Use the supervisor as the main process. The start-mailserver is started

from the supervisord and then this process triggers others.

Defined some default variable in the Dockerfile. In order for
supervisored to build the command lines the ENV variable need to be set.
Therefore the defaults are defined.

Some processes are not single processes like postfix and fail2ban and
they have a wrapper. The wrapper takes care of proper shutdown and checking
if the process is running or not. Supervisored will restart the wrapping
script if the process is gone.

Increased some delays between tests because sometimes they where to short
for all containers to be running.

Dockerfile

@@ -4,6 +4,13 @@ MAINTAINER Thomas VIAL
 ENV DEBIAN_FRONTEND noninteractive
 ENV VIRUSMAILS_DELETE_DELAY=7
 ENV ONE_DIR=0
+ENV ENABLE_POSTGREY=0
+ENV POSTGREY_DELAY=300
+ENV POSTGREY_MAX_AGE=35
+ENV POSTGREY_TEXT="Delayed by postgrey"
+
+ENV SASLAUTHD_MECHANISMS=pam
+ENV SASLAUTHD_MECH_OPTIONS=""
 
 # Packages
 RUN apt-get update -q --fix-missing && \
@@ -137,9 +144,7 @@ COPY target/opendmarc/ignore.hosts /etc/opendmarc/ignore.hosts
 # Configure fetchmail
 COPY target/fetchmail/fetchmailrc /etc/fetchmailrc_general
 RUN sed -i 's/START_DAEMON=no/START_DAEMON=yes/g' /etc/default/fetchmail
-
+RUN mkdir /var/run/fetchmail && chown fetchmail /var/run/fetchmail
-# Configure supervisor
-COPY target/supervisor/supervisor-app.conf /etc/supervisor/conf.d/
 
 # Configures Postfix
 COPY target/postfix/main.cf target/postfix/master.cf /etc/postfix/
@@ -167,12 +172,14 @@ RUN curl -s https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > /et
 
 COPY ./target/bin /usr/local/bin
 # Start-mailserver script
-COPY ./target/start-mailserver.sh ./target/docker-configomat/configomat.sh /usr/local/bin/
+COPY ./target/start-mailserver.sh ./target/fail2ban-wrapper.sh ./target/postfix-wrapper.sh ./target/docker-configomat/configomat.sh /usr/local/bin/
 RUN chmod +x /usr/local/bin/*
 
+# Configure supervisor
+COPY target/supervisor/* /etc/supervisor/conf.d/
+
 EXPOSE 25 587 143 993 110 995 4190
 
-CMD /usr/local/bin/start-mailserver.sh | tee /var/log/container-startup.log
+CMD supervisord -c /etc/supervisor/supervisord.conf
-
 
 ADD target/filebeat.yml.tmpl /etc/filebeat/filebeat.yml.tmpl

Makefile

@@ -32,7 +32,7 @@ run:
 		-e SASL_PASSWD="external-domain.com username:password" \
 		-e ENABLE_MANAGESIEVE=1 \
 		-e PERMIT_DOCKER=host \
-		-e DMS_DEBUG=1 \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
 	docker run -d --name mail_pop3 \
@@ -40,7 +40,7 @@ run:
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-v "`pwd`/test/config/letsencrypt":/etc/letsencrypt/live \
 		-e ENABLE_POP3=1 \
-		-e DMS_DEBUG=1 \
+		-e DMS_DEBUG=0 \
 		-e SSL_TYPE=letsencrypt \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
@@ -49,7 +49,7 @@ run:
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e SMTP_ONLY=1 \
 		-e PERMIT_DOCKER=network \
-		-e DMS_DEBUG=1 \
+		-e DMS_DEBUG=0 \
 		-e OVERRIDE_HOSTNAME=mail.my-domain.com \
 		-t $(NAME)
 	sleep 15
@@ -64,7 +64,7 @@ run:
 		-v "`pwd`/test/config":/tmp/docker-mailserver \
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e PERMIT_DOCKER=network \
-		-e DMS_DEBUG=1 \
+		-e DMS_DEBUG=0 \
 		-e OVERRIDE_HOSTNAME=mail.my-domain.com \
 		-h mail.my-domain.com \
 		-t $(NAME)
@@ -81,7 +81,7 @@ run:
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e ENABLE_FETCHMAIL=1 \
 		--cap-add=NET_ADMIN \
-		-e DMS_DEBUG=1 \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
 	docker run -d --name mail_disabled_clamav_spamassassin \
@@ -89,7 +89,7 @@ run:
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e ENABLE_CLAMAV=0 \
 		-e ENABLE_SPAMASSASSIN=0 \
-		-e DMS_DEBUG=1 \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
 	docker run -d --name mail_manual_ssl \
@@ -98,7 +98,7 @@ run:
 		-e SSL_TYPE=manual \
 		-e SSL_CERT_PATH=/tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem \
 		-e SSL_KEY_PATH=/tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem \
-		-e DMS_DEBUG=1 \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
 	docker run -d --name ldap_for_mail \
@@ -125,7 +125,7 @@ run:
 		-e SASLAUTHD_LDAP_PASSWORD=admin \
 		-e SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain \
 		-e POSTMASTER_ADDRESS=postmaster@localhost.localdomain \
-		-e DMS_DEBUG=1 \
+		-e DMS_DEBUG=0 \
 		--link ldap_for_mail:ldap \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
@@ -136,7 +136,7 @@ run:
 		-e SASLAUTHD_MECHANISMS=rimap \
 		-e SASLAUTHD_MECH_OPTIONS=127.0.0.1 \
 		-e POSTMASTER_ADDRESS=postmaster@localhost.localdomain \
-		-e DMS_DEBUG=1 \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
 	# Wait for containers to fully start
 	sleep 15
@@ -146,7 +146,7 @@ run:
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1 \
 		-e POSTFIX_DAGENT=lmtp:127.0.0.1:24 \
-		-e DMS_DEBUG=1 \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 30
 	docker run -d --name mail_with_postgrey \
@@ -156,7 +156,7 @@ run:
 		-e POSTGREY_DELAY=15 \
 		-e POSTGREY_MAX_AGE=35 \
 		-e POSTGREY_TEXT="Delayed by postgrey" \
-		-e DMS_DEBUG=1 \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 20
 
