` subcommand ([#3455](https://github.com/docker-mailserver/docker-mailserver/pull/3455))
+- **Environment Variables:**
+ - `MARK_SPAM_AS_READ`. When set to `1`, marks incoming spam as "read" to avoid unwanted "new mail" notifications for junk mail ([#3489](https://github.com/docker-mailserver/docker-mailserver/pull/3489))
+ - `DMS_VMAIL_UID` and `DMS_VMAIL_GID` allow changing the default ID values (`5000:5000`) for the Dovecot vmail user and group ([#3550](https://github.com/docker-mailserver/docker-mailserver/pull/3550))
+ - `RSPAMD_CHECK_AUTHENTICATED` allows authenticated users to avoid additional security checks by Rspamd ([#3440](https://github.com/docker-mailserver/docker-mailserver/pull/3440))
+- **Documentation:**
+ - Use-case examples / tutorials:
+ - iOS mail push support ([#3513](https://github.com/docker-mailserver/docker-mailserver/pull/3513))
+ - Guide for setting up Dovecot Authentication via Lua ([#3579](https://github.com/docker-mailserver/docker-mailserver/pull/3579))
+ - Guide for integrating with the Crowdsec service ([#3651](https://github.com/docker-mailserver/docker-mailserver/pull/3651))
+ - Debugging page:
+ - New compatibility section ([#3404](https://github.com/docker-mailserver/docker-mailserver/pull/3404))
+ - Now advises how to (re)start DMS correctly ([#3654](https://github.com/docker-mailserver/docker-mailserver/pull/3654))
+ - Better communicate distinction between DMS FQDN and DMS mail accounts ([#3372](https://github.com/docker-mailserver/docker-mailserver/pull/3372))
+ - Traefik example now includes `passthrough=true` on implicit ports ([#3568](https://github.com/docker-mailserver/docker-mailserver/pull/3568))
+ - Rspamd docs have received a variety of revisions ([#3318](https://github.com/docker-mailserver/docker-mailserver/pull/3318), [#3325](https://github.com/docker-mailserver/docker-mailserver/pull/3325), [#3329](https://github.com/docker-mailserver/docker-mailserver/pull/3329))
+ - IPv6 config examples with content tabs ([#3436](https://github.com/docker-mailserver/docker-mailserver/pull/3436))
+ - Mention [internet.nl](https://internet.nl/test-mail/) as another testing service ([#3445](https://github.com/docker-mailserver/docker-mailserver/pull/3445))
+ - `setup alias add ...` CLI help message now includes an example for aliasing to multiple recipients ([#3600](https://github.com/docker-mailserver/docker-mailserver/pull/3600))
+ - `SPAMASSASSIN_SPAM_TO_INBOX=1`, now emits a debug log to raise awareness that `SA_KILL` will be ignored ([#3360](https://github.com/docker-mailserver/docker-mailserver/pull/3360))
+ - `CLAMAV_MESSAGE_SIZE_LIMIT` now logs a warning when the value exceeds what ClamAV is capable of supporting (4GiB max scan size [#3332](https://github.com/docker-mailserver/docker-mailserver/pull/3332), 2GiB max file size [#3341](https://github.com/docker-mailserver/docker-mailserver/pull/3341))
+ - Added note to caution against changing `mydestination` in Postfix's `main.cf` ([#3316](https://github.com/docker-mailserver/docker-mailserver/pull/3316))
+- **Internal:**
+ - Added a wrapper to update Postfix configuration safely ([#3484](https://github.com/docker-mailserver/docker-mailserver/pull/3484), [#3503](https://github.com/docker-mailserver/docker-mailserver/pull/3503))
+ - Add debug group to `packages.sh` ([#3578](https://github.com/docker-mailserver/docker-mailserver/pull/3578))
+- **Tests:**
+ - Additional linting check for BASH syntax ([#3369](https://github.com/docker-mailserver/docker-mailserver/pull/3369))
+
+### Updates
+
+- **Misc:**
+ - Changed `setup config dkim` default key size to `2048` (`open-dkim`) ([#3508](https://github.com/docker-mailserver/docker-mailserver/pull/3508))
+- **Postfix:**
+ - Dropped special bits from `maildrop/` and `public/` directory permissions ([#3625](https://github.com/docker-mailserver/docker-mailserver/pull/3625))
+- **Rspamd:**
+ - Adjusted learning of ham ([#3334](https://github.com/docker-mailserver/docker-mailserver/pull/3334))
+ - Adjusted `antivirus.conf` ([#3331](https://github.com/docker-mailserver/docker-mailserver/pull/3331))
+ - `logrotate` setup + Rspamd log path + tests log helper fallback path ([#3576](https://github.com/docker-mailserver/docker-mailserver/pull/3576))
+ - Setup during container startup is now more resilient ([#3578](https://github.com/docker-mailserver/docker-mailserver/pull/3578))
+ - Changed DKIM default config location ([#3597](https://github.com/docker-mailserver/docker-mailserver/pull/3597))
+ - Removed the symlink for the `override.d/` directory in favor of using `cp`, integrated into the changedetector service, , added a `--force` option for the Rspamd DKIM management, and provided a dedicated helper script for common ENV variables ([#3599](https://github.com/docker-mailserver/docker-mailserver/pull/3599))
+ - Required permissions are now verified for DKIM private key files ([#3627](https://github.com/docker-mailserver/docker-mailserver/pull/3627))
+- **Documentation:**
+ - Documentation aligned to Compose v2 conventions, `docker-compose` command changed to `docker compose`, `docker-compose.yaml` to `compose.yaml` ([#3295](https://github.com/docker-mailserver/docker-mailserver/pull/3295))
+ - Restored missing edit button ([#3338](https://github.com/docker-mailserver/docker-mailserver/pull/3338))
+ - Complete rewrite of the IPv6 page ([#3244](https://github.com/docker-mailserver/docker-mailserver/pull/3244), [#3531](https://github.com/docker-mailserver/docker-mailserver/pull/3531))
+ - Complete rewrite of the "Update and Cleanup" maintenance page ([#3539](https://github.com/docker-mailserver/docker-mailserver/pull/3539), [#3583](https://github.com/docker-mailserver/docker-mailserver/pull/3583))
+ - Improved debugging page advice on working with logs ([#3626](https://github.com/docker-mailserver/docker-mailserver/pull/3626), [#3640](https://github.com/docker-mailserver/docker-mailserver/pull/3640))
+ - Clarified the default for ENV `FETCHMAIL_PARALLEL` ([#3603](https://github.com/docker-mailserver/docker-mailserver/pull/3603))
+ - Removed port 25 from FAQ entry for mail client ports supporting authenticated submission ([#3496](https://github.com/docker-mailserver/docker-mailserver/pull/3496))
+ - Updated home path in docs for Dovecot Sieve ([#3370](https://github.com/docker-mailserver/docker-mailserver/pull/3370), [#3650](https://github.com/docker-mailserver/docker-mailserver/pull/3650))
+ - Fixed path to `rspamd.log` ([#3585](https://github.com/docker-mailserver/docker-mailserver/pull/3585))
+ - "Optional Config" page now uses consistent lowercase convention for directory names ([#3629](https://github.com/docker-mailserver/docker-mailserver/pull/3629))
+ - `CONTRIBUTORS.md`: Removed redundant "All Contributors" section ([#3638](https://github.com/docker-mailserver/docker-mailserver/pull/3638))
+- **Internal:**
+ - LDAP config improvements (Removed implicit `ldap://` LDAP URI scheme fallback) ([#3522](https://github.com/docker-mailserver/docker-mailserver/pull/3522))
+ - Changed style conventions for internal scripts ([#3361](https://github.com/docker-mailserver/docker-mailserver/pull/3361), [#3364](https://github.com/docker-mailserver/docker-mailserver/pull/3364), [#3365](https://github.com/docker-mailserver/docker-mailserver/pull/3365), [#3366](https://github.com/docker-mailserver/docker-mailserver/pull/3366), [#3368](https://github.com/docker-mailserver/docker-mailserver/pull/3368), [#3464](https://github.com/docker-mailserver/docker-mailserver/pull/3464))
+- **CI / Automation:**
+ - `.gitattributes` now ensures files are committed with `eol=lf` ([#3527](https://github.com/docker-mailserver/docker-mailserver/pull/3527))
+ - Revised the GitHub issue bug report template ([#3317](https://github.com/docker-mailserver/docker-mailserver/pull/3317), [#3381](https://github.com/docker-mailserver/docker-mailserver/pull/3381), [#3435](https://github.com/docker-mailserver/docker-mailserver/pull/3435))
+ - Clarified that the issue tracker is not for personal support ([#3498](https://github.com/docker-mailserver/docker-mailserver/pull/3498), [#3502](https://github.com/docker-mailserver/docker-mailserver/pull/3502))
+ - Bumped versions of miscellaneous software (also shoutout to @dependabot) ([#3371](https://github.com/docker-mailserver/docker-mailserver/pull/3371), [#3584](https://github.com/docker-mailserver/docker-mailserver/pull/3584), [#3504](https://github.com/docker-mailserver/docker-mailserver/pull/3504), [#3516](https://github.com/docker-mailserver/docker-mailserver/pull/3516))
+- **Tests:**
+ - Refactored LDAP tests to current conventions ([#3483](https://github.com/docker-mailserver/docker-mailserver/pull/3483))
+ - Changed OpenLDAP image to `bitnami/openldap` ([#3494](https://github.com/docker-mailserver/docker-mailserver/pull/3494))
+ - Revised LDAP config + setup ([#3514](https://github.com/docker-mailserver/docker-mailserver/pull/3514))
+ - Added tests for the helper function `_add_to_or_update_postfix_main()` ([#3505](https://github.com/docker-mailserver/docker-mailserver/pull/3505))
+ - EditorConfig Checker lint now uses a mount path to `/check` instead of `/ci` ([#3655](https://github.com/docker-mailserver/docker-mailserver/pull/3655))
+
+### Fixed
+
+- **Security:**
+ - Fixed issue with concatenating `$dmarc_milter` and `$dkim_milter` in `main.cf` ([#3380](https://github.com/docker-mailserver/docker-mailserver/pull/3380))
+ - Fixed Rspamd DKIM signing for inbound emails ([#3439](https://github.com/docker-mailserver/docker-mailserver/pull/3439), [#3453](https://github.com/docker-mailserver/docker-mailserver/pull/3453))
+ - OpenDKIM key generation is no longer broken when Rspamd is also enabled ([#3535](https://github.com/docker-mailserver/docker-mailserver/pull/3535))
+- **Internal:**
+ - The "database" files (_for managing users and aliases_) now correctly filters within lookup query ([#3359](https://github.com/docker-mailserver/docker-mailserver/pull/3359))
+ - `_setup_spam_to_junk()` no longer registered when `SMTP_ONLY=1` ([#3385](https://github.com/docker-mailserver/docker-mailserver/pull/3385))
+ - Dovecot `fts_xapian` is now compiled from source to match the Dovecot package ABI ([#3373](https://github.com/docker-mailserver/docker-mailserver/pull/3373))
+- **CI:**
+ - Scheduled build now have the correct permissions to run successfully ([#3345](https://github.com/docker-mailserver/docker-mailserver/pull/3345))
+- **Documentation:**
+ - Miscellaneous spelling and wording improvements ([#3324](https://github.com/docker-mailserver/docker-mailserver/pull/3324), [#3330](https://github.com/docker-mailserver/docker-mailserver/pull/3330), [#3337](https://github.com/docker-mailserver/docker-mailserver/pull/3337), [#3339](https://github.com/docker-mailserver/docker-mailserver/pull/3339), [#3344](https://github.com/docker-mailserver/docker-mailserver/pull/3344), [#3367](https://github.com/docker-mailserver/docker-mailserver/pull/3367), [#3411](https://github.com/docker-mailserver/docker-mailserver/pull/3411), [#3443](https://github.com/docker-mailserver/docker-mailserver/pull/3443))
+- **Tests:**
+ - Run `pgrep` within the actual container ([#3553](https://github.com/docker-mailserver/docker-mailserver/pull/3553))
+ - `lmtp_ip.bats` improved partial failure output ([#3552](https://github.com/docker-mailserver/docker-mailserver/pull/3552))
+ - Improvements to LDIF test data ([#3506](https://github.com/docker-mailserver/docker-mailserver/pull/3506))
+ - Normalized for `.gitattributes` + improved `eclint` coverage ([#3566](https://github.com/docker-mailserver/docker-mailserver/pull/3566))
+ - Fixed ShellCheck linting for BATS tests ([#3347](https://github.com/docker-mailserver/docker-mailserver/pull/3347))
## [v12.1.0](https://github.com/docker-mailserver/docker-mailserver/releases/tag/v12.1.0)
@@ -38,7 +139,7 @@ All notable changes to this project will be documented in this file. The format
- add option to re-enable `reject_unknown_client_hostname` after #3248 ([#3255](https://github.com/docker-mailserver/docker-mailserver/pull/3255))
- add DKIM helper script ([#3286](https://github.com/docker-mailserver/docker-mailserver/pull/3286))
- make `policyd-spf` configurable ([#3246](https://github.com/docker-mailserver/docker-mailserver/pull/3246))
-- add 'log' command to setup for Fail2Ban ([#3299](https://github.com/docker-mailserver/docker-mailserver/pull/3299))
+- add 'log' command to set up for Fail2Ban ([#3299](https://github.com/docker-mailserver/docker-mailserver/pull/3299))
- `setup` command now expects accounts and aliases to be mutually exclusive ([#3270](https://github.com/docker-mailserver/docker-mailserver/pull/3270))
### Updated
diff --git a/VERSION b/VERSION
index 77903b35..02161ca8 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-12.1.0
+13.0.0
From 2c602299136fcac8a8fd02ada86039687e6ae18c Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
<41898282+github-actions[bot]@users.noreply.github.com>
Date: Sun, 26 Nov 2023 20:15:14 +0100
Subject: [PATCH 11/43] docs: updated `CONTRIBUTORS.md` (#3656)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
CONTRIBUTORS.md | 115 +++++++++++++++++++++++++-----------------------
1 file changed, 61 insertions(+), 54 deletions(-)
diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
index 893b9572..46e0523f 100644
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@@ -1180,6 +1180,13 @@ Thanks goes to these wonderful people ✨
jcalfee
+
+
+ 
+
+ mivek
+
+ |
@@ -1200,15 +1207,15 @@ Thanks goes to these wonderful people ✨
JiLleON
- |
+
+
jirislav
- |
-
+
@@ -1243,15 +1250,15 @@ Thanks goes to these wonderful people ✨
akkumar
- |
+
+
KCrawley
- |
-
+
@@ -1286,15 +1293,15 @@ Thanks goes to these wonderful people ✨
luke-
- |
+
+
LucidityCrash
- |
-
+
@@ -1329,15 +1336,15 @@ Thanks goes to these wonderful people ✨
michaeljensen
- |
+
+
exhuma
- |
-
+
@@ -1372,15 +1379,15 @@ Thanks goes to these wonderful people ✨
naveensrinivasan
- |
+
+
neuralp
- |
-
+
@@ -1415,15 +1422,15 @@ Thanks goes to these wonderful people ✨
OrvilleQ
- |
+
+
ovidiucp
- |
-
+
@@ -1458,15 +1465,15 @@ Thanks goes to these wonderful people ✨
romansey
- |
+
+
MightySCollins
- |
-
+
@@ -1501,15 +1508,15 @@ Thanks goes to these wonderful people ✨
shyim
- |
+
+
sjmudd
- |
-
+
@@ -1544,15 +1551,15 @@ Thanks goes to these wonderful people ✨
syl20bnr
- |
+
+
sylvaindumont
- |
-
+
@@ -1587,15 +1594,15 @@ Thanks goes to these wonderful people ✨
torus
- |
+
+
VictorKoenders
- |
-
+
@@ -1630,15 +1637,15 @@ Thanks goes to these wonderful people ✨
42wim
- |
+
+
ShiriNmi1520
- |
-
+
@@ -1673,15 +1680,15 @@ Thanks goes to these wonderful people ✨
brainkiller
- |
+
+
cternes
- |
-
+
@@ -1716,15 +1723,15 @@ Thanks goes to these wonderful people ✨
helmutundarnold
- |
+
+
hnws
- |
-
+
@@ -1759,15 +1766,15 @@ Thanks goes to these wonderful people ✨
paralax
- |
+
+
jpduyx
- |
-
+
@@ -1802,15 +1809,15 @@ Thanks goes to these wonderful people ✨
mchamplain
- |
+
+
millerjason
- |
-
+
@@ -1845,15 +1852,15 @@ Thanks goes to these wonderful people ✨
ontheair81
- |
+
+
pravynandas
- |
-
+
@@ -1888,15 +1895,15 @@ Thanks goes to these wonderful people ✨
schnippl0r
- |
+
+
smargold476
- |
-
+
@@ -1931,15 +1938,15 @@ Thanks goes to these wonderful people ✨
vivacarvajalito
- |
+
+
wligtenberg
- |
-
+
From 68a43eb4970f2ab7680ffa470a1d26e37fa375f0 Mon Sep 17 00:00:00 2001
From: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Date: Sun, 26 Nov 2023 21:44:47 +0100
Subject: [PATCH 12/43] ci: push `:edge` when `VERSION` is updated (#3662)
Previously, we did not run the workflow on push on `master` when a
release happened because the push on master is guarded by a check on
which files were changed.
