diff --git a/.gitmodules b/.gitmodules index 0ed2caff..bc127a9e 100644 --- a/.gitmodules +++ b/.gitmodules @@ -7,3 +7,6 @@ [submodule "test/test_helper/bats-assert"] path = test/test_helper/bats-assert url = https://github.com/ztombol/bats-assert +[submodule "target/docker-configomat"] + path = target/docker-configomat + url = https://github.com/alinmear/docker-configomat diff --git a/Dockerfile b/Dockerfile index 5eb466e1..677394a1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -144,7 +144,7 @@ RUN curl -s https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > /et COPY ./target/bin /usr/local/bin # Start-mailserver script -COPY ./target/start-mailserver.sh /usr/local/bin/ +COPY ./target/start-mailserver.sh ./target/docker-configomat/configomat.sh /usr/local/bin/ RUN chmod +x /usr/local/bin/* EXPOSE 25 587 143 993 110 995 4190 diff --git a/Makefile b/Makefile index ede3f53c..e0695097 100644 --- a/Makefile +++ b/Makefile @@ -27,6 +27,7 @@ run: -e SA_TAG=-5.0 \ -e SA_TAG2=2.0 \ -e SA_KILL=3.0 \ + -e SA_SPAM_SUBJECT="SPAM: " \ -e VIRUSMAILS_DELETE_DELAY=7 \ -e SASL_PASSWD="external-domain.com username:password" \ -e ENABLE_MANAGESIEVE=1 \ @@ -51,6 +52,13 @@ run: -e OVERRIDE_HOSTNAME=mail.my-domain.com \ -t $(NAME) sleep 15 + docker run -d --name mail_smtponly_without_config \ + -e SMTP_ONLY=1 \ + -e ENABLE_LDAP=1 \ + -e PERMIT_DOCKER=network \ + -e OVERRIDE_HOSTNAME=mail.mydomain.com \ + -t $(NAME) + sleep 15 docker run -d --name mail_override_hostname \ -v "`pwd`/test/config":/tmp/docker-mailserver \ -v "`pwd`/test":/tmp/docker-mailserver-test \ @@ -99,6 +107,12 @@ run: -e LDAP_SERVER_HOST=ldap \ -e LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain \ -e LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain \ + -e LDAP_BIND_PW=admin \ + -e LDAP_QUERY_FILTER_USER="(&(mail=%s)(mailEnabled=TRUE))" \ + -e LDAP_QUERY_FILTER_GROUP="(&(mailGroupMember=%s)(mailEnabled=TRUE))" \ + -e LDAP_QUERY_FILTER_ALIAS="(&(mailAlias=%s)(mailEnabled=TRUE))" \ + -e DOVECOT_PASS_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \ + -e DOVECOT_USER_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \ -e ENABLE_SASLAUTHD=1 \ -e SASLAUTHD_MECHANISMS=ldap \ -e SASLAUTHD_LDAP_SERVER=ldap \ @@ -177,6 +191,7 @@ clean: mail \ mail_pop3 \ mail_smtponly \ + mail_smtponly_without_config \ mail_fail2ban \ mail_fetchmail \ fail-auth-mailer \ diff --git a/README.md b/README.md index 22e981ea..18c0f2ed 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ Your configs must be mounted in `/tmp/docker-mailserver/`. To understand how thi `restart: always` ensures that the mail server container (and ELK container when using the mail server together with ELK stack) is automatically restarted by Docker in cases like a Docker service or host restart or container exit. -```yaml +```yaml version: '2' services: @@ -79,6 +79,60 @@ volumes: driver: local ``` +__for ldap setup__: + +```yaml +version: '2' + +services: + mail: + image: tvial/docker-mailserver:latest + hostname: mail + domainname: domain.com + container_name: mail + ports: + - "25:25" + - "143:143" + - "587:587" + - "993:993" + volumes: + - maildata:/var/mail + - mailstate:/var/mail-state + - ./config/:/tmp/docker-mailserver/ + environment: + - ENABLE_SPAMASSASSIN=1 + - ENABLE_CLAMAV=1 + - ENABLE_FAIL2BAN=1 + - ENABLE_POSTGREY=1 + - ONE_DIR=1 + - DMS_DEBUG=0 + - ENABLE_LDAP=1 + - LDAP_SERVER_HOST=ldap # your ldap container/IP/ServerName + - LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain + - LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain + - LDAP_BIND_PW=admin + - LDAP_QUERY_FILTER_USER="(&(mail=%s)(mailEnabled=TRUE))" + - LDAP_QUERY_FILTER_GROUP="(&(mailGroupMember=%s)(mailEnabled=TRUE))" + - LDAP_QUERY_FILTER_ALIAS="(&(mailAlias=%s)(mailEnabled=TRUE))" + - DOVECOT_PASS_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" + - DOVECOT_USER_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" + - ENABLE_SASLAUTHD=1 + - SASLAUTHD_MECHANISMS=ldap + - SASLAUTHD_LDAP_SERVER=ldap + - SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain + - SASLAUTHD_LDAP_PASSWORD=admin + - SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain + - POSTMASTER_ADDRESS=postmaster@localhost.localdomain + cap_add: + - NET_ADMIN + +volumes: + maildata: + driver: local + mailstate: + driver: local +``` + #### Create your mail accounts Don't forget to adapt MAIL_USER and MAIL_PASS to your needs @@ -146,6 +200,12 @@ Note: this spamassassin setting needs `ENABLE_SPAMASSASSIN=1` Note: this spamassassin setting needs `ENABLE_SPAMASSASSIN=1` +##### SA_SPAM_SUBJECT + + - **\*\*\*SPAM\*\*\*** => add tag to subject if spam detected + +Note: this spamassassin setting needs `ENABLE_SPAMASSASSIN=1` + ##### ONE_DIR - **0** => state in default directories @@ -206,6 +266,29 @@ Otherwise, `iptables` won't be able to ban IPs. - **empty** => admin - => Specify the password to bind against ldap +##### LDAP_QUERY_FILTER_USER + + - e.g. `"(&(mail=%s)(mailEnabled=TRUE))"` + - => Specify how ldap should be asked for users + +##### LDAP_QUERY_FILTER_GROUP + + - e.g. `"(&(mailGroupMember=%s)(mailEnabled=TRUE))"` + - => Specify how ldap should be asked for groups + +##### LDAP_QUERY_FILTER_ALIAS + + - e.g. `"(&(mailAlias=%s)(mailEnabled=TRUE))"` + - => Specify how ldap should be asked for aliases + +##### DOVECOT_USER_FILTER + + - e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"` + +##### DOVECOT_PASS_FILTER + + - e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"` + ##### OVERRIDE_HOSTNAME - **empty** => uses the `hostname` command to get the mail server's canonical hostname @@ -228,13 +311,13 @@ Otherwise, `iptables` won't be able to ban IPs. Note: This postgrey setting needs `ENABLE_POSTGREY=1` ##### POSTGREY_MAX_AGE - + - **35** => delete entries older than N days since the last time that they have been seen Note: This postgrey setting needs `ENABLE_POSTGREY=1` ##### POSTGREY_TEXT - + - **Delayed by postgrey** => response when a mail is greylisted Note: This postgrey setting needs `ENABLE_POSTGREY=1` @@ -247,10 +330,10 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1` ##### SASLAUTHD_MECHANISMS - empty => pam - - ldap => authenticate against ldap server - - shadow => authenticate against local user db - - mysql => authenticate against mysql db - - rimap => authenticate against imap server + - `ldap` => authenticate against ldap server + - `shadow` => authenticate against local user db + - `mysql` => authenticate against mysql db + - `rimap` => authenticate against imap server - NOTE: can be a list of mechanisms like pam ldap shadow ##### SASLAUTHD_MECH_OPTIONS @@ -264,8 +347,8 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1` ##### SASLAUTHD_LDAP_SSL - - empty or 0 => ldap:// will be used - - 1 => ldaps:// will be used + - empty or 0 => `ldap://` will be used + - 1 => `ldaps://` will be used ##### SASLAUTHD_LDAP_BIND_DN @@ -285,9 +368,9 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1` ##### SASLAUTHD_LDAP_FILTER - - empty => default filter (&(uniqueIdentifier=%u)(mailEnabled=TRUE)) - - e.g. for active directory: (&(sAMAccountName=%U)(objectClass=person)) - - e.g. for openldap: (&(uid=%U)(objectClass=person)) + - empty => default filter `(&(uniqueIdentifier=%u)(mailEnabled=TRUE))` + - e.g. for active directory: `(&(sAMAccountName=%U)(objectClass=person))` + - e.g. for openldap: `(&(uid=%U)(objectClass=person))` ##### SASL_PASSWD @@ -325,15 +408,16 @@ Set how many days a virusmail will stay on the server before being deleted ##### ENABLE_POSTFIX_VIRTUAL_TRANSPORT This Option is activating the Usage of POSTFIX_DAGENT to specify a ltmp client different from default dovecot socket. - - **empty** => disabled - - 1 => enabled + +- **empty** => disabled +- 1 => enabled ##### POSTFIX_DAGENT Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postfix - - **empty**: fail - - lmtp:unix:private/dovecot-lmtp (use socket) - - lmtps:inet:: (secure lmtp with starttls, take a look at https://sys4.de/en/blog/2014/11/17/sicheres-lmtp-mit-starttls-in-dovecot/) - - lmtp::2003 (use kopano as mailstore) - - etc. +- **empty**: fail +- `lmtp:unix:private/dovecot-lmtp` (use socket) +- `lmtps:inet::` (secure lmtp with starttls, take a look at https://sys4.de/en/blog/2014/11/17/sicheres-lmtp-mit-starttls-in-dovecot/) +- `lmtp::2003` (use kopano as mailstore) +- etc. diff --git a/config/postfix-master.cf b/config/postfix-master.cf new file mode 100644 index 00000000..e69de29b diff --git a/target/docker-configomat b/target/docker-configomat new file mode 160000 index 00000000..e3e84ded --- /dev/null +++ b/target/docker-configomat @@ -0,0 +1 @@ +Subproject commit e3e84ded29d88b2945c0782dbb43237c561a54a9 diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index f9e688db..86faf0ca 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -316,50 +316,6 @@ function display_startup_daemon() { return $res } -function override_config() { - notify "task" "Starting do do overrides" - - declare -A config_overrides - - _env_variable_prefix=$1 - [ -z ${_env_variable_prefix} ] && return 1 - - - IFS=" " read -r -a _config_files <<< $2 - - # dispatch env variables - for env_variable in $(printenv | grep $_env_variable_prefix);do - # get key - # IFS not working because values like ldap_query_filter or search base consists of several '=' - # IFS="=" read -r -a __values <<< $env_variable - # key="${__values[0]}" - # value="${__values[1]}" - key=$(echo $env_variable | cut -d "=" -f1) - key=${key#"${_env_variable_prefix}"} - # make key lowercase - key=${key,,} - # get value - value=$(echo $env_variable | cut -d "=" -f2-) - - config_overrides[$key]=$value - done - - for f in "${_config_files[@]}" - do - if [ ! -f "${f}" ];then - echo "Can not find ${f}. Skipping override" - else - for key in ${!config_overrides[@]} - do - [ -z $key ] && echo -e "\t no key provided" && return 1 - - sed -i -e "s|^${key}[[:space:]]\+.*|${key} = "${config_overrides[$key]}'|g' \ - ${f} - done - fi - done -} - # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # ! CARE --> DON'T CHANGE, except you know exactly what you are doing # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! @@ -570,21 +526,37 @@ function _setup_ldap() { for i in 'users' 'groups' 'aliases'; do fpath="/tmp/docker-mailserver/ldap-${i}.cf" if [ -f $fpath ]; then - cp ${fpath} /etc/postfix/ldap-${i}.cf + cp ${fpath} /etc/postfix/ldap-${i}.cf fi done notify 'inf' 'Starting to override configs' - override_config "LDAP_" "/etc/postfix/ldap-users.cf /etc/postfix/ldap-groups.cf /etc/postfix/ldap-aliases.cf" + for f in /etc/postfix/ldap-users.cf /etc/postfix/ldap-groups.cf /etc/postfix/ldap-aliases.cf + do + [[ $f =~ ldap-user ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_USER}" + [[ $f =~ ldap-group ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_GROUP}" + [[ $f =~ ldap-aliases ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_ALIAS}" + configomat.sh "LDAP_" "${f}" + done + + notify 'inf' "Configuring dovecot LDAP" + + declare -A _dovecot_ldap_mapping + + _dovecot_ldap_mapping["DOVECOT_BASE"]="${DOVECOT_BASE:="${LDAP_SEARCH_BASE}"}" + _dovecot_ldap_mapping["DOVECOT_DN"]="${DOVECOT_DN:="${LDAP_BIND_DN}"}" + _dovecot_ldap_mapping["DOVECOT_DNPASS"]="${DOVECOT_DNPASS:="${LDAP_BIND_PW}"}" + _dovecot_ldap_mapping["DOVECOT_HOSTS"]="${DOVECOT_HOSTS:="${LDAP_SERVER_HOST}"}" + # Not sure whether this can be the same or not + # _dovecot_ldap_mapping["DOVECOT_PASS_FILTER"]="${DOVECOT_PASS_FILTER:="${LDAP_QUERY_FILTER_USER}"}" + # _dovecot_ldap_mapping["DOVECOT_USER_FILTER"]="${DOVECOT_USER_FILTER:="${LDAP_QUERY_FILTER_USER}"}" + + for var in ${!