ssl: manual configuration copied files correctly " { + if [ $SSL_TYPE != "manual" ]; then + skip + fi run docker exec mail_manual_ssl /bin/sh -c 'cmp -s /etc/postfix/ssl/cert /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem' [ "$status" -eq 0 ] run docker exec mail_manual_ssl /bin/sh -c 'cmp -s /etc/postfix/ssl/key /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem' @@ -468,6 +576,9 @@ } @test "checking ssl: manual cert works correctly" { + if [ $SSL_TYPE != "manual" ]; then + skip + fi run docker exec mail_manual_ssl /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" [ "$status" -eq 0 ] } @@ -477,13 +588,19 @@ # @test "checking fail2ban: localhost is not banned because ignored" { - run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*127.0.0.1'" + if [ $ENABLE_FAIL2BAN = 0 ]; then + skip + fi + run docker exec mail /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*127.0.0.1'" [ "$status" -eq 1 ] - run docker exec mail_fail2ban /bin/sh -c "grep 'ignoreip = 127.0.0.1/8' /etc/fail2ban/jail.conf" + run docker exec mail /bin/sh -c "grep 'ignoreip = 127.0.0.1/8' /etc/fail2ban/jail.conf" [ "$status" -eq 0 ] } @test "checking fail2ban: fail2ban-jail.cf overrides" { + if [ $ENABLE_FAIL2BAN = 0 ]; then + skip + fi FILTERS=(sshd postfix dovecot postfix-sasl) for FILTER in "${FILTERS[@]}"; do @@ -499,6 +616,9 @@ } @test "checking fail2ban: ban ip on multiple failed login" { + if [ $ENABLE_FAIL2BAN = 0 ]; then + skip + fi # Getting mail_fail2ban container IP MAIL_FAIL2BAN_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' mail_fail2ban) @@ -522,6 +642,9 @@ } @test "checking fail2ban: unban ip works" { + if [ $ENABLE_FAIL2BAN = 0 ]; then + skip + fi FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer) docker exec mail_fail2ban fail2ban-client set postfix-sasl unbanip $FAIL_AUTH_MAILER_IP @@ -541,11 +664,17 @@ # @test "checking fetchmail: gerneral options in fetchmailrc are loaded" { + if [ $ENABLE_FETCHMAIL = 0 ]; then + skip + fi run docker exec mail_fetchmail grep 'set syslog' /etc/fetchmailrc [ "$status" -eq 0 ] } @test "checking fetchmail: fetchmail.cf is loaded" { + if [ $ENABLE_FETCHMAIL = 0 ]; then + skip + fi run docker exec mail_fetchmail grep 'pop3.example.com' /etc/fetchmailrc [ "$status" -eq 0 ] } @@ -598,9 +727,7 @@ [ "$status" -eq 1 ] run docker exec mail grep -i '(!)connect' /var/log/mail/mail.log [ "$status" -eq 1 ] - run docker exec mail_pop3 grep 'non-null host address bits in' /var/log/mail/mail.log - [ "$status" -eq 1 ] - run docker exec mail_pop3 grep ': error:' /var/log/mail/mail.log + run docker exec mail grep 'non-null host address bits in' /var/log/mail/mail.log [ "$status" -eq 1 ] } @@ -631,17 +758,26 @@ # @test "checking sieve: user1 should have received 1 email in folder INBOX.spam" { + if [ $ENABLE_MANAGESIEVE = 0 ]; then + skip + fi run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/.INBOX.spam/new | wc -l" [ "$status" -eq 0 ] [ "$output" = 1 ] } @test "checking manage sieve: server is ready when ENABLE_MANAGESIEVE has been set" { + if [ $ENABLE_MANAGESIEVE = 0 ]; then + skip + fi run docker exec mail /bin/bash -c "nc -z 0.0.0.0 4190" [ "$status" -eq 0 ] } @test "checking manage sieve: disabled per default" { + if [ $ENABLE_MANAGESIEVE = 1 ]; then + skip + fi run docker exec mail_pop3 /bin/bash -c "nc -z 0.0.0.0 4190" [ "$status" -ne 0 ] } From 378dcb7dcf39453dbff44adbb9795c6011c81e57 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Tue, 27 Dec 2016 17:09:36 +0100 Subject: [PATCH 02/30] Fixed config --- Makefile | 89 ++++--------------------- test/tests.bats | 170 ++++++++++++++++++++++++------------------------ 2 files changed, 97 insertions(+), 162 deletions(-) diff --git a/Makefile b/Makefile index a8022d1c..6b9f9fd7 100644 --- a/Makefile +++ b/Makefile @@ -22,82 +22,18 @@ run: -v "`pwd`/test/config":/tmp/docker-mailserver \ -v "`pwd`/test":/tmp/docker-mailserver-test \ -v "`pwd`/test/onedir":/var/mail-state \ - -e ENABLE_CLAMAV=1 \ - -e ENABLE_SPAMASSASSIN=1 \ - -e SA_TAG=1.0 \ - -e SA_TAG2=2.0 \ - -e SA_KILL=3.0 \ - -e VIRUSMAILS_DELETE_DELAY=7 \ - -e SASL_PASSWD="external-domain.com username:password" \ - -e ENABLE_MANAGESIEVE=1 \ - -e PERMIT_DOCKER=host \ - -e DMS_DEBUG=0 \ - -h mail.my-domain.com -t $(NAME) - sleep 15 - docker run -d --name mail_pop3 \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test":/tmp/docker-mailserver-test \ - -v "`pwd`/test/config/letsencrypt":/etc/letsencrypt/live \ - -e ENABLE_POP3=1 \ - -e DMS_DEBUG=1 \ - -e SSL_TYPE=letsencrypt \ - -h mail.my-domain.com -t $(NAME) - sleep 15 - docker run -d --name mail_smtponly \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test":/tmp/docker-mailserver-test \ - -e SMTP_ONLY=1 \ - -e PERMIT_DOCKER=network\ - -h mail.my-domain.com -t $(NAME) - sleep 15 - docker run -d --name mail_fail2ban \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test":/tmp/docker-mailserver-test \ - -e ENABLE_FAIL2BAN=1 \ - --cap-add=NET_ADMIN \ - -h mail.my-domain.com -t $(NAME) - sleep 15 - docker run -d --name mail_fetchmail \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test":/tmp/docker-mailserver-test \ - -e ENABLE_FETCHMAIL=1 \ - --cap-add=NET_ADMIN \ - -h mail.my-domain.com -t $(NAME) - sleep 15 - docker run -d --name mail_disabled_clamav_spamassassin \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test":/tmp/docker-mailserver-test \ - -e ENABLE_CLAMAV=0 \ - -e ENABLE_SPAMASSASSIN=0 \ - -h mail.my-domain.com -t $(NAME) - sleep 15 - docker run -d --name mail_manual_ssl \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test":/tmp/docker-mailserver-test \ - -e SSL_TYPE=manual \ - -e SSL_CERT_PATH=/tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem \ - -e SSL_KEY_PATH=/tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem \ - -h mail.my-domain.com -t $(NAME) - sleep 15 - docker run -d --name ldap_for_mail \ - -e LDAP_DOMAIN="localhost.localdomain" \ - -h mail.my-domain.com -t ldap - sleep 15 - docker run -d --name mail_with_ldap \ - -v "`pwd`/test/config":/tmp/docker-mailserver \ - -v "`pwd`/test":/tmp/docker-mailserver-test \ - -e ENABLE_LDAP=1 \ - -e LDAP_SERVER_HOST=ldap \ - -e LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain \ - -e LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain \ - -e ENABLE_SASLAUTHD=1 \ - -e SASLAUTHD_MECHANISMS=ldap \ - -e SASLAUTHD_LDAP_SERVER=ldap \ - -e SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain \ - -e SASLAUTHD_LDAP_PASSWORD=admin \ - -e SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain \ - -e POSTMASTER_ADDRESS=postmaster@localhost.localdomain \ - --link ldap_for_mail:ldap \ + -e ENABLE_POP3=$(ENABLE_POP3) \ + -e ENABLE_FAIL2BAN=$(ENABLE_FAIL2BAN) \ + -e ENABLE_MANAGESIEVE=$(ENABLE_MANAGESIEVE) \ + -e ENABLE_CLAMAV=$(ENABLE_CLAMAV) \ + -e ENABLE_SPAMASSASSIN=$(ENABLE_SPAMASSASSIN) \ + -e SMTP_ONLY=$(SMTP_ONLY) \ + -e SA_TAG=$(SA_TAG) \ + -e SA_TAG2=$(SA_TAG2) \ + -e SA_KILL=$(SA_KILL) \ + -e SASL_PASSWD="$(SASL_PASSWD)" \ + -e ONE_DIR=$(ONE_DIR) \ + -e DMS_DEBUG=$(DMS_DEBUG) \ -h mail.my-domain.com -t $(NAME) # Wait for containers to fully start sleep 15 @@ -120,7 +56,6 @@ fixtures: docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-catchall-local.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/sieve-spam-folder.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/non-existing-user.txt" - docker exec mail_disabled_clamav_spamassassin /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user.txt" # Wait for mails to be analyzed sleep 10 diff --git a/test/tests.bats b/test/tests.bats index 3cf02715..73deedee 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -17,19 +17,19 @@ } @test "checking process: clamav (enabled by ENABLE_CLAMAV=1)" { - if [ $ENABLE_CLAMAV = 0 ]; then + if [ "$ENABLE_CLAMAV" = 0 ]; then skip - elif [ $ENABLE_CLAMAV = 1 ]; then + elif [ "$ENABLE_CLAMAV" = 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" [ "$status" -eq 0 ] fi } @test "checking process: clamav (disabled by ENABLE_CLAMAV=0)" { - if [ $ENABLE_CLAMAV = 0 ]; then - run docker exec mail_disabled_clamav_spamassassin /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" + if [ "$ENABLE_CLAMAV" = 0 ]; then + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" [ "$status" -eq 1 ] - elif [ $ENABLE_CLAMAV = 1 ]; then + elif [" $ENABLE_CLAMAV" = 1 ]; then skip fi } @@ -50,54 +50,54 @@ } @test "checking process: fail2ban (disabled by ENABLE_FAIL2BAN=0)" { - if [ $ENABLE_FAIL2BAN = 0 ]; then + if [ "$ENABLE_FAIL2BAN" = 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" [ "$status" -eq 1 ] - elif [ $ENABLE_FAIL2BAN = 1 ]; then + elif [ "$ENABLE_FAIL2BAN" = 1 ]; then skip fi } @test "checking process: fail2ban (enabled by ENABLE_FAIL2BAN=1)" { - if [ $ENABLE_FAIL2BAN = 0 ]; then + if [ "$ENABLE_FAIL2BAN" = 0 ]; then skip - elif [ $ENABLE_FAIL2BAN = 1 ]; then - run docker exec mail_fail2ban /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" + elif [ "$ENABLE_FAIL2BAN" = 1 ]; then + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" [ "$status" -eq 0 ] fi } @test "checking process: fetchmail (disabled by ENABLE_FETCHMAIL=0)" { - if [ $ENABLE_FETCHMAIL = 0 ]; then + if [ "$ENABLE_FETCHMAIL" = 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'" [ "$status" -eq 1 ] - elif [ $ENABLE_FETCHMAIL = 1 ]; then + elif [ "$ENABLE_FETCHMAIL" = 1 ]; then skip fi } @test "checking process: fetchmail (enabled by ENABLE_FETCHMAIL=1)" { - if [ $ENABLE_FETCHMAIL = 0 ]; then + if [ "$ENABLE_FETCHMAIL" = 0 ]; then skip - elif [ $ENABLE_FETCHMAIL = 1 ]; then + elif [ "$ENABLE_FETCHMAIL" = 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'" [ "$status" -eq 0 ] fi } @test "checking process: saslauthd (enabled by ENABLE_SASLAUTHD=0)" { - if [ $ENABLE_FETCHMAIL = 0 ]; then + if [" $ENABLE_FETCHMAIL" = 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" [ "$status" -eq 1 ] - elif [ $ENABLE_FETCHMAIL = 1 ]; then + elif [ "$ENABLE_FETCHMAIL" = 1 ]; then skip fi } @test "checking process: saslauthd (enabled by ENABLE_SASLAUTHD=1)" { - if [ $ENABLE_FETCHMAIL = 0 ]; then + if [ "$ENABLE_FETCHMAIL" = 0 ]; then skip - elif [ $ENABLE_FETCHMAIL = 1 ]; then + elif [ "$ENABLE_FETCHMAIL" = 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" [ "$status" -eq 0 ] fi @@ -108,25 +108,25 @@ # @test "checking process: dovecot imaplogin (enabled in default configuration)" { - if [ $SMTP_ONLY = 0 ]; then + if [ "$SMTP_ONLY" = 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" [ "$status" -eq 0 ] - elif [ $SMTP_ONLY = 1 ]; then + elif [ "$SMTP_ONLY" = 1 ]; then skip fi } @test "checking process: dovecot imaplogin (disabled using SMTP_ONLY)" { - if [ $SMTP_ONLY = 0 ]; then + if [ "$SMTP_ONLY" = 0 ]; then skip - elif [ $SMTP_ONLY = 1 ]; then - run docker exec mail_smtponly /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" + elif [ "$SMTP_ONLY" = 1 ]; then + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" [ "$status" -eq 1 ] fi } @test "checking imap: server is ready with STARTTLS" { - if [ $SMTP_ONLY = 1 ]; then + if [ "$SMTP_ONLY" = 1 ]; then skip fi run docker exec mail /bin/bash -c "nc -w 2 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'ready'" @@ -134,7 +134,7 @@ } @test "checking imap: authentication works" { - if [ $SMTP_ONLY = 1 ]; then + if [ "$SMTP_ONLY" = 1 ]; then skip fi run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-auth.txt" @@ -146,18 +146,18 @@ # @test "checking pop: server is ready" { - if [ $ENABLE_POP3 = 0 ]; then + if [ "$ENABLE_POP3" = 0 ]; then skip fi - run docker exec mail_pop3 /bin/bash -c "nc -w 1 0.0.0.0 110 | grep '+OK'" + run docker exec mail /bin/bash -c "nc -w 1 0.0.0.0 110 | grep '+OK'" [ "$status" -eq 0 ] } @test "checking pop: authentication works" { - if [ $ENABLE_POP3 = 0 ]; then + if [ "$ENABLE_POP3" = 0 ]; then skip fi - run docker exec mail_pop3 /bin/sh -c "nc -w 1 0.0.0.0 110 < /tmp/docker-mailserver-test/auth/pop3-auth.txt" + run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 110 < /tmp/docker-mailserver-test/auth/pop3-auth.txt" [ "$status" -eq 0 ] } @@ -266,7 +266,7 @@ } @test "checking smtp: rejects spam" { - if [ $ENABLE_CLAMAV = 0 ]; then + if [ "$ENABLE_CLAMAV" = 0 ]; then skip fi run docker exec mail /bin/sh -c "grep 'Blocked SPAM' /var/log/mail/mail.log | grep spam@external.tld | wc -l" @@ -275,7 +275,7 @@ } @test "checking smtp: rejects virus" { - if [ $ENABLE_SPAMASSASSIN = 0 ]; then + if [ "$ENABLE_SPAMASSASSIN" = 0 ]; then skip fi run docker exec mail /bin/sh -c "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep virus@external.tld | wc -l" @@ -342,7 +342,7 @@ # @test "checking spamassassin: should be listed in amavis when enabled" { - if [ $ENABLE_SPAMASSASSIN = 0 ]; then + if [ "$ENABLE_SPAMASSASSIN" = 0 ]; then skip fi run docker exec mail /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'" @@ -350,7 +350,7 @@ } @test "checking spamassassin: should not be listed in amavis when disabled" { - if [ $ENABLE_SPAMASSASSIN = 1 ]; then + if [ "$ENABLE_SPAMASSASSIN" = 1 ]; then skip fi run docker exec mail /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'" @@ -358,7 +358,7 @@ } @test "checking spamassassin: docker env variables are set correctly (default)" { - if [ $ENABLE_SPAMASSASSIN = 0 || ! -z $SA_TAG ]; then + if [ "$ENABLE_SPAMASSASSIN" = 0 || ! -z $SA_TAG ]; then skip fi run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'" @@ -370,7 +370,7 @@ } @test "checking spamassassin: docker env variables are set correctly (custom)" { - if [ $ENABLE_SPAMASSASSIN = 1 || -z $SA_TAG ]; then + if [ "$ENABLE_SPAMASSASSIN" = 1 || -z $SA_TAG ]; then skip fi run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 1.0'" @@ -386,7 +386,7 @@ # @test "checking clamav: should be listed in amavis when enabled" { - if [ $ENABLE_CLAMAV = 0 ]; then + if [ "$ENABLE_CLAMAV" = 0 ]; then skip fi run docker exec mail grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log @@ -394,7 +394,7 @@ } @test "checking clamav: should not be listed in amavis when disabled" { - if [ $ENABLE_CLAMAV = 1 ]; then + if [ "$ENABLE_CLAMAV" = 1 ]; then skip fi run docker exec mail grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log @@ -402,7 +402,7 @@ } @test "checking clamav: should not be called when disabled" { - if [ $ENABLE_CLAMAV = 1 ]; then + if [ "$ENABLE_CLAMAV" = 1 ]; then skip fi run docker exec mail grep -i 'connect to /var/run/clamav/clamd.ctl failed' /var/log/mail/mail.log @@ -528,58 +528,58 @@ } @test "checking ssl: letsencrypt configuration is correct" { - if [ $SSL_TYPE != "letsencrypt" ]; then + if [ "$SSL_TYPE" != "letsencrypt" ]; then skip fi - run docker exec mail_pop3 /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/postfix/main.cf | wc -l' + run docker exec mail /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/postfix/main.cf | wc -l' [ "$status" -eq 0 ] [ "$output" -eq 2 ] - run docker exec mail_pop3 /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/dovecot/conf.d/10-ssl.conf | wc -l' + run docker exec mail /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/dovecot/conf.d/10-ssl.conf | wc -l' [ "$status" -eq 0 ] [ "$output" -eq 2 ] } @test "checking ssl: letsencrypt cert works correctly" { - if [ $SSL_TYPE != "letsencrypt" ]; then + if [ "$SSL_TYPE" != "letsencrypt" ]; then skip fi - run docker exec mail_pop3 /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" + run docker exec mail /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" [ "$status" -eq 0 ] } @test "checking ssl: manual configuration is correct" { - if [ $SSL_TYPE != "manual" ]; then + if [ "$SSL_TYPE" != "manual" ]; then skip fi - run docker exec mail_manual_ssl /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/postfix/main.cf | wc -l' + run docker exec mail /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/postfix/main.cf | wc -l' [ "$status" -eq 0 ] [ "$output" -eq 1 ] - run docker exec mail_manual_ssl /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/dovecot/conf.d/10-ssl.conf | wc -l' + run docker exec mail /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/dovecot/conf.d/10-ssl.conf | wc -l' [ "$status" -eq 0 ] [ "$output" -eq 1 ] - run docker exec mail_manual_ssl /bin/sh -c 'grep -ir "/etc/postfix/ssl/key" /etc/postfix/main.cf | wc -l' + run docker exec mail /bin/sh -c 'grep -ir "/etc/postfix/ssl/key" /etc/postfix/main.cf | wc -l' [ "$status" -eq 0 ] [ "$output" -eq 1 ] - run docker exec mail_manual_ssl /bin/sh -c 'grep -ir "/etc/postfix/ssl/key" /etc/dovecot/conf.d/10-ssl.conf | wc -l' + run docker exec mail /bin/sh -c 'grep -ir "/etc/postfix/ssl/key" /etc/dovecot/conf.d/10-ssl.conf | wc -l' [ "$status" -eq 0 ] [ "$output" -eq 1 ] } @test "checking ssl: manual configuration copied files correctly " { - if [ $SSL_TYPE != "manual" ]; then + if [ "$SSL_TYPE" != "manual" ]; then skip fi - run docker exec mail_manual_ssl /bin/sh -c 'cmp -s /etc/postfix/ssl/cert /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem' + run docker exec mail /bin/sh -c 'cmp -s /etc/postfix/ssl/cert /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem' [ "$status" -eq 0 ] - run docker exec mail_manual_ssl /bin/sh -c 'cmp -s /etc/postfix/ssl/key /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem' + run docker exec mail /bin/sh -c 'cmp -s /etc/postfix/ssl/key /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem' [ "$status" -eq 0 ] } @test "checking ssl: manual cert works correctly" { - if [ $SSL_TYPE != "manual" ]; then + if [ "$SSL_TYPE" != "manual" ]; then skip fi - run docker exec mail_manual_ssl /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" + run docker exec mail /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" [ "$status" -eq 0 ] } @@ -588,7 +588,7 @@ # @test "checking fail2ban: localhost is not banned because ignored" { - if [ $ENABLE_FAIL2BAN = 0 ]; then + if [ "$ENABLE_FAIL2BAN" = 0 ]; then skip fi run docker exec mail /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*127.0.0.1'" @@ -598,29 +598,29 @@ } @test "checking fail2ban: fail2ban-jail.cf overrides" { - if [ $ENABLE_FAIL2BAN = 0 ]; then + if [ "$ENABLE_FAIL2BAN" = 0 ]; then skip fi FILTERS=(sshd postfix dovecot postfix-sasl) for FILTER in "${FILTERS[@]}"; do - run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get $FILTER bantime" + run docker exec mail /bin/sh -c "fail2ban-client get $FILTER bantime" [ "$output" = 1234 ] - run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get $FILTER findtime" + run docker exec mail /bin/sh -c "fail2ban-client get $FILTER findtime" [ "$output" = 321 ] - run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get $FILTER maxretry" + run docker exec mail /bin/sh -c "fail2ban-client get $FILTER maxretry" [ "$output" = 2 ] done } @test "checking fail2ban: ban ip on multiple failed login" { - if [ $ENABLE_FAIL2BAN = 0 ]; then + if [ "$ENABLE_FAIL2BAN" = 0 ]; then skip fi # Getting mail_fail2ban container IP - MAIL_FAIL2BAN_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' mail_fail2ban) + MAIL_FAIL2BAN_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' mail) # Create a container which will send wrong authentications and should banned docker run --name fail-auth-mailer -e MAIL_FAIL2BAN_IP=$MAIL_FAIL2BAN_IP -v "$(pwd)/test":/tmp/docker-mailserver-test -d $(docker inspect --format '{{ .Config.Image }}' mail) tail -f /var/log/faillog @@ -633,29 +633,29 @@ # Checking that FAIL_AUTH_MAILER_IP is banned in mail_fail2ban FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer) - run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep '$FAIL_AUTH_MAILER_IP'" + run docker exec mail /bin/sh -c "fail2ban-client status postfix-sasl | grep '$FAIL_AUTH_MAILER_IP'" [ "$status" -eq 0 ] # Checking that FAIL_AUTH_MAILER_IP is banned by iptables - run docker exec mail_fail2ban /bin/sh -c "iptables -L f2b-postfix-sasl -n | grep REJECT | grep '$FAIL_AUTH_MAILER_IP'" + run docker exec mail /bin/sh -c "iptables -L f2b-postfix-sasl -n | grep REJECT | grep '$FAIL_AUTH_MAILER_IP'" [ "$status" -eq 0 ] } @test "checking fail2ban: unban ip works" { - if [ $ENABLE_FAIL2BAN = 0 ]; then + if [ "$ENABLE_FAIL2BAN" = 0 ]; then skip fi FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer) - docker exec mail_fail2ban fail2ban-client set postfix-sasl unbanip $FAIL_AUTH_MAILER_IP + docker exec mail fail2ban-client set postfix-sasl unbanip $FAIL_AUTH_MAILER_IP sleep 5 - run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*$FAIL_AUTH_MAILER_IP'" + run docker exec mail /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*$FAIL_AUTH_MAILER_IP'" [ "$status" -eq 1 ] # Checking that FAIL_AUTH_MAILER_IP is unbanned by iptables - run docker exec mail_fail2ban /bin/sh -c "iptables -L f2b-postfix-sasl -n | grep REJECT | grep '$FAIL_AUTH_MAILER_IP'" + run docker exec mail /bin/sh -c "iptables -L f2b-postfix-sasl -n | grep REJECT | grep '$FAIL_AUTH_MAILER_IP'" [ "$status" -eq 1 ] } @@ -664,18 +664,18 @@ # @test "checking fetchmail: gerneral options in fetchmailrc are loaded" { - if [ $ENABLE_FETCHMAIL = 0 ]; then + if [ "$ENABLE_FETCHMAIL" = 0 ]; then skip fi - run docker exec mail_fetchmail grep 'set syslog' /etc/fetchmailrc + run docker exec mail grep 'set syslog' /etc/fetchmailrc [ "$status" -eq 0 ] } @test "checking fetchmail: fetchmail.cf is loaded" { - if [ $ENABLE_FETCHMAIL = 0 ]; then + if [ "$ENABLE_FETCHMAIL" = 0 ]; then skip fi - run docker exec mail_fetchmail grep 'pop3.example.com' /etc/fetchmailrc + run docker exec mail grep 'pop3.example.com' /etc/fetchmailrc [ "$status" -eq 0 ] } @@ -758,7 +758,7 @@ # @test "checking sieve: user1 should have received 1 email in folder INBOX.spam" { - if [ $ENABLE_MANAGESIEVE = 0 ]; then + if [ "$ENABLE_MANAGESIEVE" = 0 ]; then skip fi run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/.INBOX.spam/new | wc -l" @@ -767,7 +767,7 @@ } @test "checking manage sieve: server is ready when ENABLE_MANAGESIEVE has been set" { - if [ $ENABLE_MANAGESIEVE = 0 ]; then + if [ "$ENABLE_MANAGESIEVE" = 0 ]; then skip fi run docker exec mail /bin/bash -c "nc -z 0.0.0.0 4190" @@ -775,10 +775,10 @@ } @test "checking manage sieve: disabled per default" { - if [ $ENABLE_MANAGESIEVE = 1 ]; then + if [ "$ENABLE_MANAGESIEVE" = 1 ]; then skip fi - run docker exec mail_pop3 /bin/bash -c "nc -z 0.0.0.0 4190" + run docker exec mail /bin/bash -c "nc -z 0.0.0.0 4190" [ "$status" -ne 0 ] } @@ -858,16 +858,16 @@ } @test "checking PERMIT_DOCKER: opendmarc/opendkim config" { - run docker exec mail_smtponly /bin/sh -c "cat /etc/opendmarc/ignore.hosts | grep '172.16.0.0/12'" + run docker exec mail /bin/sh -c "cat /etc/opendmarc/ignore.hosts | grep '172.16.0.0/12'" [ "$status" -eq 0 ] - run docker exec mail_smtponly /bin/sh -c "cat /etc/opendkim/TrustedHosts | grep '172.16.0.0/12'" + run docker exec mail /bin/sh -c "cat /etc/opendkim/TrustedHosts | grep '172.16.0.0/12'" [ "$status" -eq 0 ] } @test "checking PERMIT_DOCKER: my network value" { run docker exec mail /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.0\.0/16'" [ "$status" -eq 0 ] - run docker exec mail_pop3 /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}/32'" + run docker exec mail /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}/32'" [ "$status" -eq 0 ] } @@ -961,38 +961,38 @@ # postfix @test "checking postfix: ldap lookup works correctly" { - run docker exec mail_with_ldap /bin/sh -c "postmap -q some.user@localhost.localdomain ldap:/etc/postfix/ldap-users.cf" + run docker exec mail /bin/sh -c "postmap -q some.user@localhost.localdomain ldap:/etc/postfix/ldap-users.cf" [ "$status" -eq 0 ] [ "$output" = "some.user@localhost.localdomain" ] - run docker exec mail_with_ldap /bin/sh -c "postmap -q postmaster@localhost.localdomain ldap:/etc/postfix/ldap-aliases.cf" + run docker exec mail /bin/sh -c "postmap -q postmaster@localhost.localdomain ldap:/etc/postfix/ldap-aliases.cf" [ "$status" -eq 0 ] [ "$output" = "some.user@localhost.localdomain" ] - run docker exec mail_with_ldap /bin/sh -c "postmap -q employees@localhost.localdomain ldap:/etc/postfix/ldap-groups.cf" + run docker exec mail /bin/sh -c "postmap -q employees@localhost.localdomain ldap:/etc/postfix/ldap-groups.cf" [ "$status" -eq 0 ] [ "$output" = "some.user@localhost.localdomain" ] } # dovecot @test "checking dovecot: ldap imap connection and authentication works" { - run docker exec mail_with_ldap /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-ldap-auth.txt" + run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-ldap-auth.txt" [ "$status" -eq 0 ] } @test "checking dovecot: mail delivery works" { - run docker exec mail_with_ldap /bin/sh -c "sendmail -f user@external.tld some.user@localhost.localdomain < /tmp/docker-mailserver-test/email-templates/test-email.txt" + run docker exec mail /bin/sh -c "sendmail -f user@external.tld some.user@localhost.localdomain < /tmp/docker-mailserver-test/email-templates/test-email.txt" sleep 10 - run docker exec mail_with_ldap /bin/sh -c "ls -A /var/mail/localhost.localdomain/some.user/new | wc -l" + run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/some.user/new | wc -l" [ "$status" -eq 0 ] [ "$output" -eq 1 ] } # saslauthd @test "checking saslauthd: sasl ldap authentication works" { - run docker exec mail_with_ldap bash -c "testsaslauthd -u some.user -p secret" + run docker exec mail bash -c "testsaslauthd -u some.user -p secret" [ "$status" -eq 0 ] } @test "checking saslauthd: ldap smtp authentication" { - run docker exec mail_with_ldap /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'" + run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'" [ "$status" -eq 0 ] } From b217ae298325e75dc1d5071c4b209e97d0dea774 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Tue, 27 Dec 2016 17:27:23 +0100 Subject: [PATCH 03/30] Fixed ONE_DIR --- .travis.yml | 4 ++-- target/start-mailserver.sh | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 62583dfa..f112236f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,8 +12,8 @@ script: after_script: - make clean env: -- ENABLE_CLAMAV=1 ENABLE_SPAMASSASSIN=1 ENABLE_FAIL2BAN=1 SA_TAG=1.0 SA_TAG2=2.0 SA_KILL=3.0 VIRUSMAILS_DELETE_DELAY=7 ENABLE_MANAGESIEVE=1 PERMIT_DOCKER=host DMS_DEBUG=0 SASL_PASSWD="external domain.com username:password" -- ENABLE_CLAMAV=0 ENABLE_SPAMASSASSIN=0 ENABLE_FAIL2BAN=0 SA_TAG= SA_TAG2= SA_KILL= VIRUSMAILS_DELETE_DELAY= ENABLE_MANAGESIEVE=0 PERMIT_DOCKER=network DMS_DEBUG=1 +- ENABLE_CLAMAV=1 ENABLE_SPAMASSASSIN=1 ENABLE_FAIL2BAN=1 ONE_DIR=1 SA_TAG=1.0 SA_TAG2=2.0 SA_KILL=3.0 VIRUSMAILS_DELETE_DELAY=7 ENABLE_MANAGESIEVE=1 PERMIT_DOCKER=host DMS_DEBUG=0 SASL_PASSWD="external domain.com username:password" +- ENABLE_CLAMAV=0 ENABLE_SPAMASSASSIN=0 ENABLE_FAIL2BAN=0 ONE_DIR=0 SA_TAG= SA_TAG2= SA_KILL= VIRUSMAILS_DELETE_DELAY= ENABLE_MANAGESIEVE=0 PERMIT_DOCKER=network DMS_DEBUG=0 notifications: slack: diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index c7fc4b7b..78252c10 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -15,6 +15,7 @@ DEFAULT_VARS["ENABLE_MANAGESIEVE"]="${ENABLE_MANAGESIEVE:="0"}" DEFAULT_VARS["ENABLE_FETCHMAIL"]="${ENABLE_FETCHMAIL:="0"}" DEFAULT_VARS["ENABLE_LDAP"]="${ENABLE_LDAP:="0"}" DEFAULT_VARS["ENABLE_SASLAUTHD"]="${ENABLE_SASLAUTHD:="0"}" +DEFAULT_VARS["ONE_DIR"]="${ONE_DIR:="0"}" DEFAULT_VARS["SMTP_ONLY"]="${SMTP_ONLY:="0"}" DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}" DEFAULT_VARS["DMS_DEBUG"]="${DMS_DEBUG:="0"}" From b01e6b285f2908a5af503daeb9777ab634711ad2 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Tue, 27 Dec 2016 17:40:57 +0100 Subject: [PATCH 04/30] Changed string to int --- target/start-mailserver.sh | 24 +++++----- test/tests.bats | 98 +++++++++++++++++++------------------- 2 files changed, 61 insertions(+), 61 deletions(-) diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 78252c10..6ae9fa4f 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -7,18 +7,18 @@ # Example: DEFAULT_VARS["KEY"]="VALUE" ########################################################################## declare -A DEFAULT_VARS -DEFAULT_VARS["ENABLE_CLAMAV"]="${ENABLE_CLAMAV:="0"}" -DEFAULT_VARS["ENABLE_SPAMASSASSIN"]="${ENABLE_SPAMASSASSIN:="0"}" -DEFAULT_VARS["ENABLE_POP3"]="${ENABLE_POP3:="0"}" -DEFAULT_VARS["ENABLE_FAIL2BAN"]="${ENABLE_FAIL2BAN:="0"}" -DEFAULT_VARS["ENABLE_MANAGESIEVE"]="${ENABLE_MANAGESIEVE:="0"}" -DEFAULT_VARS["ENABLE_FETCHMAIL"]="${ENABLE_FETCHMAIL:="0"}" -DEFAULT_VARS["ENABLE_LDAP"]="${ENABLE_LDAP:="0"}" -DEFAULT_VARS["ENABLE_SASLAUTHD"]="${ENABLE_SASLAUTHD:="0"}" -DEFAULT_VARS["ONE_DIR"]="${ONE_DIR:="0"}" -DEFAULT_VARS["SMTP_ONLY"]="${SMTP_ONLY:="0"}" -DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}" -DEFAULT_VARS["DMS_DEBUG"]="${DMS_DEBUG:="0"}" +DEFAULT_VARS["ENABLE_CLAMAV"]=${ENABLE_CLAMAV:=0} +DEFAULT_VARS["ENABLE_SPAMASSASSIN"]=${ENABLE_SPAMASSASSIN:=0} +DEFAULT_VARS["ENABLE_POP3"]=${ENABLE_POP3:=0} +DEFAULT_VARS["ENABLE_FAIL2BAN"]=${ENABLE_FAIL2BAN:=0} +DEFAULT_VARS["ENABLE_MANAGESIEVE"]=${ENABLE_MANAGESIEVE:=0} +DEFAULT_VARS["ENABLE_FETCHMAIL"]=${ENABLE_FETCHMAIL:=0} +DEFAULT_VARS["ENABLE_LDAP"]=${ENABLE_LDAP:=0} +DEFAULT_VARS["ENABLE_SASLAUTHD"]=${ENABLE_SASLAUTHD:=0} +DEFAULT_VARS["ONE_DIR"]=${ONE_DIR:=0} +DEFAULT_VARS["SMTP_ONLY"]=${SMTP_ONLY:=0} +DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]=${VIRUSMAILS_DELETE_DELAY:=7} +DEFAULT_VARS["DMS_DEBUG"]=${DMS_DEBUG:=0} ########################################################################## # << DEFAULT VARS ########################################################################## diff --git a/test/tests.bats b/test/tests.bats index 73deedee..add15b05 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -17,19 +17,19 @@ } @test "checking process: clamav (enabled by ENABLE_CLAMAV=1)" { - if [ "$ENABLE_CLAMAV" = 0 ]; then + if [ "$ENABLE_CLAMAV" -eq 0 ]; then skip - elif [ "$ENABLE_CLAMAV" = 1 ]; then + elif [ "$ENABLE_CLAMAV" -eq 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" [ "$status" -eq 0 ] fi } @test "checking process: clamav (disabled by ENABLE_CLAMAV=0)" { - if [ "$ENABLE_CLAMAV" = 0 ]; then + if [ "$ENABLE_CLAMAV" -eq 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" [ "$status" -eq 1 ] - elif [" $ENABLE_CLAMAV" = 1 ]; then + elif [" $ENABLE_CLAMAV" -eq 1 ]; then skip fi } @@ -50,54 +50,54 @@ } @test "checking process: fail2ban (disabled by ENABLE_FAIL2BAN=0)" { - if [ "$ENABLE_FAIL2BAN" = 0 ]; then + if [ "$ENABLE_FAIL2BAN" -eq 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" [ "$status" -eq 1 ] - elif [ "$ENABLE_FAIL2BAN" = 1 ]; then + elif [ "$ENABLE_FAIL2BAN" -eq 1 ]; then skip fi } @test "checking process: fail2ban (enabled by ENABLE_FAIL2BAN=1)" { - if [ "$ENABLE_FAIL2BAN" = 0 ]; then + if [ "$ENABLE_FAIL2BAN" -eq 0 ]; then skip - elif [ "$ENABLE_FAIL2BAN" = 1 ]; then + elif [ "$ENABLE_FAIL2BAN" -eq 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" [ "$status" -eq 0 ] fi } @test "checking process: fetchmail (disabled by ENABLE_FETCHMAIL=0)" { - if [ "$ENABLE_FETCHMAIL" = 0 ]; then + if [ "$ENABLE_FETCHMAIL" -eq 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'" [ "$status" -eq 1 ] - elif [ "$ENABLE_FETCHMAIL" = 1 ]; then + elif [ "$ENABLE_FETCHMAIL" -eq 1 ]; then skip fi } @test "checking process: fetchmail (enabled by ENABLE_FETCHMAIL=1)" { - if [ "$ENABLE_FETCHMAIL" = 0 ]; then + if [ "$ENABLE_FETCHMAIL" -eq 0 ]; then skip - elif [ "$ENABLE_FETCHMAIL" = 1 ]; then + elif [ "$ENABLE_FETCHMAIL" -eq 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'" [ "$status" -eq 0 ] fi } @test "checking process: saslauthd (enabled by ENABLE_SASLAUTHD=0)" { - if [" $ENABLE_FETCHMAIL" = 0 ]; then + if [" $ENABLE_FETCHMAIL" -eq 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" [ "$status" -eq 1 ] - elif [ "$ENABLE_FETCHMAIL" = 1 ]; then + elif [ "$ENABLE_FETCHMAIL" -eq 1 ]; then skip fi } @test "checking process: saslauthd (enabled by ENABLE_SASLAUTHD=1)" { - if [ "$ENABLE_FETCHMAIL" = 0 ]; then + if [ "$ENABLE_FETCHMAIL" -eq 0 ]; then skip - elif [ "$ENABLE_FETCHMAIL" = 1 ]; then + elif [ "$ENABLE_FETCHMAIL" -eq 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" [ "$status" -eq 0 ] fi @@ -108,25 +108,25 @@ # @test "checking process: dovecot imaplogin (enabled in default configuration)" { - if [ "$SMTP_ONLY" = 0 ]; then + if [ "$SMTP_ONLY" -eq 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" [ "$status" -eq 0 ] - elif [ "$SMTP_ONLY" = 1 ]; then + elif [ "$SMTP_ONLY" -eq 1 ]; then skip fi } @test "checking process: dovecot imaplogin (disabled using SMTP_ONLY)" { - if [ "$SMTP_ONLY" = 0 ]; then + if [ "$SMTP_ONLY" -eq 0 ]; then skip - elif [ "$SMTP_ONLY" = 1 ]; then + elif [ "$SMTP_ONLY" -eq 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" [ "$status" -eq 1 ] fi } @test "checking imap: server is ready with STARTTLS" { - if [ "$SMTP_ONLY" = 1 ]; then + if [ "$SMTP_ONLY" -eq 1 ]; then skip fi run docker exec mail /bin/bash -c "nc -w 2 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'ready'" @@ -134,7 +134,7 @@ } @test "checking imap: authentication works" { - if [ "$SMTP_ONLY" = 1 ]; then + if [ "$SMTP_ONLY" -eq 1 ]; then skip fi run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-auth.txt" @@ -146,7 +146,7 @@ # @test "checking pop: server is ready" { - if [ "$ENABLE_POP3" = 0 ]; then + if [ "$ENABLE_POP3" -eq 0 ]; then skip fi run docker exec mail /bin/bash -c "nc -w 1 0.0.0.0 110 | grep '+OK'" @@ -154,7 +154,7 @@ } @test "checking pop: authentication works" { - if [ "$ENABLE_POP3" = 0 ]; then + if [ "$ENABLE_POP3" -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 110 < /tmp/docker-mailserver-test/auth/pop3-auth.txt" @@ -232,19 +232,19 @@ @test "checking smtp: delivers mail to existing alias" { run docker exec mail /bin/sh -c "grep 'to=, orig_to=' /var/log/mail/mail.log | grep 'status=sent' | wc -l" [ "$status" -eq 0 ] - [ "$output" = 1 ] + [ "$output" -eq 1 ] } @test "checking smtp: delivers mail to existing catchall" { run docker exec mail /bin/sh -c "grep 'to=, orig_to=' /var/log/mail/mail.log | grep 'status=sent' | wc -l" [ "$status" -eq 0 ] - [ "$output" = 1 ] + [ "$output" -eq 1 ] } @test "checking smtp: delivers mail to regexp alias" { run docker exec mail /bin/sh -c "grep 'to=, orig_to=' /var/log/mail/mail.log | grep 'status=sent' | wc -l" [ "$status" -eq 0 ] - [ "$output" = 1 ] + [ "$output" -eq 1 ] } @test "checking smtp: user1 should have received 5 mails" { @@ -256,7 +256,7 @@ @test "checking smtp: rejects mail to unknown user" { run docker exec mail /bin/sh -c "grep ': Recipient address rejected: User unknown in virtual mailbox table' /var/log/mail/mail.log | wc -l" [ "$status" -eq 0 ] - [ "$output" = 1 ] + [ "$output" -eq 1 ] } @test "checking smtp: redirects mail to external aliases" { @@ -266,21 +266,21 @@ } @test "checking smtp: rejects spam" { - if [ "$ENABLE_CLAMAV" = 0 ]; then + if [ "$ENABLE_CLAMAV" -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "grep 'Blocked SPAM' /var/log/mail/mail.log | grep spam@external.tld | wc -l" [ "$status" -eq 0 ] - [ "$output" = 1 ] + [ "$output" -eq 1 ] } @test "checking smtp: rejects virus" { - if [ "$ENABLE_SPAMASSASSIN" = 0 ]; then + if [ "$ENABLE_SPAMASSASSIN" -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep virus@external.tld | wc -l" [ "$status" -eq 0 ] - [ "$output" = 1 ] + [ "$output" -eq 1 ] } # @@ -342,7 +342,7 @@ # @test "checking spamassassin: should be listed in amavis when enabled" { - if [ "$ENABLE_SPAMASSASSIN" = 0 ]; then + if [ "$ENABLE_SPAMASSASSIN" -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'" @@ -350,7 +350,7 @@ } @test "checking spamassassin: should not be listed in amavis when disabled" { - if [ "$ENABLE_SPAMASSASSIN" = 1 ]; then + if [ "$ENABLE_SPAMASSASSIN" -eq 1 ]; then skip fi run docker exec mail /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'" @@ -358,7 +358,7 @@ } @test "checking spamassassin: docker env variables are set correctly (default)" { - if [ "$ENABLE_SPAMASSASSIN" = 0 || ! -z $SA_TAG ]; then + if [ "$ENABLE_SPAMASSASSIN" -eq 0 || ! -z $SA_TAG ]; then skip fi run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'" @@ -370,7 +370,7 @@ } @test "checking spamassassin: docker env variables are set correctly (custom)" { - if [ "$ENABLE_SPAMASSASSIN" = 1 || -z $SA_TAG ]; then + if [ "$ENABLE_SPAMASSASSIN" -eq 1 || -z $SA_TAG ]; then skip fi run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 1.0'" @@ -386,7 +386,7 @@ # @test "checking clamav: should be listed in amavis when enabled" { - if [ "$ENABLE_CLAMAV" = 0 ]; then + if [ "$ENABLE_CLAMAV" -eq 0 ]; then skip fi run docker exec mail grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log @@ -394,7 +394,7 @@ } @test "checking clamav: should not be listed in amavis when disabled" { - if [ "$ENABLE_CLAMAV" = 1 ]; then + if [ "$ENABLE_CLAMAV" -eq 1 ]; then skip fi run docker exec mail grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log @@ -402,7 +402,7 @@ } @test "checking clamav: should not be called when disabled" { - if [ "$ENABLE_CLAMAV" = 1 ]; then + if [ "$ENABLE_CLAMAV" -eq 1 ]; then skip fi run docker exec mail grep -i 'connect to /var/run/clamav/clamd.ctl failed' /var/log/mail/mail.log @@ -588,7 +588,7 @@ # @test "checking fail2ban: localhost is not banned because ignored" { - if [ "$ENABLE_FAIL2BAN" = 0 ]; then + if [ "$ENABLE_FAIL2BAN" -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*127.0.0.1'" @@ -598,7 +598,7 @@ } @test "checking fail2ban: fail2ban-jail.cf overrides" { - if [ "$ENABLE_FAIL2BAN" = 0 ]; then + if [ "$ENABLE_FAIL2BAN" -eq 0 ]; then skip fi FILTERS=(sshd postfix dovecot postfix-sasl) @@ -616,7 +616,7 @@ } @test "checking fail2ban: ban ip on multiple failed login" { - if [ "$ENABLE_FAIL2BAN" = 0 ]; then + if [ "$ENABLE_FAIL2BAN" -eq 0 ]; then skip fi # Getting mail_fail2ban container IP @@ -642,7 +642,7 @@ } @test "checking fail2ban: unban ip works" { - if [ "$ENABLE_FAIL2BAN" = 0 ]; then + if [ "$ENABLE_FAIL2BAN" -eq 0 ]; then skip fi FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer) @@ -664,7 +664,7 @@ # @test "checking fetchmail: gerneral options in fetchmailrc are loaded" { - if [ "$ENABLE_FETCHMAIL" = 0 ]; then + if [ "$ENABLE_FETCHMAIL" -eq 0 ]; then skip fi run docker exec mail grep 'set syslog' /etc/fetchmailrc @@ -672,7 +672,7 @@ } @test "checking fetchmail: fetchmail.cf is loaded" { - if [ "$ENABLE_FETCHMAIL" = 0 ]; then + if [ "$ENABLE_FETCHMAIL" -eq 0 ]; then skip fi run docker exec mail grep 'pop3.example.com' /etc/fetchmailrc @@ -758,16 +758,16 @@ # @test "checking sieve: user1 should have received 1 email in folder INBOX.spam" { - if [ "$ENABLE_MANAGESIEVE" = 0 ]; then + if [ "$ENABLE_MANAGESIEVE" -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/.INBOX.spam/new | wc -l" [ "$status" -eq 0 ] - [ "$output" = 1 ] + [ "$output" -eq 1 ] } @test "checking manage sieve: server is ready when ENABLE_MANAGESIEVE has been set" { - if [ "$ENABLE_MANAGESIEVE" = 0 ]; then + if [ "$ENABLE_MANAGESIEVE" -eq 0 ]; then skip fi run docker exec mail /bin/bash -c "nc -z 0.0.0.0 4190" @@ -775,7 +775,7 @@ } @test "checking manage sieve: disabled per default" { - if [ "$ENABLE_MANAGESIEVE" = 1 ]; then + if [ "$ENABLE_MANAGESIEVE" -eq 1 ]; then skip fi run docker exec mail /bin/bash -c "nc -z 0.0.0.0 4190" From ef22c070fc8dc548827d0493acafc62103bd4ae5 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Tue, 27 Dec 2016 20:37:45 +0100 Subject: [PATCH 05/30] Fixed typos --- .travis.yml | 4 ++-- test/tests.bats | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index f112236f..d29210b1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,8 +12,8 @@ script: after_script: - make clean env: -- ENABLE_CLAMAV=1 ENABLE_SPAMASSASSIN=1 ENABLE_FAIL2BAN=1 ONE_DIR=1 SA_TAG=1.0 SA_TAG2=2.0 SA_KILL=3.0 VIRUSMAILS_DELETE_DELAY=7 ENABLE_MANAGESIEVE=1 PERMIT_DOCKER=host DMS_DEBUG=0 SASL_PASSWD="external domain.com username:password" -- ENABLE_CLAMAV=0 ENABLE_SPAMASSASSIN=0 ENABLE_FAIL2BAN=0 ONE_DIR=0 SA_TAG= SA_TAG2= SA_KILL= VIRUSMAILS_DELETE_DELAY= ENABLE_MANAGESIEVE=0 PERMIT_DOCKER=network DMS_DEBUG=0 +- ENABLE_CLAMAV=1 ENABLE_SPAMASSASSIN=1 ENABLE_FAIL2BAN=1 ONE_DIR=1 ENABLE_POP3=1 SA_TAG=1.0 SA_TAG2=2.0 SA_KILL=3.0 VIRUSMAILS_DELETE_DELAY=7 ENABLE_MANAGESIEVE=1 ENABLE_FETCHMAIL= 1 