Apply suggestions from code review

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

test/files/emails/amavis/virus.txt

@@ -1,4 +1,4 @@
-From: Docker Mail Server <example-user@example.test>
+From: Docker Mail Server <dockermailserver@external.tld>
 To: Existing Local User <user1@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message amavis/virus.txt

test/files/emails/postscreen.txt

@@ -1,4 +1,4 @@
-From: Docker Mail Server <example-user@example.test>
+From: Docker Mail Server <user@external.tld>
 To: Existing Local User <user1@localhost.localdomain>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test Message postscreen.txt

test/files/emails/quota-exceeded.txt

@@ -1,4 +1,4 @@
-From: Docker Mail Server <example-user@example.test>
+From: Docker Mail Server <user@external.tld>
 To: Existing Local User <quotauser@otherdomain.tld>
 Date: Sat, 22 May 2010 07:43:25 -0400
 Subject: Test message saturating your mailbox

test/tests/parallel/set1/spam_virus/clamav.bats

@@ -25,7 +25,7 @@ function setup_file() {
 
   _wait_for_service postfix
   _wait_for_smtp_port_in_container
-  _send_email 'amavis/virus'
+  _send_email --from 'virus@external.tld' 'amavis/virus'
   assert_success
   _wait_for_empty_mail_queue_in_container
 }
@@ -54,6 +54,6 @@ function teardown_file() { _default_teardown ; }
 }
 
 @test 'rejects virus' {
-  _run_in_container_bash "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep '<user@external.tld> -> <user1@localhost.localdomain>'"
+  _run_in_container_bash "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep '<virus@external.tld> -> <user1@localhost.localdomain>'"
   assert_success
 }

test/tests/parallel/set1/spam_virus/spam_junk_folder.bats

@@ -95,7 +95,7 @@ function teardown() { _default_teardown ; }
 function _should_send_spam_message() {
   _wait_for_smtp_port_in_container
   _wait_for_tcp_port_in_container 10024 # port 10024 is for Amavis
-  _send_email 'amavis/spam'
+  _send_email --from 'spam@external.tld' 'amavis/spam'
 }
 
 function _should_be_received_by_amavis() {

test/tests/parallel/set3/mta/privacy.bats

@@ -25,7 +25,11 @@ function teardown_file() { _default_teardown ; }
 
 # this test covers https://github.com/docker-mailserver/docker-mailserver/issues/681
 @test "(Postfix) remove privacy details of the sender" {
-  _send_email --port 587 -tls --auth LOGIN --auth-user user1@localhost.localdomain --auth-password mypassword 'privacy'
+  _send_email \
+    --port 587 -tls --auth LOGIN \
+    --auth-user user1@localhost.localdomain \
+    --auth-password mypassword \
+    'privacy'
   assert_success
 
   _run_until_success_or_timeout 120 _exec_in_container_bash '[[ -d /var/mail/localhost.localdomain/user1/new ]]'

test/tests/parallel/set3/mta/smtp_delivery.bats

@@ -63,7 +63,7 @@ function setup_file() {
 
   # TODO: Move to clamav tests (For use when ClamAV is enabled):
   # _repeat_in_container_until_success_or_timeout 60 "${CONTAINER_NAME}" test -e /var/run/clamav/clamd.ctl
-  # _send_email 'amavis-virus'
+  # _send_email --from 'virus@external.tld' 'amavis/virus'
 
   # Required for 'delivers mail to existing alias':
   _send_email --to alias1@localhost.localdomain 'existing/alias-external'
@@ -80,7 +80,7 @@ function setup_file() {
   _send_email --to bounce-always@localhost.localdomain 'existing/regexp-alias-external'
   _send_email --to alias2@localhost.localdomain 'existing/alias-local'
   # Required for 'rejects spam':
-  _send_email 'amavis/spam'
+  _send_email --from 'spam@external.tld' 'amavis/spam'
 
   # Required for 'delivers mail to existing account':
   _send_email 'existing/user1'
@@ -236,12 +236,12 @@ function setup_file() {
 @test "rejects spam" {
   _run_in_container grep 'Blocked SPAM {NoBounceInbound,Quarantined}' /var/log/mail/mail.log
   assert_success
-  assert_output --partial '<user@external.tld> -> <user1@localhost.localdomain>'
+  assert_output --partial '<spam@external.tld> -> <user1@localhost.localdomain>'
   _should_output_number_of_lines 1
 
   # Amavis log line with SPAMASSASSIN_SPAM_TO_INBOX=0 + grep 'Passed SPAM {RelayedTaggedInbound,Quarantined}' /var/log/mail/mail.log:
   # Amavis log line with SPAMASSASSIN_SPAM_TO_INBOX=1 + grep 'Blocked SPAM {NoBounceInbound,Quarantined}' /var/log/mail/mail.log:
-  # <user@external.tld> -> <user1@localhost.localdomain>
+  # <spam@external.tld> -> <user1@localhost.localdomain>
   # Amavis log line with ENABLE_SRS=1 changes the domain-part to match in a log:
   # <SRS0=g+ca=5C=external.tld=spam@example.test> -> <user1@localhost.localdomain>
   # assert_output --partial 'external.tld=spam@example.test> -> <user1@localhost.localdomain>'
@@ -258,7 +258,14 @@ function setup_file() {
 # Dovecot does not support SMTPUTF8, so while we can send we cannot receive
 # Better disable SMTPUTF8 support entirely if we can't handle it correctly
 @test "not advertising smtputf8" {
-  _send_email 'smtp-ehlo'
+  # Query supported extensions; SMTPUTF8 should not be available.
+  # - This query requires a EHLO greeting to the destination server.
+  # - HELO is treated as EHLO when protocol is ESMTP.
+  swaks \
+    --helo mail.external.tld \
+    --protocol ESMTP \
+    --server mail.example.test \
+    --quit-after FIRST-HELO
   refute_output --partial 'SMTPUTF8'
 }
 

test/tests/parallel/set3/mta/smtponly.bats

@@ -32,7 +32,15 @@ function teardown_file() { _default_teardown ; }
   assert_success
 
