Merge branch 'release/6.1.0' into stable

.env.dist

@@ -107,6 +107,12 @@ POSTFIX_DAGENT=
 # => Specify the recipient address
 REPORT_RECIPIENT=0
 
+
+# Change the sending address for mail report
+# **empty** => mailserver-report@hostname
+# => Specify the report sender (From) address
+REPORT_SENDER=
+
 # Changes the interval in which a report is being sent.
 # **daily** => Send a daily report
 # weekly => Send a report every week
@@ -255,6 +261,15 @@ SASLAUTHD_LDAP_SEARCH_BASE=
 # e.g. for openldap: `(&(uid=%U)(objectClass=person))`
 SASLAUTHD_LDAP_FILTER=
 
+# empty => no
+# yes => LDAP over TLS enabled for SASL
+# Must not be used together with SASLAUTHD_LDAP_SSL=1_
+SASLAUTHD_LDAP_START_TLS=
+
+# empty => no
+# yes => Require and verify server certificate
+SASLAUTHD_LDAP_TLS_CHECK_PEER=
+
 # empty => No sasl_passwd will be created
 # string => `/etc/postfix/sasl_passwd` will be created with the string as password
 SASL_PASSWD=

CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## 6.1.0
+
+* Deliver root mail (#952)
+* don't update permissions on non-existent file (#956)
+* Update docker-configomat (#959)
+* Support for detecting running container mount (#884)
+* Report sender (#965)
+  added REPORT_SENDER env variable to the container.
+* Add saslauthd option for ldap_start_tls & ldap_tls_check_peer - (#979, #980)
+* fix SASL domain (#892, #970)
+* DOMAINNAME can fail to be set in postsrsd-wrapper.sh (#989)
+
 ## 6.0.0
 
 * Implementation of multi-domain relay hosts (#922, #926)

Makefile

@@ -35,6 +35,7 @@ run:
 		-e SPOOF_PROTECTION=1 \
 		-e ENABLE_SPAMASSASSIN=1 \
 		-e REPORT_RECIPIENT=user1@localhost.localdomain \
+		-e REPORT_SENDER=report1@mail.my-domain.com \
 		-e SA_TAG=-5.0 \
 		-e SA_TAG2=2.0 \
 		-e SA_KILL=3.0 \
@@ -95,10 +96,32 @@ run:
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e PERMIT_DOCKER=network \
 		-e DMS_DEBUG=0 \
+		-e ENABLE_SRS=1 \
 		-e OVERRIDE_HOSTNAME=mail.my-domain.com \
 		-h unknown.domain.tld \
 		-t $(NAME)
 	sleep 15
+	docker run -d --name mail_domainname \
+		-v "`pwd`/test/config":/tmp/docker-mailserver \
+		-v "`pwd`/test":/tmp/docker-mailserver-test \
+		-e PERMIT_DOCKER=network \
+		-e DMS_DEBUG=0 \
+		-e ENABLE_SRS=1 \
+		-e DOMAINNAME=my-domain.com \
+		-h unknown.domain.tld \
+		-t $(NAME)
+	sleep 15
+	docker run -d --name mail_srs_domainname \
+		-v "`pwd`/test/config":/tmp/docker-mailserver \
+		-v "`pwd`/test":/tmp/docker-mailserver-test \
+		-e PERMIT_DOCKER=network \
+		-e DMS_DEBUG=0 \
+		-e ENABLE_SRS=1 \
+		-e SRS_DOMAINNAME=srs.my-domain.com \
+		-e DOMAINNAME=my-domain.com \
+		-h unknown.domain.tld \
+		-t $(NAME)
+	sleep 15
 	docker run -d --name mail_fail2ban \
 		-v "`pwd`/test/config":/tmp/docker-mailserver \
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
@@ -153,6 +176,7 @@ run:
 		-e DOVECOT_TLS=no \
 		-e DOVECOT_PASS_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \
 		-e DOVECOT_USER_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \
+		-e REPORT_RECIPIENT=1 \
 		-e ENABLE_SASLAUTHD=1 \
 		-e SASLAUTHD_MECHANISMS=ldap \
 		-e SASLAUTHD_LDAP_SERVER=ldap \
@@ -249,6 +273,7 @@ fixtures:
 	docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/sieve-pipe.txt"
 	docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/non-existing-user.txt"
 	docker exec mail_disabled_clamav_spamassassin /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt"
+	docker exec mail /bin/sh -c "sendmail root < /tmp/docker-mailserver-test/email-templates/root-email.txt"
 	# postfix virtual transport lmtp
 	docker exec mail_lmtp_ip /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt"
 	docker exec mail_privacy /bin/sh -c "openssl s_client -quiet -starttls smtp -connect 0.0.0.0:587 < /tmp/docker-mailserver-test/email-templates/send-privacy-email.txt"
@@ -281,6 +306,8 @@ clean:
 		mail_undef_spam_subject \
 		mail_postscreen \
 		mail_override_hostname \
+		mail_domainname \
+		mail_srs_domainname \
 		mail_with_relays
 