With this change, I added `VERSION` to the list of files to consider
when updating `:edge`.
---
.github/workflows/default_on_push.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/default_on_push.yml b/.github/workflows/default_on_push.yml
index a5983989..20921984 100644
--- a/.github/workflows/default_on_push.yml
+++ b/.github/workflows/default_on_push.yml
@@ -11,6 +11,7 @@ on:
- .gitmodules
- Dockerfile
- setup.sh
+ - VERSION # also update :edge when a release happens
tags:
- '*.*.*'
From b037288e5ad20b11fab4f375eaf0fe51f2783cd9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Nov 2023 14:22:17 +0100
Subject: [PATCH 13/43] chore(deps): Bump anchore/scan-action from 3.3.6 to
3.3.7 (#3667)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/generic_vulnerability-scan.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/generic_vulnerability-scan.yml b/.github/workflows/generic_vulnerability-scan.yml
index b39cced8..cad2ac41 100644
--- a/.github/workflows/generic_vulnerability-scan.yml
+++ b/.github/workflows/generic_vulnerability-scan.yml
@@ -55,7 +55,7 @@ jobs:
provenance: false
- name: 'Run the Anchore Grype scan action'
- uses: anchore/scan-action@v3.3.6
+ uses: anchore/scan-action@v3.3.7
id: scan
with:
image: mailserver-testing:ci
From a11951e39801dac78628a5ad15d2bc15d4f24e7e Mon Sep 17 00:00:00 2001
From: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Date: Tue, 28 Nov 2023 10:33:29 +0100
Subject: [PATCH 14/43] hotfix: solve #3665 (#3669)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
---
CHANGELOG.md | 14 +++++++++++++-
docs/content/config/environment.md | 4 ++++
mailserver.env | 2 ++
target/rspamd/local.d/settings.conf | 2 +-
target/scripts/startup/setup.d/security/rspamd.sh | 2 +-
.../parallel/set1/spam_virus/rspamd_full.bats | 2 +-
6 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 71c9de3f..a8544b80 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,18 @@ All notable changes to this project will be documented in this file. The format
> **Note**: Changes and additions listed here are contained in the `:edge` image tag. These changes may not be as stable as released changes.
+## [v13.0.1](https://github.com/docker-mailserver/docker-mailserver/releases/tag/v13.0.1)
+
+This patch release fixes two bugs that Rspamd users encounter on `v13.0.0`. Big thanks to the those that helped to identify these issues!
+
+### Fixed
+
+- **Rspamd:**
+ - The check for correct permission on the private key when signing e-mails with DKIM was flawed. The result was that a false warning was emitted ([#3669](https://github.com/docker-mailserver/docker-mailserver/pull/3669))
+ - When [`RSPAMD_CHECK_AUTHENTICATED=0`][docs::env-rspamd-check-auth], DKIM signing for outbound e-mail was disabled, which is undesirable ([#3669](https://github.com/docker-mailserver/docker-mailserver/pull/3669)). **Make sure to check the documentation of [`RSPAMD_CHECK_AUTHENTICATED`][docs::env-rspamd-check-auth]**!
+
+[docs::env-rspamd-check-auth]: https://docker-mailserver.github.io/docker-mailserver/v13.0/config/environment/#rspamd_check_authenticated
+
## [v13.0.0](https://github.com/docker-mailserver/docker-mailserver/releases/tag/v13.0.0)
### Breaking
@@ -78,7 +90,7 @@ All notable changes to this project will be documented in this file. The format
- `logrotate` setup + Rspamd log path + tests log helper fallback path ([#3576](https://github.com/docker-mailserver/docker-mailserver/pull/3576))
- Setup during container startup is now more resilient ([#3578](https://github.com/docker-mailserver/docker-mailserver/pull/3578))
- Changed DKIM default config location ([#3597](https://github.com/docker-mailserver/docker-mailserver/pull/3597))
- - Removed the symlink for the `override.d/` directory in favor of using `cp`, integrated into the changedetector service, , added a `--force` option for the Rspamd DKIM management, and provided a dedicated helper script for common ENV variables ([#3599](https://github.com/docker-mailserver/docker-mailserver/pull/3599))
+ - Removed the symlink for the `override.d/` directory in favor of using `cp`, integrated into the changedetector service, added a `--force` option for the Rspamd DKIM management, and provided a dedicated helper script for common ENV variables ([#3599](https://github.com/docker-mailserver/docker-mailserver/pull/3599))
- Required permissions are now verified for DKIM private key files ([#3627](https://github.com/docker-mailserver/docker-mailserver/pull/3627))
- **Documentation:**
- Documentation aligned to Compose v2 conventions, `docker-compose` command changed to `docker compose`, `docker-compose.yaml` to `compose.yaml` ([#3295](https://github.com/docker-mailserver/docker-mailserver/pull/3295))
diff --git a/docs/content/config/environment.md b/docs/content/config/environment.md
index 284549f1..b8e257cc 100644
--- a/docs/content/config/environment.md
+++ b/docs/content/config/environment.md
@@ -366,6 +366,10 @@ The purpose of this setting is to opt-out of starting an internal Redis instance
This settings controls whether checks should be performed on emails coming from authenticated users (i.e. most likely outgoing emails). The default value is `0` in order to align better with SpamAssassin. **We recommend** reading through [the Rspamd documentation on scanning outbound emails][rspamd-scanning-outbound] though to decide for yourself whether you need and want this feature.
+!!! note "Not all checks and actions are disabled"
+
+ DKIM signing of e-mails will still happen.
+
- **0** => No checks will be performed for authenticated users
- 1 => All default checks will be performed for authenticated users
diff --git a/mailserver.env b/mailserver.env
index 957a632e..68786224 100644
--- a/mailserver.env
+++ b/mailserver.env
@@ -153,6 +153,8 @@ RSPAMD_LEARN=0
# is `0` in order to align better with SpamAssassin. We recommend reading
# through https://rspamd.com/doc/tutorials/scanning_outbound.html though to
# decide for yourself whether you need and want this feature.
+#
+# Note that DKIM signing of e-mails will still happen.
RSPAMD_CHECK_AUTHENTICATED=0
# Controls whether the Rspamd Greylisting module is enabled.
diff --git a/target/rspamd/local.d/settings.conf b/target/rspamd/local.d/settings.conf
index 4f635e74..10c4de88 100644
--- a/target/rspamd/local.d/settings.conf
+++ b/target/rspamd/local.d/settings.conf
@@ -6,7 +6,7 @@ authenticated {
priority = high;
authenticated = yes;
apply {
- groups_enabled = [];
+ groups_enabled = [dkim];
}
}
# DMS::SED_TAG::1::END
diff --git a/target/scripts/startup/setup.d/security/rspamd.sh b/target/scripts/startup/setup.d/security/rspamd.sh
index 239397e5..86786932 100644
--- a/target/scripts/startup/setup.d/security/rspamd.sh
+++ b/target/scripts/startup/setup.d/security/rspamd.sh
@@ -325,7 +325,7 @@ function __rspamd__check_dkim_permissions() {
__rspamd__log 'trace' "Checking DKIM file '${FILE}'"
# See https://serverfault.com/a/829314 for an explanation on `-exec false {} +`
# We additionally resolve symbolic links to check the permissions of the actual files
- if find "$(realpath -eL "${FILE}")" -user _rspamd -or -group _rspamd -or -perm -o=r -exec false {} +; then
+ if find "$(realpath -eL "${FILE}")" \( -user _rspamd -or -group _rspamd -or -perm -o=r \) -exec false {} +; then
__rspamd__log 'warn' "Rspamd DKIM private key file '${FILE}' does not appear to have correct permissions/ownership for Rspamd to use it"
else
__rspamd__log 'trace' "DKIM file '${FILE}' permissions and ownership appear correct"
diff --git a/test/tests/parallel/set1/spam_virus/rspamd_full.bats b/test/tests/parallel/set1/spam_virus/rspamd_full.bats
index 09d42d46..ba8a23f5 100644
--- a/test/tests/parallel/set1/spam_virus/rspamd_full.bats
+++ b/test/tests/parallel/set1/spam_virus/rspamd_full.bats
@@ -307,5 +307,5 @@ function teardown_file() { _default_teardown ; }
_run_in_container grep -E -A 6 'authenticated \{' "${MODULE_FILE}"
assert_success
assert_output --partial 'authenticated = yes;'
- assert_output --partial 'groups_enabled = [];'
+ assert_output --partial 'groups_enabled = [dkim];'
}
From 19e96b5131ba935a0e54e554c3f3a0e6fc66f3b4 Mon Sep 17 00:00:00 2001
From: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Date: Thu, 30 Nov 2023 10:21:26 +1300
Subject: [PATCH 15/43] fix: `update-check.sh` should query GH Releases (#3666)
* fix: Source `VERSION` from image ENV
Now CI builds triggered from tagged releases will always have the correct version. No need for manually updating a separate file.
* fix: Query latest GH release tag
Compare to the remote GH release tag published, rather than contents of a `VERSION` file.
`VERSION` file remains in source for now as prior releases still rely on it for an update notification.
* chore: Switch from `yq` to `jaq`
- Can more easily express a string subslice.
- Lighter weight: 9.3M vs 1.7M.
- Drawback, no YAML input/output support.
If `yq` is preferred, the `v` prefix could be removed via BASH easily enough.
* chore: Add entry to `CHANGELOG.md`
* ci: `VERSION` has no relevance to `:edge`
* docs: Update build guide + simplify `make build`
---------
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
---
.github/workflows/default_on_push.yml | 1 -
.github/workflows/generic_publish.yml | 7 +----
CHANGELOG.md | 2 ++
Dockerfile | 5 ++--
Makefile | 6 +----
.../examples/tutorials/docker-build.md | 27 ++++++++++++-------
target/scripts/build/packages.sh | 6 +++++
target/scripts/start-mailserver.sh | 2 +-
target/scripts/update-check.sh | 7 ++---
9 files changed, 35 insertions(+), 28 deletions(-)
diff --git a/.github/workflows/default_on_push.yml b/.github/workflows/default_on_push.yml
index 20921984..a5983989 100644
--- a/.github/workflows/default_on_push.yml
+++ b/.github/workflows/default_on_push.yml
@@ -11,7 +11,6 @@ on:
- .gitmodules
- Dockerfile
- setup.sh
- - VERSION # also update :edge when a release happens
tags:
- '*.*.*'
diff --git a/.github/workflows/generic_publish.yml b/.github/workflows/generic_publish.yml
index 0ed2fd3e..6df534ef 100644
--- a/.github/workflows/generic_publish.yml
+++ b/.github/workflows/generic_publish.yml
@@ -66,18 +66,13 @@ jobs:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- - name: 'Acquire the image version'
- id: get-version
- shell: bash
- run: echo "version=$(>"${GITHUB_OUTPUT}"
-
- name: 'Build and publish images'
uses: docker/build-push-action@v5.1.0
with:
context: .
build-args: |
+ DMS_RELEASE=${{ github.ref_type == 'tag' && github.ref_name || 'edge' }}
VCS_REVISION=${{ github.sha }}
- VCS_VERSION=${{ steps.get-version.outputs.version }}
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.prep.outputs.tags }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a8544b80..67aa3ec0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,8 @@ This patch release fixes two bugs that Rspamd users encounter on `v13.0.0`. Big
### Fixed
+- **Internal:**
+ - The update check service now queries the latest GH release for a version tag instead of a `VERSION` file from the repo.
- **Rspamd:**
- The check for correct permission on the private key when signing e-mails with DKIM was flawed. The result was that a false warning was emitted ([#3669](https://github.com/docker-mailserver/docker-mailserver/pull/3669))
- When [`RSPAMD_CHECK_AUTHENTICATED=0`][docs::env-rspamd-check-auth], DKIM signing for outbound e-mail was disabled, which is undesirable ([#3669](https://github.com/docker-mailserver/docker-mailserver/pull/3669)). **Make sure to check the documentation of [`RSPAMD_CHECK_AUTHENTICATED`][docs::env-rspamd-check-auth]**!
diff --git a/Dockerfile b/Dockerfile
index 5e12689d..0f19521a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -295,8 +295,8 @@ COPY target/scripts/startup/setup.d /usr/local/bin/setup.d
#
FROM stage-main AS stage-final
+ARG DMS_RELEASE=edge
ARG VCS_REVISION=unknown
-ARG VCS_VERSION=edge
WORKDIR /
EXPOSE 25 587 143 465 993 110 995 4190
@@ -327,4 +327,5 @@ LABEL org.opencontainers.image.source="https://github.com/docker-mailserver/dock
# ARG invalidates cache when it is used by a layer (implicitly affects RUN)
# Thus to maximize cache, keep these lines last:
LABEL org.opencontainers.image.revision=${VCS_REVISION}
-LABEL org.opencontainers.image.version=${VCS_VERSION}
+LABEL org.opencontainers.image.version=${DMS_RELEASE}
+ENV DMS_RELEASE=${DMS_RELEASE}
diff --git a/Makefile b/Makefile
index 5732cc07..0962c11a 100644
--- a/Makefile
+++ b/Makefile
@@ -18,11 +18,7 @@ BATS_PARALLEL_JOBS ?= 2
all: lint build generate-accounts tests clean
build: ALWAYS_RUN
- @ DOCKER_BUILDKIT=1 docker build \
- --tag $(IMAGE_NAME) \
- --build-arg VCS_VERSION=$(shell git rev-parse --short HEAD) \
- --build-arg VCS_REVISION=$(shell cat VERSION) \
- .
+ @ docker build --tag $(IMAGE_NAME) .
generate-accounts: ALWAYS_RUN
@ cp test/config/templates/postfix-accounts.cf test/config/postfix-accounts.cf
diff --git a/docs/content/examples/tutorials/docker-build.md b/docs/content/examples/tutorials/docker-build.md
index fc6d5c37..538da822 100644
--- a/docs/content/examples/tutorials/docker-build.md
+++ b/docs/content/examples/tutorials/docker-build.md
@@ -10,7 +10,7 @@ You'll need to retrieve the git submodules prior to building your own Docker ima
```sh
git submodule update --init --recursive
-docker build -t .
+docker build --tag .
```
Or, you can clone and retrieve the submodules in one command:
@@ -21,19 +21,26 @@ git clone --recurse-submodules https://github.com/docker-mailserver/docker-mails
### About Docker
-#### Version
+#### Minimum supported version
-We make use of build-features that require a recent version of Docker. Depending on your distribution, please have a look at [the official installation documentation for Docker](https://docs.docker.com/engine/install/) to get the latest version. Otherwise, you may encounter issues, for example with the `--link` flag for a [`#!dockerfile COPY`](https://docs.docker.com/engine/reference/builder/#copy) command.