_dovecot_ldap_mapping[@]}; do + export $var=${_dovecot_ldap_mapping[$var]} + done + + configomat.sh "DOVECOT_" "/etc/dovecot/dovecot-ldap.conf.ext" - # @TODO: Environment Variables for DOVECOT ldap integration to configure for better control - notify 'inf' "Configuring dovecot LDAP authentification" - sed -i -e 's|^hosts.*|hosts = '${LDAP_SERVER_HOST:="mail.domain.com"}'|g' \ - -e 's|^base.*|base = '${LDAP_SEARCH_BASE:="ou=people,dc=domain,dc=com"}'|g' \ - -e 's|^dn\s*=.*|dn = '${LDAP_BIND_DN:="cn=admin,dc=domain,dc=com"}'|g' \ - -e 's|^dnpass\s*=.*|dnpass = '${LDAP_BIND_PW:="admin"}'|g' \ - /etc/dovecot/dovecot-ldap.conf.ext - # Add domainname to vhost. echo $DOMAINNAME >> /tmp/vhost.tmp @@ -630,7 +602,7 @@ EOF # cyrus sasl or dovecot sasl if [[ ${ENABLE_SASLAUTHD} == 1 ]] || [[ ${SMTP_ONLY} == 0 ]];then sed -i -e 's|^smtpd_sasl_auth_enable[[:space:]]\+.*|smtpd_sasl_auth_enable = yes|g' /etc/postfix/main.cf - else + else sed -i -e 's|^smtpd_sasl_auth_enable[[:space:]]\+.*|smtpd_sasl_auth_enable = no|g' /etc/postfix/main.cf fi @@ -668,7 +640,7 @@ EOF sed -i \ -e "/^[^#].*smtpd_sasl_type.*/s/^/#/g" \ -e "/^[^#].*smtpd_sasl_path.*/s/^/#/g" \ - etc/postfix/master.cf + /etc/postfix/master.cf sed -i \ -e "s|^START=.*|START=yes|g" \ @@ -735,6 +707,9 @@ function _setup_dkim() { chmod -R 0700 /etc/opendkim/keys/ else notify 'warn' "No DKIM key provided. Check the documentation to find how to get your keys." + + local _f_keytable="/etc/opendkim/KeyTable" + [ ! -f "$_f_keytable" ] && touch "$_f_keytable" fi } @@ -902,6 +877,16 @@ function _setup_postfix_override_configuration() { else notify 'inf' "No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' not provided." fi + if [ -f /tmp/docker-mailserver/postfix-master.cf ]; then + while read line; do + if [[ "$line" =~ ^[a-z] ]]; then + postconf -P "$line" + fi + done < /tmp/docker-mailserver/postfix-master.cf + notify 'inf' "Loaded 'config/postfix-master.cf'" + else + notify 'inf' "No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-master.cf' not provided." + fi } function _setup_postfix_sasl_password() { @@ -958,6 +943,7 @@ function _setup_security_stack() { SA_TAG=${SA_TAG:="2.0"} && sed -i -r 's/^\$sa_tag_level_deflt (.*);/\$sa_tag_level_deflt = '$SA_TAG';/g' /etc/amavis/conf.d/20-debian_defaults SA_TAG2=${SA_TAG2:="6.31"} && sed -i -r 's/^\$sa_tag2_level_deflt (.*);/\$sa_tag2_level_deflt = '$SA_TAG2';/g' /etc/amavis/conf.d/20-debian_defaults SA_KILL=${SA_KILL:="6.31"} && sed -i -r 's/^\$sa_kill_level_deflt (.*);/\$sa_kill_level_deflt = '$SA_KILL';/g' /etc/amavis/conf.d/20-debian_defaults + SA_SPAM_SUBJECT=${SA_SPAM_SUBJECT:="***SPAM*** "} && sed -i -r 's/^\$sa_spam_subject_tag (.*);/\$sa_spam_subject_tag = '"'$SA_SPAM_SUBJECT'"';/g' /etc/amavis/conf.d/20-debian_defaults test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/ fi diff --git a/test/config/postfix-master.cf b/test/config/postfix-master.cf new file mode 100644 index 00000000..a6c1d80d --- /dev/null +++ b/test/config/postfix-master.cf @@ -0,0 +1 @@ +submission/inet/smtpd_sasl_security_options=noanonymous diff --git a/test/tests.bats b/test/tests.bats index bf151aee..efde018a 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -341,7 +341,7 @@ load 'test_helper/bats-assert/load' run docker exec mail_smtponly /bin/sh -c 'grep -cE "to=.*status\=sent" /var/log/mail/mail.log' [ "$status" -ge 0 ] } - + # @@ -391,6 +391,11 @@ load 'test_helper/bats-assert/load' assert_success } +@test "checking postfix: master.cf overrides" { + run docker exec mail grep -q 'submission/inet/smtpd_sasl_security_options=noanonymous' /tmp/docker-mailserver/postfix-master.cf + assert_success +} + # # dovecot # @@ -424,6 +429,8 @@ load 'test_helper/bats-assert/load' assert_success run docker exec mail_pop3 /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" assert_success + run docker exec mail_pop3 /bin/sh -c "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= .