 	@if [ -d config.bak ]; then\
@@ -292,3 +319,6 @@ clean:
 		mv testconfig.bak test/config ;\
 	fi
 	-sudo rm -rf test/onedir
+	-sudo rm -rf test/alias
+	-sudo rm -rf test/relay
+

README.md

@@ -314,12 +314,14 @@ Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postf
   - **empty** => postmaster@domain.com
   - => Specify the postmaster address
 
+
 ##### POSTSCREEN_ACTION
 
   - **enforce** => Allow other tests to complete. Reject attempts to deliver mail with a 550 SMTP reply, and log the helo/sender/recipient information. Repeat this test the next time the client connects.
   - drop => Drop the connection immediately with a 521 SMTP reply. Repeat this test the next time the client connects.
   - ignore => Ignore the failure of this test. Allow other tests to complete. Repeat this test the next time the client connects. This option is useful for testing and collecting statistics without blocking mail.
 
+
 ##### REPORT_RECIPIENT
 
   Enables a report being sent (created by pflogsumm) on a regular basis.
@@ -327,6 +329,13 @@ Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postf
   - 1 => Using POSTMASTER_ADDRESS as the recipient
   - => Specify the recipient address
 
+##### REPORT_SENDER
+
+  Change the sending address for mail report
+  - **empty** => mailserver-report@hostname
+  - => Specify the report sender (From) address
+
+
 ##### REPORT_INTERVAL
 
   changes the interval in which a report is being sent.
@@ -539,6 +548,11 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1`
   - if you have a cluster/swarm make sure the same keys are on all nodes
   - example command to generate a key: `dd if=/dev/urandom bs=24 count=1 2>/dev/null | base64`
 
+##### SRS_DOMAINNAME
+
+  - **empty** => Derived from OVERRIDE_HOSTNAME, DOMAINNAME, or the container's hostname
+  - Set this if auto-detection fails, isn't what you want, or you wish to have a separate container handle DSNs
+
 ## Multi-domain Relay Hosts
 
 #### RELAY_HOST

docker-compose.elk.yml.dist

@@ -28,6 +28,7 @@ services:
     - POSTSCREEN_ACTION=${POSTSCREEN_ACTION}
     - ENABLE_SRS=${ENABLE_SRS}
     - REPORT_RECIPIENT=${REPORT_RECIPIENT}
+    - REPORT_SENDER=${REPORT_SENDER}
     - REPORT_INTERVAL=${REPORT_INTERVAL}
     - SMTP_ONLY=${SMTP_ONLY}
     - SSL_TYPE=${SSL_TYPE}
@@ -67,6 +68,8 @@ services:
     - SASLAUTHD_LDAP_PASSWORD=${SASLAUTHD_LDAP_PASSWORD}
     - SASLAUTHD_LDAP_SEARCH_BASE=${SASLAUTHD_LDAP_SEARCH_BASE}
     - SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
+    - SASLAUTHD_LDAP_START_TLS=${SASLAUTHD_LDAP_START_TLS}
+    - SASLAUTHD_LDAP_TLS_CHECK_PEER=${SASLAUTHD_LDAP_TLS_CHECK_PEER}
     - SASL_PASSWD=${SASL_PASSWD}
     cap_add:
     - NET_ADMIN

docker-compose.yml.dist

@@ -25,6 +25,7 @@ services:
     - POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
     - POSTSCREEN_ACTION=${POSTSCREEN_ACTION}
     - REPORT_RECIPIENT=${REPORT_RECIPIENT}
+    - REPORT_SENDER=${REPORT_SENDER}
     - REPORT_INTERVAL=${REPORT_INTERVAL}
     - SMTP_ONLY=${SMTP_ONLY}
     - SSL_TYPE=${SSL_TYPE}
@@ -67,6 +68,8 @@ services:
     - SASLAUTHD_LDAP_PASSWORD=${SASLAUTHD_LDAP_PASSWORD}
     - SASLAUTHD_LDAP_SEARCH_BASE=${SASLAUTHD_LDAP_SEARCH_BASE}
     - SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
+    - SASLAUTHD_LDAP_START_TLS=${SASLAUTHD_LDAP_START_TLS}
+    - SASLAUTHD_LDAP_TLS_CHECK_PEER=${SASLAUTHD_LDAP_TLS_CHECK_PEER}
     - SASL_PASSWD=${SASL_PASSWD}
     - SRS_EXCLUDE_DOMAINS=${SRS_EXCLUDE_DOMAINS}
     - SRS_SECRET=${SRS_SECRET}