+We make use of build features that require a recent version of Docker. v23.0 or newer is advised, but earlier releases may work.
-#### Environment
+- To get the latest version for your distribution, please have a look at [the official installation documentation for Docker](https://docs.docker.com/engine/install/).
+- If you are using a version of Docker prior to v23.0, you will need to enable BuildKit via the ENV [`DOCKER_BUILDKIT=1`](https://docs.docker.com/build/buildkit/#getting-started).
-If you are not using `make` to build the image, note that you will need to provide `DOCKER_BUILDKIT=1` to the `docker build` command for the build to succeed.
+#### Build Arguments (Optional)
-#### Build Arguments
+The `Dockerfile` includes several build [`ARG`][docker-docs::builder-arg] instructions that can be configured:
-The `Dockerfile` takes additional, so-called build arguments. These are
+- `DOVECOT_COMMUNITY_REPO`: Install Dovecot from the community repo instead of from Debian (default = 1)
+- `DMS_RELEASE`: The image version (default = edge)
+- `VCS_REVISION`: The git commit hash used for the build (default = unknown)
-1. `VCS_VERSION`: the image version (default = edge)
-2. `VCS_REVISION`: the image revision (default = unknown)
+!!! note
-When using `make` to build the image, these are filled with proper values. You can build the image without supplying these arguments just fine though.
+ - `DMS_RELEASE` (_when not `edge`_) will be used to check for updates from our GH releases page at runtime due to the default feature [`ENABLE_UPDATE_CHECK=1`][docs::env-update-check].
+ - Both `DMS_RELEASE` and `VCS_REVISION` are also used with `opencontainers` metadata [`LABEL`][docker-docs::builder-label] instructions.
+
+[docs::env-update-check]: https://docker-mailserver.github.io/docker-mailserver/latest/config/environment/#enable_update_check
+[docker-docs::builder-arg]: https://docs.docker.com/engine/reference/builder/#using-arg-variables
+[docker-docs::builder-label]: https://docs.docker.com/engine/reference/builder/#label
diff --git a/target/scripts/build/packages.sh b/target/scripts/build/packages.sh
index a025c3b4..97ebae04 100644
--- a/target/scripts/build/packages.sh
+++ b/target/scripts/build/packages.sh
@@ -205,6 +205,11 @@ function _install_getmail() {
apt-get "${QUIET}" autoremove
}
+function _install_utils() {
+ _log 'debug' 'Installing utils sourced from Github'
+ curl -sL https://github.com/01mf02/jaq/releases/latest/download/jaq-v1.2.0-x86_64-unknown-linux-musl -o /usr/bin/jaq && chmod +x /usr/bin/jaq
+}
+
function _remove_data_after_package_installations() {
_log 'debug' 'Deleting sensitive files (secrets)'
rm /etc/postsrsd.secret
@@ -228,5 +233,6 @@ _install_dovecot
_install_rspamd
_install_fail2ban
_install_getmail
+_install_utils
_remove_data_after_package_installations
_post_installation_steps
diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh
index f0f385f3..cc6c2244 100755
--- a/target/scripts/start-mailserver.sh
+++ b/target/scripts/start-mailserver.sh
@@ -120,7 +120,7 @@ function _register_functions() {
[[ ${SMTP_ONLY} -ne 1 ]] && _register_start_daemon '_start_daemon_dovecot'
- [[ ${ENABLE_UPDATE_CHECK} -eq 1 ]] && _register_start_daemon '_start_daemon_update_check'
+ [[ ${ENABLE_UPDATE_CHECK} -eq 1 ]] && [[ ${DMS_RELEASE} != 'edge' ]] && _register_start_daemon '_start_daemon_update_check'
# The order here matters: Since Rspamd is using Redis, Redis should be started before Rspamd.
[[ ${ENABLE_RSPAMD_REDIS} -eq 1 ]] && _register_start_daemon '_start_daemon_rspamd_redis'
diff --git a/target/scripts/update-check.sh b/target/scripts/update-check.sh
index 9010371f..c30594f4 100755
--- a/target/scripts/update-check.sh
+++ b/target/scripts/update-check.sh
@@ -3,8 +3,8 @@
# shellcheck source=./helpers/log.sh
source /usr/local/bin/helpers/log.sh
-VERSION=$(
Date: Thu, 30 Nov 2023 14:47:31 +1300
Subject: [PATCH 16/43] fix: Logging - Welcome should use `DMS_RELEASE` ENV
(#3676)
---
CHANGELOG.md | 10 ++++++++--
VERSION | 2 +-
target/scripts/start-mailserver.sh | 2 +-
3 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 67aa3ec0..f7fdb981 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,14 +6,20 @@ All notable changes to this project will be documented in this file. The format
> **Note**: Changes and additions listed here are contained in the `:edge` image tag. These changes may not be as stable as released changes.
+### Fixed
+
+- **Internal**:
+ - The container startup welcome log message now references `DMS_RELEASE` ([#3676](https://github.com/docker-mailserver/docker-mailserver/pull/3676))
+ - `VERSION` was incremented for prior releases to be notified of the v13.0.1 patch release ([#3676](https://github.com/docker-mailserver/docker-mailserver/pull/3676))
+
## [v13.0.1](https://github.com/docker-mailserver/docker-mailserver/releases/tag/v13.0.1)
-This patch release fixes two bugs that Rspamd users encounter on `v13.0.0`. Big thanks to the those that helped to identify these issues!
+This patch release fixes two bugs that Rspamd users encountered with the `v13.0.0` release. Big thanks to the those that helped to identify these issues! ❤️
### Fixed
- **Internal:**
- - The update check service now queries the latest GH release for a version tag instead of a `VERSION` file from the repo.
+ - The update check service now queries the latest GH release for a version tag (_instead of from a `VERSION` file at the GH repo_). This should provide more reliable update notifications ([#3666](https://github.com/docker-mailserver/docker-mailserver/pull/3666))
- **Rspamd:**
- The check for correct permission on the private key when signing e-mails with DKIM was flawed. The result was that a false warning was emitted ([#3669](https://github.com/docker-mailserver/docker-mailserver/pull/3669))
- When [`RSPAMD_CHECK_AUTHENTICATED=0`][docs::env-rspamd-check-auth], DKIM signing for outbound e-mail was disabled, which is undesirable ([#3669](https://github.com/docker-mailserver/docker-mailserver/pull/3669)). **Make sure to check the documentation of [`RSPAMD_CHECK_AUTHENTICATED`][docs::env-rspamd-check-auth]**!
diff --git a/VERSION b/VERSION
index 02161ca8..5cb7d856 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-13.0.0
+13.0.1
diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh
index cc6c2244..fa8214e1 100755
--- a/target/scripts/start-mailserver.sh
+++ b/target/scripts/start-mailserver.sh
@@ -153,7 +153,7 @@ function _register_functions() {
_early_supervisor_setup
_early_variables_setup
-_log 'info' "Welcome to docker-mailserver $(
Date: Sun, 3 Dec 2023 22:28:40 +0100
Subject: [PATCH 17/43] ci: add `run-local-instance` target to `Makefile`
(#3663)
---
CHANGELOG.md | 4 ++++
Makefile | 16 ++++++++++++++++
docs/content/contributing/tests.md | 4 ++++
3 files changed, 24 insertions(+)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f7fdb981..e6faa74a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,10 @@ All notable changes to this project will be documented in this file. The format
> **Note**: Changes and additions listed here are contained in the `:edge` image tag. These changes may not be as stable as released changes.
+### Added
+
+- command (`run-local-instance`) to test a version of DMS that was built locally to test changes
+
### Fixed
- **Internal**:
diff --git a/Makefile b/Makefile
index 0962c11a..37267d2c 100644
--- a/Makefile
+++ b/Makefile
@@ -32,6 +32,22 @@ clean: ALWAYS_RUN
-@ while read -r LINE; do [[ $${LINE} =~ test/.+ ]] && FILES+=("/mnt$${LINE#test}"); done < .gitignore ; \
docker run --rm -v "$(REPOSITORY_ROOT)/test/:/mnt" alpine ash -c "rm -rf $${FILES[@]}"
+run-local-instance: ALWAYS_RUN
+ bash -c 'sleep 8 ; ./setup.sh email add postmaster@example.test 123' &
+ docker run --rm --interactive --tty --name dms-test_example \
+ --env OVERRIDE_HOSTNAME=mail.example.test \
+ --env POSTFIX_INET_PROTOCOLS=ipv4 \
+ --env DOVECOT_INET_PROTOCOLS=ipv4 \
+ --env ENABLE_CLAMAV=0 \
+ --env ENABLE_AMAVIS=0 \
+ --env ENABLE_RSPAMD=0 \
+ --env ENABLE_OPENDKIM=0 \
+ --env ENABLE_OPENDMARC=0 \
+ --env ENABLE_POLICYD_SPF=0 \
+ --env ENABLE_SPAMASSASSIN=0 \
+ --env LOG_LEVEL=trace \
+ $(IMAGE_NAME)
+
# -----------------------------------------------
# --- Tests ------------------------------------
# -----------------------------------------------
diff --git a/docs/content/contributing/tests.md b/docs/content/contributing/tests.md
index 6f649529..8816a228 100644
--- a/docs/content/contributing/tests.md
+++ b/docs/content/contributing/tests.md
@@ -78,6 +78,10 @@ We use `make` to run commands.
When writing tests, ensure that parallel set tests still pass when run in parallel. You need to account for other tests running in parallel that may interfere with your own tests logic.
+!!! tip
+
+ You may use `make run-local-instance` to run a version of the image built locally to test and edit your changes in a running DMS instance.
+
### An Example
In this example, you've made a change to the Rspamd feature support (_or adjusted it's tests_). First verify no regressions have been introduced by running it's specific test file:
From 01689ab788022097e79d80979303e206a5d48f24 Mon Sep 17 00:00:00 2001
From: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Date: Mon, 4 Dec 2023 11:22:43 +1300
Subject: [PATCH 18/43] docs: Troubleshooting - Bare domain misconfiguration
(#3680)
---
CHANGELOG.md | 8 +++++++-
docs/content/config/debugging.md | 11 +++++++++++
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e6faa74a..8ecfbe55 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,7 +8,13 @@ All notable changes to this project will be documented in this file. The format
### Added
-- command (`run-local-instance`) to test a version of DMS that was built locally to test changes
+- **Tests:**
+ - You can now use `make run-local-instance` to run a DMS image that was built locally to test changes ([#3663](https://github.com/docker-mailserver/docker-mailserver/pull/3663))
+
+### Updates
+
+- **Documentation:**
+ - Raise awareness in the troubleshooting page for a common misconfiguration when deviating from our advice by using a bare domain ([#3680](https://github.com/docker-mailserver/docker-mailserver/pull/3680))
### Fixed
diff --git a/docs/content/config/debugging.md b/docs/content/config/debugging.md
index d1e29376..9c3bebb5 100644
--- a/docs/content/config/debugging.md
+++ b/docs/content/config/debugging.md
@@ -46,6 +46,15 @@ Some service providers block outbound traffic on port 25. Common hosting provide
These links may advise how the provider can unblock the port through additional services offered, or via a support ticket request.
+### Mail sent to DMS does not get delivered to user
+
+Common logs related to this are:
+
+- `warning: do not list domain domain.fr in BOTH mydestination and virtual_mailbox_domains`
+- `Recipient address rejected: User unknown in local recipient table`
+
+If your logs look like this, you likely have [assigned the same FQDN to the DMS `hostname` and your mail accounts][gh-issues::dms-fqdn-misconfigured] which is not supported by default. You can either adjust your DMS `hostname` or follow [this FAQ advice][docs::faq-bare-domain]
+
## Steps for Debugging DMS
1. **Increase log verbosity**: Very helpful for troubleshooting problems during container startup. Set the environment variable [`LOG_LEVEL`][docs-environment-log-level] to `debug` or `trace`.
@@ -109,12 +118,14 @@ This could be from outdated software, or running a system that isn't able to pro
[docs-environment-log-level]: ./environment.md#log_level
[docs-faq]: ../faq.md
+[docs::faq-bare-domain]: ../faq.md#can-i-use-a-nakedbare-domain-ie-no-hostname
[docs-ipv6]: ./advanced/ipv6.md
[docs-introduction]: ../introduction.md
[docs-rootless-portdriver]: ./security/fail2ban.md#running-inside-a-rootless-container
[docs-usage]: ../usage.md
[gh-issues]: https://github.com/docker-mailserver/docker-mailserver/issues
+[gh-issues::dms-fqdn-misconfigured]: https://github.com/docker-mailserver/docker-mailserver/issues/3679#issuecomment-1837609043
[gh-macos-support]: https://github.com/docker-mailserver/docker-mailserver/issues/3648#issuecomment-1822774080
[gh-discuss-roundcube-fail2ban]: https://github.com/orgs/docker-mailserver/discussions/3273#discussioncomment-5654603
From 7ce745a82dfcb92c1527cc21f4bb4d78d412a292 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 Dec 2023 21:32:49 +0100
Subject: [PATCH 19/43] chore(deps): Bump docker/metadata-action from 5.0.0 to
5.3.0 (#3683)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/generic_publish.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/generic_publish.yml b/.github/workflows/generic_publish.yml
index 6df534ef..36b44770 100644
--- a/.github/workflows/generic_publish.yml
+++ b/.github/workflows/generic_publish.yml
@@ -23,7 +23,7 @@ jobs:
- name: 'Prepare tags'
id: prep
- uses: docker/metadata-action@v5.0.0
+ uses: docker/metadata-action@v5.3.0
with:
images: |
${{ secrets.DOCKER_REPOSITORY }}
From 1ff8d57ea1bd2d318240be71d7da760784ea9969 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 Dec 2023 20:34:20 +0000
Subject: [PATCH 20/43] chore(deps): Bump anchore/scan-action from 3.3.7 to
3.3.8 (#3682)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/generic_vulnerability-scan.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/generic_vulnerability-scan.yml b/.github/workflows/generic_vulnerability-scan.yml
index cad2ac41..95245557 100644
--- a/.github/workflows/generic_vulnerability-scan.yml
+++ b/.github/workflows/generic_vulnerability-scan.yml
@@ -55,7 +55,7 @@ jobs:
provenance: false
- name: 'Run the Anchore Grype scan action'
- uses: anchore/scan-action@v3.3.7
+ uses: anchore/scan-action@v3.3.8
id: scan
with:
image: mailserver-testing:ci
From c75975d59e7cb4d8b25b67792c4b74b60b35545d Mon Sep 17 00:00:00 2001
From: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Date: Tue, 5 Dec 2023 17:16:39 +1300
Subject: [PATCH 21/43] chore: Postfix should integrate Dovecot at runtime
(#3681)
* chore: Better establish startup scope
* chore: Configure `main.cf` for Dovecot at runtime
---
CHANGELOG.md | 2 ++
target/postfix/main.cf | 6 ++--
target/scripts/helpers/aliases.sh | 1 +
target/scripts/start-mailserver.sh | 12 ++++----
target/scripts/startup/setup.d/postfix.sh | 30 +++++++++++++++----
.../startup/setup.d/security/spoofing.sh | 3 ++
6 files changed, 40 insertions(+), 14 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8ecfbe55..5d539271 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,8 @@ All notable changes to this project will be documented in this file. The format
- **Documentation:**
- Raise awareness in the troubleshooting page for a common misconfiguration when deviating from our advice by using a bare domain ([#3680](https://github.com/docker-mailserver/docker-mailserver/pull/3680))
+- **Internal:**
+ - Postfix configures `virtual_mailbox_maps` and `virtual_transport` during startup instead of using defaults (configured for Dovecot) via our `main.cf` ([#3681](https://github.com/docker-mailserver/docker-mailserver/pull/3681))
### Fixed
diff --git a/target/postfix/main.cf b/target/postfix/main.cf
index 405dc0fb..8c329c94 100644
--- a/target/postfix/main.cf
+++ b/target/postfix/main.cf
@@ -88,10 +88,10 @@ smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
-# Mail directory
-virtual_transport = lmtp:unix:/var/run/dovecot/lmtp
+# Postfix lookup tables for verifying valid users and managed mail domains:
+# Populated during startup in: scripts/helpers/postfix.sh
virtual_mailbox_domains = /etc/postfix/vhost
-virtual_mailbox_maps = texthash:/etc/postfix/vmailbox
+# Populated during startup in: scripts/helpers/aliases.sh
virtual_alias_maps = texthash:/etc/postfix/virtual
# Milters used by DKIM
diff --git a/target/scripts/helpers/aliases.sh b/target/scripts/helpers/aliases.sh
index 0890d994..04a56da3 100644
--- a/target/scripts/helpers/aliases.sh
+++ b/target/scripts/helpers/aliases.sh
@@ -23,6 +23,7 @@ function _handle_postfix_virtual_config() {
fi
}
+# TODO: Investigate why this file is always created, nothing seems to append only the cp below?