PERMIT_DOCKER=host DMS_DEBUG=0 SASL_PASSWD="external domain.com username:password" +- ENABLE_CLAMAV=0 ENABLE_SPAMASSASSIN=0 ENABLE_FAIL2BAN=0 ONE_DIR=0 ENABLE_POP3=0 SA_TAG= SA_TAG2= SA_KILL= VIRUSMAILS_DELETE_DELAY= ENABLE_MANAGESIEVE=0 ENABLE_FETCHMAIL= 0 PERMIT_DOCKER=network DMS_DEBUG=0 notifications: slack: diff --git a/test/tests.bats b/test/tests.bats index add15b05..cc17cbc4 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -358,7 +358,7 @@ } @test "checking spamassassin: docker env variables are set correctly (default)" { - if [ "$ENABLE_SPAMASSASSIN" -eq 0 || ! -z $SA_TAG ]; then + if [ "$ENABLE_SPAMASSASSIN" -eq 0 -a ! -z $SA_TAG ]; then skip fi run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'" @@ -370,7 +370,7 @@ } @test "checking spamassassin: docker env variables are set correctly (custom)" { - if [ "$ENABLE_SPAMASSASSIN" -eq 1 || -z $SA_TAG ]; then + if [ "$ENABLE_SPAMASSASSIN" -eq 1 -a -z $SA_TAG ]; then skip fi run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 1.0'" @@ -663,7 +663,7 @@ # fetchmail # -@test "checking fetchmail: gerneral options in fetchmailrc are loaded" { +@test "checking fetchmail: general options in fetchmailrc are loaded" { if [ "$ENABLE_FETCHMAIL" -eq 0 ]; then skip fi From 71a81bca8d58714f941197926ec6a835f6acf6e2 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Tue, 27 Dec 2016 21:09:11 +0100 Subject: [PATCH 06/30] Added missing env in Makefile --- .travis.yml | 4 ++-- Makefile | 21 ++++++++------------- test/tests.bats | 4 ++-- 3 files changed, 12 insertions(+), 17 deletions(-) diff --git a/.travis.yml b/.travis.yml index d29210b1..2fd4fc9d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,8 +12,8 @@ script: after_script: - make clean env: -- ENABLE_CLAMAV=1 ENABLE_SPAMASSASSIN=1 ENABLE_FAIL2BAN=1 ONE_DIR=1 ENABLE_POP3=1 SA_TAG=1.0 SA_TAG2=2.0 SA_KILL=3.0 VIRUSMAILS_DELETE_DELAY=7 ENABLE_MANAGESIEVE=1 ENABLE_FETCHMAIL= 1 PERMIT_DOCKER=host DMS_DEBUG=0 SASL_PASSWD="external domain.com username:password" -- ENABLE_CLAMAV=0 ENABLE_SPAMASSASSIN=0 ENABLE_FAIL2BAN=0 ONE_DIR=0 ENABLE_POP3=0 SA_TAG= SA_TAG2= SA_KILL= VIRUSMAILS_DELETE_DELAY= ENABLE_MANAGESIEVE=0 ENABLE_FETCHMAIL= 0 PERMIT_DOCKER=network DMS_DEBUG=0 +- ENABLE_CLAMAV=1 ENABLE_SPAMASSASSIN=1 ENABLE_FAIL2BAN=1 ONE_DIR=1 ENABLE_POP3=1 ENABLE_MANAGESIEVE=1 ENABLE_FETCHMAIL= 1 PERMIT_DOCKER=host DMS_DEBUG=0 SA_TAG=1.0 SA_TAG2=2.0 SA_KILL=3.0 VIRUSMAILS_DELETE_DELAY=7 SASL_PASSWD="external domain.com username:password" +- ENABLE_CLAMAV=0 ENABLE_SPAMASSASSIN=0 ENABLE_FAIL2BAN=0 ONE_DIR=0 ENABLE_POP3=0 ENABLE_MANAGESIEVE=0 ENABLE_FETCHMAIL= 0 PERMIT_DOCKER=network DMS_DEBUG=1 SA_TAG= SA_TAG2= SA_KILL= VIRUSMAILS_DELETE_DELAY= notifications: slack: diff --git a/Makefile b/Makefile index 6b9f9fd7..67e9c960 100644 --- a/Makefile +++ b/Makefile @@ -22,18 +22,22 @@ run: -v "`pwd`/test/config":/tmp/docker-mailserver \ -v "`pwd`/test":/tmp/docker-mailserver-test \ -v "`pwd`/test/onedir":/var/mail-state \ + -e ENABLE_CLAMAV=$(ENABLE_CLAMAV) \ + -e ENABLE_SPAMASSASSIN=$(ENABLE_SPAMASSASSIN) \ -e ENABLE_POP3=$(ENABLE_POP3) \ -e ENABLE_FAIL2BAN=$(ENABLE_FAIL2BAN) \ -e ENABLE_MANAGESIEVE=$(ENABLE_MANAGESIEVE) \ - -e ENABLE_CLAMAV=$(ENABLE_CLAMAV) \ - -e ENABLE_SPAMASSASSIN=$(ENABLE_SPAMASSASSIN) \ + -e ENABLE_FETCHMAIL=$(ENABLE_FETCHMAIL) \ + -e ONE_DIR=$(ONE_DIR) \ + -e PERMIT_DOCKER=$(PERMIT_DOCKER) \ -e SMTP_ONLY=$(SMTP_ONLY) \ -e SA_TAG=$(SA_TAG) \ -e SA_TAG2=$(SA_TAG2) \ -e SA_KILL=$(SA_KILL) \ + -e VIRUSMAILS_DELETE_DELAY=$(VIRUSMAILS_DELETE_DELAY) \ -e SASL_PASSWD="$(SASL_PASSWD)" \ - -e ONE_DIR=$(ONE_DIR) \ -e DMS_DEBUG=$(DMS_DEBUG) \ + --cap-add=NET_ADMIN \ -h mail.my-domain.com -t $(NAME) # Wait for containers to fully start sleep 15 @@ -66,16 +70,7 @@ tests: clean: # Remove running test containers -docker rm -f \ - mail \ - mail_pop3 \ - mail_smtponly \ - mail_fail2ban \ - mail_fetchmail \ - fail-auth-mailer \ - mail_disabled_clamav_spamassassin \ - mail_manual_ssl \ - ldap_for_mail \ - mail_with_ldap + mail @if [ -f config/postfix-accounts.cf.bak ]; then\ rm -f config/postfix-accounts.cf ;\ diff --git a/test/tests.bats b/test/tests.bats index cc17cbc4..54053b92 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -358,7 +358,7 @@ } @test "checking spamassassin: docker env variables are set correctly (default)" { - if [ "$ENABLE_SPAMASSASSIN" -eq 0 -a ! -z $SA_TAG ]; then + if [ ! -z $SA_TAG -a ! -z $SA_TAG2 -a ! -z $SA_KILL ]; then skip fi run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'" @@ -370,7 +370,7 @@ } @test "checking spamassassin: docker env variables are set correctly (custom)" { - if [ "$ENABLE_SPAMASSASSIN" -eq 1 -a -z $SA_TAG ]; then + if [ -z $SA_TAG -a -z $SA_TAG2 -a -z $SA_KILL ]; then skip fi run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 1.0'" From 40e51b382c6d5eda44dc1563962a1a387f1ca334 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Tue, 27 Dec 2016 21:17:41 +0100 Subject: [PATCH 07/30] Added missing SMTP_ONLY --- .travis.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 2fd4fc9d..69d2bbd7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,8 +12,9 @@ script: after_script: - make clean env: -- ENABLE_CLAMAV=1 ENABLE_SPAMASSASSIN=1 ENABLE_FAIL2BAN=1 ONE_DIR=1 ENABLE_POP3=1 ENABLE_MANAGESIEVE=1 ENABLE_FETCHMAIL= 1 PERMIT_DOCKER=host DMS_DEBUG=0 SA_TAG=1.0 SA_TAG2=2.0 SA_KILL=3.0 VIRUSMAILS_DELETE_DELAY=7 SASL_PASSWD="external domain.com username:password" -- ENABLE_CLAMAV=0 ENABLE_SPAMASSASSIN=0 ENABLE_FAIL2BAN=0 ONE_DIR=0 ENABLE_POP3=0 ENABLE_MANAGESIEVE=0 ENABLE_FETCHMAIL= 0 PERMIT_DOCKER=network DMS_DEBUG=1 SA_TAG= SA_TAG2= SA_KILL= VIRUSMAILS_DELETE_DELAY= +- SMTP_ONLY=0 ENABLE_CLAMAV=1 ENABLE_SPAMASSASSIN=1 ENABLE_FAIL2BAN=1 ONE_DIR=1 ENABLE_POP3=1 ENABLE_MANAGESIEVE=1 ENABLE_FETCHMAIL=1 PERMIT_DOCKER=host DMS_DEBUG=0 SA_TAG=1.0 SA_TAG2=2.0 SA_KILL=3.0 VIRUSMAILS_DELETE_DELAY=7 SASL_PASSWD="external domain.com username:password" +- SMTP_ONLY=0 ENABLE_CLAMAV=0 ENABLE_SPAMASSASSIN=0 ENABLE_FAIL2BAN=0 ONE_DIR=0 ENABLE_POP3=0 ENABLE_MANAGESIEVE=0 ENABLE_FETCHMAIL=0 PERMIT_DOCKER=network DMS_DEBUG=1 +- SMTP_ONLY=1 notifications: slack: From 6de1cfb372e2d75686975feb5788a0cae6abf32e Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Tue, 27 Dec 2016 21:56:43 +0100 Subject: [PATCH 08/30] Enabled LDAP/SaslAuthd tests --- .travis.yml | 2 +- Makefile | 20 +++++++++++++++++++- test/tests.bats | 23 +++++++++++++++++++---- 3 files changed, 39 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 69d2bbd7..550eff22 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,7 +14,7 @@ after_script: env: - SMTP_ONLY=0 ENABLE_CLAMAV=1 ENABLE_SPAMASSASSIN=1 ENABLE_FAIL2BAN=1 ONE_DIR=1 ENABLE_POP3=1 ENABLE_MANAGESIEVE=1 ENABLE_FETCHMAIL=1 PERMIT_DOCKER=host DMS_DEBUG=0 SA_TAG=1.0 SA_TAG2=2.0 SA_KILL=3.0 VIRUSMAILS_DELETE_DELAY=7 SASL_PASSWD="external domain.com username:password" - SMTP_ONLY=0 ENABLE_CLAMAV=0 ENABLE_SPAMASSASSIN=0 ENABLE_FAIL2BAN=0 ONE_DIR=0 ENABLE_POP3=0 ENABLE_MANAGESIEVE=0 ENABLE_FETCHMAIL=0 PERMIT_DOCKER=network DMS_DEBUG=1 -- SMTP_ONLY=1 +- SMTP_ONLY=1 ENABLE_LDAP=1 LDAP_SERVER_HOST=ldap LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain ENABLE_SASLAUTHD=1 SASLAUTHD_MECHANISMS=ldap SASLAUTHD_LDAP_SERVER=ldap SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain SASLAUTHD_LDAP_PASSWORD=admin SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain POSTMASTER_ADDRESS=postmaster@localhost.localdomain notifications: slack: diff --git a/Makefile b/Makefile index 67e9c960..2f51a85e 100644 --- a/Makefile +++ b/Makefile @@ -17,6 +17,11 @@ generate-accounts: docker run --rm -e MAIL_USER=user2@otherdomain.tld -e MAIL_PASS=mypassword -t $(NAME) /bin/sh -c 'echo "$$MAIL_USER|$$(doveadm pw -s SHA512-CRYPT -u $$MAIL_USER -p $$MAIL_PASS)"' >> test/config/postfix-accounts.cf run: + if [ -z $(ENABLE_LDAP) ]; then + docker run -d --name ldap_for_mail \ + -e LDAP_DOMAIN="localhost.localdomain" \ + -h mail.my-domain.com -t ldap + fi # Run containers docker run -d --name mail \ -v "`pwd`/test/config":/tmp/docker-mailserver \ @@ -30,6 +35,16 @@ run: -e ENABLE_FETCHMAIL=$(ENABLE_FETCHMAIL) \ -e ONE_DIR=$(ONE_DIR) \ -e PERMIT_DOCKER=$(PERMIT_DOCKER) \ + -e ENABLE_LDAP=$(ENABLE_LDAP) \ + -e LDAP_SERVER_HOST=$(LDAP_SERVER_HOST) \ + -e LDAP_SEARCH_BASE=$(LDAP_SEARCH_BASE) \ + -e LDAP_BIND_DN=$(LDAP_BIND_DN) \ + -e ENABLE_SASLAUTHD=$(ENABLE_SASLAUTHD) \ + -e SASLAUTHD_MECHANISMS=$(SASLAUTHD_MECHANISMS) \ + -e SASLAUTHD_LDAP_SERVER=$(SASLAUTHD_LDAP_SERVER) \ + -e SASLAUTHD_LDAP_BIND_DN=$(SASLAUTHD_LDAP_BIND_DN) \ + -e SASLAUTHD_LDAP_PASSWORD=$(SASLAUTHD_LDAP_PASSWORD) \ + -e SASLAUTHD_LDAP_SEARCH_BASE=$(SASLAUTHD_LDAP_SEARCH_BASE) \ -e SMTP_ONLY=$(SMTP_ONLY) \ -e SA_TAG=$(SA_TAG) \ -e SA_TAG2=$(SA_TAG2) \ @@ -39,6 +54,8 @@ run: -e DMS_DEBUG=$(DMS_DEBUG) \ --cap-add=NET_ADMIN \ -h mail.my-domain.com -t $(NAME) + + # Wait for containers to fully start sleep 15 @@ -70,7 +87,8 @@ tests: clean: # Remove running test containers -docker rm -f \ - mail + mail \ + ldap_for_mail @if [ -f config/postfix-accounts.cf.bak ]; then\ rm -f config/postfix-accounts.cf ;\ diff --git a/test/tests.bats b/test/tests.bats index 54053b92..1fb0b8f2 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -86,18 +86,18 @@ } @test "checking process: saslauthd (enabled by ENABLE_SASLAUTHD=0)" { - if [" $ENABLE_FETCHMAIL" -eq 0 ]; then + if [" $ENABLE_SASLAUTHD" -eq 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" [ "$status" -eq 1 ] - elif [ "$ENABLE_FETCHMAIL" -eq 1 ]; then + elif [ "$ENABLE_SASLAUTHD" -eq 1 ]; then skip fi } @test "checking process: saslauthd (enabled by ENABLE_SASLAUTHD=1)" { - if [ "$ENABLE_FETCHMAIL" -eq 0 ]; then + if [ "$ENABLE_SASLAUTHD" -eq 0 ]; then skip - elif [ "$ENABLE_FETCHMAIL" -eq 1 ]; then + elif [ "$ENABLE_SASLAUTHD" -eq 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" [ "$status" -eq 0 ] fi @@ -961,6 +961,9 @@ # postfix @test "checking postfix: ldap lookup works correctly" { + if [ $ENABLE_LDAP -q 0 ]; then + skip + fi run docker exec mail /bin/sh -c "postmap -q some.user@localhost.localdomain ldap:/etc/postfix/ldap-users.cf" [ "$status" -eq 0 ] [ "$output" = "some.user@localhost.localdomain" ] @@ -974,11 +977,17 @@ # dovecot @test "checking dovecot: ldap imap connection and authentication works" { + if [ $ENABLE_LDAP -q 0 ]; then + skip + fi run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-ldap-auth.txt" [ "$status" -eq 0 ] } @test "checking dovecot: mail delivery works" { + if [ $ENABLE_LDAP -q 0 ]; then + skip + fi run docker exec mail /bin/sh -c "sendmail -f user@external.tld some.user@localhost.localdomain < /tmp/docker-mailserver-test/email-templates/test-email.txt" sleep 10 run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/some.user/new | wc -l" @@ -988,11 +997,17 @@ # saslauthd @test "checking saslauthd: sasl ldap authentication works" { + if [ $ENABLE_SASLAUTHD -q 0 ]; then + skip + fi run docker exec mail bash -c "testsaslauthd -u some.user -p secret" [ "$status" -eq 0 ] } @test "checking saslauthd: ldap smtp authentication" { + if [ $ENABLE_SASLAUTHD -q 0 ]; then + skip + fi run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'" [ "$status" -eq 0 ] } From 1de97123d9df53b351e0bc65822f78161639d7df Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Tue, 27 Dec 2016 22:41:05 +0100 Subject: [PATCH 09/30] Fixing ldap condition --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 2f51a85e..ac35ea35 100644 --- a/Makefile +++ b/Makefile @@ -17,11 +17,11 @@ generate-accounts: docker run --rm -e MAIL_USER=user2@otherdomain.tld -e MAIL_PASS=mypassword -t $(NAME) /bin/sh -c 'echo "$$MAIL_USER|$$(doveadm pw -s SHA512-CRYPT -u $$MAIL_USER -p $$MAIL_PASS)"' >> test/config/postfix-accounts.cf run: - if [ -z $(ENABLE_LDAP) ]; then + @if [ -z $(ENABLE_LDAP) ]; then\ docker run -d --name ldap_for_mail \ -e LDAP_DOMAIN="localhost.localdomain" \ - -h mail.my-domain.com -t ldap - fi + -h mail.my-domain.com -t ldap; + fi # Run containers docker run -d --name mail \ -v "`pwd`/test/config":/tmp/docker-mailserver \ From 2b6eb75edd437c7691d5bd969a83411051eeffa2 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Tue, 27 Dec 2016 22:48:00 +0100 Subject: [PATCH 10/30] Fixed ldap condition in makefile --- Makefile | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index ac35ea35..f904c652 100644 --- a/Makefile +++ b/Makefile @@ -17,12 +17,13 @@ generate-accounts: docker run --rm -e MAIL_USER=user2@otherdomain.tld -e MAIL_PASS=mypassword -t $(NAME) /bin/sh -c 'echo "$$MAIL_USER|$$(doveadm pw -s SHA512-CRYPT -u $$MAIL_USER -p $$MAIL_PASS)"' >> test/config/postfix-accounts.cf run: - @if [ -z $(ENABLE_LDAP) ]; then\ - docker run -d --name ldap_for_mail \ - -e LDAP_DOMAIN="localhost.localdomain" \ - -h mail.my-domain.com -t ldap; - fi - # Run containers +ifeq ($(ENABLE_LDAP),1) + docker run -d --name ldap_for_mail \ + -e LDAP_DOMAIN="localhost.localdomain" \ + -h mail.my-domain.com -t ldap ; +endif + + Run containers docker run -d --name mail \ -v "`pwd`/test/config":/tmp/docker-mailserver \ -v "`pwd`/test":/tmp/docker-mailserver-test \ @@ -35,7 +36,7 @@ run: -e ENABLE_FETCHMAIL=$(ENABLE_FETCHMAIL) \ -e ONE_DIR=$(ONE_DIR) \ -e PERMIT_DOCKER=$(PERMIT_DOCKER) \ - -e ENABLE_LDAP=$(ENABLE_LDAP) \ + -e ENABLE_LDAP=$(ENABLE_LDAP) \ -e LDAP_SERVER_HOST=$(LDAP_SERVER_HOST) \ -e LDAP_SEARCH_BASE=$(LDAP_SEARCH_BASE) \ -e LDAP_BIND_DN=$(LDAP_BIND_DN) \ From 4660acbb7eb367e09a7cef5f63d6b094e981f787 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Tue, 27 Dec 2016 22:56:00 +0100 Subject: [PATCH 11/30] Fixing comment.. I'm tired :-) --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index f904c652..d8ddc6a3 100644 --- a/Makefile +++ b/Makefile @@ -18,12 +18,13 @@ generate-accounts: run: ifeq ($(ENABLE_LDAP),1) + # Run ldap docker run -d --name ldap_for_mail \ -e LDAP_DOMAIN="localhost.localdomain" \ -h mail.my-domain.com -t ldap ; endif - Run containers + # Run mail container docker run -d --name mail \ -v "`pwd`/test/config":/tmp/docker-mailserver \ -v "`pwd`/test":/tmp/docker-mailserver-test \ From 94772e06baad0df9b60d310bc61067d359eda070 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Tue, 27 Dec 2016 23:05:13 +0100 Subject: [PATCH 12/30] Fixing line endings --- Makefile | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index d8ddc6a3..1f7e3456 100644 --- a/Makefile +++ b/Makefile @@ -19,8 +19,8 @@ generate-accounts: run: ifeq ($(ENABLE_LDAP),1) # Run ldap - docker run -d --name ldap_for_mail \ - -e LDAP_DOMAIN="localhost.localdomain" \ + docker run -d --name ldap_for_mail \ + -e LDAP_DOMAIN="localhost.localdomain" \ -h mail.my-domain.com -t ldap ; endif @@ -37,15 +37,15 @@ endif -e ENABLE_FETCHMAIL=$(ENABLE_FETCHMAIL) \ -e ONE_DIR=$(ONE_DIR) \ -e PERMIT_DOCKER=$(PERMIT_DOCKER) \ - -e ENABLE_LDAP=$(ENABLE_LDAP) \ - -e LDAP_SERVER_HOST=$(LDAP_SERVER_HOST) \ - -e LDAP_SEARCH_BASE=$(LDAP_SEARCH_BASE) \ - -e LDAP_BIND_DN=$(LDAP_BIND_DN) \ - -e ENABLE_SASLAUTHD=$(ENABLE_SASLAUTHD) \ - -e SASLAUTHD_MECHANISMS=$(SASLAUTHD_MECHANISMS) \ - -e SASLAUTHD_LDAP_SERVER=$(SASLAUTHD_LDAP_SERVER) \ - -e SASLAUTHD_LDAP_BIND_DN=$(SASLAUTHD_LDAP_BIND_DN) \ - -e SASLAUTHD_LDAP_PASSWORD=$(SASLAUTHD_LDAP_PASSWORD) \ + -e ENABLE_LDAP=$(ENABLE_LDAP) \ + -e LDAP_SERVER_HOST=$(LDAP_SERVER_HOST) \ + -e LDAP_SEARCH_BASE=$(LDAP_SEARCH_BASE) \ + -e LDAP_BIND_DN=$(LDAP_BIND_DN) \ + -e ENABLE_SASLAUTHD=$(ENABLE_SASLAUTHD) \ + -e SASLAUTHD_MECHANISMS=$(SASLAUTHD_MECHANISMS) \ + -e SASLAUTHD_LDAP_SERVER=$(SASLAUTHD_LDAP_SERVER) \ + -e SASLAUTHD_LDAP_BIND_DN=$(SASLAUTHD_LDAP_BIND_DN) \ + -e SASLAUTHD_LDAP_PASSWORD=$(SASLAUTHD_LDAP_PASSWORD) \ -e SASLAUTHD_LDAP_SEARCH_BASE=$(SASLAUTHD_LDAP_SEARCH_BASE) \ -e SMTP_ONLY=$(SMTP_ONLY) \ -e SA_TAG=$(SA_TAG) \ @@ -57,7 +57,6 @@ endif --cap-add=NET_ADMIN \ -h mail.my-domain.com -t $(NAME) - # Wait for containers to fully start sleep 15 From 53432d0c3ca4fa88a942df03f8fbf6856f202a3e Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Tue, 27 Dec 2016 23:14:08 +0100 Subject: [PATCH 13/30] Quotes --- Makefile | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/Makefile b/Makefile index 1f7e3456..e6330557 100644 --- a/Makefile +++ b/Makefile @@ -30,30 +30,30 @@ endif -v "`pwd`/test":/tmp/docker-mailserver-test \ -v "`pwd`/test/onedir":/var/mail-state \ -e ENABLE_CLAMAV=$(ENABLE_CLAMAV) \ - -e ENABLE_SPAMASSASSIN=$(ENABLE_SPAMASSASSIN) \ - -e ENABLE_POP3=$(ENABLE_POP3) \ - -e ENABLE_FAIL2BAN=$(ENABLE_FAIL2BAN) \ - -e ENABLE_MANAGESIEVE=$(ENABLE_MANAGESIEVE) \ - -e ENABLE_FETCHMAIL=$(ENABLE_FETCHMAIL) \ - -e ONE_DIR=$(ONE_DIR) \ - -e PERMIT_DOCKER=$(PERMIT_DOCKER) \ - -e ENABLE_LDAP=$(ENABLE_LDAP) \ - -e LDAP_SERVER_HOST=$(LDAP_SERVER_HOST) \ - -e LDAP_SEARCH_BASE=$(LDAP_SEARCH_BASE) \ - -e LDAP_BIND_DN=$(LDAP_BIND_DN) \ - -e ENABLE_SASLAUTHD=$(ENABLE_SASLAUTHD) \ - -e SASLAUTHD_MECHANISMS=$(SASLAUTHD_MECHANISMS) \ - -e SASLAUTHD_LDAP_SERVER=$(SASLAUTHD_LDAP_SERVER) \ - -e SASLAUTHD_LDAP_BIND_DN=$(SASLAUTHD_LDAP_BIND_DN) \ - -e SASLAUTHD_LDAP_PASSWORD=$(SASLAUTHD_LDAP_PASSWORD) \ - -e SASLAUTHD_LDAP_SEARCH_BASE=$(SASLAUTHD_LDAP_SEARCH_BASE) \ - -e SMTP_ONLY=$(SMTP_ONLY) \ - -e SA_TAG=$(SA_TAG) \ - -e SA_TAG2=$(SA_TAG2) \ - -e SA_KILL=$(SA_KILL) \ - -e VIRUSMAILS_DELETE_DELAY=$(VIRUSMAILS_DELETE_DELAY) \ + -e ENABLE_SPAMASSASSIN="$(ENABLE_SPAMASSASSIN)" \ + -e ENABLE_POP3="$(ENABLE_POP3)" \ + -e ENABLE_FAIL2BAN="$(ENABLE_FAIL2BAN)" \ + -e ENABLE_MANAGESIEVE="$(ENABLE_MANAGESIEVE)" \ + -e ENABLE_FETCHMAIL="$(ENABLE_FETCHMAIL)" \ + -e ONE_DIR="$(ONE_DIR)" \ + -e PERMIT_DOCKER="$(PERMIT_DOCKER)" \ + -e ENABLE_LDAP="$(ENABLE_LDAP)" \ + -e LDAP_SERVER_HOST="$(LDAP_SERVER_HOST)" \ + -e LDAP_SEARCH_BASE="$(LDAP_SEARCH_BASE)" \ + -e LDAP_BIND_DN="$(LDAP_BIND_DN)" \ + -e ENABLE_SASLAUTHD="$(ENABLE_SASLAUTHD)" \ + -e SASLAUTHD_MECHANISMS="$(SASLAUTHD_MECHANISMS)" \ + -e SASLAUTHD_LDAP_SERVER="$(SASLAUTHD_LDAP_SERVER)" \ + -e SASLAUTHD_LDAP_BIND_DN="$(SASLAUTHD_LDAP_BIND_DN)" \ + -e SASLAUTHD_LDAP_PASSWORD="$(SASLAUTHD_LDAP_PASSWORD)" \ + -e SASLAUTHD_LDAP_SEARCH_BASE="$(SASLAUTHD_LDAP_SEARCH_BASE)" \ + -e SMTP_ONLY="$(SMTP_ONLY)" \ + -e SA_TAG="$(SA_TAG)" \ + -e SA_TAG2="$(SA_TAG2)" \ + -e SA_KILL="$(SA_KILL)" \ + -e VIRUSMAILS_DELETE_DELAY="$(VIRUSMAILS_DELETE_DELAY)" \ -e SASL_PASSWD="$(SASL_PASSWD)" \ - -e DMS_DEBUG=$(DMS_DEBUG) \ + -e DMS_DEBUG="$(DMS_DEBUG)" \ --cap-add=NET_ADMIN \ -h mail.my-domain.com -t $(NAME) From c5f7e92f9574f487b01c53aa637885a13b6b3c48 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Tue, 27 Dec 2016 23:30:56 +0100 Subject: [PATCH 14/30] Fixed spaces --- Makefile | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index e6330557..49ebc247 100644 --- a/Makefile +++ b/Makefile @@ -19,9 +19,9 @@ generate-accounts: run: ifeq ($(ENABLE_LDAP),1) # Run ldap - docker run -d --name ldap_for_mail \ - -e LDAP_DOMAIN="localhost.localdomain" \ - -h mail.my-domain.com -t ldap ; + docker run -d --name ldap_for_mail \ + -e LDAP_DOMAIN="localhost.localdomain" \ + -h mail.my-domain.com -t ldap endif # Run mail container @@ -29,7 +29,7 @@ endif -v "`pwd`/test/config":/tmp/docker-mailserver \ -v "`pwd`/test":/tmp/docker-mailserver-test \ -v "`pwd`/test/onedir":/var/mail-state \ - -e ENABLE_CLAMAV=$(ENABLE_CLAMAV) \ + -e ENABLE_CLAMAV="$(ENABLE_CLAMAV)" \ -e ENABLE_SPAMASSASSIN="$(ENABLE_SPAMASSASSIN)" \ -e ENABLE_POP3="$(ENABLE_POP3)" \ -e ENABLE_FAIL2BAN="$(ENABLE_FAIL2BAN)" \ @@ -37,15 +37,15 @@ endif -e ENABLE_FETCHMAIL="$(ENABLE_FETCHMAIL)" \ -e ONE_DIR="$(ONE_DIR)" \ -e PERMIT_DOCKER="$(PERMIT_DOCKER)" \ - -e ENABLE_LDAP="$(ENABLE_LDAP)" \ - -e LDAP_SERVER_HOST="$(LDAP_SERVER_HOST)" \ - -e LDAP_SEARCH_BASE="$(LDAP_SEARCH_BASE)" \ - -e LDAP_BIND_DN="$(LDAP_BIND_DN)" \ - -e ENABLE_SASLAUTHD="$(ENABLE_SASLAUTHD)" \ - -e SASLAUTHD_MECHANISMS="$(SASLAUTHD_MECHANISMS)" \ - -e SASLAUTHD_LDAP_SERVER="$(SASLAUTHD_LDAP_SERVER)" \ - -e SASLAUTHD_LDAP_BIND_DN="$(SASLAUTHD_LDAP_BIND_DN)" \ - -e SASLAUTHD_LDAP_PASSWORD="$(SASLAUTHD_LDAP_PASSWORD)" \ + -e ENABLE_LDAP="$(ENABLE_LDAP)" \ + -e LDAP_SERVER_HOST="$(LDAP_SERVER_HOST)" \ + -e LDAP_SEARCH_BASE="$(LDAP_SEARCH_BASE)" \ + -e LDAP_BIND_DN="$(LDAP_BIND_DN)" \ + -e