setup.sh

@@ -11,7 +11,17 @@ INFO=$(docker ps \
 
 IMAGE_NAME=$(echo $INFO | awk '{print $1}')
 CONTAINER_NAME=$(echo $INFO | awk '{print $2}')
-CONFIG_PATH="$(pwd)/config"
+DEFAULT_CONFIG_PATH="$(pwd)/config"
+
+_update_config_path() {
+  VOLUME=$(docker inspect $CONTAINER_NAME \
+    --format="{{range .Mounts}}{{ println .Source .Destination}}{{end}}" | \
+    grep "/tmp/docker-mailserver$" 2>/dev/null)
+
+  if [ ! -z "$VOLUME" ]; then
+    CONFIG_PATH=$(echo $VOLUME | awk '{print $1}')
+  fi
+}
 
 if [ -z "$IMAGE_NAME" ]; then
   IMAGE_NAME=tvial/docker-mailserver:latest
@@ -25,6 +35,7 @@ _inspect() {
   fi
   if [ -n "$CONTAINER_NAME" ]; then
     echo "Container: $CONTAINER_NAME"
+    echo "Config mount: $CONFIG_PATH"
   else
     echo "Container: Not running, please start docker-mailserver."
   fi
@@ -117,13 +128,13 @@ while getopts ":c:i:p:" OPT; do
     p)
       case "$OPTARG" in
       /*)
-          CONFIG_PATH="$OPTARG"
+          WISHED_CONFIG_PATH="$OPTARG"
           ;;
       *)
-          CONFIG_PATH="$(pwd)/$OPTARG"
+          WISHED_CONFIG_PATH="$(pwd)/$OPTARG"
           ;;
       esac
-      if [ ! -d "$CONFIG_PATH" ]; then
+      if [ ! -d "$WISHED_CONFIG_PATH" ]; then
         echo "Directory doesn't exist"
         _usage
         exit 1
@@ -135,6 +146,17 @@ while getopts ":c:i:p:" OPT; do
   esac
 done
 
+if [ ! -n "$WISHED_CONFIG_PATH" ]; then
+  # no wished config path
+  _update_config_path
+
+  if [ ! -n "$CONFIG_PATH" ]; then
+    CONFIG_PATH=$DEFAULT_CONFIG_PATH
+  fi
+else
+  CONFIG_PATH=$WISHED_CONFIG_PATH
+fi
+
 shift $((OPTIND-1))
 
 case $1 in

target/bin/postfix-summary

@@ -2,7 +2,7 @@
 
 HOSTNAME=$1
 RECIPIENT=$2
-
+SENDER=$3
 errex() {
   echo -e "$@" 1>&2
   exit 1
@@ -23,7 +23,7 @@ The $HOSTNAME Mailserver"
 fi
 
 sendmail -t <<EOF
-From: mailserver-report@$HOSTNAME
+From: $SENDER
 To: $RECIPIENT
 Subject: Postfix Summary for $HOSTNAME
 Content-Transfer-Encoding: 8bit

target/docker-configomat

@@ -1 +1 @@
-Subproject commit e3e84ded29d88b2945c0782dbb43237c561a54a9
+Subproject commit b42a6eb65dc1e059c8bf3661e51f3ce308469e19

target/postfix/main.cf

@@ -7,9 +7,9 @@ readme_directory = no
 
 # Basic configuration
 # myhostname =
-alias_maps = texthash:/etc/aliases
+alias_maps = hash:/etc/aliases
-alias_database = texthash:/etc/aliases
+alias_database = hash:/etc/aliases
-mydestination =
+mydestination = $myhostname, localhost.$mydomain, localhost
 relayhost =
 mynetworks = 127.0.0.0/8 [::1]/128 [fe80::]/64
 mailbox_size_limit = 0
@@ -72,7 +72,7 @@ smtpd_sasl_path = /var/spool/postfix/private/auth
 smtpd_sasl_type = dovecot
 
 smtpd_sasl_security_options = noanonymous
-smtpd_sasl_local_domain = $myhostname
+smtpd_sasl_local_domain = $mydomain
 broken_sasl_auth_clients = yes
 