   # it looks as if someone tries to send mail to another domain outside of DMS
-  _send_email 'smtp-only'
+  _send_email \
+    --helo mail.origin.test \
+    --protocol SSMTPA \
+    --server mail.origin.test \
+    --from user@origin.test \
+    --to user@destination.test \
+    --auth-user user@origin.test \
+    --auth-password secret \
+    'smtp-only'
   _wait_for_empty_mail_queue_in_container
 
   # this seemingly succeeds, but looking at the logs, it doesn't

test/tests/serial/mail_with_ldap.bats

@@ -327,12 +327,25 @@ function teardown() {
 @test "spoofing (with LDAP): rejects sender forging" {
   _wait_for_smtp_port_in_container_to_respond dms-test_ldap
 
-  _send_email --port 465 -tlsc --auth LOGIN --auth-user some.user@localhost.localdomain --auth-password secret --helo mail --from ldap@localhost.localdomain 'auth/ldap-smtp-auth-spoofed'
+  _send_email \
+    --port 465 -tlsc --auth LOGIN \
+    --auth-user some.user@localhost.localdomain \
+    --auth-password secret \
+    --helo mail \
+    --from ldap@localhost.localdomain \
+    'auth/ldap-smtp-auth-spoofed'
   assert_output --partial 'Sender address rejected: not owned by user'
 }
 
 @test "spoofing (with LDAP): accepts sending as alias" {
-  _send_email --port 465 -tlsc --auth LOGIN --auth-user some.user@localhost.localdomain --auth-password secret --helo mail --from postmaster@localhost.localdomain --to some.user@localhost.localdomain 'auth/ldap-smtp-auth-spoofed-alias'
+  _send_email \
+    --port 465 -tlsc --auth LOGIN \
+    --auth-user some.user@localhost.localdomain \
+    --auth-password secret \
+    --helo mail \
+    --from postmaster@localhost.localdomain \
+    --to some.user@localhost.localdomain \
+    'auth/ldap-smtp-auth-spoofed-alias'
   assert_output --partial 'End data with'
 }
 
@@ -341,7 +354,14 @@ function teardown() {
   # Template used has invalid AUTH: https://github.com/docker-mailserver/docker-mailserver/pull/3006#discussion_r1073321432
   skip 'TODO: This test seems to have been broken from the start (?)'
 
-  _send_email --port 465 -tlsc --auth LOGIN --auth-user some.user.email@localhost.localdomain --auth-password secret --helo mail --from randomspoofedaddress@localhost.localdomain --to some.user@localhost.localdomain 'auth/ldap-smtp-auth-spoofed-sender-with-filter-exception'
+  _send_email \
+    --port 465 -tlsc --auth LOGIN \
+    --auth-user some.user.email@localhost.localdomain \
+    --auth-password secret \
+    --helo mail \
+    --from randomspoofedaddress@localhost.localdomain \
+    --to some.user@localhost.localdomain \
+    'auth/ldap-smtp-auth-spoofed-sender-with-filter-exception'
   assert_output --partial 'Sender address rejected: not owned by user'
 }
 

test/tests/serial/tests.bats

@@ -289,12 +289,31 @@ EOF
   # rejection of spoofed sender
   _wait_for_smtp_port_in_container_to_respond
 
-  _send_email --port 465 -tlsc --auth LOGIN --auth-user added@localhost.localdomain --auth-password mypassword --helo mail --from user2@localhost.localdomain 'auth/added-smtp-auth-spoofed'
+  # An authenticated user cannot use an envelope sender (MAIL FROM)
+  # address they do not own according to `main.cf:smtpd_sender_login_maps` lookup
+  _send_email \
+    --port 465 -tlsc --auth LOGIN \
+    --auth-user added@localhost.localdomain \
+    --auth-password mypassword \
+    --helo mail \
+    --from user2@localhost.localdomain \
+    'auth/added-smtp-auth-spoofed'
   assert_output --partial 'Sender address rejected: not owned by user'
 }
 
 @test "spoofing: accepts sending as alias" {
-  _send_email --port 465 -tlsc --auth LOGIN --auth-user user1@localhost.localdomain --auth-password mypassword --helo mail --from alias1@localhost.localdomain 'auth/added-smtp-auth-spoofed-alias'
+  # An authenticated account should be able to send mail from an alias,
+  # Verifies `main.cf:smtpd_sender_login_maps` includes /etc/postfix/virtual
+  # The envelope sender address (MAIL FROM) is the lookup key
+  # to each table. Address is authorized when a result that maps to
+  # the DMS account is returned.
+  _send_email \
+    --port 465 -tlsc --auth LOGIN \
+    --auth-user user1@localhost.localdomain \
+    --auth-password mypassword \
+    --helo mail \
+    --from alias1@localhost.localdomain \
+    'auth/added-smtp-auth-spoofed-alias'
   assert_success
   assert_output --partial 'End data with'
 }