ENABLE_SASLAUTHD="$(ENABLE_SASLAUTHD)" \ + -e SASLAUTHD_MECHANISMS="$(SASLAUTHD_MECHANISMS)" \ + -e SASLAUTHD_LDAP_SERVER="$(SASLAUTHD_LDAP_SERVER)" \ + -e SASLAUTHD_LDAP_BIND_DN="$(SASLAUTHD_LDAP_BIND_DN)" \ + -e SASLAUTHD_LDAP_PASSWORD="$(SASLAUTHD_LDAP_PASSWORD)" \ -e SASLAUTHD_LDAP_SEARCH_BASE="$(SASLAUTHD_LDAP_SEARCH_BASE)" \ -e SMTP_ONLY="$(SMTP_ONLY)" \ -e SA_TAG="$(SA_TAG)" \ From da4d713a56d5724ab607e7891ae056a6e7978d63 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Wed, 28 Dec 2016 16:23:06 +0100 Subject: [PATCH 15/30] Testing LDAP config and CLAMAV variant --- .travis.yml | 4 ++-- test/tests.bats | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 550eff22..848ed9b1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,8 +12,8 @@ script: after_script: - make clean env: -- SMTP_ONLY=0 ENABLE_CLAMAV=1 ENABLE_SPAMASSASSIN=1 ENABLE_FAIL2BAN=1 ONE_DIR=1 ENABLE_POP3=1 ENABLE_MANAGESIEVE=1 ENABLE_FETCHMAIL=1 PERMIT_DOCKER=host DMS_DEBUG=0 SA_TAG=1.0 SA_TAG2=2.0 SA_KILL=3.0 VIRUSMAILS_DELETE_DELAY=7 SASL_PASSWD="external domain.com username:password" -- SMTP_ONLY=0 ENABLE_CLAMAV=0 ENABLE_SPAMASSASSIN=0 ENABLE_FAIL2BAN=0 ONE_DIR=0 ENABLE_POP3=0 ENABLE_MANAGESIEVE=0 ENABLE_FETCHMAIL=0 PERMIT_DOCKER=network DMS_DEBUG=1 +- SMTP_ONLY=0 ENABLE_LDAP=0 ENABLE_CLAMAV=1 ENABLE_SPAMASSASSIN=1 ENABLE_FAIL2BAN=1 ONE_DIR=1 ENABLE_POP3=1 ENABLE_MANAGESIEVE=1 ENABLE_FETCHMAIL=1 PERMIT_DOCKER=host DMS_DEBUG=0 SA_TAG=1.0 SA_TAG2=2.0 SA_KILL=3.0 VIRUSMAILS_DELETE_DELAY=7 SASL_PASSWD="external domain.com username:password" +- SMTP_ONLY=0 ENABLE_LDAP=0 ENABLE_CLAMAV=0 ENABLE_SPAMASSASSIN=0 ENABLE_FAIL2BAN=0 ONE_DIR=0 ENABLE_POP3=0 ENABLE_MANAGESIEVE=0 ENABLE_FETCHMAIL=0 PERMIT_DOCKER=network DMS_DEBUG=1 - SMTP_ONLY=1 ENABLE_LDAP=1 LDAP_SERVER_HOST=ldap LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain ENABLE_SASLAUTHD=1 SASLAUTHD_MECHANISMS=ldap SASLAUTHD_LDAP_SERVER=ldap SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain SASLAUTHD_LDAP_PASSWORD=admin SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain POSTMASTER_ADDRESS=postmaster@localhost.localdomain notifications: diff --git a/test/tests.bats b/test/tests.bats index 1fb0b8f2..7516224c 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -17,19 +17,19 @@ } @test "checking process: clamav (enabled by ENABLE_CLAMAV=1)" { - if [ "$ENABLE_CLAMAV" -eq 0 ]; then + if [ $ENABLE_CLAMAV -eq 0 ]; then skip - elif [ "$ENABLE_CLAMAV" -eq 1 ]; then + elif [ $ENABLE_CLAMAV -eq 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" [ "$status" -eq 0 ] fi } @test "checking process: clamav (disabled by ENABLE_CLAMAV=0)" { - if [ "$ENABLE_CLAMAV" -eq 0 ]; then + if [ $ENABLE_CLAMAV -eq 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" [ "$status" -eq 1 ] - elif [" $ENABLE_CLAMAV" -eq 1 ]; then + elif [ $ENABLE_CLAMAV -eq 1 ]; then skip fi } From ee621fa589d7563ba81e56f9ea4baf25ec5e6208 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Wed, 28 Dec 2016 16:44:38 +0100 Subject: [PATCH 16/30] Removed quotes --- test/tests.bats | 112 ++++++++++++++++++++++++------------------------ 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/test/tests.bats b/test/tests.bats index 7516224c..a8294d81 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -16,6 +16,21 @@ [ "$status" -eq 0 ] } +@test "checking process: amavisd-new" { + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/amavisd-new'" + [ "$status" -eq 0 ] +} + +@test "checking process: opendkim" { + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/opendkim'" + [ "$status" -eq 0 ] +} + +@test "checking process: opendmarc" { + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/opendmarc'" + [ "$status" -eq 0 ] +} + @test "checking process: clamav (enabled by ENABLE_CLAMAV=1)" { if [ $ENABLE_CLAMAV -eq 0 ]; then skip @@ -34,70 +49,55 @@ fi } -@test "checking process: amavisd-new" { - run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/amavisd-new'" - [ "$status" -eq 0 ] -} - -@test "checking process: opendkim" { - run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/opendkim'" - [ "$status" -eq 0 ] -} - -@test "checking process: opendmarc" { - run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/opendmarc'" - [ "$status" -eq 0 ] -} - @test "checking process: fail2ban (disabled by ENABLE_FAIL2BAN=0)" { - if [ "$ENABLE_FAIL2BAN" -eq 0 ]; then + if [ $ENABLE_FAIL2BAN -eq 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" [ "$status" -eq 1 ] - elif [ "$ENABLE_FAIL2BAN" -eq 1 ]; then + elif [ $ENABLE_FAIL2BAN -eq 1 ]; then skip fi } @test "checking process: fail2ban (enabled by ENABLE_FAIL2BAN=1)" { - if [ "$ENABLE_FAIL2BAN" -eq 0 ]; then + if [ $ENABLE_FAIL2BAN -eq 0 ]; then skip - elif [ "$ENABLE_FAIL2BAN" -eq 1 ]; then + elif [ $ENABLE_FAIL2BAN -eq 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" [ "$status" -eq 0 ] fi } @test "checking process: fetchmail (disabled by ENABLE_FETCHMAIL=0)" { - if [ "$ENABLE_FETCHMAIL" -eq 0 ]; then + if [ $ENABLE_FETCHMAIL -eq 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'" [ "$status" -eq 1 ] - elif [ "$ENABLE_FETCHMAIL" -eq 1 ]; then + elif [ $ENABLE_FETCHMAIL -eq 1 ]; then skip fi } @test "checking process: fetchmail (enabled by ENABLE_FETCHMAIL=1)" { - if [ "$ENABLE_FETCHMAIL" -eq 0 ]; then + if [ $ENABLE_FETCHMAIL -eq 0 ]; then skip - elif [ "$ENABLE_FETCHMAIL" -eq 1 ]; then + elif [ $ENABLE_FETCHMAIL -eq 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'" [ "$status" -eq 0 ] fi } @test "checking process: saslauthd (enabled by ENABLE_SASLAUTHD=0)" { - if [" $ENABLE_SASLAUTHD" -eq 0 ]; then + if [ $ENABLE_SASLAUTHD -eq 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" [ "$status" -eq 1 ] - elif [ "$ENABLE_SASLAUTHD" -eq 1 ]; then + elif [ $ENABLE_SASLAUTHD -eq 1 ]; then skip fi } @test "checking process: saslauthd (enabled by ENABLE_SASLAUTHD=1)" { - if [ "$ENABLE_SASLAUTHD" -eq 0 ]; then + if [ $ENABLE_SASLAUTHD -eq 0 ]; then skip - elif [ "$ENABLE_SASLAUTHD" -eq 1 ]; then + elif [ $ENABLE_SASLAUTHD -eq 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" [ "$status" -eq 0 ] fi @@ -108,25 +108,25 @@ # @test "checking process: dovecot imaplogin (enabled in default configuration)" { - if [ "$SMTP_ONLY" -eq 0 ]; then + if [ $SMTP_ONLY -eq 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" [ "$status" -eq 0 ] - elif [ "$SMTP_ONLY" -eq 1 ]; then + elif [ $SMTP_ONLY -eq 1 ]; then skip fi } @test "checking process: dovecot imaplogin (disabled using SMTP_ONLY)" { - if [ "$SMTP_ONLY" -eq 0 ]; then + if [ $SMTP_ONLY -eq 0 ]; then skip - elif [ "$SMTP_ONLY" -eq 1 ]; then + elif [ $SMTP_ONLY -eq 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" [ "$status" -eq 1 ] fi } @test "checking imap: server is ready with STARTTLS" { - if [ "$SMTP_ONLY" -eq 1 ]; then + if [ $SMTP_ONLY -eq 1 ]; then skip fi run docker exec mail /bin/bash -c "nc -w 2 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'ready'" @@ -134,7 +134,7 @@ } @test "checking imap: authentication works" { - if [ "$SMTP_ONLY" -eq 1 ]; then + if [ $SMTP_ONLY -eq 1 ]; then skip fi run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-auth.txt" @@ -146,7 +146,7 @@ # @test "checking pop: server is ready" { - if [ "$ENABLE_POP3" -eq 0 ]; then + if [ $ENABLE_POP3 -eq 0 ]; then skip fi run docker exec mail /bin/bash -c "nc -w 1 0.0.0.0 110 | grep '+OK'" @@ -154,7 +154,7 @@ } @test "checking pop: authentication works" { - if [ "$ENABLE_POP3" -eq 0 ]; then + if [ $ENABLE_POP3 -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 110 < /tmp/docker-mailserver-test/auth/pop3-auth.txt" @@ -266,7 +266,7 @@ } @test "checking smtp: rejects spam" { - if [ "$ENABLE_CLAMAV" -eq 0 ]; then + if [ $ENABLE_CLAMAV -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "grep 'Blocked SPAM' /var/log/mail/mail.log | grep spam@external.tld | wc -l" @@ -275,7 +275,7 @@ } @test "checking smtp: rejects virus" { - if [ "$ENABLE_SPAMASSASSIN" -eq 0 ]; then + if [ $ENABLE_SPAMASSASSIN -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep virus@external.tld | wc -l" @@ -342,7 +342,7 @@ # @test "checking spamassassin: should be listed in amavis when enabled" { - if [ "$ENABLE_SPAMASSASSIN" -eq 0 ]; then + if [ $ENABLE_SPAMASSASSIN -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'" @@ -350,7 +350,7 @@ } @test "checking spamassassin: should not be listed in amavis when disabled" { - if [ "$ENABLE_SPAMASSASSIN" -eq 1 ]; then + if [ $ENABLE_SPAMASSASSIN -eq 1 ]; then skip fi run docker exec mail /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'" @@ -386,7 +386,7 @@ # @test "checking clamav: should be listed in amavis when enabled" { - if [ "$ENABLE_CLAMAV" -eq 0 ]; then + if [ $ENABLE_CLAMAV -eq 0 ]; then skip fi run docker exec mail grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log @@ -394,7 +394,7 @@ } @test "checking clamav: should not be listed in amavis when disabled" { - if [ "$ENABLE_CLAMAV" -eq 1 ]; then + if [ $ENABLE_CLAMAV -eq 1 ]; then skip fi run docker exec mail grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log @@ -402,7 +402,7 @@ } @test "checking clamav: should not be called when disabled" { - if [ "$ENABLE_CLAMAV" -eq 1 ]; then + if [ $ENABLE_CLAMAV -eq 1 ]; then skip fi run docker exec mail grep -i 'connect to /var/run/clamav/clamd.ctl failed' /var/log/mail/mail.log @@ -528,7 +528,7 @@ } @test "checking ssl: letsencrypt configuration is correct" { - if [ "$SSL_TYPE" != "letsencrypt" ]; then + if [ $SSL_TYPE != "letsencrypt" ]; then skip fi run docker exec mail /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/postfix/main.cf | wc -l' @@ -540,7 +540,7 @@ } @test "checking ssl: letsencrypt cert works correctly" { - if [ "$SSL_TYPE" != "letsencrypt" ]; then + if [ $SSL_TYPE != "letsencrypt" ]; then skip fi run docker exec mail /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" @@ -548,7 +548,7 @@ } @test "checking ssl: manual configuration is correct" { - if [ "$SSL_TYPE" != "manual" ]; then + if [ $SSL_TYPE != "manual" ]; then skip fi run docker exec mail /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/postfix/main.cf | wc -l' @@ -566,7 +566,7 @@ } @test "checking ssl: manual configuration copied files correctly " { - if [ "$SSL_TYPE" != "manual" ]; then + if [ $SSL_TYPE != "manual" ]; then skip fi run docker exec mail /bin/sh -c 'cmp -s /etc/postfix/ssl/cert /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem' @@ -576,7 +576,7 @@ } @test "checking ssl: manual cert works correctly" { - if [ "$SSL_TYPE" != "manual" ]; then + if [ $SSL_TYPE != "manual" ]; then skip fi run docker exec mail /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" @@ -588,7 +588,7 @@ # @test "checking fail2ban: localhost is not banned because ignored" { - if [ "$ENABLE_FAIL2BAN" -eq 0 ]; then + if [ $ENABLE_FAIL2BAN -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*127.0.0.1'" @@ -598,7 +598,7 @@ } @test "checking fail2ban: fail2ban-jail.cf overrides" { - if [ "$ENABLE_FAIL2BAN" -eq 0 ]; then + if [ $ENABLE_FAIL2BAN -eq 0 ]; then skip fi FILTERS=(sshd postfix dovecot postfix-sasl) @@ -616,7 +616,7 @@ } @test "checking fail2ban: ban ip on multiple failed login" { - if [ "$ENABLE_FAIL2BAN" -eq 0 ]; then + if [ $ENABLE_FAIL2BAN -eq 0 ]; then skip fi # Getting mail_fail2ban container IP @@ -642,7 +642,7 @@ } @test "checking fail2ban: unban ip works" { - if [ "$ENABLE_FAIL2BAN" -eq 0 ]; then + if [ $ENABLE_FAIL2BAN -eq 0 ]; then skip fi FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer) @@ -664,7 +664,7 @@ # @test "checking fetchmail: general options in fetchmailrc are loaded" { - if [ "$ENABLE_FETCHMAIL" -eq 0 ]; then + if [ $ENABLE_FETCHMAIL -eq 0 ]; then skip fi run docker exec mail grep 'set syslog' /etc/fetchmailrc @@ -672,7 +672,7 @@ } @test "checking fetchmail: fetchmail.cf is loaded" { - if [ "$ENABLE_FETCHMAIL" -eq 0 ]; then + if [ $ENABLE_FETCHMAIL -eq 0 ]; then skip fi run docker exec mail grep 'pop3.example.com' /etc/fetchmailrc @@ -758,7 +758,7 @@ # @test "checking sieve: user1 should have received 1 email in folder INBOX.spam" { - if [ "$ENABLE_MANAGESIEVE" -eq 0 ]; then + if [ $ENABLE_MANAGESIEVE -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/.INBOX.spam/new | wc -l" @@ -767,7 +767,7 @@ } @test "checking manage sieve: server is ready when ENABLE_MANAGESIEVE has been set" { - if [ "$ENABLE_MANAGESIEVE" -eq 0 ]; then + if [ $ENABLE_MANAGESIEVE -eq 0 ]; then skip fi run docker exec mail /bin/bash -c "nc -z 0.0.0.0 4190" @@ -775,7 +775,7 @@ } @test "checking manage sieve: disabled per default" { - if [ "$ENABLE_MANAGESIEVE" -eq 1 ]; then + if [ $ENABLE_MANAGESIEVE -eq 1 ]; then skip fi run docker exec mail /bin/bash -c "nc -z 0.0.0.0 4190" From 01e0ed8eca4118ab1d9262939d4e8c322e145d34 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Wed, 28 Dec 2016 17:50:34 +0100 Subject: [PATCH 17/30] Fixed operators --- test/tests.bats | 103 +++++++++++++++++++++++++----------------------- 1 file changed, 54 insertions(+), 49 deletions(-) diff --git a/test/tests.bats b/test/tests.bats index a8294d81..e17f4a7b 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -31,15 +31,6 @@ [ "$status" -eq 0 ] } -@test "checking process: clamav (enabled by ENABLE_CLAMAV=1)" { - if [ $ENABLE_CLAMAV -eq 0 ]; then - skip - elif [ $ENABLE_CLAMAV -eq 1 ]; then - run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" - [ "$status" -eq 0 ] - fi -} - @test "checking process: clamav (disabled by ENABLE_CLAMAV=0)" { if [ $ENABLE_CLAMAV -eq 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" @@ -49,6 +40,15 @@ fi } +@test "checking process: clamav (enabled by ENABLE_CLAMAV=1)" { + if [ $ENABLE_CLAMAV -eq 0 ]; then + skip + elif [ $ENABLE_CLAMAV -eq 1 ]; then + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" + [ "$status" -eq 0 ] + fi +} + @test "checking process: fail2ban (disabled by ENABLE_FAIL2BAN=0)" { if [ $ENABLE_FAIL2BAN -eq 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" @@ -196,7 +196,7 @@ @test "checking logs: mail related logs should be located in a subdirectory" { run docker exec mail /bin/sh -c "ls -1 /var/log/mail/ | grep -E 'clamav|freshclam|mail'|wc -l" [ "$status" -eq 0 ] - [ "$output" = 3 ] + [ "$output" > 2 ] } # @@ -266,7 +266,7 @@ } @test "checking smtp: rejects spam" { - if [ $ENABLE_CLAMAV -eq 0 ]; then + if [ $ENABLE_SPAMASSASSIN -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "grep 'Blocked SPAM' /var/log/mail/mail.log | grep spam@external.tld | wc -l" @@ -275,7 +275,7 @@ } @test "checking smtp: rejects virus" { - if [ $ENABLE_SPAMASSASSIN -eq 0 ]; then + if [ $ENABLE_CLAMAV -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep virus@external.tld | wc -l" @@ -528,59 +528,64 @@ } @test "checking ssl: letsencrypt configuration is correct" { - if [ $SSL_TYPE != "letsencrypt" ]; then + if [ $SSL_TYPE = "letsencrypt" ]; then + run docker exec mail /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/postfix/main.cf | wc -l' + [ "$status" -eq 0 ] + [ "$output" -eq 2 ] + run docker exec mail /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/dovecot/conf.d/10-ssl.conf | wc -l' + [ "$status" -eq 0 ] + [ "$output" -eq 2 ] + else skip fi - run docker exec mail /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/postfix/main.cf | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 2 ] - run docker exec mail /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/dovecot/conf.d/10-ssl.conf | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 2 ] } @test "checking ssl: letsencrypt cert works correctly" { - if [ $SSL_TYPE != "letsencrypt" ]; then + if [ $SSL_TYPE = "letsencrypt" ]; then + run docker exec mail /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" + [ "$status" -eq 0 ] + else skip fi - run docker exec mail /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" - [ "$status" -eq 0 ] } @test "checking ssl: manual configuration is correct" { - if [ $SSL_TYPE != "manual" ]; then + if [ $SSL_TYPE = "manual" ]; then + run docker exec mail /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/postfix/main.cf | wc -l' + [ "$status" -eq 0 ] + [ "$output" -eq 1 ] + run docker exec mail /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/dovecot/conf.d/10-ssl.conf | wc -l' + [ "$status" -eq 0 ] + [ "$output" -eq 1 ] + run docker exec mail /bin/sh -c 'grep -ir "/etc/postfix/ssl/key" /etc/postfix/main.cf | wc -l' + [ "$status" -eq 0 ] + [ "$output" -eq 1 ] + run docker exec mail /bin/sh -c 'grep -ir "/etc/postfix/ssl/key" /etc/dovecot/conf.d/10-ssl.conf | wc -l' + [ "$status" -eq 0 ] + [ "$output" -eq 1 ] + else skip fi - run docker exec mail /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/postfix/main.cf | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 1 ] - run docker exec mail /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/dovecot/conf.d/10-ssl.conf | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 1 ] - run docker exec mail /bin/sh -c 'grep -ir "/etc/postfix/ssl/key" /etc/postfix/main.cf | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 1 ] - run docker exec mail /bin/sh -c 'grep -ir "/etc/postfix/ssl/key" /etc/dovecot/conf.d/10-ssl.conf | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 1 ] } @test "checking ssl: manual configuration copied files correctly " { - if [ $SSL_TYPE != "manual" ]; then + if [ $SSL_TYPE = "manual" ]; then + run docker exec mail /bin/sh -c 'cmp -s /etc/postfix/ssl/cert /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem' + [ "$status" -eq 0 ] + run docker exec mail /bin/sh -c 'cmp -s /etc/postfix/ssl/key /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem' + [ "$status" -eq 0 ] + else skip fi - run docker exec mail /bin/sh -c 'cmp -s /etc/postfix/ssl/cert /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem' - [ "$status" -eq 0 ] - run docker exec mail /bin/sh -c 'cmp -s /etc/postfix/ssl/key /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem' - [ "$status" -eq 0 ] } @test "checking ssl: manual cert works correctly" { - if [ $SSL_TYPE != "manual" ]; then + if [ $SSL_TYPE = "manual" ]; then + run docker exec mail /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" + [ "$status" -eq 0 ] + else skip fi - run docker exec mail /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" - [ "$status" -eq 0 ] } # @@ -675,7 +680,7 @@ if [ $ENABLE_FETCHMAIL -eq 0 ]; then skip fi - run docker exec mail grep 'pop3.example.com' /etc/fetchmailrc + run docker exec mail grep 'pop3.example.tld' /etc/fetchmailrc [ "$status" -eq 0 ] } @@ -961,7 +966,7 @@ # postfix @test "checking postfix: ldap lookup works correctly" { - if [ $ENABLE_LDAP -q 0 ]; then + if [ $ENABLE_LDAP -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "postmap -q some.user@localhost.localdomain ldap:/etc/postfix/ldap-users.cf" @@ -977,7 +982,7 @@ # dovecot @test "checking dovecot: ldap imap connection and authentication works" { - if [ $ENABLE_LDAP -q 0 ]; then + if [ $ENABLE_LDAP -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-ldap-auth.txt" @@ -985,7 +990,7 @@ } @test "checking dovecot: mail delivery works" { - if [ $ENABLE_LDAP -q 0 ]; then + if [ $ENABLE_LDAP -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "sendmail -f user@external.tld some.user@localhost.localdomain < /tmp/docker-mailserver-test/email-templates/test-email.txt" @@ -997,7 +1002,7 @@ # saslauthd @test "checking saslauthd: sasl ldap authentication works" { - if [ $ENABLE_SASLAUTHD -q 0 ]; then + if [ $ENABLE_SASLAUTHD -eq 0 ]; then skip fi run docker exec mail bash -c "testsaslauthd -u some.user -p secret" @@ -1005,7 +1010,7 @@ } @test "checking saslauthd: ldap smtp authentication" { - if [ $ENABLE_SASLAUTHD -q 0 ]; then + if [ $ENABLE_SASLAUTHD -eq 0 ]; then skip fi run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'" From a0f7f08b9475abffce68064ffebfc41e5b467c5d Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Sun, 1 Jan 2017 17:44:32 +0100 Subject: [PATCH 18/30] MOved bats to dependency and added bats-assert, also updated most test cases to have an ouput of expected/actual values in log (easier to debug) --- .gitignore | 2 + .gitmodules | 0 .travis.yml | 2 +- Makefile | 23 +- config/postfix-accounts.cf | 1 + test/bats/bats | 142 ------------- test/bats/bats-exec-suite | 55 ----- test/bats/bats-exec-test | 346 ------------------------------- test/bats/bats-format-tap-stream | 165 --------------- test/bats/bats-preprocess | 52 ----- test/config/fetchmail.cf | 2 +- test/tests.bats | 334 ++++++++++++++--------------- 12 files changed, 174 insertions(+), 950 deletions(-) create mode 100644 .gitmodules delete mode 100755 test/bats/bats delete mode 100755 test/bats/bats-exec-suite delete mode 100755 test/bats/bats-exec-test delete mode 100755 test/bats/bats-format-tap-stream delete mode 100755 test/bats/bats-preprocess diff --git a/.gitignore b/.gitignore index bc5326d5..14ce13d3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,8 @@ .DS_Store docker-compose.yml .idea +test/bats/ +test/test_helper/ test/config/empty/ test/config/without-accounts/ test/config/without-virtual/ diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000..e69de29b diff --git a/.travis.yml b/.travis.yml index 848ed9b1..f66fe5cf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,7 +14,7 @@ after_script: env: - SMTP_ONLY=0 ENABLE_LDAP=0 ENABLE_CLAMAV=1 ENABLE_SPAMASSASSIN=1 ENABLE_FAIL2BAN=1 ONE_DIR=1 ENABLE_POP3=1 ENABLE_MANAGESIEVE=1 ENABLE_FETCHMAIL=1 PERMIT_DOCKER=host DMS_DEBUG=0 SA_TAG=1.0 SA_TAG2=2.0 SA_KILL=3.0 VIRUSMAILS_DELETE_DELAY=7 SASL_PASSWD="external domain.com username:password" - SMTP_ONLY=0 ENABLE_LDAP=0 ENABLE_CLAMAV=0 ENABLE_SPAMASSASSIN=0 ENABLE_FAIL2BAN=0 ONE_DIR=0 ENABLE_POP3=0 ENABLE_MANAGESIEVE=0 ENABLE_FETCHMAIL=0 PERMIT_DOCKER=network DMS_DEBUG=1 -- SMTP_ONLY=1 ENABLE_LDAP=1 LDAP_SERVER_HOST=ldap LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain ENABLE_SASLAUTHD=1 SASLAUTHD_MECHANISMS=ldap SASLAUTHD_LDAP_SERVER=ldap SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain SASLAUTHD_LDAP_PASSWORD=admin SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain POSTMASTER_ADDRESS=postmaster@localhost.localdomain +- SMTP_ONLY=1 ENABLE_LDAP=1 LDAP_SERVER_HOST=ldap LDAP_SEARCH_BASE="ou=people,dc=localhost,dc=localdomain" LDAP_BIND_DN="cn=admin,dc=localhost,dc=localdomain" ENABLE_SASLAUTHD=1 SASLAUTHD_MECHANISMS=ldap SASLAUTHD_LDAP_SERVER=ldap SASLAUTHD_LDAP_BIND_DN="cn=admin,dc=localhost,dc=localdomain" SASLAUTHD_LDAP_PASSWORD=admin SASLAUTHD_LDAP_SEARCH_BASE="ou=people,dc=localhost,dc=localdomain" POSTMASTER_ADDRESS=postmaster@localhost.localdomain notifications: slack: diff --git a/Makefile b/Makefile index 49ebc247..53379eb0 100644 --- a/Makefile +++ b/Makefile @@ -2,6 +2,7 @@ NAME = tvial/docker-mailserver:testing all: build-no-cache generate-accounts run fixtures tests clean all-fast: build generate-accounts run fixtures tests clean +all-fast-local: build generate-accounts run-local fixtures tests clean no-build: generate-accounts run fixtures tests clean build-no-cache: @@ -19,7 +20,7 @@ generate-accounts: run: ifeq ($(ENABLE_LDAP),1) # Run ldap - docker run -d --name ldap_for_mail \ + docker run -d --name ldap-for-mail \ -e LDAP_DOMAIN="localhost.localdomain" \ -h mail.my-domain.com -t ldap endif @@ -60,6 +61,18 @@ endif # Wait for containers to fully start sleep 15 +run-local: + docker run -d --name mail \ + -v "`pwd`/test/config":/tmp/docker-mailserver \ + -v "`pwd`/test":/tmp/docker-mailserver-test \ + -v "`pwd`/test/onedir":/var/mail-state \ + --env-file=.env-testing \ + --cap-add=NET_ADMIN \ + --add-host=pop3.example.tld:127.0.0.1 \ + -h mail.my-domain.com -t $(NAME) + # Wait for containers to fully start + sleep 15 + fixtures: cp config/postfix-accounts.cf config/postfix-accounts.cf.bak # Setup sieve & create filtering folder (INBOX/spam) @@ -83,13 +96,14 @@ fixtures: tests: # Start tests - ./test/bats/bats test/tests.bats + ./test/bats/bin/bats test/tests.bats clean: # Remove running test containers -docker rm -f \ mail \ - ldap_for_mail + fail-auth-mailer \ + ldap-for-mail @if [ -f config/postfix-accounts.cf.bak ]; then\ rm -f config/postfix-accounts.cf ;\ @@ -98,4 +112,5 @@ clean: -sudo rm -rf test/onedir \ test/config/empty \ test/config/without-accounts \ - test/config/without-virtual + test/config/without-virtual \ + test/config/postfix-accounts.cf.bak diff --git a/config/postfix-accounts.cf b/config/postfix-accounts.cf index e69de29b..8b137891 100644 --- a/config/postfix-accounts.cf +++ b/config/postfix-accounts.cf @@ -0,0 +1 @@ + diff --git a/test/bats/bats b/test/bats/bats deleted file mode 100755 index 7e1c9eda..00000000 --- a/test/bats/bats +++ /dev/null @@ -1,142 +0,0 @@ -#!/usr/bin/env bash -set -e - -version() { - echo "Bats 0.4.0" -} - -usage() { - version - echo "Usage: bats [-c] [-p | -t] [ ...]" -} - -help() { - usage - echo - echo " is the path to a Bats test file, or the path to a directory" - echo " containing Bats test files." - echo - echo " -c, --count Count the number of test cases without running any tests" - echo " -h, --help Display this help message" - echo " -p, --pretty Show results in pretty format (default for terminals)" - echo " -t, --tap Show results in TAP format" - echo " -v, --version Display the version number" - echo - echo " For more information, see https://github.com/sstephenson/bats" - echo -} - -resolve_link() { - $(type -p greadlink readlink | head -1) "$1" -} - -abs_dirname() { - local cwd="$(pwd)" - local path="$1" - - while [ -n "$path" ]; do - cd "${path%/*}" - local name="${path##*/}" - path="$(resolve_link "$name" || true)" - done - - pwd - cd "$cwd" -} - -expand_path() { - { cd "$(dirname "$1")" 2>/dev/null - local dirname="$PWD" - cd "$OLDPWD" - echo "$dirname/$(basename "$1")" - } || echo "$1" -} - -BATS_LIBEXEC="$(abs_dirname "$0")" -export BATS_PREFIX="$(abs_dirname "$BATS_LIBEXEC")" -export BATS_CWD="$(abs_dirname .)" -export PATH="$BATS_LIBEXEC:$PATH" - -options=() -arguments=() -for arg in "$@"; do - if [ "${arg:0:1}" = "-" ]; then - if [ "${arg:1:1}" = "-" ]; then - options[${#options[*]}]="${arg:2}" - else - index=1 - while option="${arg:$index:1}"; do - [ -n "$option" ] || break - options[${#options[*]}]="$option" - let index+=1 - done - fi - else - arguments[${#arguments[*]}]="$arg" - fi -done - -unset count_flag pretty -[ -t 0 ] && [ -t 1 ] && pretty="1" -[ -n "$CI" ] && pretty="" - -for option in "${options[@]}"; do - case "$option" in - "h" | "help" ) - help - exit 0 - ;; - "v" | "version" ) - version - exit 0 - ;; - "c" | "count" ) - count_flag="-c" - ;; - "t" | "tap" ) - pretty="" - ;; - "p" | "pretty" ) - pretty="1" - ;; - * ) - usage >&2 - exit 1 - ;; - esac -done - -if [ "${#arguments[@]}" -eq 0 ]; then - usage >&2 - exit 1 -fi - -filenames=() -for filename in "${arguments[@]}"; do - if [ -d "$filename" ]; then - shopt -s nullglob - for suite_filename in "$(expand_path "$filename")"/*.bats; do - filenames["${#filenames[@]}"]="$suite_filename" - done - shopt -u nullglob - else - filenames["${#filenames[@]}"]="$(expand_path "$filename")" - fi -done - -if [ "${#filenames[@]}" -eq 1 ]; then - command="bats-exec-test" -else - command="bats-exec-suite" -fi - -if [ -n "$pretty" ]; then - extended_syntax_flag="-x" - formatter="bats-format-tap-stream" -else - extended_syntax_flag="" - formatter="cat" -fi - -set -o pipefail execfail -exec "$command" $count_flag $extended_syntax_flag "${filenames[@]}" | "$formatter" \ No newline at end of file diff --git a/test/bats/bats-exec-suite b/test/bats/bats-exec-suite deleted file mode 100755 index 29ab255d..00000000 --- a/test/bats/bats-exec-suite +++ /dev/null @@ -1,55 +0,0 @@ -#!/usr/bin/env bash -set -e - -count_only_flag="" -if [ "$1" = "-c" ]; then - count_only_flag=1 - shift -fi - -extended_syntax_flag="" -if [ "$1" = "-x" ]; then - extended_syntax_flag="-x" - shift -fi - -trap "kill 0; exit 1" int - -count=0 -for filename in "$@"; do - let count+="$(bats-exec-test -c "$filename")" -done - -if [ -n "$count_only_flag" ]; then - echo "$count" - exit -fi - -echo "1..$count" -status=0 -offset=0 -for filename in "$@"; do - index=0 - { - IFS= read -r # 1..n - while IFS= read -r line; do - case "$line" in - "begin "* ) - let index+=1 - echo "${line/ $index / $(($offset + $index)) }" - ;; - "ok "* | "not ok "* ) - [ -n "$extended_syntax_flag" ] || let index+=1 - echo "${line/ $index / $(($offset + $index)) }" - [ "${line:0:6}" != "not ok" ] || status=1 - ;; - * ) - echo "$line" - ;; - esac - done - } < <( bats-exec-test $extended_syntax_flag "$filename" ) - offset=$(($offset + $index)) -done - -exit "$status" diff --git a/test/bats/bats-exec-test b/test/bats/bats-exec-test deleted file mode 100755 index 8f3bd510..00000000 --- a/test/bats/bats-exec-test +++ /dev/null @@ -1,346 +0,0 @@ -#!/usr/bin/env bash -set -e -set -E -set -T - -BATS_COUNT_ONLY="" -if [ "$1" = "-c" ]; then - BATS_COUNT_ONLY=1 - shift -fi - -BATS_EXTENDED_SYNTAX="" -if [ "$1" = "-x" ]; then - BATS_EXTENDED_SYNTAX="$1" - shift -fi - -BATS_TEST_FILENAME="$1" -if [ -z "$BATS_TEST_FILENAME" ]; then - echo "usage: bats-exec " >&2 - exit 1 -elif [ ! -f "$BATS_TEST_FILENAME" ]; then - echo "bats: $BATS_TEST_FILENAME does not exist" >&2 - exit 1 -else - shift -fi - -BATS_TEST_DIRNAME="$(dirname "$BATS_TEST_FILENAME")" -BATS_TEST_NAMES=() - -load() { - local name="$1" - local filename - - if [ "${name:0:1}" = "/" ]; then - filename="${name}" - else - filename="$BATS_TEST_DIRNAME/${name}.bash" - fi - - [ -f "$filename" ] || { - echo "bats: $filename does not exist" >&2 - exit 1 - } - - source "${filename}" -} - -run() { - local e E T oldIFS - [[ ! "$-" =~ e ]] || e=1 - [[ ! "$-" =~ E ]] || E=1 - [[ ! "$-" =~ T ]] || T=1 - set +e - set +E - set +T - output="$("$@" 2>&1)" - status="$?" - oldIFS=$IFS - IFS=$'\n' lines=($output) - [ -z "$e" ] || set -e - [ -z "$E" ] || set -E - [ -z "$T" ] || set -T - IFS=$oldIFS -} - -setup() { - true -} - -teardown() { - true -} - -skip() { - BATS_TEST_SKIPPED=${1:-1} - BATS_TEST_COMPLETED=1 - exit 0 -} - -bats_test_begin() { - BATS_TEST_DESCRIPTION="$1" - if [ -n "$BATS_EXTENDED_SYNTAX" ]; then - echo "begin $BATS_TEST_NUMBER $BATS_TEST_DESCRIPTION" >&3 - fi - setup -} - -bats_test_function() { - local test_name="$1" - BATS_TEST_NAMES["${#BATS_TEST_NAMES[@]}"]="$test_name" -} - -bats_capture_stack_trace() { - BATS_PREVIOUS_STACK_TRACE=( "${BATS_CURRENT_STACK_TRACE[@]}" ) - BATS_CURRENT_STACK_TRACE=() - - local test_pattern=" $BATS_TEST_NAME $BATS_TEST_SOURCE" - local setup_pattern=" setup $BATS_TEST_SOURCE" - local teardown_pattern=" teardown $BATS_TEST_SOURCE" - - local frame - local index=1 - - while frame="$(caller "$index")"; do - BATS_CURRENT_STACK_TRACE["${#BATS_CURRENT_STACK_TRACE[@]}"]="$frame" - if [[ "$frame" = *"$test_pattern" || \ - "$frame" = *"$setup_pattern" || \ - "$frame" = *"$teardown_pattern" ]]; then - break - else - let index+=1 - fi - done - - BATS_SOURCE="$(bats_frame_filename "${BATS_CURRENT_STACK_TRACE[0]}")" - BATS_LINENO="$(bats_frame_lineno "${BATS_CURRENT_STACK_TRACE[0]}")" -} - -bats_print_stack_trace() { - local frame - local index=1 - local count="${#@}" - - for frame in "$@"; do - local filename="$(bats_trim_filename "$(bats_frame_filename "$frame")")" - local lineno="$(bats_frame_lineno "$frame")" - - if [ $index -eq 1 ]; then - echo -n "# (" - else - echo -n "# " - fi - - local fn="$(bats_frame_function "$frame")" - if [ "$fn" != "$BATS_TEST_NAME" ]; then - echo -n "from function \`$fn' " - fi - - if [ $index -eq $count ]; then - echo "in test file $filename, line $lineno)" - else - echo "in file $filename, line $lineno," - fi - - let index+=1 - done -} - -bats_print_failed_command() { - local frame="$1" - local status="$2" - local filename="$(bats_frame_filename "$frame")" - local lineno="$(bats_frame_lineno "$frame")" - - local failed_line="$(bats_extract_line "$filename" "$lineno")" - local failed_command="$(bats_strip_string "$failed_line")" - echo -n "# \`${failed_command}' " - - if [ $status -eq 1 ]; then - echo "failed" - else - echo "failed with status $status" - fi -} - -bats_frame_lineno() { - local frame="$1" - local lineno="${frame%% *}" - echo "$lineno" -} - -bats_frame_function() { - local frame="$1" - local rest="${frame#* }" - local fn="${rest%% *}" - echo "$fn" -} - -bats_frame_filename() { - local frame="$1" - local rest="${frame#* }" - local filename="${rest#* }" - - if [ "$filename" = "$BATS_TEST_SOURCE" ]; then - echo "$BATS_TEST_FILENAME" - else - echo "$filename" - fi -} - -bats_extract_line() { - local filename="$1" - local lineno="$2" - sed -n "${lineno}p" "$filename" -} - -bats_strip_string() { - local string="$1" - printf "%s" "$string" | sed -e "s/^[ "$'\t'"]*//" -e "s/[ "$'\t'"]*$//" -} - -bats_trim_filename() { - local filename="$1" - local length="${#BATS_CWD}" - - if [ "${filename:0:length+1}" = "${BATS_CWD}/" ]; then - echo "${filename:length+1}" - else - echo "$filename" - fi -} - -bats_debug_trap() { - if [ "$BASH_SOURCE" != "$1" ]; then - bats_capture_stack_trace - fi -} - -bats_error_trap() { - BATS_ERROR_STATUS="$?" - BATS_ERROR_STACK_TRACE=( "${BATS_PREVIOUS_STACK_TRACE[@]}" ) - trap - debug -} - -bats_teardown_trap() { - trap "bats_exit_trap" exit - local status=0 - teardown >>"$BATS_OUT" 2>&1 || status="$?" - - if [ $status -eq 0 ]; then - BATS_TEARDOWN_COMPLETED=1 - elif [ -n "$BATS_TEST_COMPLETED" ]; then - BATS_ERROR_STATUS="$status" - BATS_ERROR_STACK_TRACE=( "${BATS_CURRENT_STACK_TRACE[@]}" ) - fi - - bats_exit_trap -} - -bats_exit_trap() { - local status - local skipped - trap - err exit - - skipped="" - if [ -n "$BATS_TEST_SKIPPED" ]; then - skipped=" # skip" - if [ "1" != "$BATS_TEST_SKIPPED" ]; then - skipped+=" ($BATS_TEST_SKIPPED)" - fi - fi - - if [ -z "$BATS_TEST_COMPLETED" ] || [ -z "$BATS_TEARDOWN_COMPLETED" ]; then - echo "not ok $BATS_TEST_NUMBER $BATS_TEST_DESCRIPTION" >&3 - bats_print_stack_trace "${BATS_ERROR_STACK_TRACE[@]}" >&3 - bats_print_failed_command "${BATS_ERROR_STACK_TRACE[${#BATS_ERROR_STACK_TRACE[@]}-1]}" "$BATS_ERROR_STATUS" >&3 - sed -e "s/^/# /" < "$BATS_OUT" >&3 - status=1 - else - echo "ok ${BATS_TEST_NUMBER}${skipped} ${BATS_TEST_DESCRIPTION}" >&3 - status=0 - fi - - rm -f "$BATS_OUT" - exit "$status" -} - -bats_perform_tests() { - echo "1..$#" - test_number=1 - status=0 - for test_name in "$@"; do - "$0" $BATS_EXTENDED_SYNTAX "$BATS_TEST_FILENAME" "$test_name" "$test_number" || status=1 - let test_number+=1 - done - exit "$status" -} - -bats_perform_test() { - BATS_TEST_NAME="$1" - if [ "$(type -t "$BATS_TEST_NAME" || true)" = "function" ]; then - BATS_TEST_NUMBER="$2" - if [ -z "$BATS_TEST_NUMBER" ]; then - echo "1..1" - BATS_TEST_NUMBER="1" - fi - - BATS_TEST_COMPLETED="" - BATS_TEARDOWN_COMPLETED="" - trap "bats_debug_trap \"\$BASH_SOURCE\"" debug - trap "bats_error_trap" err - trap "bats_teardown_trap" exit - "$BATS_TEST_NAME" >>"$BATS_OUT" 2>&1 - BATS_TEST_COMPLETED=1 - - else - echo "bats: unknown test name \`$BATS_TEST_NAME'" >&2 - exit 1 - fi -} - -if [ -z "$TMPDIR" ]; then - BATS_TMPDIR="/tmp" -else - BATS_TMPDIR="${TMPDIR%/}" -fi - -BATS_TMPNAME="$BATS_TMPDIR/bats.$$" -BATS_PARENT_TMPNAME="$BATS_TMPDIR/bats.$PPID" -BATS_OUT="${BATS_TMPNAME}.out" - -bats_preprocess_source() { - BATS_TEST_SOURCE="${BATS_TMPNAME}.src" - { tr -d '\r' < "$BATS_TEST_FILENAME"; echo; } | bats-preprocess > "$BATS_TEST_SOURCE" - trap "bats_cleanup_preprocessed_source" err exit - trap "bats_cleanup_preprocessed_source; exit 1" int -} - -bats_cleanup_preprocessed_source() { - rm -f "$BATS_TEST_SOURCE" -} - -bats_evaluate_preprocessed_source() { - if [ -z "$BATS_TEST_SOURCE" ]; then - BATS_TEST_SOURCE="${BATS_PARENT_TMPNAME}.src" - fi - source "$BATS_TEST_SOURCE" -} - -exec 3<&1 - -if [ "$#" -eq 0 ]; then - bats_preprocess_source - bats_evaluate_preprocessed_source - - if [ -n "$BATS_COUNT_ONLY" ]; then - echo "${#BATS_TEST_NAMES[@]}" - else - bats_perform_tests "${BATS_TEST_NAMES[@]}" - fi -else - bats_evaluate_preprocessed_source - bats_perform_test "$@" -fi diff --git a/test/bats/bats-format-tap-stream b/test/bats/bats-format-tap-stream deleted file mode 100755 index 614768f4..00000000 --- a/test/bats/bats-format-tap-stream +++ /dev/null @@ -1,165 +0,0 @@ -#!/usr/bin/env bash -set -e - -# Just stream the TAP output (sans extended syntax) if tput is missing -command -v tput >/dev/null || exec grep -v "^begin " - -header_pattern='[0-9]+\.\.[0-9]+' -IFS= read -r header - -if [[ "$header" =~ $header_pattern ]]; then - count="${header:3}" - index=0 - failures=0 - skipped=0 - name="" - count_column_width=$(( ${#count} * 2 + 2 )) -else - # If the first line isn't a TAP plan, print it and pass the rest through - printf "%s\n" "$header" - exec cat -fi - -update_screen_width() { - screen_width="$(tput cols)" - count_column_left=$(( $screen_width - $count_column_width )) -} - -trap update_screen_width WINCH -update_screen_width - -begin() { - go_to_column 0 - printf_with_truncation $(( $count_column_left - 1 )) " %s" "$name" - clear_to_end_of_line - go_to_column $count_column_left - printf "%${#count}s/${count}" "$index" - go_to_column 1 -} - -pass() { - go_to_column 0 - printf " ✓ %s" "$name" - advance -} - -skip() { - local reason="$1" - [ -z "$reason" ] || reason=": $reason" - go_to_column 0 - printf " - %s (skipped%s)" "$name" "$reason" - advance -} - -fail() { - go_to_column 0 - set_color 1 bold - printf " ✗ %s" "$name" - advance -} - -log() { - set_color 1 - printf " %s\n" "$1" - clear_color -} - -summary() { - printf "\n%d test%s" "$count" "$(plural "$count")" - - printf ", %d failure%s" "$failures" "$(plural "$failures")" - - if [ "$skipped" -gt 0 ]; then - printf ", %d skipped" "$skipped" - fi - - printf "\n" -} - -printf_with_truncation() { - local width="$1" - shift - local string="$(printf "$@")" - - if [ "${#string}" -gt "$width" ]; then - printf "%s..." "${string:0:$(( $width - 4 ))}" - else - printf "%s" "$string" - fi -} - -go_to_column() { - local column="$1" - printf "\x1B[%dG" $(( $column + 1 )) -} - -clear_to_end_of_line() { - printf "\x1B[K" -} - -advance() { - clear_to_end_of_line - echo - clear_color -} - -set_color() { - local color="$1" - local weight="$2" - printf "\x1B[%d;%dm" $(( 30 + $color )) "$( [ "$weight" = "bold" ] && echo 1 || echo 22 )" -} - -clear_color() { - printf "\x1B[0m" -} - -plural() { - [ "$1" -eq 1 ] || echo "s" -} - -_buffer="" - -buffer() { - _buffer="${_buffer}$("$@")" -} - -flush() { - printf "%s" "$_buffer" - _buffer="" -} - -finish() { - flush - printf "\n" -} - -trap finish EXIT - -while IFS= read -r line; do - case "$line" in - "begin "* ) - let index+=1 - name="${line#* $index }" - buffer begin - flush - ;; - "ok "* ) - skip_expr="ok $index # skip (\(([^)]*)\))?" - if [[ "$line" =~ $skip_expr ]]; then - let skipped+=1 - buffer skip "${BASH_REMATCH[2]}" - else - buffer pass - fi - ;; - "not ok "* ) - let failures+=1 - buffer fail - ;; - "# "* ) - buffer log "${line:2}" - ;; - esac -done - -buffer summary diff --git a/test/bats/bats-preprocess b/test/bats/bats-preprocess deleted file mode 100755 index 04297ed0..00000000 --- a/test/bats/bats-preprocess +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/env bash -set -e - -encode_name() { - local name="$1" - local result="test_" - - if [[ ! "$name" =~ [^[:alnum:]\ _-] ]]; then - name="${name//_/-5f}" - name="${name//-/-2d}" - name="${name// /_}" - result+="$name" - else - local length="${#name}" - local char i - - for ((i=0; i 2 ] + assert + [ "$output" -ge 3 ] } # @@ -205,64 +208,57 @@ @test "checking smtp: authentication works with good password (plain)" { run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-plain.txt | grep 'Authentication successful'" - [ "$status" -eq 0 ] + assert } @test "checking smtp: authentication fails with wrong password (plain)" { run docker exec mail /bin/sh -c "nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-plain-wrong.txt | grep 'authentication failed'" - [ "$status" -eq 0 ] + assert } @test "checking smtp: authentication works with good password (login)" { run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login.txt | grep 'Authentication successful'" - [ "$status" -eq 0 ] + assert } @test "checking smtp: authentication fails with wrong password (login)" { run docker exec mail /bin/sh -c "nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt | grep 'authentication failed'" - [ "$status" -eq 0 ] + assert } @test "checking smtp: delivers mail to existing account" { run docker exec mail /bin/sh -c "grep 'postfix/lmtp' /var/log/mail/mail.log | grep 'status=sent' | grep ' Saved)' | wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 6 ] + assert_output 6 } @test "checking smtp: delivers mail to existing alias" { run docker exec mail /bin/sh -c "grep 'to=, orig_to=' /var/log/mail/mail.log | grep 'status=sent' | wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 1 ] + assert_output 1 } @test "checking smtp: delivers mail to existing catchall" { run docker exec mail /bin/sh -c "grep 'to=, orig_to=' /var/log/mail/mail.log | grep 'status=sent' | wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 1 ] + assert_output 1 } @test "checking smtp: delivers mail to regexp alias" { run docker exec mail /bin/sh -c "grep 'to=, orig_to=' /var/log/mail/mail.log | grep 'status=sent' | wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 1 ] + assert_output 1 } @test "checking smtp: user1 should have received 5 mails" { run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/new | wc -l" - [ "$status" -eq 0 ] - [ "$output" = 5 ] + assert_output 5 } @test "checking smtp: rejects mail to unknown user" { run docker exec mail /bin/sh -c "grep ': Recipient address rejected: User unknown in virtual mailbox table' /var/log/mail/mail.log | wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 1 ] + assert_output 1 } @test "checking smtp: redirects mail to external aliases" { run docker exec mail /bin/sh -c "grep -- '-> ' /var/log/mail/mail.log | wc -l" - [ "$status" -eq 0 ] - [ "$output" = 2 ] + assert_output 2 } @test "checking smtp: rejects spam" { @@ -270,8 +266,7 @@ skip fi run docker exec mail /bin/sh -c "grep 'Blocked SPAM' /var/log/mail/mail.log | grep spam@external.tld | wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 1 ] + assert_output 1 } @test "checking smtp: rejects virus" { @@ -279,8 +274,7 @@ skip fi run docker exec mail /bin/sh -c "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep virus@external.tld | wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 1 ] + assert_output 1 } # @@ -289,21 +283,19 @@ @test "checking accounts: user accounts" { run docker exec mail doveadm user '*' - [ "$status" -eq 0 ] + assert [ "${lines[0]}" = "user1@localhost.localdomain" ] [ "${lines[1]}" = "user2@otherdomain.tld" ] } @test "checking accounts: user mail folders for user1" { run docker exec mail /bin/bash -c "ls -A /var/mail/localhost.localdomain/user1 | grep -E '.Drafts|.Sent|.Trash|cur|new|subscriptions|tmp' | wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 7 ] + assert_output 7 } @test "checking accounts: user mail folders for user2" { run docker exec mail /bin/bash -c "ls -A /var/mail/otherdomain.tld/user2 | grep -E '.Drafts|.Sent|.Trash|cur|new|subscriptions|tmp' | wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 7 ] + assert_output 7 } # @@ -312,7 +304,7 @@ @test "checking postfix: vhost file is correct" { run docker exec mail cat /etc/postfix/vhost - [ "$status" -eq 0 ] + assert [ "${lines[0]}" = "localdomain2.com" ] [ "${lines[1]}" = "localhost.localdomain" ] [ "${lines[2]}" = "otherdomain.tld" ] @@ -320,9 +312,9 @@ @test "checking postfix: main.cf overrides" { run docker exec mail grep -q 'max_idle = 600s' /tmp/docker-mailserver/postfix-main.cf - [ "$status" -eq 0 ] + assert run docker exec mail grep -q 'readme_directory = /tmp' /tmp/docker-mailserver/postfix-main.cf - [ "$status" -eq 0 ] + assert } # @@ -331,10 +323,9 @@ @test "checking dovecot: config additions" { run docker exec mail grep -q 'mail_max_userip_connections = 69' /tmp/docker-mailserver/dovecot.cf - [ "$status" -eq 0 ] + assert run docker exec mail /bin/sh -c "doveconf | grep 'mail_max_userip_connections = 69'" - [ "$status" -eq 0 ] - [ "$output" = 'mail_max_userip_connections = 69' ] + assert_output 'mail_max_userip_connections = 69' } # @@ -346,7 +337,7 @@ skip fi run docker exec mail /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'" - [ "$status" -eq 1 ] + refute } @test "checking spamassassin: should not be listed in amavis when disabled" { @@ -354,7 +345,7 @@ skip fi run docker exec mail /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'" - [ "$status" -eq 0 ] + assert } @test "checking spamassassin: docker env variables are set correctly (default)" { @@ -362,11 +353,11 @@ skip fi run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'" - [ "$status" -eq 0 ] + assert run docker exec mail /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" - [ "$status" -eq 0 ] + assert run docker exec mail /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" - [ "$status" -eq 0 ] + assert } @test "checking spamassassin: docker env variables are set correctly (custom)" { @@ -374,11 +365,11 @@ skip fi run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 1.0'" - [ "$status" -eq 0 ] + assert run docker exec mail /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'" - [ "$status" -eq 0 ] + assert run docker exec mail /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 3.0'" - [ "$status" -eq 0 ] + assert } # @@ -390,7 +381,7 @@ skip fi run docker exec mail grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log - [ "$status" -eq 0 ] + assert } @test "checking clamav: should not be listed in amavis when disabled" { @@ -398,7 +389,7 @@ skip fi run docker exec mail grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log - [ "$status" -eq 1 ] + refute } @test "checking clamav: should not be called when disabled" { @@ -406,7 +397,7 @@ skip fi run docker exec mail grep -i 'connect to /var/run/clamav/clamd.ctl failed' /var/log/mail/mail.log - [ "$status" -eq 1 ] + refute } # @@ -415,14 +406,12 @@ @test "checking opendkim: /etc/opendkim/KeyTable should contain 2 entries" { run docker exec mail /bin/sh -c "cat /etc/opendkim/KeyTable | wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 2 ] + assert_output 2 } @test "checking opendkim: /etc/opendkim/keys/ should contain 2 entries" { run docker exec mail /bin/sh -c "ls -l /etc/opendkim/keys/ | grep '^d' | wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 2 ] + assert_output 2 } @test "checking opendkim: generator creates keys, tables and TrustedHosts" { @@ -432,26 +421,22 @@ -v "$(pwd)/test/config/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ -v "$(pwd)/test/config/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'generate-dkim-config | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 6 ] + assert_output 6 # Check keys for localhost.localdomain run docker run --rm \ -v "$(pwd)/test/config/empty/opendkim":/etc/opendkim \ `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 2 ] + assert_output 2 # Check keys for otherdomain.tld run docker run --rm \ -v "$(pwd)/test/config/empty/opendkim":/etc/opendkim \ `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 2 ] + assert_output 2 # Check presence of tables and TrustedHosts run docker run --rm \ -v "$(pwd)/test/config/empty/opendkim":/etc/opendkim \ `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c "ls -1 etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 4 ] + assert_output 4 } @test "checking opendkim: generator creates keys, tables and TrustedHosts without postfix-accounts.cf" { @@ -460,26 +445,23 @@ -v "$(pwd)/test/config/without-accounts/":/tmp/docker-mailserver/ \ -v "$(pwd)/test/config/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'generate-dkim-config | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 5 ] + assert_output 5 # Check keys for localhost.localdomain run docker run --rm \ -v "$(pwd)/test/config/without-accounts/opendkim":/etc/opendkim \ `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 2 ] + assert_output 2 # Check keys for otherdomain.tld # run docker run --rm \ # -v "$(pwd)/test/config/without-accounts/opendkim":/etc/opendkim \ # `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l' - # [ "$status" -eq 0 ] + # assert # [ "$output" -eq 0 ] # Check presence of tables and TrustedHosts run docker run --rm \ -v "$(pwd)/test/config/without-accounts/opendkim":/etc/opendkim \ `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c "ls -1 etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 4 ] + assert_output 4 } @test "checking opendkim: generator creates keys, tables and TrustedHosts without postfix-virtual.cf" { @@ -488,26 +470,22 @@ -v "$(pwd)/test/config/without-virtual/":/tmp/docker-mailserver/ \ -v "$(pwd)/test/config/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'generate-dkim-config | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 5 ] + assert_output 5 # Check keys for localhost.localdomain run docker run --rm \ -v "$(pwd)/test/config/without-virtual/opendkim":/etc/opendkim \ `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 2 ] + assert_output 2 # Check keys for otherdomain.tld run docker run --rm \ -v "$(pwd)/test/config/without-virtual/opendkim":/etc/opendkim \ `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 2 ] + assert_output 2 # Check presence of tables and TrustedHosts run docker run --rm \ -v "$(pwd)/test/config/without-virtual/opendkim":/etc/opendkim \ `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c "ls -1 etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 4 ] + assert_output 4 } # @@ -519,22 +497,20 @@ skip fi run docker exec mail /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 0 (ok)'" - [ "$status" -eq 0 ] + assert } @test "checking ssl: lets-encrypt-x3-cross-signed.pem is installed" { run docker exec mail grep 'BEGIN CERTIFICATE' /etc/ssl/certs/lets-encrypt-x3-cross-signed.pem - [ "$status" -eq 0 ] + assert } @test "checking ssl: letsencrypt configuration is correct" { if [ $SSL_TYPE = "letsencrypt" ]; then run docker exec mail /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/postfix/main.cf | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 2 ] + assert_output 2 run docker exec mail /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/dovecot/conf.d/10-ssl.conf | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 2 ] + assert_output 2 else skip fi @@ -543,7 +519,7 @@ @test "checking ssl: letsencrypt cert works correctly" { if [ $SSL_TYPE = "letsencrypt" ]; then run docker exec mail /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" - [ "$status" -eq 0 ] + assert else skip fi @@ -552,17 +528,13 @@ @test "checking ssl: manual configuration is correct" { if [ $SSL_TYPE = "manual" ]; then run docker exec mail /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/postfix/main.cf | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 1 ] + assert_output 1 run docker exec mail /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/dovecot/conf.d/10-ssl.conf | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 1 ] + assert_output 1 run docker exec mail /bin/sh -c 'grep -ir "/etc/postfix/ssl/key" /etc/postfix/main.cf | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 1 ] + assert_output 1 run docker exec mail /bin/sh -c 'grep -ir "/etc/postfix/ssl/key" /etc/dovecot/conf.d/10-ssl.conf | wc -l' - [ "$status" -eq 0 ] - [ "$output" -eq 1 ] + assert_output 1 else skip fi @@ -571,9 +543,9 @@ @test "checking ssl: manual configuration copied files correctly " { if [ $SSL_TYPE = "manual" ]; then run docker exec mail /bin/sh -c 'cmp -s /etc/postfix/ssl/cert /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem' - [ "$status" -eq 0 ] + assert run docker exec mail /bin/sh -c 'cmp -s /etc/postfix/ssl/key /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem' - [ "$status" -eq 0 ] + assert else skip fi @@ -582,7 +554,7 @@ @test "checking ssl: manual cert works correctly" { if [ $SSL_TYPE = "manual" ]; then run docker exec mail /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" - [ "$status" -eq 0 ] + assert else skip fi @@ -597,9 +569,9 @@ skip fi run docker exec mail /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*127.0.0.1'" - [ "$status" -eq 1 ] + refute run docker exec mail /bin/sh -c "grep 'ignoreip = 127.0.0.1/8' /etc/fail2ban/jail.conf" - [ "$status" -eq 0 ] + assert } @test "checking fail2ban: fail2ban-jail.cf overrides" { @@ -610,13 +582,13 @@ for FILTER in "${FILTERS[@]}"; do run docker exec mail /bin/sh -c "fail2ban-client get $FILTER bantime" - [ "$output" = 1234 ] + assert_output 1234 run docker exec mail /bin/sh -c "fail2ban-client get $FILTER findtime" - [ "$output" = 321 ] + assert_output 321 run docker exec mail /bin/sh -c "fail2ban-client get $FILTER maxretry" - [ "$output" = 2 ] + assert_output 2 done } @@ -639,11 +611,11 @@ FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer) run docker exec mail /bin/sh -c "fail2ban-client status postfix-sasl | grep '$FAIL_AUTH_MAILER_IP'" - [ "$status" -eq 0 ] + assert # Checking that FAIL_AUTH_MAILER_IP is banned by iptables run docker exec mail /bin/sh -c "iptables -L f2b-postfix-sasl -n | grep REJECT | grep '$FAIL_AUTH_MAILER_IP'" - [ "$status" -eq 0 ] + assert } @test "checking fail2ban: unban ip works" { @@ -657,11 +629,11 @@ sleep 5 run docker exec mail /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*$FAIL_AUTH_MAILER_IP'" - [ "$status" -eq 1 ] + refute # Checking that FAIL_AUTH_MAILER_IP is unbanned by iptables run docker exec mail /bin/sh -c "iptables -L f2b-postfix-sasl -n | grep REJECT | grep '$FAIL_AUTH_MAILER_IP'" - [ "$status" -eq 1 ] + refute } # @@ -673,7 +645,7 @@ skip fi run docker exec mail grep 'set syslog' /etc/fetchmailrc - [ "$status" -eq 0 ] + assert } @test "checking fetchmail: fetchmail.cf is loaded" { @@ -681,7 +653,7 @@ skip fi run docker exec mail grep 'pop3.example.tld' /etc/fetchmailrc - [ "$status" -eq 0 ] + assert } # @@ -690,72 +662,70 @@ @test "checking system: freshclam cron is enabled" { run docker exec mail bash -c "crontab -l | grep '/usr/bin/freshclam'" - [ "$status" -eq 0 ] + assert } @test "checking amavis: virusmail wiper cron exists" { run docker exec mail bash -c "crontab -l | grep '/var/lib/amavis/virusmails/'" - [ "$status" -eq 0 ] + assert } @test "checking amavis: VIRUSMAILS_DELETE_DELAY override works as expected" { run docker run -ti --rm -e VIRUSMAILS_DELETE_DELAY=2 `docker inspect --format '{{ .Config.Image }}' mail` /bin/bash -c 'echo $VIRUSMAILS_DELETE_DELAY | grep 2' - [ "$status" -eq 0 ] + assert } @test "checking amavis: old virusmail is wipped by cron" { docker exec mail bash -c 'touch -d "`date --date=2000-01-01`" /var/lib/amavis/virusmails/should-be-deleted' run docker exec -ti mail bash -c 'find /var/lib/amavis/virusmails/ -type f -mtime +$VIRUSMAILS_DELETE_DELAY -delete' - [ "$status" -eq 0 ] + assert run docker exec mail bash -c 'ls -la /var/lib/amavis/virusmails/ | grep should-be-deleted' - [ "$status" -eq 1 ] + refute } @test "checking amavis: recent virusmail is not wipped by cron" { docker exec mail bash -c 'touch -d "`date`" /var/lib/amavis/virusmails/should-not-be-deleted' run docker exec -ti mail bash -c 'find /var/lib/amavis/virusmails/ -type f -mtime +$VIRUSMAILS_DELETE_DELAY -delete' - [ "$status" -eq 0 ] + assert run docker exec mail bash -c 'ls -la /var/lib/amavis/virusmails/ | grep should-not-be-deleted' - [ "$status" -eq 0 ] + assert } @test "checking system: /var/log/mail/mail.log is error free" { run docker exec mail grep 'non-null host address bits in' /var/log/mail/mail.log - [ "$status" -eq 1 ] + refute run docker exec mail grep 'mail system configuration error' /var/log/mail/mail.log - [ "$status" -eq 1 ] + refute run docker exec mail grep ': error:' /var/log/mail/mail.log - [ "$status" -eq 1 ] + refute run docker exec mail grep -i 'is not writable' /var/log/mail/mail.log - [ "$status" -eq 1 ] + refute run docker exec mail grep -i 'permission denied' /var/log/mail/mail.log - [ "$status" -eq 1 ] + refute run docker exec mail grep -i '(!)connect' /var/log/mail/mail.log - [ "$status" -eq 1 ] + refute run docker exec mail grep 'non-null host address bits in' /var/log/mail/mail.log - [ "$status" -eq 1 ] + refute } @test "checking system: /var/log/auth.log is error free" { run docker exec mail grep 'Unable to open env file: /etc/default/locale' /var/log/auth.log - [ "$status" -eq 1 ] + refute } @test "checking system: sets the server fqdn" { run docker exec mail hostname - [ "$status" -eq 0 ] - [ "$output" = "mail.my-domain.com" ] + assert_output "mail.my-domain.com" } @test "checking system: sets the server domain name in /etc/mailname" { run docker exec mail cat /etc/mailname - [ "$status" -eq 0 ] - [ "$output" = "my-domain.com" ] + assert_output "my-domain.com" } @test "checking system: postfix should not log to syslog" { run docker exec mail grep 'postfix' /var/log/syslog - [ "$status" -eq 1 ] + refute } # @@ -767,8 +737,7 @@ skip fi run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/.INBOX.spam/new | wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 1 ] + assert_output 1 } @test "checking manage sieve: server is ready when ENABLE_MANAGESIEVE has been set" { @@ -776,7 +745,7 @@ skip fi run docker exec mail /bin/bash -c "nc -z 0.0.0.0 4190" - [ "$status" -eq 0 ] + assert } @test "checking manage sieve: disabled per default" { @@ -795,7 +764,7 @@ docker exec mail /bin/sh -c "addmailuser user3@domain.tld mypassword" run docker exec mail /bin/sh -c "grep user3@domain.tld -i /tmp/docker-mailserver/postfix-accounts.cf" - [ "$status" -eq 0 ] + assert [ ! -z "$output" ] } @@ -803,7 +772,7 @@ docker exec mail /bin/sh -c "delmailuser user3@domain.tld" run docker exec mail /bin/sh -c "grep user3@domain.tld -i /tmp/docker-mailserver/postfix-accounts.cf" - [ "$status" -eq 1 ] + refute [ -z "$output" ] } @@ -824,21 +793,20 @@ docker exec mail /bin/sh -c "delmailuser user3@domain.tld" - [ "$status" -eq 0 ] + assert } @test "checking accounts: listmailuser" { run docker exec mail /bin/sh -c "listmailuser | head -n 1" - [ "$status" -eq 0 ] - [ "$output" = user1@localhost.localdomain ] + assert_output "user1@localhost.localdomain" } @test "checking accounts: no error is generated when deleting a user if /tmp/docker-mailserver/postfix-accounts.cf is missing" { run docker run --rm \ -v "$(pwd)/test/config/without-accounts/":/tmp/docker-mailserver/ \ `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'delmailuser user3@domain.tld' - [ "$status" -eq 0 ] + assert [ -z "$output" ] } @@ -849,7 +817,7 @@ run docker run --rm \ -v "$(pwd)/test/config/without-accounts/":/tmp/docker-mailserver/ \ `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'grep user3@domain.tld -i /tmp/docker-mailserver/postfix-accounts.cf' - [ "$status" -eq 0 ] + assert [ ! -z "$output" ] } @@ -859,21 +827,21 @@ @test "checking PERMIT_DOCKER: can get container ip" { run docker exec mail /bin/sh -c "ip addr show eth0 | grep 'inet ' | sed 's/[^0-9\.