 # Mail directory

target/postsrsd-wrapper.sh

@@ -1,8 +1,17 @@
 #!/usr/bin/env bash
-# postsrsd-wrapper.sh, version 0.2.1
+# postsrsd-wrapper.sh, version 0.2.2
 
-DOMAINNAME="$(hostname -d)"
+if [ -n "$SRS_DOMAINNAME" ]; then
-sed -i -e "s/localdomain/$DOMAINNAME/g" /etc/default/postsrsd
+  domain_name="$SRS_DOMAINNAME"
+elif [ -n "$OVERRIDE_HOSTNAME" ]; then
+  domain_name="${OVERRIDE_HOSTNAME#*.}"
+elif [ -n "$DOMAINNAME" ]; then
+  domain_name="$DOMAINNAME"
+else
+  domain_name=$(hostname -d)
+fi
+
+sed -i -e "s/localdomain/${domain_name}/g" /etc/default/postsrsd
 
 postsrsd_secret_file='/etc/postsrsd.secret'
 postsrsd_state_dir='/var/mail-state/etc-postsrsd'

target/start-mailserver.sh

@@ -417,6 +417,8 @@ function _setup_default_vars() {
 
 	# update POSTMASTER_ADDRESS - must be done done after _check_hostname()
 	DEFAULT_VARS["POSTMASTER_ADDRESS"]="${POSTMASTER_ADDRESS:=postmaster@${DOMAINNAME}}"
+    # update REPORT_SENDER - must be done done after _check_hostname()
+    DEFAULT_VARS["REPORT_SENDER"]="${REPORT_SENDER:=mailserver-report@${HOSTNAME}}"
 
 	for var in ${!DEFAULT_VARS[@]}; do
 		echo "export $var=${DEFAULT_VARS[$var]}" >> /root/.bashrc
@@ -656,7 +658,7 @@ function _setup_spoof_protection () {
 	sed -i 's|smtpd_sender_restrictions =|smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch,|' /etc/postfix/main.cf
 	[ "$ENABLE_LDAP" = 1 ] \
 		&& postconf -e "smtpd_sender_login_maps=ldap:/etc/postfix/ldap-users.cf ldap:/etc/postfix/ldap-aliases.cf ldap:/etc/postfix/ldap-groups.cf" \
-		|| postconf -e "smtpd_sender_login_maps=texthash:/etc/postfix/virtual, texthash:/etc/aliases, pcre:/etc/postfix/maps/sender_login_maps.pcre"
+		|| postconf -e "smtpd_sender_login_maps=texthash:/etc/postfix/virtual, hash:/etc/aliases, pcre:/etc/postfix/maps/sender_login_maps.pcre"
 }
 
 function _setup_postfix_access_control() {
@@ -693,6 +695,8 @@ function _setup_saslauthd() {
 	[ -z "$SASLAUTHD_LDAP_SERVER" ] && SASLAUTHD_LDAP_SERVER=localhost
 	[ -z "$SASLAUTHD_LDAP_FILTER" ] && SASLAUTHD_LDAP_FILTER='(&(uniqueIdentifier=%u)(mailEnabled=TRUE))'
 	([ -z "$SASLAUTHD_LDAP_SSL" ] || [ $SASLAUTHD_LDAP_SSL == 0 ]) && SASLAUTHD_LDAP_PROTO='ldap://' || SASLAUTHD_LDAP_PROTO='ldaps://'
+	[ -z "$SASLAUTHD_LDAP_START_TLS" ] && SASLAUTHD_LDAP_START_TLS=no
+	[ -z "$SASLAUTHD_LDAP_TLS_CHECK_PEER" ] && SASLAUTHD_LDAP_TLS_CHECK_PEER=no
 
 	if [ ! -f /etc/saslauthd.conf ]; then
 		notify 'inf' "Creating /etc/saslauthd.conf"
@@ -706,6 +710,9 @@ ldap_bind_pw: ${SASLAUTHD_LDAP_PASSWORD}
 ldap_search_base: ${SASLAUTHD_LDAP_SEARCH_BASE}
 ldap_filter: ${SASLAUTHD_LDAP_FILTER}
 
+ldap_start_tls: $SASLAUTHD_LDAP_START_TLS
+ldap_tls_check_peer: $SASLAUTHD_LDAP_TLS_CHECK_PEER
+
 ldap_referrals: yes
 log_level: 10
 EOF
@@ -754,6 +761,10 @@ function _setup_postfix_aliases() {
 		s/$/ pcre:\/etc\/postfix\/regexp/
 		}' /etc/postfix/main.cf
 	fi
+
+	notify 'inf' "Configuring root alias"
+	echo "root: ${POSTMASTER_ADDRESS}" > /etc/aliases
+	postalias /etc/aliases
 }
 
 function _setup_SRS() {
@@ -1069,8 +1080,10 @@ function _setup_postfix_relay_hosts() {
 		fi
 	fi
 