function _handle_postfix_regexp_config() {
: >/etc/postfix/regexp
diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh
index fa8214e1..aadac2b5 100755
--- a/target/scripts/start-mailserver.sh
+++ b/target/scripts/start-mailserver.sh
@@ -91,20 +91,22 @@ function _register_functions() {
_register_setup_function '_setup_dovecot_hostname'
_register_setup_function '_setup_postfix_early'
- _register_setup_function '_setup_fetchmail'
- _register_setup_function '_setup_fetchmail_parallel'
- # needs to come after _setup_postfix_early
+ # Dependent upon _setup_postfix_early first calling _create_aliases
+ # Due to conditional check for /etc/postfix/regexp
_register_setup_function '_setup_spoof_protection'
- _register_setup_function '_setup_getmail'
+ _register_setup_function '_setup_postfix_late'
if [[ ${ENABLE_SRS} -eq 1 ]]; then
_register_setup_function '_setup_SRS'
_register_start_daemon '_start_daemon_postsrsd'
fi
- _register_setup_function '_setup_postfix_late'
+ _register_setup_function '_setup_fetchmail'
+ _register_setup_function '_setup_fetchmail_parallel'
+ _register_setup_function '_setup_getmail'
+
_register_setup_function '_setup_logrotate'
_register_setup_function '_setup_mail_summary'
_register_setup_function '_setup_logwatch'
diff --git a/target/scripts/startup/setup.d/postfix.sh b/target/scripts/startup/setup.d/postfix.sh
index 0d7cb1ae..126a195c 100644
--- a/target/scripts/startup/setup.d/postfix.sh
+++ b/target/scripts/startup/setup.d/postfix.sh
@@ -30,18 +30,25 @@ mech_list: plain login
EOF
fi
+ # User has explicitly requested to disable SASL auth:
+ # TODO: Additive config by feature would be better. Should only enable SASL auth
+ # on submission(s) services in master.cf when SASLAuthd or Dovecot is enabled.
if [[ ${ENABLE_SASLAUTHD} -eq 0 ]] && [[ ${SMTP_ONLY} -eq 1 ]]; then
+ # Default for services (eg: Port 25); NOTE: This has since become the default:
sed -i -E \
's|^smtpd_sasl_auth_enable =.*|smtpd_sasl_auth_enable = no|g' \
/etc/postfix/main.cf
+ # Submission services that are explicitly enabled by default:
sed -i -E \
's|^ -o smtpd_sasl_auth_enable=.*| -o smtpd_sasl_auth_enable=no|g' \
/etc/postfix/master.cf
fi
+ # scripts/helpers/aliases.sh:_create_aliases()
__postfix__log 'trace' 'Setting up aliases'
_create_aliases
+ # scripts/helpers/postfix.sh:_create_postfix_vhost()
__postfix__log 'trace' 'Setting up Postfix vhost'
_create_postfix_vhost
@@ -63,6 +70,23 @@ EOF
's|^(dms_smtpd_sender_restrictions = .*)|\1, reject_unknown_client_hostname|' \
/etc/postfix/main.cf
fi
+
+ # Dovecot feature integration
+ # TODO: Alias SMTP_ONLY=0 to DOVECOT_ENABLED=1?
+ if [[ ${SMTP_ONLY} -ne 1 ]]; then
+ __postfix__log 'trace' 'Configuring Postfix with Dovecot integration'
+
+ # /etc/postfix/vmailbox is created by: scripts/helpers/accounts.sh:_create_accounts()
+ # This file config is for Postfix to verify a mail account exists before accepting
+ # mail arriving and delivering it to Dovecot over LMTP.
+ postconf 'virtual_mailbox_maps = texthash:/etc/postfix/vmailbox'
+ postconf 'virtual_transport = lmtp:unix:/var/run/dovecot/lmtp'
+ fi
+
+ if [[ -n ${POSTFIX_DAGENT} ]]; then
+ __postfix__log 'trace' "Changing virtual transport to '${POSTFIX_DAGENT}'"
+ postconf "virtual_transport = ${POSTFIX_DAGENT}"
+ fi
}
function _setup_postfix_late() {
@@ -80,12 +104,6 @@ function _setup_postfix_late() {
__postfix__log 'trace' 'Configuring relay host'
_setup_relayhost
- if [[ -n ${POSTFIX_DAGENT} ]]; then
- __postfix__log 'trace' "Changing virtual transport to '${POSTFIX_DAGENT}'"
- # Default value in main.cf should be 'lmtp:unix:/var/run/dovecot/lmtp'
- postconf "virtual_transport = ${POSTFIX_DAGENT}"
- fi
-
__postfix__setup_override_configuration
}
diff --git a/target/scripts/startup/setup.d/security/spoofing.sh b/target/scripts/startup/setup.d/security/spoofing.sh
index 7c38821d..ffefb279 100644
--- a/target/scripts/startup/setup.d/security/spoofing.sh
+++ b/target/scripts/startup/setup.d/security/spoofing.sh
@@ -11,6 +11,9 @@ function _setup_spoof_protection() {
postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap-senders.cf'
fi
else
+ # NOTE: This file is always created at startup, it potentially has content added.
+ # TODO: From section: "SPOOF_PROTECTION=1 handling for smtpd_sender_login_maps"
+ # https://github.com/docker-mailserver/docker-mailserver/issues/2819#issue-1402114383
if [[ -f /etc/postfix/regexp ]]; then
postconf 'smtpd_sender_login_maps = unionmap:{ texthash:/etc/postfix/virtual, hash:/etc/aliases, pcre:/etc/postfix/maps/sender_login_maps.pcre, pcre:/etc/postfix/regexp }'
else
From 908d38047ce4be6dd1e8ca5021d0bce86625a3c3 Mon Sep 17 00:00:00 2001
From: Casper
Date: Tue, 5 Dec 2023 21:42:30 +0100
Subject: [PATCH 22/43] scripts: add warning when update-check is enabled, but
no stable release image is used (#3684)
---
CHANGELOG.md | 1 +
target/scripts/start-mailserver.sh | 8 +++++++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5d539271..18ef5057 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ All notable changes to this project will be documented in this file. The format
- **Tests:**
- You can now use `make run-local-instance` to run a DMS image that was built locally to test changes ([#3663](https://github.com/docker-mailserver/docker-mailserver/pull/3663))
+- Log a warning when update-check is enabled, but no stable release image is used ([#3684](https://github.com/docker-mailserver/docker-mailserver/pull/3684))
### Updates
diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh
index aadac2b5..2129b74a 100755
--- a/target/scripts/start-mailserver.sh
+++ b/target/scripts/start-mailserver.sh
@@ -122,7 +122,13 @@ function _register_functions() {
[[ ${SMTP_ONLY} -ne 1 ]] && _register_start_daemon '_start_daemon_dovecot'
- [[ ${ENABLE_UPDATE_CHECK} -eq 1 ]] && [[ ${DMS_RELEASE} != 'edge' ]] && _register_start_daemon '_start_daemon_update_check'
+ if [[ ${ENABLE_UPDATE_CHECK} -eq 1 ]]; then
+ if [[ ${DMS_RELEASE} != 'edge' ]]; then
+ _register_start_daemon '_start_daemon_update_check'
+ else
+ _log 'warn' "ENABLE_UPDATE_CHECK=1 is configured, but image is not a stable release. Update-Check is disabled."
+ fi
+ fi
# The order here matters: Since Rspamd is using Redis, Redis should be started before Rspamd.
[[ ${ENABLE_RSPAMD_REDIS} -eq 1 ]] && _register_start_daemon '_start_daemon_rspamd_redis'
From 77917f5cc64b444db2a76def92161186db66670b Mon Sep 17 00:00:00 2001
From: Peter Adam
Date: Thu, 7 Dec 2023 23:45:02 +0100
Subject: [PATCH 23/43] scripts: Install arm64 rspamd from official repository
(#3686)
* scripts: Install rspamd from official repository instead of debian backports on arm64 architecture
* Remove unnecessary deb-src repository for rspamd
* Remove note about ARM64 rspamd version, update CHANGELOG.md
---------
Co-authored-by: Peter Adam
---
CHANGELOG.md | 2 ++
docs/content/config/security/rspamd.md | 4 ----
target/scripts/build/packages.sh | 23 ++++-------------------
3 files changed, 6 insertions(+), 23 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 18ef5057..10d2bb25 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -24,6 +24,8 @@ All notable changes to this project will be documented in this file. The format
- **Internal**:
- The container startup welcome log message now references `DMS_RELEASE` ([#3676](https://github.com/docker-mailserver/docker-mailserver/pull/3676))
- `VERSION` was incremented for prior releases to be notified of the v13.0.1 patch release ([#3676](https://github.com/docker-mailserver/docker-mailserver/pull/3676))
+- **Rspamd:**
+ - Switch to official arm64 packages to avoid segfaults ([#3686](https://github.com/docker-mailserver/docker-mailserver/pull/3686))
## [v13.0.1](https://github.com/docker-mailserver/docker-mailserver/releases/tag/v13.0.1)
diff --git a/docs/content/config/security/rspamd.md b/docs/content/config/security/rspamd.md
index 442e5e78..fe9bd5ea 100644
--- a/docs/content/config/security/rspamd.md
+++ b/docs/content/config/security/rspamd.md
@@ -8,10 +8,6 @@ Rspamd is a ["fast, free and open-source spam filtering system"][rspamd-homepage
If you want to have a look at the default configuration files for Rspamd that DMS packs, navigate to [`target/rspamd/` inside the repository][dms-default-configuration]. Please consult the [section "The Default Configuration"](#the-default-configuration) section down below for a written overview.
-!!! note "AMD64 vs ARM64"
-
- We are currently doing a best-effort installation of Rspamd for ARM64 (from the Debian backports repository for Debian 11). The current version difference as of 23rd Apr 2023: AMD64 is at version 3.5 | ARM64 is at version 3.4.
-
[rspamd-homepage]: https://rspamd.com/
[dms-default-configuration]: https://github.com/docker-mailserver/docker-mailserver/tree/master/target/rspamd
diff --git a/target/scripts/build/packages.sh b/target/scripts/build/packages.sh
index 97ebae04..ec468d41 100644
--- a/target/scripts/build/packages.sh
+++ b/target/scripts/build/packages.sh
@@ -130,29 +130,14 @@ function _install_dovecot() {
function _install_rspamd() {
_log 'trace' 'Adding Rspamd package signatures'
local DEB_FILE='/etc/apt/sources.list.d/rspamd.list'
- local RSPAMD_PACKAGE_NAME
- # We try getting the most recent version of Rspamd for aarch64 (from an official source, which
- # is the backports repository). The version for aarch64 is 3.2; the most recent version for amd64
- # that we get with the official PPA is 3.4.
- #
- # Not removing it later is fine as you have to explicitly opt into installing a backports package
- # which is not something you could be doing by accident.
- if [[ $(uname --machine) == 'aarch64' ]]; then
- echo '# Official Rspamd PPA does not support aarch64, so we use the Bullseye backports' >"${DEB_FILE}"
- echo 'deb [arch=arm64] http://deb.debian.org/debian bullseye-backports main' >>"${DEB_FILE}"
- RSPAMD_PACKAGE_NAME='rspamd/bullseye-backports'
- else
- curl -sSfL https://rspamd.com/apt-stable/gpg.key | gpg --dearmor >/etc/apt/trusted.gpg.d/rspamd.gpg
- local URL='[arch=amd64 signed-by=/etc/apt/trusted.gpg.d/rspamd.gpg] http://rspamd.com/apt-stable/ bullseye main'
- echo "deb ${URL}" >"${DEB_FILE}"
- echo "deb-src ${URL}" >>"${DEB_FILE}"
- RSPAMD_PACKAGE_NAME='rspamd'
- fi
+ curl -sSfL https://rspamd.com/apt-stable/gpg.key | gpg --dearmor >/etc/apt/trusted.gpg.d/rspamd.gpg
+ local URL='[signed-by=/etc/apt/trusted.gpg.d/rspamd.gpg] http://rspamd.com/apt-stable/ bullseye main'
+ echo "deb ${URL}" >"${DEB_FILE}"
_log 'debug' 'Installing Rspamd'
apt-get "${QUIET}" update
- apt-get "${QUIET}" --no-install-recommends install "${RSPAMD_PACKAGE_NAME}" 'redis-server'
+ apt-get "${QUIET}" --no-install-recommends install 'rspamd' 'redis-server'
}
function _install_fail2ban() {
From d3b4e94d0681b98ea6a7a955051c397cf19c0b88 Mon Sep 17 00:00:00 2001
From: Casper
Date: Fri, 8 Dec 2023 01:20:17 +0100
Subject: [PATCH 24/43] update-check: fix 'read' exit status (#3688)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
---
CHANGELOG.md | 1 +
target/scripts/update-check.sh | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 10d2bb25..3553804f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -24,6 +24,7 @@ All notable changes to this project will be documented in this file. The format
- **Internal**:
- The container startup welcome log message now references `DMS_RELEASE` ([#3676](https://github.com/docker-mailserver/docker-mailserver/pull/3676))
- `VERSION` was incremented for prior releases to be notified of the v13.0.1 patch release ([#3676](https://github.com/docker-mailserver/docker-mailserver/pull/3676))
+ - Update-check: fix 'read' exit status ([#3688](https://github.com/docker-mailserver/docker-mailserver/pull/3688))
- **Rspamd:**
- Switch to official arm64 packages to avoid segfaults ([#3686](https://github.com/docker-mailserver/docker-mailserver/pull/3686))
diff --git a/target/scripts/update-check.sh b/target/scripts/update-check.sh
index c30594f4..257fc37d 100755
--- a/target/scripts/update-check.sh
+++ b/target/scripts/update-check.sh
@@ -27,7 +27,7 @@ while true; do
# compare versions
if dpkg --compare-versions "${VERSION}" lt "${LATEST}"; then
# send mail notification to postmaster
- read -r -d '' MAIL << EOF
+ read -r -d '#' MAIL << EOF
Hello ${POSTMASTER_ADDRESS}!