@@ -188,7 +188,7 @@ fixtures:
 
 	docker exec mail_override_hostname /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt"
 	# Wait for mails to be analyzed
-	sleep 20
+	sleep 40
 
 tests:
 	# Start tests

setup.sh

@@ -7,7 +7,7 @@
 INFO=$(docker ps \
   --no-trunc \
   --format="{{.Image}}\t{{.Names}}\t{{.Command}}" | \
-  grep '/bin/sh -c /usr/local/bin/start-mailserver.sh')
+  grep "/bin/sh -c 'supervisord -c /etc/supervisor/supervisord.conf'")
 
 IMAGE_NAME=$(echo $INFO | awk '{print $1}')
 CONTAINER_NAME=$(echo $INFO | awk '{print $2}')

target/fail2ban-wrapper.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+# fail2ban-wrapper.sh, version 0.0.1
+#
+# You cannot start fail2ban in some foreground mode and
+# it's more or less important that docker doesn't kill
+# fail2ban and its chilren if you stop the container.
+#
+# Use this script with supervisord and it will take
+# care about starting and stopping fail2ban correctly.
+#
+# supervisord config snippet for fail2ban-wrapper:
+#
+# [program:fail2ban]
+# process_name = fail2ban
+# command = /path/to/fail2ban-wrapper.sh
+# startsecs = 0
+# autorestart = false
+#
+
+trap "/usr/bin/fail2ban-client stop" SIGINT
+trap "/usr/bin/fail2ban-client stop" SIGTERM
+trap "/usr/bin/fail2ban-client reload" SIGHUP
+
+# start fail2ban
+/usr/bin/fail2ban-client start
+
+# lets give fail2ban some time to start
+sleep 5
+
+# wait until fail2ban is dead (triggered by trap)
+while kill -0 "`cat /var/run/fail2ban/fail2ban.pid`"; do
+  sleep 5
+done

target/postfix-wrapper.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+# postfix-wrapper.sh, version 0.1.0
+#
+# You cannot start postfix in some foreground mode and
+# it's more or less important that docker doesn't kill
+# postfix and its chilren if you stop the container.
+#
+# Use this script with supervisord and it will take
+# care about starting and stopping postfix correctly.
+#
+# supervisord config snippet for postfix-wrapper:
+#
+# [program:postfix]
+# process_name = postfix
+# command = /path/to/postfix-wrapper.sh
+# startsecs = 0
+# autorestart = false
+#
+
+trap "service postfix stop" SIGINT
+trap "service postfix stop" SIGTERM
+trap "service postfix reload" SIGHUP
+
+# start postfix
+service postfix start
+
+# lets give postfix some time to start
+sleep 5
+
+# wait until postfix is dead (triggered by trap)
+while kill -0 "`cat /var/spool/postfix/pid/master.pid`"; do
+  sleep 5
+done