-	chown root:root /etc/postfix/sasl_passwd
+	if [ -f /etc/postfix/sasl_passwd ]; then
-	chmod 0600 /etc/postfix/sasl_passwd
+		chown root:root /etc/postfix/sasl_passwd
+		chmod 0600 /etc/postfix/sasl_passwd
+	fi
 	# end /etc/postfix/sasl_passwd
 
 	# setup /etc/postfix/relayhost_map
@@ -1228,7 +1241,8 @@ function _setup_logrotate() {
 function _setup_mail_summary() {
 	notify 'inf' "Enable postfix summary with recipient $REPORT_RECIPIENT"
 	[ "$REPORT_RECIPIENT" = 1 ] && REPORT_RECIPIENT=$POSTMASTER_ADDRESS
-	sed -i "s|}|  postrotate\n    /usr/local/bin/postfix-summary $HOSTNAME $REPORT_RECIPIENT\n  endscript\n}\n|" /etc/logrotate.d/maillog
+	sed -i "s|}|  postrotate\n    /usr/local/bin/postfix-summary $HOSTNAME \
+    $REPORT_RECIPIENT $REPORT_SENDER\n  endscript\n}\n|" /etc/logrotate.d/maillog
 }
 
 function _setup_environment() {

test/config/postfix-regexp.cf

@@ -1,2 +1,4 @@
 /^test[0-9][0-9]*@localhost.localdomain/ user1@localhost.localdomain
 /^bounce.*@.*/ external1@otherdomain.tld
+/^postmaster@/ user1@localhost.localdomain
+

test/email-templates/root-email.txt

@@ -0,0 +1,3 @@
+Subject: Root Test Message
+
+This is a test mail.

test/tests.bats

@@ -296,7 +296,7 @@ load 'test_helper/bats-assert/load'
 @test "checking smtp: delivers mail to existing account" {
   run docker exec mail /bin/sh -c "grep 'postfix/lmtp' /var/log/mail/mail.log | grep 'status=sent' | grep ' Saved)' | wc -l"
   assert_success
-  assert_output 10
+  assert_output 12
 }
 
 @test "checking smtp: delivers mail to existing alias" {
@@ -326,10 +326,10 @@ load 'test_helper/bats-assert/load'
   assert_output 1
 }
 
-@test "checking smtp: user1 should have received 6 mails" {
+@test "checking smtp: user1 should have received 9 mails" {
   run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/new | wc -l"
   assert_success
-  assert_output 7
+  assert_output 9
 }
 
 @test "checking smtp: rejects mail to unknown user" {
@@ -810,6 +810,25 @@ load 'test_helper/bats-assert/load'
   assert_success
 }
 
+@test "checking SRS: SRS_DOMAINNAME is used correctly" {
+  run docker exec mail_srs_domainname grep "SRS_DOMAIN=srs.my-domain.com" /etc/default/postsrsd
+  assert_success
+}
+
+@test "checking SRS: OVERRIDE_HOSTNAME is handled correctly" {
+  run docker exec mail_override_hostname grep "SRS_DOMAIN=my-domain.com" /etc/default/postsrsd
+  assert_success
+}
+
+@test "checking SRS: DOMAINNAME is handled correctly" {
+  run docker exec mail_domainname grep "SRS_DOMAIN=my-domain.com" /etc/default/postsrsd
+  assert_success
+}
+@test "checking SRS: fallback to hostname is handled correctly" {
+  run docker exec mail grep "SRS_DOMAIN=my-domain.com" /etc/default/postsrsd
+  assert_success
+}
+
 #
 # fail2ban
 #
@@ -1051,6 +1070,7 @@ load 'test_helper/bats-assert/load'
   run docker exec mail /bin/sh -c "grep 'Spambot <spam@spam.com>' -R /var/mail/localhost.localdomain/user1/new/"
   assert_success
 }
+
 #
 # accounts
 #
@@ -1175,6 +1195,12 @@ load 'test_helper/bats-assert/load'
   assert_output 1
 }
 