There is a docker-mailserver update available on your host: $(hostname -f)
@@ -35,7 +35,7 @@ There is a docker-mailserver update available on your host: $(hostname -f)
Current version: ${VERSION}
Latest version: ${LATEST}
-Changelog: ${CHANGELOG_URL}
+Changelog: ${CHANGELOG_URL}#END
EOF
_log_with_date 'info' "Update available [ ${VERSION} --> ${LATEST} ]"
From bc9172fa74f7307b64b57e5c05ed740a3109ef86 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
<41898282+github-actions[bot]@users.noreply.github.com>
Date: Sun, 10 Dec 2023 21:08:19 +0100
Subject: [PATCH 25/43] docs: updated `CONTRIBUTORS.md` (#3691)
---
CONTRIBUTORS.md | 79 +++++++++++++++++++++++++++----------------------
1 file changed, 43 insertions(+), 36 deletions(-)
diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
index 46e0523f..860f5df1 100644
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@@ -1438,6 +1438,13 @@ Thanks goes to these wonderful people ✨
mrPjer
|
+
+
+ 
+
+ p3dda
+
+ |
@@ -1458,15 +1465,15 @@ Thanks goes to these wonderful people ✨
remoe
- |
+
+
romansey
- |
-
+
@@ -1501,15 +1508,15 @@ Thanks goes to these wonderful people ✨
3ap
- |
+
+
shyim
- |
-
+
@@ -1544,15 +1551,15 @@ Thanks goes to these wonderful people ✨
5ven
- |
+
+
syl20bnr
- |
-
+
@@ -1587,15 +1594,15 @@ Thanks goes to these wonderful people ✨
tweibert
- |
+
+
torus
- |
-
+
@@ -1630,15 +1637,15 @@ Thanks goes to these wonderful people ✨
vilisas
- |
+
+
42wim
- |
-
+
@@ -1673,15 +1680,15 @@ Thanks goes to these wonderful people ✨
awb99
- |
+
+
brainkiller
- |
-
+
@@ -1716,15 +1723,15 @@ Thanks goes to these wonderful people ✨
ghnp5
- |
+
+
helmutundarnold
- |
-
+
@@ -1759,15 +1766,15 @@ Thanks goes to these wonderful people ✨
jjtt
- |
+
+
paralax
- |
-
+
@@ -1802,15 +1809,15 @@ Thanks goes to these wonderful people ✨
matrixes
- |
+
+
mchamplain
- |
-
+
@@ -1845,15 +1852,15 @@ Thanks goes to these wonderful people ✨
olaf-mandel
- |
+
+
ontheair81
- |
-
+
@@ -1888,15 +1895,15 @@ Thanks goes to these wonderful people ✨
rriski
- |
+
+
schnippl0r
- |
-
+
@@ -1931,15 +1938,15 @@ Thanks goes to these wonderful people ✨
tamueller
- |
+
+
vivacarvajalito
- |
-
+
|
From 2f5dfed7261be9338cce74b4e5ed64763b7ef038 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Pl=C3=B6tz?=
Date: Sun, 10 Dec 2023 22:22:31 +0100
Subject: [PATCH 26/43] fix: Only set `virtual_mailbox_maps` to `texthash` when
using the `FILE` account provisioner (#3693)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: René Plötz
---
target/scripts/startup/setup.d/postfix.sh | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/target/scripts/startup/setup.d/postfix.sh b/target/scripts/startup/setup.d/postfix.sh
index 126a195c..58998376 100644
--- a/target/scripts/startup/setup.d/postfix.sh
+++ b/target/scripts/startup/setup.d/postfix.sh
@@ -79,7 +79,9 @@ EOF
# /etc/postfix/vmailbox is created by: scripts/helpers/accounts.sh:_create_accounts()
# This file config is for Postfix to verify a mail account exists before accepting
# mail arriving and delivering it to Dovecot over LMTP.
- postconf 'virtual_mailbox_maps = texthash:/etc/postfix/vmailbox'
+ if [[ ${ACCOUNT_PROVISIONER} == 'FILE' ]]; then
+ postconf 'virtual_mailbox_maps = texthash:/etc/postfix/vmailbox'
+ fi
postconf 'virtual_transport = lmtp:unix:/var/run/dovecot/lmtp'
fi
From bbed3f66081a838275c54ac32de5d3ceac4f49b1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Dec 2023 21:36:30 +0100
Subject: [PATCH 27/43] chore(deps): Bump actions/stale from 8 to 9 (#3696)
---
.github/workflows/handle_stalled.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/handle_stalled.yml b/.github/workflows/handle_stalled.yml
index 236dcec9..672286fe 100644
--- a/.github/workflows/handle_stalled.yml
+++ b/.github/workflows/handle_stalled.yml
@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Close stale issues
- uses: actions/stale@v8
+ uses: actions/stale@v9
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
days-before-stale: 20
From 98a4c13ca9c8340c38a2d9ae6aef5607d695a9d5 Mon Sep 17 00:00:00 2001
From: Casper
Date: Mon, 18 Dec 2023 12:26:28 +0100
Subject: [PATCH 28/43] Add ENV `ENABLE_IMAP` (#3703)
---
CHANGELOG.md | 5 ++-
docs/content/config/environment.md | 7 ++++-
mailserver.env | 10 ++++--
target/scripts/startup/setup.d/dovecot.sh | 38 ++++++++++++++---------
target/scripts/startup/variables-stack.sh | 1 +
5 files changed, 43 insertions(+), 18 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3553804f..339c92e0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,9 +8,12 @@ All notable changes to this project will be documented in this file. The format
### Added
+- **Dovecot:**
+ - ENV `ENABLE_IMAP` ([#3703](https://github.com/docker-mailserver/docker-mailserver/pull/3703))
- **Tests:**
- You can now use `make run-local-instance` to run a DMS image that was built locally to test changes ([#3663](https://github.com/docker-mailserver/docker-mailserver/pull/3663))
-- Log a warning when update-check is enabled, but no stable release image is used ([#3684](https://github.com/docker-mailserver/docker-mailserver/pull/3684))
+- **Internal**:
+ - Log a warning when update-check is enabled, but no stable release image is used ([#3684](https://github.com/docker-mailserver/docker-mailserver/pull/3684))
### Updates
diff --git a/docs/content/config/environment.md b/docs/content/config/environment.md
index b8e257cc..5ef3b968 100644
--- a/docs/content/config/environment.md
+++ b/docs/content/config/environment.md
@@ -131,9 +131,14 @@ Enabled `policyd-spf` in Postfix's configuration. You will likely want to set th
##### ENABLE_POP3
-- **empty** => POP3 service disabled
+- **0** => POP3 service disabled
- 1 => Enables POP3 service
+##### ENABLE_IMAP
+
+- 0 => Disabled
+- **1** => Enabled
+
##### ENABLE_CLAMAV
- **0** => ClamAV is disabled
diff --git a/mailserver.env b/mailserver.env
index 68786224..48b537bc 100644
--- a/mailserver.env
+++ b/mailserver.env
@@ -119,10 +119,16 @@ ENABLE_OPENDMARC=1
# - **1** => Enabled
ENABLE_POLICYD_SPF=1
-# 1 => Enables POP3 service
-# empty => disables POP3
+# Enables POP3 service
+# - **0** => Disabled
+# - 1 => Enabled
ENABLE_POP3=
+# Enables IMAP service
+# - 0 => Disabled
+# - **1** => Enabled
+ENABLE_IMAP=1
+
# Enables ClamAV, and anti-virus scanner.
# 1 => Enabled
# **0** => Disabled
diff --git a/target/scripts/startup/setup.d/dovecot.sh b/target/scripts/startup/setup.d/dovecot.sh
index 3eeda286..e46aca21 100644
--- a/target/scripts/startup/setup.d/dovecot.sh
+++ b/target/scripts/startup/setup.d/dovecot.sh
@@ -6,12 +6,10 @@ function _setup_dovecot() {
cp -a /usr/share/dovecot/protocols.d /etc/dovecot/
# disable pop3 (it will be eventually enabled later in the script, if requested)
mv /etc/dovecot/protocols.d/pop3d.protocol /etc/dovecot/protocols.d/pop3d.protocol.disab
+ # disable imap (it will be eventually enabled later in the script, if requested)
+ mv /etc/dovecot/protocols.d/imapd.protocol /etc/dovecot/protocols.d/imapd.protocol.disab
mv /etc/dovecot/protocols.d/managesieved.protocol /etc/dovecot/protocols.d/managesieved.protocol.disab
- sed -i -e 's|#ssl = yes|ssl = yes|g' /etc/dovecot/conf.d/10-master.conf
- sed -i -e 's|#port = 993|port = 993|g' /etc/dovecot/conf.d/10-master.conf
- sed -i -e 's|#port = 995|port = 995|g' /etc/dovecot/conf.d/10-master.conf
- sed -i -e 's|#ssl = yes|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
- sed -i 's|^postmaster_address = .*$|postmaster_address = '"${POSTMASTER_ADDRESS}"'|g' /etc/dovecot/conf.d/15-lda.conf
+ sedfile -i 's|^postmaster_address = .*$|postmaster_address = '"${POSTMASTER_ADDRESS}"'|g' /etc/dovecot/conf.d/15-lda.conf
if ! grep -q -E '^stats_writer_socket_path=' /etc/dovecot/dovecot.conf; then
printf '\n%s\n' 'stats_writer_socket_path=' >>/etc/dovecot/dovecot.conf
@@ -37,9 +35,21 @@ function _setup_dovecot() {
esac
+ if [[ ${ENABLE_POP3} -eq 1 || ${ENABLE_IMAP} -eq 1 ]]; then
+ sedfile -i -e 's|#ssl = yes|ssl = yes|g' /etc/dovecot/conf.d/10-master.conf
+ sedfile -i -e 's|#ssl = yes|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
+ fi
+
if [[ ${ENABLE_POP3} -eq 1 ]]; then
_log 'debug' 'Enabling POP3 services'
mv /etc/dovecot/protocols.d/pop3d.protocol.disab /etc/dovecot/protocols.d/pop3d.protocol
+ sedfile -i -e 's|#port = 995|port = 995|g' /etc/dovecot/conf.d/10-master.conf
+ fi
+
+ if [[ ${ENABLE_IMAP} -eq 1 ]]; then
+ _log 'debug' 'Enabling IMAP services'
+ mv /etc/dovecot/protocols.d/imapd.protocol.disab /etc/dovecot/protocols.d/imapd.protocol
+ sedfile -i -e 's|#port = 993|port = 993|g' /etc/dovecot/conf.d/10-master.conf
fi
[[ -f /tmp/docker-mailserver/dovecot.cf ]] && cp /tmp/docker-mailserver/dovecot.cf /etc/dovecot/local.conf
@@ -89,23 +99,23 @@ function _setup_dovecot_quota() {
# disable dovecot quota in docevot confs
if [[ -f /etc/dovecot/conf.d/90-quota.conf ]]; then
mv /etc/dovecot/conf.d/90-quota.conf /etc/dovecot/conf.d/90-quota.conf.disab
- sed -i \
+ sedfile -i \
"s|mail_plugins = \$mail_plugins quota|mail_plugins = \$mail_plugins|g" \
/etc/dovecot/conf.d/10-mail.conf
- sed -i \
+ sedfile -i \
"s|mail_plugins = \$mail_plugins imap_quota|mail_plugins = \$mail_plugins|g" \
/etc/dovecot/conf.d/20-imap.conf
fi
# disable quota policy check in postfix
- sed -i "s|check_policy_service inet:localhost:65265||g" /etc/postfix/main.cf
+ sedfile -i "s|check_policy_service inet:localhost:65265||g" /etc/postfix/main.cf
else
if [[ -f /etc/dovecot/conf.d/90-quota.conf.disab ]]; then
mv /etc/dovecot/conf.d/90-quota.conf.disab /etc/dovecot/conf.d/90-quota.conf
- sed -i \
+ sedfile -i \
"s|mail_plugins = \$mail_plugins|mail_plugins = \$mail_plugins quota|g" \
/etc/dovecot/conf.d/10-mail.conf
- sed -i \
+ sedfile -i \
"s|mail_plugins = \$mail_plugins|mail_plugins = \$mail_plugins imap_quota|g" \
/etc/dovecot/conf.d/20-imap.conf
fi
@@ -113,11 +123,11 @@ function _setup_dovecot_quota() {
local MESSAGE_SIZE_LIMIT_MB=$((POSTFIX_MESSAGE_SIZE_LIMIT / 1000000))
local MAILBOX_LIMIT_MB=$((POSTFIX_MAILBOX_SIZE_LIMIT / 1000000))
- sed -i \
+ sedfile -i \
"s|quota_max_mail_size =.*|quota_max_mail_size = ${MESSAGE_SIZE_LIMIT_MB}$([[ ${MESSAGE_SIZE_LIMIT_MB} -eq 0 ]] && echo "" || echo "M")|g" \
/etc/dovecot/conf.d/90-quota.conf
- sed -i \
+ sedfile -i \
"s|quota_rule = \*:storage=.*|quota_rule = *:storage=${MAILBOX_LIMIT_MB}$([[ ${MAILBOX_LIMIT_MB} -eq 0 ]] && echo "" || echo "M")|g" \
/etc/dovecot/conf.d/90-quota.conf
@@ -127,7 +137,7 @@ function _setup_dovecot_quota() {
fi
# enable quota policy check in postfix
- sed -i -E \
+ sedfile -i -E \
"s|(reject_unknown_recipient_domain)|\1, check_policy_service inet:localhost:65265|g" \
/etc/postfix/main.cf
fi
@@ -188,5 +198,5 @@ function _setup_dovecot_dhparam() {
function _setup_dovecot_hostname() {
_log 'debug' 'Applying hostname to Dovecot'
- sed -i "s|^#hostname =.*$|hostname = '${HOSTNAME}'|g" /etc/dovecot/conf.d/15-lda.conf
+ sedfile -i "s|^#hostname =.*$|hostname = '${HOSTNAME}'|g" /etc/dovecot/conf.d/15-lda.conf
}
diff --git a/target/scripts/startup/variables-stack.sh b/target/scripts/startup/variables-stack.sh
index 3b575f50..2660ce89 100644
--- a/target/scripts/startup/variables-stack.sh
+++ b/target/scripts/startup/variables-stack.sh
@@ -87,6 +87,7 @@ function __environment_variables_general_setup() {
VARS[ENABLE_OPENDMARC]="${ENABLE_OPENDMARC:=1}"
VARS[ENABLE_POLICYD_SPF]="${ENABLE_POLICYD_SPF:=1}"
VARS[ENABLE_POP3]="${ENABLE_POP3:=0}"
+ VARS[ENABLE_IMAP]="${ENABLE_IMAP:=1}"
VARS[ENABLE_POSTGREY]="${ENABLE_POSTGREY:=0}"
VARS[ENABLE_QUOTAS]="${ENABLE_QUOTAS:=1}"
VARS[ENABLE_RSPAMD]="${ENABLE_RSPAMD:=0}"
From 083e46408413c11e71f7e9ae299ae89874d8c35c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Dec 2023 14:05:37 +0100
Subject: [PATCH 29/43] chore(deps): Bump github/codeql-action from 2 to 3
(#3709)
---
.github/workflows/generic_vulnerability-scan.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/generic_vulnerability-scan.yml b/.github/workflows/generic_vulnerability-scan.yml
index 95245557..08b4fd29 100644
--- a/.github/workflows/generic_vulnerability-scan.yml
+++ b/.github/workflows/generic_vulnerability-scan.yml
@@ -62,6 +62,6 @@ jobs:
fail-build: false
- name: 'Upload vulnerability report'
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
From b9f7ff86dea6709f785be0bf900c2845f9e321ea Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Dec 2023 15:50:56 +0100
Subject: [PATCH 30/43] chore(deps): Bump docker/metadata-action from 5.3.0 to
5.4.0 (#3710)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.3.0 to 5.4.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5.3.0...v5.4.0)
---
updated-dependencies:
- dependency-name: docker/metadata-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/generic_publish.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/generic_publish.yml b/.github/workflows/generic_publish.yml
index 36b44770..b0a32b93 100644
--- a/.github/workflows/generic_publish.yml
+++ b/.github/workflows/generic_publish.yml
@@ -23,7 +23,7 @@ jobs:
- name: 'Prepare tags'
id: prep
- uses: docker/metadata-action@v5.3.0
+ uses: docker/metadata-action@v5.4.0
with:
images: |
${{ secrets.DOCKER_REPOSITORY }}
From 5015dc80b16f61e29cb9b496ceb6c6210de635a8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Dec 2023 00:16:38 +0100
Subject: [PATCH 31/43] chore(deps): Bump actions/upload-artifact from 3 to 4
(#3708)
---
.github/workflows/docs-preview-prepare.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/docs-preview-prepare.yml b/.github/workflows/docs-preview-prepare.yml
index befd4008..cee5562a 100644
--- a/.github/workflows/docs-preview-prepare.yml
+++ b/.github/workflows/docs-preview-prepare.yml
@@ -73,7 +73,7 @@ jobs:
tar --zstd -cf artifact.tar.zst pr.env ${{ env.BUILD_DIR }}
- name: 'Upload artifact for workflow transfer'
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@v4
with:
name: preview-build
path: artifact.tar.zst
From ee87291225f55feb4a4c96b2383c55827db54736 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Dec 2023 01:29:15 +0100
Subject: [PATCH 32/43] chore(deps): Bump dawidd6/action-download-artifact from
2 to 3 (#3707)
---
.github/workflows/docs-preview-deploy.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/docs-preview-deploy.yml b/.github/workflows/docs-preview-deploy.yml
index cac2ac64..93819efa 100644
--- a/.github/workflows/docs-preview-deploy.yml
+++ b/.github/workflows/docs-preview-deploy.yml
@@ -25,7 +25,7 @@ jobs:
# The official Github Action for downloading artifacts does not support multi-workflow
- name: 'Download build artifact'
- uses: dawidd6/action-download-artifact@v2
+ uses: dawidd6/action-download-artifact@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
run_id: ${{ github.event.workflow_run.id }}
From 5908d9f060b1c74d7f168a578d11869ff15f7ad4 Mon Sep 17 00:00:00 2001
From: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Date: Tue, 19 Dec 2023 14:33:38 +1300
Subject: [PATCH 33/43] tests(refactor): Dovecot quotas (#3068)
* chore: Extract out Dovecot Quota test cases into new test file
Test cases are just cut + paste, no logic changed there yet.