\/]*//g' | cut -d '/' -f 1 | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}'" - [ "$status" -eq 0 ] + assert } @test "checking PERMIT_DOCKER: opendmarc/opendkim config" { run docker exec mail /bin/sh -c "cat /etc/opendmarc/ignore.hosts | grep '172.16.0.0/12'" - [ "$status" -eq 0 ] + assert run docker exec mail /bin/sh -c "cat /etc/opendkim/TrustedHosts | grep '172.16.0.0/12'" - [ "$status" -eq 0 ] + assert } @test "checking PERMIT_DOCKER: my network value" { run docker exec mail /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.0\.0/16'" - [ "$status" -eq 0 ] + assert run docker exec mail /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}/32'" - [ "$status" -eq 0 ] + assert } # @@ -882,8 +850,7 @@ @test "checking amavis: config overrides" { run docker exec mail /bin/sh -c "grep 'Test Verification' /etc/amavis/conf.d/50-user | wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 1 ] + assert_output 1 } # @@ -893,25 +860,25 @@ # CLI interface @test "checking setup.sh: Without arguments: status 1, show help text" { run ./setup.sh - [ "$status" -eq 1 ] + refute [ "${lines[0]}" = "Usage: ./setup.sh [-i IMAGE_NAME] [-c CONTAINER_NAME] [args]" ] } @test "checking setup.sh: Wrong arguments" { run ./setup.sh lol troll - [ "$status" -eq 1 ] + refute [ "${lines[0]}" = "Usage: ./setup.sh [-i IMAGE_NAME] [-c CONTAINER_NAME] [args]" ] } # email @test "checking setup.sh: setup.sh email add " { run ./setup.sh -c mail email add lorem@impsum.org dolorsit - [ "$status" -eq 0 ] + assert value=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $1}') [ "$value" = "lorem@impsum.org" ] } @test "checking setup.sh: setup.sh email list" { run ./setup.sh -c mail email list - [ "$status" -eq 0 ] + assert } @test "checking setup.sh: setup.sh email update" { initialpass=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $2}') @@ -922,11 +889,11 @@ else status="1" fi - [ "$status" -eq 0 ] + assert } @test "checking setup.sh: setup.sh email del" { run ./setup.sh -c mail email del lorem@impsum.org - [ "$status" -eq 0 ] + assert run value=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org) [ -z "$value" ] } @@ -934,12 +901,12 @@ # config @test "checking setup.sh: setup.sh config dkim" { run ./setup.sh -c mail config dkim - [ "$status" -eq 0 ] + assert } # TODO: To create a test generate-ssl-certificate must be non interactive #@test "checking setup.sh: setup.sh config ssl" { # run ./setup.sh -c mail_ssl config ssl -# [ "$status" -eq 0 ] +# assert #} # debug @@ -951,13 +918,13 @@ } @test "checking setup.sh: setup.sh debug inspect" { run ./setup.sh -c mail debug inspect - [ "$status" -eq 0 ] + assert [ "${lines[0]}" = "Image: tvial/docker-mailserver:testing" ] [ "${lines[1]}" = "Container: mail" ] } @test "checking setup.sh: setup.sh debug login ls" { run ./setup.sh -c mail debug login ls - [ "$status" -eq 0 ] + assert } # @@ -969,15 +936,15 @@ if [ $ENABLE_LDAP -eq 0 ]; then skip fi + run docker exec mail /bin/sh -c "postmap -q some.user@localhost.localdomain ldap:/etc/postfix/ldap-users.cf" - [ "$status" -eq 0 ] - [ "$output" = "some.user@localhost.localdomain" ] + assert_output "some.user@localhost.localdomain" + run docker exec mail /bin/sh -c "postmap -q postmaster@localhost.localdomain ldap:/etc/postfix/ldap-aliases.cf" - [ "$status" -eq 0 ] - [ "$output" = "some.user@localhost.localdomain" ] + assert_output "some.user@localhost.localdomain" + run docker exec mail /bin/sh -c "postmap -q employees@localhost.localdomain ldap:/etc/postfix/ldap-groups.cf" - [ "$status" -eq 0 ] - [ "$output" = "some.user@localhost.localdomain" ] + assert_output "some.user@localhost.localdomain" } # dovecot @@ -986,7 +953,7 @@ skip fi run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-ldap-auth.txt" - [ "$status" -eq 0 ] + assert } @test "checking dovecot: mail delivery works" { @@ -996,8 +963,7 @@ run docker exec mail /bin/sh -c "sendmail -f user@external.tld some.user@localhost.localdomain < /tmp/docker-mailserver-test/email-templates/test-email.txt" sleep 10 run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/some.user/new | wc -l" - [ "$status" -eq 0 ] - [ "$output" -eq 1 ] + assert_output 1 } # saslauthd @@ -1006,7 +972,7 @@ skip fi run docker exec mail bash -c "testsaslauthd -u some.user -p secret" - [ "$status" -eq 0 ] + assert } @test "checking saslauthd: ldap smtp authentication" { @@ -1014,5 +980,5 @@ skip fi run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'" - [ "$status" -eq 0 ] + assert } From bb9dcdb5c4396ae2cda1c5e4bee5f6c920bedff7 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Sun, 1 Jan 2017 18:01:12 +0100 Subject: [PATCH 19/30] Fixed config --- .gitmodules | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.gitmodules b/.gitmodules index e69de29b..f53b1405 100644 --- a/.gitmodules +++ b/.gitmodules @@ -0,0 +1,9 @@ +[submodule "test/bats"] + path = test/bats + url = https://github.com/sstephenson/bats +[submodule "test/test_helper/bats-assert"] + path = test/test_helper/bats-assert + url = https://github.com/ztombol/bats-assert +[submodule "test/test_helper/bats-support"] + path = test/test_helper/bats-support + url = https://github.com/ztombol/bats-support From d9e6ca832170cdb5f6c56181cb9e28ed6f2b0330 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Sun, 1 Jan 2017 19:17:21 +0100 Subject: [PATCH 20/30] Increased build time, and dependencies --- .dockerignore | 3 ++- .gitignore | 5 +++-- .travis.yml | 2 +- test/bats | 1 + test/test_helper/bats-assert | 1 + test/test_helper/bats-support | 1 + 6 files changed, 9 insertions(+), 4 deletions(-) create mode 160000 test/bats create mode 160000 test/test_helper/bats-assert create mode 160000 test/test_helper/bats-support diff --git a/.dockerignore b/.dockerignore index 781176e0..a0cca7c0 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1,2 @@ -test/onedir \ No newline at end of file +test/ +elk/ \ No newline at end of file diff --git a/.gitignore b/.gitignore index 14ce13d3..5260ecc5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,9 @@ .DS_Store docker-compose.yml .idea -test/bats/ -test/test_helper/ +test/bats/* +test/test_helper/bats-assert/* +test/test_helper/bats-support/* test/config/empty/ test/config/without-accounts/ test/config/without-virtual/ diff --git a/.travis.yml b/.travis.yml index f66fe5cf..81d31bfe 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,7 +6,7 @@ sudo: required services: - docker install: -- travis_wait make build-no-cache +- travis_wait 30 make build-no-cache script: - make generate-accounts run fixtures tests after_script: diff --git a/test/bats b/test/bats new file mode 160000 index 00000000..03608115 --- /dev/null +++ b/test/bats @@ -0,0 +1 @@ +Subproject commit 03608115df2071fff4eaaff1605768c275e5f81f diff --git a/test/test_helper/bats-assert b/test/test_helper/bats-assert new file mode 160000 index 00000000..9f88b420 --- /dev/null +++ b/test/test_helper/bats-assert @@ -0,0 +1 @@ +Subproject commit 9f88b4207da750093baabc4e3f41bf68f0dd3630 diff --git a/test/test_helper/bats-support b/test/test_helper/bats-support new file mode 160000 index 00000000..004e7076 --- /dev/null +++ b/test/test_helper/bats-support @@ -0,0 +1 @@ +Subproject commit 004e707638eedd62e0481e8cdc9223ad471f12ee From f0cf862cecd50efeaefbe50be6989770d771f6a5 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Sun, 1 Jan 2017 19:38:08 +0100 Subject: [PATCH 21/30] Fixed assert_failure / assert_success --- test/tests.bats | 192 ++++++++++++++++++++++++------------------------ 1 file changed, 96 insertions(+), 96 deletions(-) diff --git a/test/tests.bats b/test/tests.bats index 3c859ec7..670e153c 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -7,7 +7,7 @@ load 'test_helper/bats-assert/load' @test "checking configuration: hostname/domainname" { run docker run `docker inspect --format '{{ .Config.Image }}' mail` - assert + assert_success } # @@ -16,28 +16,28 @@ load 'test_helper/bats-assert/load' @test "checking process: postfix" { run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/lib/postfix/master'" - assert + assert_success } @test "checking process: amavisd-new" { run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/amavisd-new'" - assert + assert_success } @test "checking process: opendkim" { run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/opendkim'" - assert + assert_success } @test "checking process: opendmarc" { run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/opendmarc'" - assert + assert_success } @test "checking process: clamav (disabled by ENABLE_CLAMAV=0)" { if [ $ENABLE_CLAMAV -eq 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" - refute + assert_failure elif [ $ENABLE_CLAMAV -eq 1 ]; then skip fi @@ -48,14 +48,14 @@ load 'test_helper/bats-assert/load' skip elif [ $ENABLE_CLAMAV -eq 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" - assert + assert_success fi } @test "checking process: fail2ban (disabled by ENABLE_FAIL2BAN=0)" { if [ $ENABLE_FAIL2BAN -eq 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" - refute + assert_failure elif [ $ENABLE_FAIL2BAN -eq 1 ]; then skip fi @@ -66,14 +66,14 @@ load 'test_helper/bats-assert/load' skip elif [ $ENABLE_FAIL2BAN -eq 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" - assert + assert_success fi } @test "checking process: fetchmail (disabled by ENABLE_FETCHMAIL=0)" { if [ $ENABLE_FETCHMAIL -eq 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'" - refute + assert_failure elif [ $ENABLE_FETCHMAIL -eq 1 ]; then skip fi @@ -84,14 +84,14 @@ load 'test_helper/bats-assert/load' skip elif [ $ENABLE_FETCHMAIL -eq 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'" - assert + assert_success fi } @test "checking process: saslauthd (disabled by ENABLE_SASLAUTHD=0)" { if [ $ENABLE_SASLAUTHD -eq 0 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" - refute + assert_failure elif [ $ENABLE_SASLAUTHD -eq 1 ]; then skip fi @@ -102,7 +102,7 @@ load 'test_helper/bats-assert/load' skip elif [ $ENABLE_SASLAUTHD -eq 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" - assert + assert_success fi } @@ -124,7 +124,7 @@ load 'test_helper/bats-assert/load' skip elif [ $SMTP_ONLY -eq 1 ]; then run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'" - refute + assert_failure fi } @@ -133,7 +133,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail /bin/bash -c "nc -w 2 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'ready'" - assert + assert_success } @test "checking imap: authentication works" { @@ -141,7 +141,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-auth.txt" - assert + assert_success } # @@ -153,7 +153,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail /bin/bash -c "nc -w 1 0.0.0.0 110 | grep '+OK'" - assert + assert_success } @test "checking pop: authentication works" { @@ -161,7 +161,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 110 < /tmp/docker-mailserver-test/auth/pop3-auth.txt" - assert + assert_success } # @@ -173,7 +173,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail /bin/sh -c "doveadm auth test -x service=smtp user2@otherdomain.tld mypassword | grep 'auth succeeded'" - assert + assert_success } @test "checking sasl: doveadm auth test fails with bad password" { @@ -181,7 +181,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail /bin/sh -c "doveadm auth test -x service=smtp user2@otherdomain.tld BADPASSWORD | grep 'auth failed'" - assert + assert_success } @test "checking sasl: sasl_passwd exists" { @@ -189,7 +189,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail [ -f /etc/postfix/sasl_passwd ] - assert + assert_success } # @@ -208,22 +208,22 @@ load 'test_helper/bats-assert/load' @test "checking smtp: authentication works with good password (plain)" { run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-plain.txt | grep 'Authentication successful'" - assert + assert_success } @test "checking smtp: authentication fails with wrong password (plain)" { run docker exec mail /bin/sh -c "nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-plain-wrong.txt | grep 'authentication failed'" - assert + assert_success } @test "checking smtp: authentication works with good password (login)" { run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login.txt | grep 'Authentication successful'" - assert + assert_success } @test "checking smtp: authentication fails with wrong password (login)" { run docker exec mail /bin/sh -c "nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt | grep 'authentication failed'" - assert + assert_success } @test "checking smtp: delivers mail to existing account" { @@ -283,7 +283,7 @@ load 'test_helper/bats-assert/load' @test "checking accounts: user accounts" { run docker exec mail doveadm user '*' - assert + assert_success [ "${lines[0]}" = "user1@localhost.localdomain" ] [ "${lines[1]}" = "user2@otherdomain.tld" ] } @@ -304,7 +304,7 @@ load 'test_helper/bats-assert/load' @test "checking postfix: vhost file is correct" { run docker exec mail cat /etc/postfix/vhost - assert + assert_success [ "${lines[0]}" = "localdomain2.com" ] [ "${lines[1]}" = "localhost.localdomain" ] [ "${lines[2]}" = "otherdomain.tld" ] @@ -312,9 +312,9 @@ load 'test_helper/bats-assert/load' @test "checking postfix: main.cf overrides" { run docker exec mail grep -q 'max_idle = 600s' /tmp/docker-mailserver/postfix-main.cf - assert + assert_success run docker exec mail grep -q 'readme_directory = /tmp' /tmp/docker-mailserver/postfix-main.cf - assert + assert_success } # @@ -323,7 +323,7 @@ load 'test_helper/bats-assert/load' @test "checking dovecot: config additions" { run docker exec mail grep -q 'mail_max_userip_connections = 69' /tmp/docker-mailserver/dovecot.cf - assert + assert_success run docker exec mail /bin/sh -c "doveconf | grep 'mail_max_userip_connections = 69'" assert_output 'mail_max_userip_connections = 69' } @@ -337,7 +337,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'" - refute + assert_failure } @test "checking spamassassin: should not be listed in amavis when disabled" { @@ -345,7 +345,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'" - assert + assert_success } @test "checking spamassassin: docker env variables are set correctly (default)" { @@ -353,11 +353,11 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'" - assert + assert_success run docker exec mail /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" - assert + assert_success run docker exec mail /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" - assert + assert_success } @test "checking spamassassin: docker env variables are set correctly (custom)" { @@ -365,11 +365,11 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 1.0'" - assert + assert_success run docker exec mail /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'" - assert + assert_success run docker exec mail /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 3.0'" - assert + assert_success } # @@ -381,7 +381,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log - assert + assert_success } @test "checking clamav: should not be listed in amavis when disabled" { @@ -389,7 +389,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log - refute + assert_failure } @test "checking clamav: should not be called when disabled" { @@ -397,7 +397,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail grep -i 'connect to /var/run/clamav/clamd.ctl failed' /var/log/mail/mail.log - refute + assert_failure } # @@ -497,12 +497,12 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 0 (ok)'" - assert + assert_success } @test "checking ssl: lets-encrypt-x3-cross-signed.pem is installed" { run docker exec mail grep 'BEGIN CERTIFICATE' /etc/ssl/certs/lets-encrypt-x3-cross-signed.pem - assert + assert_success } @test "checking ssl: letsencrypt configuration is correct" { @@ -519,7 +519,7 @@ load 'test_helper/bats-assert/load' @test "checking ssl: letsencrypt cert works correctly" { if [ $SSL_TYPE = "letsencrypt" ]; then run docker exec mail /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" - assert + assert_success else skip fi @@ -543,9 +543,9 @@ load 'test_helper/bats-assert/load' @test "checking ssl: manual configuration copied files correctly " { if [ $SSL_TYPE = "manual" ]; then run docker exec mail /bin/sh -c 'cmp -s /etc/postfix/ssl/cert /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem' - assert + assert_success run docker exec mail /bin/sh -c 'cmp -s /etc/postfix/ssl/key /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem' - assert + assert_success else skip fi @@ -554,7 +554,7 @@ load 'test_helper/bats-assert/load' @test "checking ssl: manual cert works correctly" { if [ $SSL_TYPE = "manual" ]; then run docker exec mail /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'" - assert + assert_success else skip fi @@ -569,7 +569,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*127.0.0.1'" - refute + assert_failure run docker exec mail /bin/sh -c "grep 'ignoreip = 127.0.0.1/8' /etc/fail2ban/jail.conf" assert } @@ -611,11 +611,11 @@ load 'test_helper/bats-assert/load' FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer) run docker exec mail /bin/sh -c "fail2ban-client status postfix-sasl | grep '$FAIL_AUTH_MAILER_IP'" - assert + assert_success # Checking that FAIL_AUTH_MAILER_IP is banned by iptables run docker exec mail /bin/sh -c "iptables -L f2b-postfix-sasl -n | grep REJECT | grep '$FAIL_AUTH_MAILER_IP'" - assert + assert_success } @test "checking fail2ban: unban ip works" { @@ -629,11 +629,11 @@ load 'test_helper/bats-assert/load' sleep 5 run docker exec mail /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*$FAIL_AUTH_MAILER_IP'" - refute + assert_failure # Checking that FAIL_AUTH_MAILER_IP is unbanned by iptables run docker exec mail /bin/sh -c "iptables -L f2b-postfix-sasl -n | grep REJECT | grep '$FAIL_AUTH_MAILER_IP'" - refute + assert_failure } # @@ -645,7 +645,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail grep 'set syslog' /etc/fetchmailrc - assert + assert_success } @test "checking fetchmail: fetchmail.cf is loaded" { @@ -653,7 +653,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail grep 'pop3.example.tld' /etc/fetchmailrc - assert + assert_success } # @@ -662,55 +662,55 @@ load 'test_helper/bats-assert/load' @test "checking system: freshclam cron is enabled" { run docker exec mail bash -c "crontab -l | grep '/usr/bin/freshclam'" - assert + assert_success } @test "checking amavis: virusmail wiper cron exists" { run docker exec mail bash -c "crontab -l | grep '/var/lib/amavis/virusmails/'" - assert + assert_success } @test "checking amavis: VIRUSMAILS_DELETE_DELAY override works as expected" { run docker run -ti --rm -e VIRUSMAILS_DELETE_DELAY=2 `docker inspect --format '{{ .Config.Image }}' mail` /bin/bash -c 'echo $VIRUSMAILS_DELETE_DELAY | grep 2' - assert + assert_success } @test "checking amavis: old virusmail is wipped by cron" { docker exec mail bash -c 'touch -d "`date --date=2000-01-01`" /var/lib/amavis/virusmails/should-be-deleted' run docker exec -ti mail bash -c 'find /var/lib/amavis/virusmails/ -type f -mtime +$VIRUSMAILS_DELETE_DELAY -delete' - assert + assert_success run docker exec mail bash -c 'ls -la /var/lib/amavis/virusmails/ | grep should-be-deleted' - refute + assert_failure } @test "checking amavis: recent virusmail is not wipped by cron" { docker exec mail bash -c 'touch -d "`date`" /var/lib/amavis/virusmails/should-not-be-deleted' run docker exec -ti mail bash -c 'find /var/lib/amavis/virusmails/ -type f -mtime +$VIRUSMAILS_DELETE_DELAY -delete' - assert + assert_success run docker exec mail bash -c 'ls -la /var/lib/amavis/virusmails/ | grep should-not-be-deleted' - assert + assert_success } @test "checking system: /var/log/mail/mail.log is error free" { run docker exec mail grep 'non-null host address bits in' /var/log/mail/mail.log - refute + assert_failure run docker exec mail grep 'mail system configuration error' /var/log/mail/mail.log - refute + assert_failure run docker exec mail grep ': error:' /var/log/mail/mail.log - refute + assert_failure run docker exec mail grep -i 'is not writable' /var/log/mail/mail.log - refute + assert_failure run docker exec mail grep -i 'permission denied' /var/log/mail/mail.log - refute + assert_failure run docker exec mail grep -i '(!)connect' /var/log/mail/mail.log - refute + assert_failure run docker exec mail grep 'non-null host address bits in' /var/log/mail/mail.log - refute + assert_failure } @test "checking system: /var/log/auth.log is error free" { run docker exec mail grep 'Unable to open env file: /etc/default/locale' /var/log/auth.log - refute + assert_failure } @test "checking system: sets the server fqdn" { @@ -725,7 +725,7 @@ load 'test_helper/bats-assert/load' @test "checking system: postfix should not log to syslog" { run docker exec mail grep 'postfix' /var/log/syslog - refute + assert_failure } # @@ -745,7 +745,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail /bin/bash -c "nc -z 0.0.0.0 4190" - assert + assert_success } @test "checking manage sieve: disabled per default" { @@ -753,7 +753,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail /bin/bash -c "nc -z 0.0.0.0 4190" - [ "$status" -ne 0 ] + assert_failure } # @@ -764,7 +764,7 @@ load 'test_helper/bats-assert/load' docker exec mail /bin/sh -c "addmailuser user3@domain.tld mypassword" run docker exec mail /bin/sh -c "grep '^user3@domain\.tld|' -i /tmp/docker-mailserver/postfix-accounts.cf" - assert + assert_success [ ! -z "$output" ] } @@ -788,11 +788,11 @@ load 'test_helper/bats-assert/load' docker exec mail /bin/sh -c "delmailuser user3@domain.tld" run docker exec mail /bin/sh -c "grep user3@domain.tld -i /tmp/docker-mailserver/postfix-accounts.cf" - refute + assert_failure [ -z "$output" ] run docker exec mail /bin/sh -c "grep '^auser3@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf" - assert + assert_success [ ! -z "$output" ] } @@ -813,7 +813,7 @@ load 'test_helper/bats-assert/load' docker exec mail /bin/sh -c "delmailuser auser3@domain.tld" - assert + assert_success } @@ -826,7 +826,7 @@ load 'test_helper/bats-assert/load' run docker run --rm \ -v "$(pwd)/test/config/without-accounts/":/tmp/docker-mailserver/ \ `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'delmailuser user3@domain.tld' - assert + assert_success [ -z "$output" ] } @@ -838,7 +838,7 @@ load 'test_helper/bats-assert/load' run docker run --rm \ -v "$(pwd)/test/config/without-accounts/":/tmp/docker-mailserver/ \ `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'grep user3@domain.tld -i /tmp/docker-mailserver/postfix-accounts.cf' - assert + assert_success [ ! -z "$output" ] } @@ -848,21 +848,21 @@ load 'test_helper/bats-assert/load' @test "checking PERMIT_DOCKER: can get container ip" { run docker exec mail /bin/sh -c "ip addr show eth0 | grep 'inet ' | sed 's/[^0-9\.