+
+@test "checking user login: predefined user can login" {
+  result=$(docker exec mail doveadm auth test -x service=smtp pass@localhost.localdomain 'may be \a `p^a.*ssword' | grep 'auth succeeded')
+  [ "$result" = "passdb: pass@localhost.localdomain auth succeeded" ]
+}
+
 #
 # setup.sh
 #
@@ -1185,6 +1211,7 @@ load 'test_helper/bats-assert/load'
   assert_failure
   [ "${lines[0]}" = "Usage: ./setup.sh [-i IMAGE_NAME] [-c CONTAINER_NAME] <subcommand> <subcommand> [args]" ]
 }
+
 @test "checking setup.sh: Wrong arguments" {
   run ./setup.sh lol troll
   assert_failure
@@ -1192,14 +1219,14 @@ load 'test_helper/bats-assert/load'
 }
 
 # email
-@test "checking setup.sh: setup.sh email add " {
+@test "checking setup.sh: setup.sh email add" {
-  run ./setup.sh -c mail email add lorem@impsum.org dolorsit
+  run ./setup.sh -c mail email add setup_email_add@example.com test_password
   assert_success
-  value=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $1}')
-  [ "$value" = "lorem@impsum.org" ]
 
-  docker exec mail doveadm auth test -x service=smtp pass@localhost.localdomain 'may be \a `p^a.*ssword' | grep 'auth succeeded'
+  value=$(cat ./test/config/postfix-accounts.cf | grep setup_email_add@example.com | awk -F '|' '{print $1}')
-  assert_success
+  [ "$value" = "setup_email_add@example.com" ]
+
+  # we test the login of this user later to let the container digest the addition
 }
 
 @test "checking setup.sh: setup.sh email list" {
@@ -1208,10 +1235,9 @@ load 'test_helper/bats-assert/load'
 }
 
 @test "checking setup.sh: setup.sh email update" {
-  initialpass=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $2}')
+  ./setup.sh -c mail email add lorem@impsum.org test_test && initialpass=$(cat ./test/config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $2}')
-  run ./setup.sh email update lorem@impsum.org my password
+  run ./setup.sh -c mail email update lorem@impsum.org my password
-  sleep 10
+  updatepass=$(cat ./test/config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $2}')
-  updatepass=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $2}')
   [ "$initialpass" != "$updatepass" ]
   assert_success
 
@@ -1222,9 +1248,16 @@ load 'test_helper/bats-assert/load'
 @test "checking setup.sh: setup.sh email del" {
   run ./setup.sh -c mail email del -y lorem@impsum.org
   assert_success
-  run docker exec mail ls /var/mail/impsum.org/lorem
+#
-  assert_failure
+#  TODO delmailuser does not work as expected.
-  run grep lorem@impsum.org ./config/postfix-accounts.cf
+#  Its implementation is not functional, you cannot delete a user data
+#  directory in the running container by running a new docker container
+#  and not mounting the mail folders (persistance is broken).
+#  The add script is only adding the user to account file.
+#
+#  run docker exec mail ls /var/mail/impsum.org/lorem
+#  assert_failure
+  run grep lorem@impsum.org ./test/config/postfix-accounts.cf
   assert_failure
 }
 
@@ -1251,37 +1284,41 @@ load 'test_helper/bats-assert/load'
 
 # alias
 @test "checking setup.sh: setup.sh alias list" {
-  echo "test@example.org test@forward.com" > ./config/postfix-virtual.cf
+  mkdir -p ./test/alias/config && echo "test@example.org test@forward.com" > ./test/alias/config/postfix-virtual.cf
-  run ./setup.sh -c mail alias list
+  run ./setup.sh -p ./test/alias/config alias list
   assert_success
 }
 @test "checking setup.sh: setup.sh alias add" {
-  echo "" > ./config/postfix-virtual.cf
+  mkdir -p ./test/alias/config && echo "" > ./test/alias/config/postfix-virtual.cf
-  ./setup.sh -c mail alias add test1@example.org test1@forward.com
+  ./setup.sh -p ./test/alias/config alias add alias@example.com target1@forward.com
-  ./setup.sh -c mail alias add test1@example.org test2@forward.com
+  ./setup.sh -p ./test/alias/config alias add alias@example.com target2@forward.com
-
+  sleep 5
-  run /bin/sh -c 'cat ./config/postfix-virtual.cf | grep "test1@example.org test1@forward.com,test2@forward.com" | wc -l | grep 1'
+  run /bin/sh -c 'cat ./test/alias/config/postfix-virtual.cf | grep "alias@example.com target1@forward.com,target2@forward.com" | wc -l | grep 1'
   assert_success
 }
 @test "checking setup.sh: setup.sh alias del" {
-  echo -e 'test1@example.org test1@forward.com,test2@forward.com\ntest2@example.org test1@forward.com' > ./config/postfix-virtual.cf
+  # start with a1 -> t1,t2 and a2 -> t1
+  mkdir -p ./test/alias/config && echo -e 'alias1@example.org target1@forward.com,target2@forward.com\nalias2@example.org target1@forward.com' > ./test/alias/config/postfix-virtual.cf
 