* chore: Rename test case descriptions
* chore: Use `setup ...` methods instead of direct calls
* chore: Adjust `_run_in_container_bash` to `_run_in_container`
Plus some additional bug fixes in the disabled test case
* tests(refactor): Revise ENV test cases for max mailbox and message sizes
* tests(refactor): Revise ENV test cases for mailbox and message limits v2
Removes the extra variables and filtering in favour of explicit values instead of matching for comparison.
- Easier at a glance to know what is actually expected.
- Additionally reworks the quota limit checks in other test cases. Using a different formatter for `doveadm` is easier to match the desired value (`Limit`).
* chore: Sync improvement from `tests.bats` master
---
NOTE: This PR has been merged to avoid additional maintenance burden without losing the improvements. It was not considered complete, but remaining tasks were not documented in the PR.
---
docs/content/config/environment.md | 8 +-
mailserver.env | 4 +-
target/bin/setquota | 6 +-
.../parallel/set1/dovecot/dovecot_quotas.bats | 246 ++++++++++++++++++
test/tests/serial/tests.bats | 193 --------------
5 files changed, 257 insertions(+), 200 deletions(-)
create mode 100644 test/tests/parallel/set1/dovecot/dovecot_quotas.bats
diff --git a/docs/content/config/environment.md b/docs/content/config/environment.md
index 5ef3b968..71807c87 100644
--- a/docs/content/config/environment.md
+++ b/docs/content/config/environment.md
@@ -228,9 +228,9 @@ Provide any valid URI. Examples:
- `lmtps:inet::` (secure lmtp with starttls)
- `lmtp::2003` (use kopano as mailstore)
-##### POSTFIX\_MAILBOX\_SIZE\_LIMIT
+##### POSTFIX_MAILBOX_SIZE_LIMIT
-Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default).
+Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default). Size is in bytes.
- **empty** => 0 (no limit)
@@ -241,9 +241,9 @@ Set the mailbox size limit for all users. If set to zero, the size will be unlim
See [mailbox quota][docs-accounts-quota].
-##### POSTFIX\_MESSAGE\_SIZE\_LIMIT
+##### POSTFIX_MESSAGE_SIZE_LIMIT
-Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!)
+Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!). Size is in bytes.
- **empty** => 10240000 (~10 MB)
diff --git a/mailserver.env b/mailserver.env
index 48b537bc..e84157a2 100644
--- a/mailserver.env
+++ b/mailserver.env
@@ -254,7 +254,7 @@ VIRUSMAILS_DELETE_DELAY=
# `lmtp::2003` (use kopano as mailstore)
POSTFIX_DAGENT=
-# Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default).
+# Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default). Size is in bytes.
#
# empty => 0
POSTFIX_MAILBOX_SIZE_LIMIT=
@@ -264,7 +264,7 @@ POSTFIX_MAILBOX_SIZE_LIMIT=
# 1 => Dovecot quota is enabled
ENABLE_QUOTAS=1
-# Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!)
+# Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!). Size is in bytes.
#
# empty => 10240000 (~10 MB)
POSTFIX_MESSAGE_SIZE_LIMIT=
diff --git a/target/bin/setquota b/target/bin/setquota
index 5b2bba41..039421b2 100755
--- a/target/bin/setquota
+++ b/target/bin/setquota
@@ -59,10 +59,14 @@ function _quota_request_if_missing() {
fi
}
+
+# Dovecot docs incorrectly refer to these units with names for SI types (base 10),
+# But then mentions they're actually treated as IEC type (base 2):
+# https://doc.dovecot.org/settings/types/#size
function _quota_unit_is_valid() {
if ! grep -qE "^([0-9]+(B|k|M|G|T)|0)\$" <<< "${QUOTA}"; then
__usage
- _exit_with_error 'Invalid quota format. e.g. 302M (B (byte), k (kilobyte), M (megabyte), G (gigabyte) or T (terabyte))'
+ _exit_with_error 'Invalid quota format. e.g. 302M (B (byte), k (kibibyte), M (mebibyte), G (gibibyte) or T (tebibyte))'
fi
}
diff --git a/test/tests/parallel/set1/dovecot/dovecot_quotas.bats b/test/tests/parallel/set1/dovecot/dovecot_quotas.bats
new file mode 100644
index 00000000..2c176235
--- /dev/null
+++ b/test/tests/parallel/set1/dovecot/dovecot_quotas.bats
@@ -0,0 +1,246 @@
+load "${REPOSITORY_ROOT}/test/helper/common"
+load "${REPOSITORY_ROOT}/test/helper/setup"
+
+# upstream default: 10 240 000
+# https://www.postfix.org/postconf.5.html#message_size_limit
+# > The maximal size in bytes of a message, including envelope information.
+# > The value cannot exceed LONG_MAX (typically, a 32-bit or 64-bit signed integer).
+# > Note: Be careful when making changes. Excessively small values will result in the loss of non-delivery notifications, when a bounce message size exceeds the local or remote MTA's message size limit.
+
+# upstream default: 51 200 000
+# https://www.postfix.org/postconf.5.html#mailbox_size_limit
+# > The maximal size of any local(8) individual mailbox or maildir file, or zero (no limit).
+# > In fact, this limits the size of any file that is written to upon local delivery, including files written by external commands that are executed by the local(8) delivery agent.
+# > The value cannot exceed LONG_MAX (typically, a 32-bit or 64-bit signed integer).
+# > This limit must not be smaller than the message size limit.
+
+# upstream default: 51 200 000
+# https://www.postfix.org/postconf.5.html#virtual_mailbox_limit
+# > The maximal size in bytes of an individual virtual(8) mailbox or maildir file, or zero (no limit).
+# > This parameter is specific to the virtual(8) delivery agent.
+# > It does not apply when mail is delivered with a different mail delivery program.
+
+BATS_TEST_NAME_PREFIX='[Dovecot Quotas] '
+CONTAINER_NAME='dms-test_dovecot-quotas'
+
+function setup_file() {
+ _init_with_defaults
+
+ local CONTAINER_ARGS_ENV_CUSTOM=(
+ --env ENABLE_QUOTAS=1
+ --env POSTFIX_MAILBOX_SIZE_LIMIT=4096000
+ --env POSTFIX_MESSAGE_SIZE_LIMIT=2048000
+ --env PERMIT_DOCKER=container
+ )
+ _common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
+}
+
+function teardown_file() { _default_teardown ; }
+
+@test 'should only support setting quota for a valid account' {
+ # Prepare
+ _add_mail_account_then_wait_until_ready 'quota_user@domain.tld'
+
+ # Actual tests
+ _run_in_container setup quota set quota_user 50M
+ assert_failure
+
+ _run_in_container setup quota set username@fulldomain 50M
+ assert_failure
+
+ _run_in_container setup quota set quota_user@domain.tld 50M
+ assert_success
+
+ # Cleanup
+ _run_in_container setup email del -y quota_user@domain.tld
+ assert_success
+}
+
+@test 'should only allow valid units as quota size' {
+ # Prepare
+ _add_mail_account_then_wait_until_ready 'quota_user@domain.tld'
+
+ # Actual tests
+ _run_in_container setup quota set quota_user@domain.tld 26GIGOTS
+ assert_failure
+ _run_in_container setup quota set quota_user@domain.tld 123
+ assert_failure
+ _run_in_container setup quota set quota_user@domain.tld M
+ assert_failure
+ _run_in_container setup quota set quota_user@domain.tld -60M
+ assert_failure
+
+
+ _run_in_container setup quota set quota_user@domain.tld 10B
+ assert_success
+ _run_in_container setup quota set quota_user@domain.tld 10k
+ assert_success
+ _run_in_container setup quota set quota_user@domain.tld 10M
+ assert_success
+ _run_in_container setup quota set quota_user@domain.tld 10G
+ assert_success
+ _run_in_container setup quota set quota_user@domain.tld 10T
+ assert_success
+
+ # Cleanup
+ _run_in_container setup email del -y quota_user@domain.tld
+ assert_success
+}
+
+@test 'should only support removing quota from a valid account' {
+ # Prepare
+ _add_mail_account_then_wait_until_ready 'quota_user@domain.tld'
+
+ # Actual tests
+ _run_in_container setup quota del uota_user@domain.tld
+ assert_failure
+ _run_in_container setup quota del quota_user
+ assert_failure
+ _run_in_container setup quota del dontknowyou@domain.tld
+ assert_failure
+
+ _run_in_container setup quota set quota_user@domain.tld 10T
+ assert_success
+ _run_in_container setup quota del quota_user@domain.tld
+ assert_success
+ _run_in_container grep -i 'quota_user@domain.tld' /tmp/docker-mailserver/dovecot-quotas.cf
+ assert_failure
+
+ # Cleanup
+ _run_in_container setup email del -y quota_user@domain.tld
+ assert_success
+}
+
+@test 'should not error when there is no quota to remove for an account' {
+ # Prepare
+ _add_mail_account_then_wait_until_ready 'quota_user@domain.tld'
+
+ # Actual tests
+ _run_in_container grep -i 'quota_user@domain.tld' /tmp/docker-mailserver/dovecot-quotas.cf
+ assert_failure
+
+ _run_in_container setup quota del quota_user@domain.tld
+ assert_success
+ _run_in_container setup quota del quota_user@domain.tld
+ assert_success
+
+ # Cleanup
+ _run_in_container setup email del -y quota_user@domain.tld
+ assert_success
+}
+
+@test 'should have configured Postfix to use the Dovecot quota-status service' {
+ _run_in_container postconf
+ assert_success
+ assert_output --partial 'check_policy_service inet:localhost:65265'
+}
+
+@test '(ENV POSTFIX_MAILBOX_SIZE_LIMIT) should be configured for both Postfix and Dovecot' {
+ _run_in_container postconf -h mailbox_size_limit
+ assert_output 4096000
+
+ # Dovecot mailbox is sized by `virtual_mailbox_size` from Postfix:
+ _run_in_container postconf -h virtual_mailbox_limit
+ assert_output 4096000
+
+ # Quota support:
+ _run_in_container doveconf -h plugin/quota_rule
+ # Global default storage limit quota for each mailbox 4 MiB:
+ assert_output '*:storage=4M'
+
+ # Sizes are equivalent - Bytes to MiB (rounded):
+ run numfmt --to=iec --format '%.0f' 4096000
+ assert_output '4M'
+}
+
+@test '(ENV POSTFIX_MESSAGE_SIZE_LIMIT) should be configured for both Postfix and Dovecot' {
+ _run_in_container postconf -h message_size_limit
+ assert_output 2048000
+
+ _run_in_container doveconf -h plugin/quota_max_mail_size
+ assert_output '2M'
+
+ # Sizes are equivalent - Bytes to MiB (rounded):
+ run numfmt --to=iec --format '%.0f' 2048000
+ assert_output '2M'
+}
+
+@test 'Deleting an mailbox account should also remove that account from dovecot-quotas.cf' {
+ _add_mail_account_then_wait_until_ready 'quserremoved@domain.tld'
+
+ _run_in_container setup quota set quserremoved@domain.tld 12M
+ assert_success
+
+ _run_in_container cat '/tmp/docker-mailserver/dovecot-quotas.cf'
+ assert_success
+ assert_output 'quserremoved@domain.tld:12M'
+
+ _run_in_container setup email del -y quserremoved@domain.tld
+ assert_success
+
+ _run_in_container cat /tmp/docker-mailserver/dovecot-quotas.cf
+ assert_success
+ refute_output --partial 'quserremoved@domain.tld:12M'
+}
+
+@test 'Dovecot should acknowledge quota configured for accounts' {
+ # sed -nE 's/.*STORAGE.*Limit=([0-9]+).*/\1/p' | numfmt --from-unit=1024 --to=iec --format '%.0f'
+ local CMD_GET_QUOTA="doveadm -f flow quota get -u 'user1@localhost.localdomain'"
+
+ # 4M == 4096 kiB (numfmt --to-unit=1024 --from=iec 4M)
+ _run_in_container_bash "${CMD_GET_QUOTA}"
+ assert_line --partial 'Type=STORAGE Value=0 Limit=4096'
+
+ # Setting a new limit for the user:
+ _run_in_container setup quota set 'user1@localhost.localdomain' 50M
+ assert_success
+ # 50M (50 * 1024^2) == 51200 kiB (numfmt --to-unit=1024 --from=iec 52428800)
+ run _repeat_until_success_or_timeout 20 _exec_in_container_bash "${CMD_GET_QUOTA} | grep -o 'Type=STORAGE Value=0 Limit=51200'"
+ assert_success
+
+ # Deleting quota resets it to default global quota limit (`plugin/quota_rule`):
+ _run_in_container setup quota del 'user1@localhost.localdomain'
+ assert_success
+ run _repeat_until_success_or_timeout 20 _exec_in_container_bash "${CMD_GET_QUOTA} | grep -o 'Type=STORAGE Value=0 Limit=4096'"
+ assert_success
+}
+
+@test 'should receive a warning mail from Dovecot when quota is exceeded' {
+ # skip 'disabled as it fails randomly: https://github.com/docker-mailserver/docker-mailserver/pull/2511'
+
+ # Prepare
+ _add_mail_account_then_wait_until_ready 'quotauser@otherdomain.tld'
+
+ # Actual tests
+ _run_in_container setup quota set quotauser@otherdomain.tld 10k
+ assert_success
+
+ # wait until quota has been updated
+ run _repeat_until_success_or_timeout 20 _exec_in_container_bash "doveadm -f flow quota get -u 'quotauser@otherdomain.tld' | grep -o 'Type=STORAGE Value=0 Limit=10'"
+ assert_success
+
+ # dovecot and postfix has been restarted
+ _wait_for_service postfix
+ _wait_for_service dovecot
+ sleep 10
+
+ # send some big emails
+ _send_email 'email-templates/quota-exceeded' '0.0.0.0 25'
+ _send_email 'email-templates/quota-exceeded' '0.0.0.0 25'
+ _send_email 'email-templates/quota-exceeded' '0.0.0.0 25'
+ # check for quota warn message existence
+ run _repeat_until_success_or_timeout 20 _exec_in_container grep -R 'Subject: quota warning' /var/mail/otherdomain.tld/quotauser/new/
+ assert_success
+
+ run _repeat_until_success_or_timeout 20 sh -c "docker logs ${CONTAINER_NAME} | grep 'Quota exceeded (mailbox for user is full)'"
+ assert_success
+
+ # ensure only the first big message and the warn message are present (other messages are rejected: mailbox is full)
+ _run_in_container sh -c 'ls /var/mail/otherdomain.tld/quotauser/new/ | wc -l'
+ assert_success
+ assert_output "2"
+
+ # Cleanup
+ _run_in_container setup email del -y quotauser@otherdomain.tld
+ assert_success
+}
diff --git a/test/tests/serial/tests.bats b/test/tests/serial/tests.bats
index 20ee0dd1..094454f0 100644
--- a/test/tests/serial/tests.bats
+++ b/test/tests/serial/tests.bats
@@ -17,7 +17,6 @@ function setup_file() {
local CONTAINER_ARGS_ENV_CUSTOM=(
--env ENABLE_AMAVIS=1
--env AMAVIS_LOGLEVEL=2
- --env ENABLE_QUOTAS=1
--env ENABLE_SRS=1
--env PERMIT_DOCKER=host
--env PFLOGSUMM_TRIGGER=logrotate
@@ -244,198 +243,6 @@ zip
EOF
}
-@test "quota: setquota user must be existing" {
- _add_mail_account_then_wait_until_ready 'quota_user@domain.tld'
-
- _run_in_container_bash "setquota quota_user 50M"
- assert_failure
- _run_in_container_bash "setquota quota_user@domain.tld 50M"
- assert_success
-
- _run_in_container_bash "setquota username@fulldomain 50M"
- assert_failure
-
- _run_in_container_bash "delmailuser -y quota_user@domain.tld"
- assert_success
-}
-
-@test "quota: setquota must be well formatted" {
- _add_mail_account_then_wait_until_ready 'quota_user@domain.tld'
-
- _run_in_container_bash "setquota quota_user@domain.tld 26GIGOTS"