\*\*\*SPAM\*\*\* .'" + assert_success } @test "checking spamassassin: docker env variables are set correctly (custom)" { @@ -433,6 +440,8 @@ load 'test_helper/bats-assert/load' assert_success run docker exec mail /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 3.0'" assert_success + run docker exec mail /bin/sh -c "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= .SPAM: .'" + assert_success } @test "checking spamassassin: all registered domains should see spam headers" { @@ -472,6 +481,12 @@ load 'test_helper/bats-assert/load' assert_output 2 } +@test "checking opendkim: /etc/opendkim/KeyTable dummy file generated without keys provided" { + run docker exec mail_smtponly_without_config /bin/bash -c "cat /etc/opendkim/KeyTable" + assert_success +} + + @test "checking opendkim: /etc/opendkim/keys/ should contain 2 entries" { run docker exec mail /bin/sh -c "ls -l /etc/opendkim/keys/ | grep '^d' | wc -l" assert_success @@ -1036,34 +1051,34 @@ load 'test_helper/bats-assert/load' } @test "checking postfix: ldap custom config files copied" { - run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-users.cf" + run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-users.cf" assert_success - run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-groups.cf" + run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-groups.cf" assert_success - run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-aliases.cf" + run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-aliases.cf" assert_success } @test "checking postfix: ldap config overwrites success" { - run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-users.cf" + run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-users.cf" assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf" + run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf" assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf" + run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf" assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-groups.cf" + run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-groups.cf" assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf" + run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf" assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf" + run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf" assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-aliases.cf" + run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-aliases.cf" assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf" + run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf" assert_success - run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf" + run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf" assert_success } @@ -1074,7 +1089,7 @@ load 'test_helper/bats-assert/load' } # This is ldap, so the mail directory gets set differently! -@test "checking dovecot: mail delivery works" { +@test "checking dovecot: ldap mail delivery works" { run docker exec mail_with_ldap /bin/sh -c "sendmail -f user@external.tld some.user@localhost.localdomain < /tmp/docker-mailserver-test/email-templates/test-email.txt" sleep 10 run docker exec mail_with_ldap /bin/sh -c "ls -A /var/mail/localhost.localdomain/some.user/new | wc -l" @@ -1082,6 +1097,15 @@ load 'test_helper/bats-assert/load' assert_output 1 } +@test "checking dovecot: ldap config overwrites success" { + run docker exec mail_with_ldap /bin/sh -c "grep 'hosts = ldap' /etc/dovecot/dovecot-ldap.conf.ext" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'base = ou=people,dc=localhost,dc=localdomain' /etc/dovecot/dovecot-ldap.conf.ext" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'dn = cn=admin,dc=localhost,dc=localdomain' /etc/dovecot/dovecot-ldap.conf.ext" + assert_success +} + # saslauthd @test "checking saslauthd: sasl ldap authentication works" { run docker exec mail_with_ldap bash -c "testsaslauthd -u some.user -p secret"