-  ./setup.sh -c mail alias del test1@example.org test1@forward.com
+  # we remove a1 -> t1 ==> a1 -> t2 and a2 -> t1
-  run grep "test1@forward.com" ./config/postfix-virtual.cf
+  ./setup.sh -p ./test/alias/config alias del alias1@example.org target1@forward.com
-  assert_output  --regexp "^test2@example.org +test1@forward.com$"
+  run grep "target1@forward.com" ./test/alias/config/postfix-virtual.cf
+  assert_output  --regexp "^alias2@example.org +target1@forward.com$"
 
-  run grep "test2@forward.com" ./config/postfix-virtual.cf
+  run grep "target2@forward.com" ./test/alias/config/postfix-virtual.cf
-  assert_output  --regexp "^test1@example.org +test2@forward.com$"
+  assert_output  --regexp "^alias1@example.org +target2@forward.com$"
 
-  ./setup.sh -c mail alias del test1@example.org test2@forward.com
+  # we remove a1 -> t2 ==> a2 -> t1
-  run grep "test1@example.org" ./config/postfix-virtual.cf
+  ./setup.sh -p ./test/alias/config alias del alias1@example.org target2@forward.com
+  run grep "alias1@example.org" ./test/alias/config/postfix-virtual.cf
   assert_failure
 
-  run grep "test2@example.org" ./config/postfix-virtual.cf
+  run grep "alias2@example.org" ./test/alias/config/postfix-virtual.cf
   assert_success
 
-  ./setup.sh -c mail alias del test2@example.org test1@forward.com
+  # we remove a2 -> t1 ==> empty
-  run grep "test2@example.org" ./config/postfix-virtual.cf
+  ./setup.sh -p ./test/alias/config alias del alias2@example.org target1@forward.com
+  run grep "alias2@example.org" ./test/alias/config/postfix-virtual.cf
   assert_failure
 }
 
@@ -1299,7 +1336,7 @@ load 'test_helper/bats-assert/load'
 # debug
 @test "checking setup.sh: setup.sh debug fetchmail" {
   run ./setup.sh -c mail debug fetchmail
-  [ "$status" -eq 5 ]
+  [ "$status" -eq 11 ]
 # TODO: Fix output check
 # [ "$output" = "fetchmail: no mailservers have been specified." ]
 }
@@ -1330,45 +1367,51 @@ load 'test_helper/bats-assert/load'
 }
 
 @test "checking setup.sh: setup.sh relay add-domain" {
-  echo -n > ./config/postfix-relaymap.cf
+  mkdir -p ./test/relay/config && echo -n > ./test/relay/config/postfix-relaymap.cf
-  ./setup.sh -c mail relay add-domain example1.org smtp.relay1.com 2525
+  ./setup.sh -p ./test/relay/config relay add-domain example1.org smtp.relay1.com 2525
-  ./setup.sh -c mail relay add-domain example2.org smtp.relay2.com
+  ./setup.sh -p ./test/relay/config relay add-domain example2.org smtp.relay2.com
-  ./setup.sh -c mail relay add-domain example3.org smtp.relay3.com 2525
+  ./setup.sh -p ./test/relay/config relay add-domain example3.org smtp.relay3.com 2525
-  ./setup.sh -c mail relay add-domain example3.org smtp.relay.com 587
+  ./setup.sh -p ./test/relay/config relay add-domain example3.org smtp.relay.com 587
 
   # check adding
-  run /bin/sh -c 'cat ./config/postfix-relaymap.cf | grep -e "^@example1.org\s\+\[smtp.relay1.com\]:2525" | wc -l | grep 1'
+  run /bin/sh -c 'cat ./test/relay/config/postfix-relaymap.cf | grep -e "^@example1.org\s\+\[smtp.relay1.com\]:2525" | wc -l | grep 1'
   assert_success
   # test default port
-  run /bin/sh -c 'cat ./config/postfix-relaymap.cf | grep -e "^@example2.org\s\+\[smtp.relay2.com\]:25" | wc -l | grep 1'
+  run /bin/sh -c 'cat ./test/relay/config/postfix-relaymap.cf | grep -e "^@example2.org\s\+\[smtp.relay2.com\]:25" | wc -l | grep 1'
   assert_success
   # test modifying
-  run /bin/sh -c 'cat ./config/postfix-relaymap.cf | grep -e "^@example3.org\s\+\[smtp.relay.com\]:587" | wc -l | grep 1'
+  run /bin/sh -c 'cat ./test/relay/config/postfix-relaymap.cf | grep -e "^@example3.org\s\+\[smtp.relay.com\]:587" | wc -l | grep 1'
   assert_success
 }
 