- assert_failure
- _run_in_container_bash "setquota quota_user@domain.tld 123"
- assert_failure
- _run_in_container_bash "setquota quota_user@domain.tld M"
- assert_failure
- _run_in_container_bash "setquota quota_user@domain.tld -60M"
- assert_failure
-
-
- _run_in_container_bash "setquota quota_user@domain.tld 10B"
- assert_success
- _run_in_container_bash "setquota quota_user@domain.tld 10k"
- assert_success
- _run_in_container_bash "setquota quota_user@domain.tld 10M"
- assert_success
- _run_in_container_bash "setquota quota_user@domain.tld 10G"
- assert_success
- _run_in_container_bash "setquota quota_user@domain.tld 10T"
- assert_success
-
-
- _run_in_container_bash "delmailuser -y quota_user@domain.tld"
- assert_success
-}
-
-@test "quota: delquota user must be existing" {
- _add_mail_account_then_wait_until_ready 'quota_user@domain.tld'
-
- _run_in_container_bash "delquota uota_user@domain.tld"
- assert_failure
- _run_in_container_bash "delquota quota_user"
- assert_failure
- _run_in_container_bash "delquota dontknowyou@domain.tld"
- assert_failure
-
- _run_in_container_bash "setquota quota_user@domain.tld 10T"
- assert_success
- _run_in_container_bash "delquota quota_user@domain.tld"
- assert_success
- _run_in_container_bash "grep -i 'quota_user@domain.tld' /tmp/docker-mailserver/dovecot-quotas.cf"
- assert_failure
-
- _run_in_container_bash "delmailuser -y quota_user@domain.tld"
- assert_success
-}
-
-@test "quota: delquota allow when no quota for existing user" {
- _add_mail_account_then_wait_until_ready 'quota_user@domain.tld'
-
- _run_in_container_bash "grep -i 'quota_user@domain.tld' /tmp/docker-mailserver/dovecot-quotas.cf"
- assert_failure
-
- _run_in_container_bash "delquota quota_user@domain.tld"
- assert_success
- _run_in_container_bash "delquota quota_user@domain.tld"
- assert_success
-
- _run_in_container_bash "delmailuser -y quota_user@domain.tld"
- assert_success
-}
-
-@test "quota: dovecot quota present in postconf" {
- _run_in_container_bash "postconf | grep 'check_policy_service inet:localhost:65265'"
- assert_success
-}
-
-
-@test "quota: dovecot mailbox max size must be equal to postfix mailbox max size" {
- postfix_mailbox_size=$(_exec_in_container_bash "postconf | grep -Po '(?<=mailbox_size_limit = )[0-9]+'")
- run echo "${postfix_mailbox_size}"
- refute_output ""
-
- # dovecot relies on virtual_mailbox_size by default
- postfix_virtual_mailbox_size=$(_exec_in_container_bash "postconf | grep -Po '(?<=virtual_mailbox_limit = )[0-9]+'")
- assert_equal "${postfix_virtual_mailbox_size}" "${postfix_mailbox_size}"
-
- postfix_mailbox_size_mb=$(( postfix_mailbox_size / 1000000))
-
- dovecot_mailbox_size_mb=$(_exec_in_container_bash "doveconf | grep -oP '(?<=quota_rule \= \*\:storage=)[0-9]+'")
- run echo "${dovecot_mailbox_size_mb}"
- refute_output ""
-
- assert_equal "${postfix_mailbox_size_mb}" "${dovecot_mailbox_size_mb}"
-}
-
-
-@test "quota: dovecot message max size must be equal to postfix messsage max size" {
- postfix_message_size=$(_exec_in_container_bash "postconf | grep -Po '(?<=message_size_limit = )[0-9]+'")
- run echo "${postfix_message_size}"
- refute_output ""
-
- postfix_message_size_mb=$(( postfix_message_size / 1000000))
-
- dovecot_message_size_mb=$(_exec_in_container_bash "doveconf | grep -oP '(?<=quota_max_mail_size = )[0-9]+'")
- run echo "${dovecot_message_size_mb}"
- refute_output ""
-
- assert_equal "${postfix_message_size_mb}" "${dovecot_message_size_mb}"
-}
-
-@test "quota: quota directive is removed when mailbox is removed" {
- _add_mail_account_then_wait_until_ready 'quserremoved@domain.tld'
-
- _run_in_container_bash "setquota quserremoved@domain.tld 12M"
- assert_success
-
- _run_in_container_bash 'cat /tmp/docker-mailserver/dovecot-quotas.cf | grep -E "^quserremoved@domain.tld\:12M\$" | wc -l | grep 1'
- assert_success
-
- _run_in_container_bash "delmailuser -y quserremoved@domain.tld"
- assert_success
-
- _run_in_container_bash 'cat /tmp/docker-mailserver/dovecot-quotas.cf | grep -E "^quserremoved@domain.tld\:12M\$"'
- assert_failure
-}
-
-@test "quota: dovecot applies user quota" {
- _run_in_container_bash "doveadm quota get -u 'user1@localhost.localdomain' | grep 'User quota STORAGE'"
- assert_output --partial "- 0"
-
- _run_in_container_bash "setquota user1@localhost.localdomain 50M"
- assert_success
-
- # wait until quota has been updated
- run _repeat_until_success_or_timeout 20 _exec_in_container_bash 'doveadm quota get -u user1@localhost.localdomain | grep -oP "(User quota STORAGE\s+[0-9]+\s+)51200(.*)"'
- assert_success
-
- _run_in_container_bash "delquota user1@localhost.localdomain"
- assert_success
-
- # wait until quota has been updated
- run _repeat_until_success_or_timeout 20 _exec_in_container_bash 'doveadm quota get -u user1@localhost.localdomain | grep -oP "(User quota STORAGE\s+[0-9]+\s+)-(.*)"'
- assert_success
-}
-
-@test "quota: warn message received when quota exceeded" {
- skip 'disabled as it fails randomly: https://github.com/docker-mailserver/docker-mailserver/pull/2511'
-
- # create user
- _add_mail_account_then_wait_until_ready 'quotauser@otherdomain.tld'
- _run_in_container_bash 'setquota quotauser@otherdomain.tld 10k'
- assert_success
-
- # wait until quota has been updated
- run _repeat_until_success_or_timeout 20 _exec_in_container_bash 'doveadm quota get -u quotauser@otherdomain.tld | grep -oP \"(User quota STORAGE\s+[0-9]+\s+)10(.*)\"'
- assert_success
-
- # dovecot and postfix has been restarted
- _wait_for_service postfix
- _wait_for_service dovecot
- sleep 10
-
- # send some big emails
- _send_email 'email-templates/quota-exceeded' '0.0.0.0 25'
- _send_email 'email-templates/quota-exceeded' '0.0.0.0 25'
- _send_email 'email-templates/quota-exceeded' '0.0.0.0 25'
-
- # check for quota warn message existence
- run _repeat_until_success_or_timeout 20 _exec_in_container_bash 'grep \"Subject: quota warning\" /var/mail/otherdomain.tld/quotauser/new/ -R'
- assert_success
-
- run _repeat_until_success_or_timeout 20 sh -c "docker logs mail | grep 'Quota exceeded (mailbox for user is full)'"
- assert_success
-
- # ensure only the first big message and the warn message are present (other messages are rejected: mailbox is full)
- _run_in_container sh -c 'ls /var/mail/otherdomain.tld/quotauser/new/ | wc -l'
- assert_success
- assert_output "2"
-
- _run_in_container_bash "delmailuser -y quotauser@otherdomain.tld"
- assert_success
-}
-
#
# PERMIT_DOCKER mynetworks
#
From ca2c53dde714a5c4d64aebb6724cfb6d87352a54 Mon Sep 17 00:00:00 2001
From: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Date: Tue, 19 Dec 2023 14:41:07 +1300
Subject: [PATCH 34/43] ci: Avoiding linting `CONTRIBUTORS.yml` (#3705)
The file is managed by the `contributors.yml` workflow, no need for linting to be triggered on PRs for that change.
This should ideally skip the required check status for the lint workflow which cannot trigger implicitly for automated PRs. If this doesn't work the change should be reverted.
---
.github/workflows/linting.yml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
index bdde2d0f..1e93377f 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -2,6 +2,9 @@ name: Lint
on:
pull_request:
+ paths-ignore:
+ # Managed by workflow: contributors.yml
+ - CONTRIBUTORS.md
push:
branches: [ master ]
From 03052a65b87542ce714d1e58dca579907b534d39 Mon Sep 17 00:00:00 2001
From: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Date: Tue, 19 Dec 2023 18:59:59 +1300
Subject: [PATCH 35/43] ci: Allow lint workflow to be manually triggered
(#3714)
* ci: Allow lint workflow to be manually triggered
Without this a different event must occur to trigger the workflow, which is inconvenient for automated PRs.
---
.github/workflows/linting.yml | 6 +++---
CHANGELOG.md | 2 ++
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
index 1e93377f..d419e5ec 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -1,10 +1,10 @@
name: Lint
on:
+ # A workflow that creates a PR will not trigger this workflow,
+ # Providing a manual trigger as a workaround
+ workflow_dispatch:
pull_request:
- paths-ignore:
- # Managed by workflow: contributors.yml
- - CONTRIBUTORS.md
push:
branches: [ master ]
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 339c92e0..8b1331f1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -30,6 +30,8 @@ All notable changes to this project will be documented in this file. The format
- Update-check: fix 'read' exit status ([#3688](https://github.com/docker-mailserver/docker-mailserver/pull/3688))
- **Rspamd:**
- Switch to official arm64 packages to avoid segfaults ([#3686](https://github.com/docker-mailserver/docker-mailserver/pull/3686))
+- **CI / Automation:**
+ - The lint workflow can now be manually triggered by maintainers ([#3714]https://github.com/docker-mailserver/docker-mailserver/pull/3714)
## [v13.0.1](https://github.com/docker-mailserver/docker-mailserver/releases/tag/v13.0.1)
From 6a56c7e74936488626db973f1c586d888894fc82 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
<41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 19 Dec 2023 06:01:25 +0000
Subject: [PATCH 36/43] docs: update `CONTRIBUTORS.md` (#3704)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
CONTRIBUTORS.md | 50 ++++++++++++++++++++++++-------------------------
1 file changed, 25 insertions(+), 25 deletions(-)
diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
index 860f5df1..4103ad5f 100644
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@@ -442,6 +442,13 @@ Thanks goes to these wonderful people ✨
pbek
|
+
+
+ 
+
+ reneploetz
+
+ |
@@ -469,15 +476,15 @@ Thanks goes to these wonderful people ✨
Zehir
- |
+
+
guardiande
- |
-
+
@@ -512,15 +519,15 @@ Thanks goes to these wonderful people ✨
m-schmoock
- |
+
+
VanVan
- |
-
+
@@ -555,15 +562,15 @@ Thanks goes to these wonderful people ✨
ubenmackin
- |
+
+
craue
- |
-
+
@@ -598,15 +605,15 @@ Thanks goes to these wonderful people ✨
emazzotta
- |
+
+
fl42
- |
-
+
@@ -641,15 +648,15 @@ Thanks goes to these wonderful people ✨
millaguie
- |
+
+
jedateach
- |
-
+
@@ -684,15 +691,15 @@ Thanks goes to these wonderful people ✨
keslerm
- |
+
+
castorinop
- |
-
+
@@ -707,13 +714,6 @@ Thanks goes to these wonderful people ✨
Rillke
|
-
-
-
-
- reneploetz
-
- |
From 226ec847a4875e80c4ceff4c486f71a88176b897 Mon Sep 17 00:00:00 2001
From: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Date: Tue, 19 Dec 2023 21:35:16 +1300
Subject: [PATCH 37/43] ci: Remove `VERSION` from `Dockerfile` (#3711)
* ci: Remove `VERSION` from `Dockerfile`
This line was meant to be dropped with the switch to using the `DMS_RELEASE` ENV.
---
CHANGELOG.md | 1 +
Dockerfile | 2 --
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8b1331f1..37a7a123 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -27,6 +27,7 @@ All notable changes to this project will be documented in this file. The format
- **Internal**:
- The container startup welcome log message now references `DMS_RELEASE` ([#3676](https://github.com/docker-mailserver/docker-mailserver/pull/3676))
- `VERSION` was incremented for prior releases to be notified of the v13.0.1 patch release ([#3676](https://github.com/docker-mailserver/docker-mailserver/pull/3676))
+ - `VERSION` is no longer included in the image ([#3711](https://github.com/docker-mailserver/docker-mailserver/pull/3711))
- Update-check: fix 'read' exit status ([#3688](https://github.com/docker-mailserver/docker-mailserver/pull/3688))
- **Rspamd:**
- Switch to official arm64 packages to avoid segfaults ([#3686](https://github.com/docker-mailserver/docker-mailserver/pull/3686))
diff --git a/Dockerfile b/Dockerfile
index 0f19521a..4d0e3568 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -277,8 +277,6 @@ RUN <
Date: Wed, 20 Dec 2023 01:43:32 +0100
Subject: [PATCH 38/43] Remove sed statement (#3715)
---
CHANGELOG.md | 1 +
target/scripts/startup/setup.d/dovecot.sh | 3 ---
2 files changed, 1 insertion(+), 3 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 37a7a123..3fc60c05 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,7 @@ All notable changes to this project will be documented in this file. The format
- `VERSION` was incremented for prior releases to be notified of the v13.0.1 patch release ([#3676](https://github.com/docker-mailserver/docker-mailserver/pull/3676))
- `VERSION` is no longer included in the image ([#3711](https://github.com/docker-mailserver/docker-mailserver/pull/3711))
- Update-check: fix 'read' exit status ([#3688](https://github.com/docker-mailserver/docker-mailserver/pull/3688))
+ - `ENABLE_QUOTAS=0` no longer tries to remove non-existent config ([#3715](https://github.com/docker-mailserver/docker-mailserver/pull/3715))
- **Rspamd:**
- Switch to official arm64 packages to avoid segfaults ([#3686](https://github.com/docker-mailserver/docker-mailserver/pull/3686))
- **CI / Automation:**
diff --git a/target/scripts/startup/setup.d/dovecot.sh b/target/scripts/startup/setup.d/dovecot.sh
index e46aca21..8e7dcfe7 100644
--- a/target/scripts/startup/setup.d/dovecot.sh
+++ b/target/scripts/startup/setup.d/dovecot.sh
@@ -106,9 +106,6 @@ function _setup_dovecot_quota() {
"s|mail_plugins = \$mail_plugins imap_quota|mail_plugins = \$mail_plugins|g" \
/etc/dovecot/conf.d/20-imap.conf
fi
-
- # disable quota policy check in postfix
- sedfile -i "s|check_policy_service inet:localhost:65265||g" /etc/postfix/main.cf
else
if [[ -f /etc/dovecot/conf.d/90-quota.conf.disab ]]; then
mv /etc/dovecot/conf.d/90-quota.conf.disab /etc/dovecot/conf.d/90-quota.conf
From 72517d3f824859cb15a3ccc653ad8cc4bb1a4c32 Mon Sep 17 00:00:00 2001
From: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Date: Tue, 26 Dec 2023 09:53:32 +1300
Subject: [PATCH 39/43] docs: Debugging - Delivery failure from service
downtime (#3718)
* docs: Debugging - Delivery failure from service downtime
Services may be temporarily down, such as when restarted when certificates are updated due to the `check-for-changes.sh` service. This is another known source of intermittent delivery failures.