target/start-mailserver.sh

@@ -349,7 +349,7 @@ function _check_hostname() {
 
 	if ( ! echo $HOSTNAME | grep -E '^(\S+[.]\S+)$' > /dev/null ); then
 		notify 'err' "Setting hostname/domainname is required"
-		return 1
+		kill -6 `cat /var/run/supervisord.pid` && return 1
 	else
 		notify 'inf' "Domain has been set to $DOMAINNAME"
 		notify 'inf' "Hostname has been set to $HOSTNAME"
@@ -383,7 +383,7 @@ function _setup_default_vars() {
 
 	for var in ${!DEFAULT_VARS[@]}; do
 		echo "export $var=${DEFAULT_VARS[$var]}" >> /root/.bashrc
-		[ $? != 0 ] && notify 'err' "Unable to set $var=${DEFAULT_VARS[$var]}" && return 1
+		[ $? != 0 ] && notify 'err' "Unable to set $var=${DEFAULT_VARS[$var]}" && kill -15 `cat /var/run/supervisord.pid` && return 1
 		notify 'inf' "Set $var=${DEFAULT_VARS[$var]}"
 	done
 }
@@ -644,18 +644,6 @@ EOF
 		 -e "/^[^#].*smtpd_sasl_path.*/s/^/#/g" \
 		 /etc/postfix/master.cf
 
-	sed -i \
-		-e "s|^START=.*|START=yes|g" \
-		-e "s|^MECHANISMS=.*|MECHANISMS="\"$SASLAUTHD_MECHANISMS\""|g" \
-		-e "s|^MECH_OPTIONS=.*|MECH_OPTIONS="\"$SASLAUTHD_MECH_OPTIONS\""|g" \
-		/etc/default/saslauthd
-
-	if [ "$SASLAUTHD_MECHANISMS" = rimap ]; then
-		sed -i \
-			-e 's|^OPTIONS="|OPTIONS="-r |g' \
-			/etc/default/saslauthd
-	fi
-
 	sed -i \
 		-e "/smtpd_sasl_path =.*/d" \
 		-e "/smtpd_sasl_type =.*/d" \
@@ -860,7 +848,7 @@ function _setup_postfix_virtual_transport() {
 
 	[ -z "${POSTFIX_DAGENT}" ] && \
 		echo "${POSTFIX_DAGENT} not set." && \
-		return 1
+		kill -15 `cat /var/run/supervisord.pid` && return 1
 	postconf -e "virtual_transport = ${POSTFIX_DAGENT}"
 }
 
@@ -1124,7 +1112,7 @@ function start_daemons() {
 
 function _start_daemons_cron() {
 	notify 'task' 'Starting cron' 'n'
-	display_startup_daemon "cron"
+	supervisorctl start cron
 }
 
 function _start_daemons_rsyslog() {
@@ -1134,7 +1122,7 @@ function _start_daemons_rsyslog() {
 
 function _start_daemons_saslauthd() {
 	notify 'task' 'Starting saslauthd' 'n'
-    display_startup_daemon "/etc/init.d/saslauthd start"
+    supervisorctl start "saslauthd_${SASLAUTHD_MECHANISMS}"
 }
 
 function _start_daemons_fail2ban() {
@@ -1159,7 +1147,7 @@ function _start_daemons_opendmarc() {
 
 function _start_daemons_postfix() {
 	notify 'task' 'Starting postfix' 'n'
-    display_startup_daemon "/etc/init.d/postfix start"
+    supervisorctl start postfix
 }
 
 function _start_daemons_dovecot() {
@@ -1178,7 +1166,6 @@ function _start_daemons_dovecot() {
 		# /usr/sbin/dovecot reload
 	fi
 
-
     supervisorctl start dovecot
 
 	# @TODO fix: on integration test
@@ -1199,7 +1186,7 @@ function _start_daemons_filebeat() {
 function _start_daemons_fetchmail() {
 	notify 'task' 'Starting fetchmail' 'n'
 	/usr/local/bin/setup-fetchmail
-	display_startup_daemon "/etc/init.d/fetchmail start"
+	supervisorctl start fetchmail
 }
 
 function _start_daemons_clamav() {
@@ -1251,8 +1238,6 @@ notify 'taskgrp' "#"
 notify 'taskgrp' "#"
 notify 'taskgrp' ""
 