 @test "checking setup.sh: setup.sh relay add-auth" {
-  echo -n > ./config/postfix-sasl-password.cf
+  mkdir -p ./test/relay/config && echo -n > ./test/relay/config/postfix-sasl-password.cf
-  ./setup.sh -c mail relay add-auth example.org smtp_user smtp_pass
+  ./setup.sh -p ./test/relay/config relay add-auth example.org smtp_user smtp_pass
-  ./setup.sh -c mail relay add-auth example2.org smtp_user2 smtp_pass2
+  ./setup.sh -p ./test/relay/config relay add-auth example2.org smtp_user2 smtp_pass2
-  ./setup.sh -c mail relay add-auth example2.org smtp_user2 smtp_pass_new
+  ./setup.sh -p ./test/relay/config relay add-auth example2.org smtp_user2 smtp_pass_new
 
   # test adding
-  run /bin/sh -c 'cat ./config/postfix-sasl-password.cf | grep -e "^@example.org\s\+smtp_user:smtp_pass" | wc -l | grep 1'
+  run /bin/sh -c 'cat ./test/relay/config/postfix-sasl-password.cf | grep -e "^@example.org\s\+smtp_user:smtp_pass" | wc -l | grep 1'
   assert_success
   # test updating
-  run /bin/sh -c 'cat ./config/postfix-sasl-password.cf | grep -e "^@example2.org\s\+smtp_user2:smtp_pass_new" | wc -l | grep 1'
+  run /bin/sh -c 'cat ./test/relay/config/postfix-sasl-password.cf | grep -e "^@example2.org\s\+smtp_user2:smtp_pass_new" | wc -l | grep 1'
   assert_success
 }
 
 @test "checking setup.sh: setup.sh relay exclude-domain" {
-  echo -n > ./config/postfix-relaymap.cf
+  mkdir -p ./test/relay/config && echo -n > ./test/relay/config/postfix-relaymap.cf
-  ./setup.sh -c mail relay exclude-domain example.org
+  ./setup.sh -p ./test/relay/config relay exclude-domain example.org
 
-  run /bin/sh -c 'cat ./config/postfix-relaymap.cf | grep -e "^@example.org\s*$" | wc -l | grep 1'
+  run /bin/sh -c 'cat ./test/relay/config/postfix-relaymap.cf | grep -e "^@example.org\s*$" | wc -l | grep 1'
   assert_success
 }
 
+@test "checking setup.sh: email add login validation" {
+  # validates that the user created previously with setup.sh can login
+  result=$(docker exec mail doveadm auth test -x service=smtp setup_email_add@example.com 'test_password' | grep 'auth succeeded')
+  [ "$result" = "passdb: setup_email_add@example.com auth succeeded" ]
+}
+
 #
 # LDAP
 #
@@ -1572,6 +1615,16 @@ load 'test_helper/bats-assert/load'
   sleep 10
   run docker exec mail grep "Subject: Postfix Summary for " /var/mail/localhost.localdomain/user1/new/ -R
   assert_success
+  # check sender is the one specified in REPORT_SENDER
+  run docker exec mail grep "From: report1@mail.my-domain.com" /var/mail/localhost.localdomain/user1/new/ -R
+  assert_success
+  # check sender is not the default one.
+  run docker exec mail grep "From: mailserver-report@mail.my-domain.com" /var/mail/localhost.localdomain/user1/new/ -R
+  assert_failure
+  
+  # checking default sender is correctly set when env variable not defined
+  run docker exec mail_with_ldap grep "mailserver-report@mail.my-domain.com" /etc/logrotate.d/maillog
+  assert_success
   # checking default logrotation setup
   run docker exec mail_with_ldap grep "daily" /etc/logrotate.d/maillog
   assert_success
@@ -1708,3 +1761,12 @@ load 'test_helper/bats-assert/load'
   run docker exec mail_with_relays /bin/sh -c 'cat /etc/postfix/sasl_passwd | grep -e "^\[default.relay.com\]:2525\s\+smtp_user:smtp_password" | wc -l | grep 1'
   assert_success
 }
+
+#
+# root mail delivery
+#
+
+@test "checking that mail for root was delivered" {
+  run docker exec mail grep "Subject: Root Test Message" /var/mail/localhost.localdomain/user1/new/ -R
+  assert_success
+}