\/]*//g' | cut -d '/' -f 1 | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}'" - assert + assert_success } @test "checking PERMIT_DOCKER: opendmarc/opendkim config" { run docker exec mail /bin/sh -c "cat /etc/opendmarc/ignore.hosts | grep '172.16.0.0/12'" - assert + assert_success run docker exec mail /bin/sh -c "cat /etc/opendkim/TrustedHosts | grep '172.16.0.0/12'" - assert + assert_success } @test "checking PERMIT_DOCKER: my network value" { run docker exec mail /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.0\.0/16'" - assert + assert_success run docker exec mail /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}/32'" - assert + assert_success } # @@ -881,25 +881,25 @@ load 'test_helper/bats-assert/load' # CLI interface @test "checking setup.sh: Without arguments: status 1, show help text" { run ./setup.sh - refute + assert_failure [ "${lines[0]}" = "Usage: ./setup.sh [-i IMAGE_NAME] [-c CONTAINER_NAME] [args]" ] } @test "checking setup.sh: Wrong arguments" { run ./setup.sh lol troll - refute + assert_failure [ "${lines[0]}" = "Usage: ./setup.sh [-i IMAGE_NAME] [-c CONTAINER_NAME] [args]" ] } # email @test "checking setup.sh: setup.sh email add " { run ./setup.sh -c mail email add lorem@impsum.org dolorsit - assert + assert_success value=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $1}') [ "$value" = "lorem@impsum.org" ] } @test "checking setup.sh: setup.sh email list" { run ./setup.sh -c mail email list - assert + assert_success } @test "checking setup.sh: setup.sh email update" { initialpass=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $2}') @@ -910,11 +910,11 @@ load 'test_helper/bats-assert/load' else status="1" fi - assert + assert_success } @test "checking setup.sh: setup.sh email del" { run ./setup.sh -c mail email del lorem@impsum.org - assert + assert_success run value=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org) [ -z "$value" ] } @@ -922,12 +922,12 @@ load 'test_helper/bats-assert/load' # config @test "checking setup.sh: setup.sh config dkim" { run ./setup.sh -c mail config dkim - assert + assert_success } # TODO: To create a test generate-ssl-certificate must be non interactive #@test "checking setup.sh: setup.sh config ssl" { # run ./setup.sh -c mail_ssl config ssl -# assert +# assert_success #} # debug @@ -939,13 +939,13 @@ load 'test_helper/bats-assert/load' } @test "checking setup.sh: setup.sh debug inspect" { run ./setup.sh -c mail debug inspect - assert + assert_success [ "${lines[0]}" = "Image: tvial/docker-mailserver:testing" ] [ "${lines[1]}" = "Container: mail" ] } @test "checking setup.sh: setup.sh debug login ls" { run ./setup.sh -c mail debug login ls - assert + assert_success } # @@ -974,7 +974,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-ldap-auth.txt" - assert + assert_success } @test "checking dovecot: mail delivery works" { @@ -993,7 +993,7 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail bash -c "testsaslauthd -u some.user -p secret" - assert + assert_success } @test "checking saslauthd: ldap smtp authentication" { @@ -1001,5 +1001,5 @@ load 'test_helper/bats-assert/load' skip fi run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'" - assert + assert_success } From 7a6f8c34c4124adbe2bcee451bb69d2309970dbd Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Sun, 1 Jan 2017 20:44:51 +0100 Subject: [PATCH 22/30] Changed variable assignment --- target/start-mailserver.sh | 24 ++++++++++++------------ test/tests.bats | 8 +++----- 2 files changed, 15 insertions(+), 17 deletions(-) diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 6ae9fa4f..28b465a1 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -7,18 +7,18 @@ # Example: DEFAULT_VARS["KEY"]="VALUE" ########################################################################## declare -A DEFAULT_VARS -DEFAULT_VARS["ENABLE_CLAMAV"]=${ENABLE_CLAMAV:=0} -DEFAULT_VARS["ENABLE_SPAMASSASSIN"]=${ENABLE_SPAMASSASSIN:=0} -DEFAULT_VARS["ENABLE_POP3"]=${ENABLE_POP3:=0} -DEFAULT_VARS["ENABLE_FAIL2BAN"]=${ENABLE_FAIL2BAN:=0} -DEFAULT_VARS["ENABLE_MANAGESIEVE"]=${ENABLE_MANAGESIEVE:=0} -DEFAULT_VARS["ENABLE_FETCHMAIL"]=${ENABLE_FETCHMAIL:=0} -DEFAULT_VARS["ENABLE_LDAP"]=${ENABLE_LDAP:=0} -DEFAULT_VARS["ENABLE_SASLAUTHD"]=${ENABLE_SASLAUTHD:=0} -DEFAULT_VARS["ONE_DIR"]=${ONE_DIR:=0} -DEFAULT_VARS["SMTP_ONLY"]=${SMTP_ONLY:=0} -DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]=${VIRUSMAILS_DELETE_DELAY:=7} -DEFAULT_VARS["DMS_DEBUG"]=${DMS_DEBUG:=0} +DEFAULT_VARS["ENABLE_CLAMAV"]=${ENABLE_CLAMAV:-0} +DEFAULT_VARS["ENABLE_SPAMASSASSIN"]=${ENABLE_SPAMASSASSIN:-0} +DEFAULT_VARS["ENABLE_POP3"]=${ENABLE_POP3:-0} +DEFAULT_VARS["ENABLE_FAIL2BAN"]=${ENABLE_FAIL2BAN:-0} +DEFAULT_VARS["ENABLE_MANAGESIEVE"]=${ENABLE_MANAGESIEVE:-0} +DEFAULT_VARS["ENABLE_FETCHMAIL"]=${ENABLE_FETCHMAIL:-0} +DEFAULT_VARS["ENABLE_LDAP"]=${ENABLE_LDAP:-0} +DEFAULT_VARS["ENABLE_SASLAUTHD"]=${ENABLE_SASLAUTHD:-0} +DEFAULT_VARS["ONE_DIR"]=${ONE_DIR:-0} +DEFAULT_VARS["SMTP_ONLY"]=${SMTP_ONLY:-0} +DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]=${VIRUSMAILS_DELETE_DELAY:-7} +DEFAULT_VARS["DMS_DEBUG"]=${DMS_DEBUG:-0} ########################################################################## # << DEFAULT VARS ########################################################################## diff --git a/test/tests.bats b/test/tests.bats index 670e153c..8ce8ed9a 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -7,7 +7,7 @@ load 'test_helper/bats-assert/load' @test "checking configuration: hostname/domainname" { run docker run `docker inspect --format '{{ .Config.Image }}' mail` - assert_success + assert_failure } # @@ -265,7 +265,7 @@ load 'test_helper/bats-assert/load' if [ $ENABLE_SPAMASSASSIN -eq 0 ]; then skip fi - run docker exec mail /bin/sh -c "grep 'Blocked SPAM' /var/log/mail/mail.log | grep spam@external.tld | wc -l" + run docker exec mail /bin/sh -c "grep 'Blocked SPAM' /var/log/mail/mail.log | wc -l" assert_output 1 } @@ -273,7 +273,7 @@ load 'test_helper/bats-assert/load' if [ $ENABLE_CLAMAV -eq 0 ]; then skip fi - run docker exec mail /bin/sh -c "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep virus@external.tld | wc -l" + run docker exec mail /bin/sh -c "grep 'Blocked INFECTED' /var/log/mail/mail.log | wc -l" assert_output 1 } @@ -789,11 +789,9 @@ load 'test_helper/bats-assert/load' run docker exec mail /bin/sh -c "grep user3@domain.tld -i /tmp/docker-mailserver/postfix-accounts.cf" assert_failure - [ -z "$output" ] run docker exec mail /bin/sh -c "grep '^auser3@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf" assert_success - [ ! -z "$output" ] } @test "checking user updating password for user in /tmp/docker-mailserver/postfix-accounts.cf" { From 412ce1681c6c16dd970cee70f4c99a0b88ac42e2 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Sun, 1 Jan 2017 20:47:08 +0100 Subject: [PATCH 23/30] Added printenv in travis --- Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile b/Makefile index 53379eb0..475d32f0 100644 --- a/Makefile +++ b/Makefile @@ -58,6 +58,8 @@ endif --cap-add=NET_ADMIN \ -h mail.my-domain.com -t $(NAME) + docker exec mail printenv + # Wait for containers to fully start sleep 15 From 54394d1ae95943020cf750de3bf032ddb426f47d Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Sun, 1 Jan 2017 20:54:53 +0100 Subject: [PATCH 24/30] Moved printenv and changed default var export --- Makefile | 3 +-- target/start-mailserver.sh | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 475d32f0..116c0051 100644 --- a/Makefile +++ b/Makefile @@ -58,8 +58,6 @@ endif --cap-add=NET_ADMIN \ -h mail.my-domain.com -t $(NAME) - docker exec mail printenv - # Wait for containers to fully start sleep 15 @@ -76,6 +74,7 @@ run-local: sleep 15 fixtures: + docker exec mail printenv cp config/postfix-accounts.cf config/postfix-accounts.cf.bak # Setup sieve & create filtering folder (INBOX/spam) docker cp "`pwd`/test/config/sieve/dovecot.sieve" mail:/var/mail/localhost.localdomain/user1/.dovecot.sieve diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 28b465a1..ed3ba9ba 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -334,7 +334,7 @@ function _setup_default_vars() { notify 'task' "Setting up default variables [$FUNCNAME]" for var in ${!DEFAULT_VARS[@]}; do - echo "export $var=${DEFAULT_VARS[$var]}" >> /root/.bashrc + echo "export $var=${DEFAULT_VARS[$var]}" [ $? != 0 ] && notify 'err' "Unable to set $var=${DEFAULT_VARS[$var]}" && return 1 notify 'inf' "Set $var=${DEFAULT_VARS[$var]}" done From d3da3b1a0df9235970359eb70391d0599f7bcc1b Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Sun, 1 Jan 2017 21:01:01 +0100 Subject: [PATCH 25/30] Back to = instead of - --- target/start-mailserver.sh | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index ed3ba9ba..3939a134 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -7,18 +7,18 @@ # Example: DEFAULT_VARS["KEY"]="VALUE" ########################################################################## declare -A DEFAULT_VARS -DEFAULT_VARS["ENABLE_CLAMAV"]=${ENABLE_CLAMAV:-0} -DEFAULT_VARS["ENABLE_SPAMASSASSIN"]=${ENABLE_SPAMASSASSIN:-0} -DEFAULT_VARS["ENABLE_POP3"]=${ENABLE_POP3:-0} -DEFAULT_VARS["ENABLE_FAIL2BAN"]=${ENABLE_FAIL2BAN:-0} -DEFAULT_VARS["ENABLE_MANAGESIEVE"]=${ENABLE_MANAGESIEVE:-0} -DEFAULT_VARS["ENABLE_FETCHMAIL"]=${ENABLE_FETCHMAIL:-0} -DEFAULT_VARS["ENABLE_LDAP"]=${ENABLE_LDAP:-0} -DEFAULT_VARS["ENABLE_SASLAUTHD"]=${ENABLE_SASLAUTHD:-0} -DEFAULT_VARS["ONE_DIR"]=${ONE_DIR:-0} -DEFAULT_VARS["SMTP_ONLY"]=${SMTP_ONLY:-0} -DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]=${VIRUSMAILS_DELETE_DELAY:-7} -DEFAULT_VARS["DMS_DEBUG"]=${DMS_DEBUG:-0} +DEFAULT_VARS["ENABLE_CLAMAV"]=${ENABLE_CLAMAV:=0} +DEFAULT_VARS["ENABLE_SPAMASSASSIN"]=${ENABLE_SPAMASSASSIN:=0} +DEFAULT_VARS["ENABLE_POP3"]=${ENABLE_POP3:=0} +DEFAULT_VARS["ENABLE_FAIL2BAN"]=${ENABLE_FAIL2BAN:=0} +DEFAULT_VARS["ENABLE_MANAGESIEVE"]=${ENABLE_MANAGESIEVE:=0} +DEFAULT_VARS["ENABLE_FETCHMAIL"]=${ENABLE_FETCHMAIL:=0} +DEFAULT_VARS["ENABLE_LDAP"]=${ENABLE_LDAP:=0} +DEFAULT_VARS["ENABLE_SASLAUTHD"]=${ENABLE_SASLAUTHD:=0} +DEFAULT_VARS["ONE_DIR"]=${ONE_DIR:=0} +DEFAULT_VARS["SMTP_ONLY"]=${SMTP_ONLY:=0} +DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]=${VIRUSMAILS_DELETE_DELAY:=7} +DEFAULT_VARS["DMS_DEBUG"]=${DMS_DEBUG:=0} ########################################################################## # << DEFAULT VARS ########################################################################## From e5e8b71d6c0e8ffcd8c3ca6ef90b8c894f310662 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Sun, 1 Jan 2017 21:23:07 +0100 Subject: [PATCH 26/30] Fixed spam/virus check --- test/tests.bats | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/test/tests.bats b/test/tests.bats index 8ce8ed9a..65f9c965 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -226,9 +226,18 @@ load 'test_helper/bats-assert/load' assert_success } -@test "checking smtp: delivers mail to existing account" { +@test "checking smtp: delivers mail to existing accounts" { run docker exec mail /bin/sh -c "grep 'postfix/lmtp' /var/log/mail/mail.log | grep 'status=sent' | grep ' Saved)' | wc -l" - assert_output 6 + emails_received = 6 + # An additional email is received if spam are not filtered + if [ $ENABLE_CLAMAV -eq 0 ]; then + emails_received = $emails_received+1 + fi + # An additional email is received if virus are not filtered + if [ $ENABLE_SPAMASSASSIN -eq 0 ]; then + emails_received = $emails_received+1 + fi + assert_output $emails_received } @test "checking smtp: delivers mail to existing alias" { @@ -246,9 +255,18 @@ load 'test_helper/bats-assert/load' assert_output 1 } -@test "checking smtp: user1 should have received 5 mails" { +@test "checking smtp: user1 should have received a defined number of mails" { run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/new | wc -l" - assert_output 5 + emails_received = 5 + # An additional email is received if spam are not filtered + if [ $ENABLE_CLAMAV -eq 0 ]; then + emails_received = $emails_received+1 + fi + # An additional email is received if virus are not filtered + if [ $ENABLE_SPAMASSASSIN -eq 0 ]; then + emails_received = $emails_received+1 + fi + assert_output $emails_received } @test "checking smtp: rejects mail to unknown user" { From 1f0a4700976c78eb11cd64a2cce0c4ab7d1be294 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Sun, 1 Jan 2017 23:37:53 +0100 Subject: [PATCH 27/30] Fixing export --- target/start-mailserver.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 3939a134..8ab20833 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -334,7 +334,7 @@ function _setup_default_vars() { notify 'task' "Setting up default variables [$FUNCNAME]" for var in ${!DEFAULT_VARS[@]}; do - echo "export $var=${DEFAULT_VARS[$var]}" + export $var=${DEFAULT_VARS[$var]} [ $? != 0 ] && notify 'err' "Unable to set $var=${DEFAULT_VARS[$var]}" && return 1 notify 'inf' "Set $var=${DEFAULT_VARS[$var]}" done From 46268e870fdf7a5f25c12ea4aeb83d4a9775b4d7 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Mon, 2 Jan 2017 00:09:47 +0100 Subject: [PATCH 28/30] Removed quotes --- Makefile | 51 +++++++++++++++++++------------------- target/start-mailserver.sh | 1 + 2 files changed, 27 insertions(+), 25 deletions(-) diff --git a/Makefile b/Makefile index 116c0051..52ba78d4 100644 --- a/Makefile +++ b/Makefile @@ -30,31 +30,31 @@ endif -v "`pwd`/test/config":/tmp/docker-mailserver \ -v "`pwd`/test":/tmp/docker-mailserver-test \ -v "`pwd`/test/onedir":/var/mail-state \ - -e ENABLE_CLAMAV="$(ENABLE_CLAMAV)" \ - -e ENABLE_SPAMASSASSIN="$(ENABLE_SPAMASSASSIN)" \ - -e ENABLE_POP3="$(ENABLE_POP3)" \ - -e ENABLE_FAIL2BAN="$(ENABLE_FAIL2BAN)" \ - -e ENABLE_MANAGESIEVE="$(ENABLE_MANAGESIEVE)" \ - -e ENABLE_FETCHMAIL="$(ENABLE_FETCHMAIL)" \ - -e ONE_DIR="$(ONE_DIR)" \ - -e PERMIT_DOCKER="$(PERMIT_DOCKER)" \ - -e ENABLE_LDAP="$(ENABLE_LDAP)" \ - -e LDAP_SERVER_HOST="$(LDAP_SERVER_HOST)" \ - -e LDAP_SEARCH_BASE="$(LDAP_SEARCH_BASE)" \ - -e LDAP_BIND_DN="$(LDAP_BIND_DN)" \ - -e ENABLE_SASLAUTHD="$(ENABLE_SASLAUTHD)" \ - -e SASLAUTHD_MECHANISMS="$(SASLAUTHD_MECHANISMS)" \ - -e SASLAUTHD_LDAP_SERVER="$(SASLAUTHD_LDAP_SERVER)" \ - -e SASLAUTHD_LDAP_BIND_DN="$(SASLAUTHD_LDAP_BIND_DN)" \ - -e SASLAUTHD_LDAP_PASSWORD="$(SASLAUTHD_LDAP_PASSWORD)" \ - -e SASLAUTHD_LDAP_SEARCH_BASE="$(SASLAUTHD_LDAP_SEARCH_BASE)" \ - -e SMTP_ONLY="$(SMTP_ONLY)" \ - -e SA_TAG="$(SA_TAG)" \ - -e SA_TAG2="$(SA_TAG2)" \ - -e SA_KILL="$(SA_KILL)" \ - -e VIRUSMAILS_DELETE_DELAY="$(VIRUSMAILS_DELETE_DELAY)" \ - -e SASL_PASSWD="$(SASL_PASSWD)" \ - -e DMS_DEBUG="$(DMS_DEBUG)" \ + -e ENABLE_CLAMAV=$(ENABLE_CLAMAV) \ + -e ENABLE_SPAMASSASSIN=$(ENABLE_SPAMASSASSIN) \ + -e ENABLE_POP3=$(ENABLE_POP3) \ + -e ENABLE_FAIL2BAN=$(ENABLE_FAIL2BAN) \ + -e ENABLE_MANAGESIEVE=$(ENABLE_MANAGESIEVE) \ + -e ENABLE_FETCHMAIL=$(ENABLE_FETCHMAIL) \ + -e ONE_DIR=$(ONE_DIR) \ + -e PERMIT_DOCKER=$(PERMIT_DOCKER) \ + -e ENABLE_LDAP=$(ENABLE_LDAP) \ + -e LDAP_SERVER_HOST=$(LDAP_SERVER_HOST) \ + -e LDAP_SEARCH_BASE=$(LDAP_SEARCH_BASE) \ + -e LDAP_BIND_DN=$(LDAP_BIND_DN) \ + -e ENABLE_SASLAUTHD=$(ENABLE_SASLAUTHD) \ + -e SASLAUTHD_MECHANISMS=$(SASLAUTHD_MECHANISMS) \ + -e SASLAUTHD_LDAP_SERVER=$(SASLAUTHD_LDAP_SERVER) \ + -e SASLAUTHD_LDAP_BIND_DN=$(SASLAUTHD_LDAP_BIND_DN) \ + -e SASLAUTHD_LDAP_PASSWORD=$(SASLAUTHD_LDAP_PASSWORD) \ + -e SASLAUTHD_LDAP_SEARCH_BASE=$(SASLAUTHD_LDAP_SEARCH_BASE) \ + -e SMTP_ONLY=$(SMTP_ONLY) \ + -e SA_TAG=$(SA_TAG) \ + -e SA_TAG2=$(SA_TAG2) \ + -e SA_KILL=$(SA_KILL) \ + -e VIRUSMAILS_DELETE_DELAY=$(VIRUSMAILS_DELETE_DELAY) \ + -e SASL_PASSWD=$(SASL_PASSWD) \ + -e DMS_DEBUG=$(DMS_DEBUG) \ --cap-add=NET_ADMIN \ -h mail.my-domain.com -t $(NAME) @@ -74,6 +74,7 @@ run-local: sleep 15 fixtures: + # Display env configuration docker exec mail printenv cp config/postfix-accounts.cf config/postfix-accounts.cf.bak # Setup sieve & create filtering folder (INBOX/spam) diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 8ab20833..b0d07add 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -334,6 +334,7 @@ function _setup_default_vars() { notify 'task' "Setting up default variables [$FUNCNAME]" for var in ${!DEFAULT_VARS[@]}; do + echo "export $var=${DEFAULT_VARS[$var]}" >> /root/.bashrc export $var=${DEFAULT_VARS[$var]} [ $? != 0 ] && notify 'err' "Unable to set $var=${DEFAULT_VARS[$var]}" && return 1 notify 'inf' "Set $var=${DEFAULT_VARS[$var]}" From e28b5b0e1bcb3a137de19e48570ba2067f4bc2df Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Mon, 2 Jan 2017 09:22:44 +0100 Subject: [PATCH 29/30] Fixed Makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 52ba78d4..9961e0b6 100644 --- a/Makefile +++ b/Makefile @@ -53,7 +53,7 @@ endif -e SA_TAG2=$(SA_TAG2) \ -e SA_KILL=$(SA_KILL) \ -e VIRUSMAILS_DELETE_DELAY=$(VIRUSMAILS_DELETE_DELAY) \ - -e SASL_PASSWD=$(SASL_PASSWD) \ + -e SASL_PASSWD="$(SASL_PASSWD)" \ -e DMS_DEBUG=$(DMS_DEBUG) \ --cap-add=NET_ADMIN \ -h mail.my-domain.com -t $(NAME) From d6925f0c2d3a5301338ab99c849a3ff43233276d Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Mon, 2 Jan 2017 10:17:20 +0100 Subject: [PATCH 30/30] Fixed variables --- test/tests.bats | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test/tests.bats b/test/tests.bats index 65f9c965..2ebf0438 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -228,14 +228,14 @@ load 'test_helper/bats-assert/load' @test "checking smtp: delivers mail to existing accounts" { run docker exec mail /bin/sh -c "grep 'postfix/lmtp' /var/log/mail/mail.log | grep 'status=sent' | grep ' Saved)' | wc -l" - emails_received = 6 + local emails_received=6 # An additional email is received if spam are not filtered if [ $ENABLE_CLAMAV -eq 0 ]; then - emails_received = $emails_received+1 + emails_received=$((emails_received+1)) fi # An additional email is received if virus are not filtered if [ $ENABLE_SPAMASSASSIN -eq 0 ]; then - emails_received = $emails_received+1 + emails_received=$((emails_received+1)) fi assert_output $emails_received } @@ -257,14 +257,14 @@ load 'test_helper/bats-assert/load' @test "checking smtp: user1 should have received a defined number of mails" { run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/new | wc -l" - emails_received = 5 + local emails_received = 5 # An additional email is received if spam are not filtered if [ $ENABLE_CLAMAV -eq 0 ]; then - emails_received = $emails_received+1 + emails_received=$((emails_received+1)) fi # An additional email is received if virus are not filtered if [ $ENABLE_SPAMASSASSIN -eq 0 ]; then - emails_received = $emails_received+1 + emails_received=$((emails_received+1)) fi assert_output $emails_received }