-supervisord -c /etc/supervisor/supervisord.conf
-
 register_functions
 
 check

target/supervisor/saslauth.conf

@@ -0,0 +1,44 @@
+[program:saslauthd_ldap]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/saslauthd -d -a ldap -O /etc/saslauthd.conf
+pidfile=/var/run/saslauthd/saslauthd.pid
+
+[program:saslauthd_mysql]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/saslauthd -d -a mysql -O %(ENV_SASLAUTHD_MECH_OPTIONS)s
+pidfile=/var/run/saslauthd/saslauthd.pid
+
+[program:saslauthd_pam]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/saslauthd -d -a pam -O %(ENV_SASLAUTHD_MECH_OPTIONS)s
+pidfile=/var/run/saslauthd/saslauthd.pid
+
+[program:saslauthd_rimap]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/saslauthd -d -a rimap -r -O %(ENV_SASLAUTHD_MECH_OPTIONS)s
+pidfile=/var/run/saslauthd/saslauthd.pid
+
+[program:saslauthd_shadow]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/saslauthd -d -a shadow -O %(ENV_SASLAUTHD_MECH_OPTIONS)s
+pidfile=/var/run/saslauthd/saslauthd.pid

target/supervisor/supervisor-app.conf

@@ -4,112 +4,112 @@
 # Programs can be controlled like this: 'supervisorctl start fail2ban' 'supervisorctl stop fail2ban'
 # supervisor writes program statuses in /var/log/supervisor
 
-[program:rsyslog]
+[supervisord]
+nodaemon=true
+
+[program:mailserver]
 startsecs=0
-autostart=false
+autostart=true
-autorestart=true
+autorestart=false
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
+command=/usr/local/bin/start-mailserver.sh
+
+[program:cron]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/cron -f
+
+[program:rsyslog]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
 command=/usr/sbin/rsyslogd -n
 
 [program:fail2ban]
 startsecs=0
 autostart=false
 autorestart=true
-stdout_logfile=/dev/stdout
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
-stdout_logfile_maxbytes=0 
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
-stderr_logfile=/dev/stderr
+command=/usr/local/bin/fail2ban-wrapper.sh
-stderr_logfile_maxbytes=0 
-command = /usr/bin/fail2ban-server -f
 
 [program:opendkim]
 startsecs=0
 autostart=false
 autorestart=true
-stdout_logfile=/dev/stdout
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
-stdout_logfile_maxbytes=0 
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0 
 command=/usr/sbin/opendkim -f
 
 [program:opendmarc]
 startsecs=0
 autostart=false
 autorestart=true
-stdout_logfile=/dev/stdout
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
-stdout_logfile_maxbytes=0 
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
-stderr_logfile=/dev/stderr
+command=/usr/sbin/opendmarc -f -p "inet:8893@localhost" -P /var/run/opendmarc/opendmarc.pid
-stderr_logfile_maxbytes=0 
-command = /usr/sbin/opendmarc -f -p "inet:8893@localhost"
 
 [program:dovecot]
 startsecs=0
 autostart=false
 autorestart=true
-stdout_logfile=/dev/stdout
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
-stdout_logfile_maxbytes=0 
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0 
 command=/usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
 
 [program:filebeat]
 startsecs=0
 autostart=false
 autorestart=true
-stdout_logfile=/dev/stdout
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
-stdout_logfile_maxbytes=0 
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
 command=/usr/bin/filebeat -c /etc/filebeat/filebeat.yml
 
 [program:clamav]
 startsecs=0
 autostart=false
 autorestart=true
-stdout_logfile=/dev/stdout
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
-stdout_logfile_maxbytes=0 
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
 command=/usr/sbin/clamd -c /etc/clamav/clamd.conf
 
 [program:postgrey]
 startsecs=0
 autostart=false
 autorestart=true
-stdout_logfile=/dev/stdout
+stdout_logfile=/var/log/mail/mail.log
-stdout_logfile_maxbytes=0 
+stderr_logfile=/var/log/mail/mail.log
-stderr_logfile=/dev/stderr
+command=/usr/sbin/postgrey --inet=127.0.0.1:10023 --syslog-facility=mail --delay=%(ENV_POSTGREY_DELAY)s --max-age=%(ENV_POSTGREY_MAX_AGE)s --greylist-text="%(ENV_POSTGREY_TEXT)s"
-stderr_logfile_maxbytes=0
-command = /usr/sbin/postgrey --inet=127.0.0.1:10023
 
 [program:amavis]
 startsecs=0
 autostart=false
 autorestart=true
-stdout_logfile=/dev/stdout
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
-stdout_logfile_maxbytes=0 
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
 command=/usr/sbin/amavisd-new foreground
 
+[program:fetchmail]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+user=fetchmail
+command=/usr/bin/fetchmail -f /etc/fetchmailrc -v --nodetach --daemon 300 -i /var/lib/fetchmail/.fetchmail-UIDL-cache --pidfile /var/run/fetchmail/fetchmail.pid
 
-# Couldn't figure out how to run these in the foreground. We'll start them without supervisor.
+[program:postfix]
-#[program:fetchmail]
+startsecs=0
-#startsecs=0
+autostart=false
-#autostart=false
+autorestart=true
-#autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
-#command = /usr/bin/fetchmail
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
-
+command=/usr/local/bin/postfix-wrapper.sh
-#[program:postfix]
-#startsecs=0
-#autostart=false
-#autorestart=true
-#command = /etc/init.d/postfix start
-
-#[program:saslauthd]
-#startsecs=0
-#autostart=false
-#autorestart=true
-#command = /etc/init.d/saslauthd start

test/tests.bats

@@ -111,56 +111,6 @@ load 'test_helper/bats-assert/load'
   assert_success
 }
 
-@test "checking process: saslauthd (saslauthd server enabled)" {
-  run docker exec mail_with_imap /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'"
-  assert_success
-}
-
-#
-# supervisor
-#
-
-# <postfix isn't run with supervisor. No test for it.>
-
-@test "checking restart of process: clamd" {
-  run docker exec mail /bin/bash -c "pkill -f clamav && sleep 5 && ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
-  assert_success
-}
-
-@test "checking process: new" {
-  run docker exec mail /bin/bash -c "pkill -f amavis && sleep 5 && ps aux --forest | grep -v grep | grep '/usr/sbin/amavisd-new'"
-  assert_success
-}
-
-@test "checking process: opendkim" {
-  run docker exec mail /bin/bash -c "pkill -f opendkim && sleep 5 && ps aux --forest | grep -v grep | grep '/usr/sbin/opendkim'"
-  assert_success
-}
-
-@test "checking process: opendmarc" {
-  run docker exec mail /bin/bash -c "pkill -f opendmarc && sleep 5 && ps aux --forest | grep -v grep | grep '/usr/sbin/opendmarc'"
-  assert_success
-}
-
-@test "checking process: fail2ban (fail2ban server enabled)" {
-  run docker exec mail_fail2ban /bin/bash -c "pkill -f fail2ban && sleep 5 && ps aux --forest | grep -v grep | grep '/usr/bin/python3 /usr/bin/fail2ban-server'"
-  assert_success
-}
-
-# <fetchmail isn't run with supervisor. No test for it.>
-
-@test "checking process: clamav (clamav disabled by ENABLED_CLAMAV=0)" {
-  run docker exec mail_disabled_clamav_spamassassin /bin/bash -c "pkill -f clamd && sleep 5 && ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
-  assert_failure
-}
-
-@test "checking process: saslauthd (saslauthd server enabled)" {
-  run docker exec mail_with_ldap /bin/bash -c "pkill -f saslauthd && sleep 5 && ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'"
-  assert_success
-}
-
-# <saslauthd isn't run with supervisor. No test for it.>
-
 
 #
 # postgrey
@@ -1233,3 +1183,53 @@ load 'test_helper/bats-assert/load'
   assert_success
   assert_output 0
 }
+
+
+#
+# supervisor
+#
+
+@test "checking restart of process: postfix" {
+  run docker exec mail /bin/bash -c "pkill master && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/lib/postfix/sbin/master'"
+  assert_success
+}
+
+@test "checking restart of process: clamd" {
+  run docker exec mail /bin/bash -c "pkill clamd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
+  assert_success
+}
+
+@test "checking restart of process: amavisd-new" {
+  run docker exec mail /bin/bash -c "pkill amavi && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/amavisd-new (master)'"
+  assert_success
+}
+
+@test "checking restart of process: opendkim" {
+  run docker exec mail /bin/bash -c "pkill opendkim && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/opendkim'"
+  assert_success
+}
+
+@test "checking restart of process: opendmarc" {
+  run docker exec mail /bin/bash -c "pkill opendmarc && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/opendmarc'"
+  assert_success
+}
+
+@test "checking restart of process: fail2ban (fail2ban server enabled)" {
+  run docker exec mail_fail2ban /bin/bash -c "pkill fail2ban && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/bin/python3 /usr/bin/fail2ban-server'"
+  assert_success
+}
+
+@test "checking restart of process: fetchmail" {
+  run docker exec mail_fetchmail /bin/bash -c "pkill fetchmail && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'"
+  assert_success
+}
+
+@test "checking restart of process: clamav (clamav disabled by ENABLED_CLAMAV=0)" {
+  run docker exec mail_disabled_clamav_spamassassin /bin/bash -c "pkill -f clamd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
+  assert_failure
+}
+
+@test "checking restart of process: saslauthd (saslauthd server enabled)" {
+  run docker exec mail_with_ldap /bin/bash -c "pkill saslauthd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'"
+  assert_success
+}