---
CHANGELOG.md | 3 ++-
docs/content/config/debugging.md | 3 +++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3fc60c05..7a260508 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,7 +18,8 @@ All notable changes to this project will be documented in this file. The format
### Updates
- **Documentation:**
- - Raise awareness in the troubleshooting page for a common misconfiguration when deviating from our advice by using a bare domain ([#3680](https://github.com/docker-mailserver/docker-mailserver/pull/3680))
+ - Debugging - Raise awareness in the troubleshooting page for a common misconfiguration when deviating from our advice by using a bare domain ([#3680](https://github.com/docker-mailserver/docker-mailserver/pull/3680))
+ - Debugging - Raise awareness of temporary downtime during certificate renewal that can cause a failure to deliver local mail ([#3718](https://github.com/docker-mailserver/docker-mailserver/pull/3718))
- **Internal:**
- Postfix configures `virtual_mailbox_maps` and `virtual_transport` during startup instead of using defaults (configured for Dovecot) via our `main.cf` ([#3681](https://github.com/docker-mailserver/docker-mailserver/pull/3681))
diff --git a/docs/content/config/debugging.md b/docs/content/config/debugging.md
index 9c3bebb5..d58430e1 100644
--- a/docs/content/config/debugging.md
+++ b/docs/content/config/debugging.md
@@ -55,6 +55,8 @@ Common logs related to this are:
If your logs look like this, you likely have [assigned the same FQDN to the DMS `hostname` and your mail accounts][gh-issues::dms-fqdn-misconfigured] which is not supported by default. You can either adjust your DMS `hostname` or follow [this FAQ advice][docs::faq-bare-domain]
+It is also possible that [DMS services are temporarily unavailable][gh-issues::dms-services-unavailable] when configuration changes are detected, producing the 2nd error. Certificate updates may be a less obvious trigger.
+
## Steps for Debugging DMS
1. **Increase log verbosity**: Very helpful for troubleshooting problems during container startup. Set the environment variable [`LOG_LEVEL`][docs-environment-log-level] to `debug` or `trace`.
@@ -126,6 +128,7 @@ This could be from outdated software, or running a system that isn't able to pro
[gh-issues]: https://github.com/docker-mailserver/docker-mailserver/issues
[gh-issues::dms-fqdn-misconfigured]: https://github.com/docker-mailserver/docker-mailserver/issues/3679#issuecomment-1837609043
+[gh-issues::dms-services-unavailable]: https://github.com/docker-mailserver/docker-mailserver/issues/3679#issuecomment-1848083358
[gh-macos-support]: https://github.com/docker-mailserver/docker-mailserver/issues/3648#issuecomment-1822774080
[gh-discuss-roundcube-fail2ban]: https://github.com/orgs/docker-mailserver/discussions/3273#discussioncomment-5654603
From 8392e3c1a8db660e6fd458b1bf426ab4736104c4 Mon Sep 17 00:00:00 2001
From: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Date: Fri, 29 Dec 2023 13:58:54 +0100
Subject: [PATCH 40/43] release: v13.1.0 (#3720)
Co-authored-by: Casper
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
---
CHANGELOG.md | 4 ++++
VERSION | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7a260508..32aaf78d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,8 @@ All notable changes to this project will be documented in this file. The format
> **Note**: Changes and additions listed here are contained in the `:edge` image tag. These changes may not be as stable as released changes.
+## [v13.1.0](https://github.com/docker-mailserver/docker-mailserver/releases/tag/v13.1.0)
+
### Added
- **Dovecot:**
@@ -22,6 +24,8 @@ All notable changes to this project will be documented in this file. The format
- Debugging - Raise awareness of temporary downtime during certificate renewal that can cause a failure to deliver local mail ([#3718](https://github.com/docker-mailserver/docker-mailserver/pull/3718))
- **Internal:**
- Postfix configures `virtual_mailbox_maps` and `virtual_transport` during startup instead of using defaults (configured for Dovecot) via our `main.cf` ([#3681](https://github.com/docker-mailserver/docker-mailserver/pull/3681))
+- **Rspamd:**
+ - Upgraded to version `3.7.5`. This was previously inconsistent between our AMD64 (`3.5`) and ARM64 (`3.4`) images ([#3686](https://github.com/docker-mailserver/docker-mailserver/pull/3686))
### Fixed
diff --git a/VERSION b/VERSION
index 5cb7d856..e6ba3513 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-13.0.1
+13.1.0
From 0889b0ff063a37b482113a684d934e4bd728a33c Mon Sep 17 00:00:00 2001
From: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Date: Sat, 30 Dec 2023 09:59:09 +1300
Subject: [PATCH 41/43] fix: `supervisor-app.conf` - Correct the log location
for `postgrey` (#3724)
* fix: `supervisor-app.conf` - Correct `postgrey` log location
Looks like this should have been like every other service and reference a log file(s) based on program name in the supervisor log directory.
* tests: Adjust log location for `postgrey_enabled.bats`
---
CHANGELOG.md | 1 +
target/supervisor/conf.d/supervisor-app.conf | 4 ++--
test/tests/parallel/set1/spam_virus/postgrey_enabled.bats | 2 +-
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 32aaf78d..f37fded4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -35,6 +35,7 @@ All notable changes to this project will be documented in this file. The format
- `VERSION` is no longer included in the image ([#3711](https://github.com/docker-mailserver/docker-mailserver/pull/3711))
- Update-check: fix 'read' exit status ([#3688](https://github.com/docker-mailserver/docker-mailserver/pull/3688))
- `ENABLE_QUOTAS=0` no longer tries to remove non-existent config ([#3715](https://github.com/docker-mailserver/docker-mailserver/pull/3715))
+ - The `postgrey` service now writes logs to the supervisor directory like all other services. Previously this was `/var/log/mail/mail.log` ([#3724](https://github.com/docker-mailserver/docker-mailserver/pull/3724))
- **Rspamd:**
- Switch to official arm64 packages to avoid segfaults ([#3686](https://github.com/docker-mailserver/docker-mailserver/pull/3686))
- **CI / Automation:**
diff --git a/target/supervisor/conf.d/supervisor-app.conf b/target/supervisor/conf.d/supervisor-app.conf
index 2dd8b917..431357d8 100644
--- a/target/supervisor/conf.d/supervisor-app.conf
+++ b/target/supervisor/conf.d/supervisor-app.conf
@@ -83,8 +83,8 @@ startsecs=0
stopwaitsecs=55
autostart=false
autorestart=true
-stdout_logfile=/var/log/mail/mail.log
-stderr_logfile=/var/log/mail/mail.log
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
command=/usr/sbin/postgrey --inet=127.0.0.1:10023 --syslog-facility=mail --delay="%(ENV_POSTGREY_DELAY)s" --max-age="%(ENV_POSTGREY_MAX_AGE)s" --auto-whitelist-clients="%(ENV_POSTGREY_AUTO_WHITELIST_CLIENTS)s" --greylist-text="%(ENV_POSTGREY_TEXT)s"
[program:amavis]
diff --git a/test/tests/parallel/set1/spam_virus/postgrey_enabled.bats b/test/tests/parallel/set1/spam_virus/postgrey_enabled.bats
index d877a1ce..e32210ca 100644
--- a/test/tests/parallel/set1/spam_virus/postgrey_enabled.bats
+++ b/test/tests/parallel/set1/spam_virus/postgrey_enabled.bats
@@ -123,7 +123,7 @@ function _should_have_log_entry() {
# Allow some extra time for logs to update to avoids a false-positive failure:
_run_until_success_or_timeout 10 _exec_in_container grep \
"${ACTION}, ${REASON}," \
- /var/log/mail/mail.log
+ /var/log/supervisor/postgrey.log
# Log entry matched should be for the expected triplet:
assert_output --partial "${TRIPLET}"
From 9e81517fe36d95597d3c8890f998bd7f9ea29aa7 Mon Sep 17 00:00:00 2001
From: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Date: Wed, 3 Jan 2024 01:17:54 +0100
Subject: [PATCH 42/43] tests: Use `swaks` instead of `nc` for sending mail
(#3732)
See associated `CHANGELOG.md` entry for details.
---------
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
---
.gitattributes | 6 +-
CHANGELOG.md | 7 ++
target/scripts/build/packages.sh | 2 +-
.../auth/added-imap-auth.txt | 0
.../auth/added-pop3-auth.txt | 0
test/{test-files => files}/auth/imap-auth.txt | 0
.../auth/imap-ldap-auth.txt | 0
test/{test-files => files}/auth/pop3-auth.txt | 0
.../emails/amavis/spam.txt} | 9 +-
.../emails/amavis/virus.txt} | 9 +-
.../auth/added-smtp-auth-spoofed-alias.txt | 9 --
.../emails}/auth/added-smtp-auth-spoofed.txt | 9 --
.../auth/ldap-smtp-auth-spoofed-alias.txt | 10 ---
...h-spoofed-sender-with-filter-exception.txt | 10 ---
.../emails}/auth/ldap-smtp-auth-spoofed.txt | 10 ---
.../emails/existing/added.txt} | 7 --
.../emails/existing/alias-external.txt} | 7 --
.../emails/existing/alias-local.txt} | 7 --
.../existing/alias-recipient-delimiter.txt} | 7 --
.../emails/existing/catchall-local.txt} | 7 --
.../existing/regexp-alias-external.txt} | 7 --
.../emails/existing/regexp-alias-local.txt} | 7 --
.../existing/user-and-cc-local-alias.txt} | 7 --
.../emails/existing/user1.txt} | 7 --
.../emails/nc_raw/dsn/authenticated.txt} | 0
.../emails/nc_raw/dsn/unauthenticated.txt} | 0
.../emails/nc_raw}/postscreen.txt | 0
.../emails/nc_raw}/smtp-only.txt | 0
.../emails}/non-existing-user.txt | 7 --
.../emails}/postgrey.txt | 7 --
test/files/emails/postscreen.txt | 5 ++
.../emails/privacy.txt} | 9 --
.../emails}/quota-exceeded.txt | 7 --
.../emails/rspamd/pass.txt} | 9 +-
.../emails/rspamd/spam-header.txt} | 7 --
.../emails/rspamd/spam.txt} | 7 --
.../emails/rspamd/virus.txt} | 7 --
.../emails/sendmail}/root-email.txt | 0
.../emails/sieve/pipe.txt} | 7 --
.../emails/sieve/spam-folder.txt} | 7 --
.../emails}/test-email.txt | 0
.../nc}/imap_special_use_folders.txt | 0
.../nc}/postgrey_whitelist.txt | 0
.../nc}/postgrey_whitelist_recipients.txt | 0
.../nc}/rspamd_imap_move_to_inbox.txt | 0
.../nc}/rspamd_imap_move_to_junk.txt | 0
.../ssl/custom-dhe-params.pem | 0
.../ssl/example.test/README.md | 0
.../ssl/example.test/cert.ecdsa.pem | 0
.../ssl/example.test/cert.rsa.pem | 0
.../ssl/example.test/key.ecdsa.pem | 0
.../ssl/example.test/key.rsa.pem | 0
.../ssl/example.test/testssl.txt | 0
.../ssl/example.test/traefik.md | 0
.../with_ca/ecdsa/ca-cert.ecdsa.pem | 0
.../with_ca/ecdsa/ca-key.ecdsa.pem | 0
.../example.test/with_ca/ecdsa/cert.ecdsa.pem | 0
.../example.test/with_ca/ecdsa/cert.rsa.pem | 0
.../with_ca/ecdsa/ecdsa.acme.json | 0
.../example.test/with_ca/ecdsa/key.ecdsa.pem | 0
.../example.test/with_ca/ecdsa/key.rsa.pem | 0
.../example.test/with_ca/ecdsa/rsa.acme.json | 0
.../with_ca/ecdsa/wildcard/cert.ecdsa.pem | 0
.../with_ca/ecdsa/wildcard/ecdsa.acme.json | 0
.../with_ca/ecdsa/wildcard/key.ecdsa.pem | 0
.../example.test/with_ca/rsa/ca-cert.rsa.pem | 0
.../example.test/with_ca/rsa/ca-key.rsa.pem | 0
.../example.test/with_ca/rsa/cert.ecdsa.pem | 0
.../ssl/example.test/with_ca/rsa/cert.rsa.pem | 0
.../example.test/with_ca/rsa/ecdsa.acme.json | 0
.../example.test/with_ca/rsa/key.ecdsa.pem | 0
.../ssl/example.test/with_ca/rsa/key.rsa.pem | 0
.../example.test/with_ca/rsa/rsa.acme.json | 0
.../with_ca/rsa/wildcard/cert.rsa.pem | 0
.../with_ca/rsa/wildcard/key.rsa.pem | 0
.../with_ca/rsa/wildcard/rsa.acme.json | 0
test/helper/common.bash | 14 +++
test/helper/sending.bash | 65 +++++++++-----
test/helper/setup.bash | 2 +-
.../auth/added-smtp-auth-login-wrong.txt | 4 -
.../test-files/auth/added-smtp-auth-login.txt | 4 -
.../auth/added-smtp-auth-plain-wrong.txt | 3 -
.../test-files/auth/added-smtp-auth-plain.txt | 3 -
test/test-files/auth/sasl-ldap-smtp-auth.txt | 5 --
.../test-files/auth/smtp-auth-login-wrong.txt | 4 -
test/test-files/auth/smtp-auth-login.txt | 4 -
.../test-files/auth/smtp-auth-plain-wrong.txt | 3 -
test/test-files/auth/smtp-auth-plain.txt | 3 -
.../email-templates/existing-user2.txt | 12 ---
.../email-templates/existing-user3.txt | 12 ---
test/test-files/email-templates/smtp-ehlo.txt | 2 -
.../parallel/set1/dovecot/dovecot_quotas.bats | 9 +-
.../parallel/set1/dovecot/dovecot_sieve.bats | 6 +-
.../set1/dovecot/mailbox_format_dbox.bats | 6 +-
.../set1/dovecot/special_use_folders.bats | 5 +-
.../parallel/set1/spam_virus/clamav.bats | 13 +--
.../disabled_clamav_spamassassin.bats | 4 +-
.../parallel/set1/spam_virus/fail2ban.bats | 13 ++-
.../set1/spam_virus/postgrey_enabled.bats | 37 +++-----
.../parallel/set1/spam_virus/postscreen.bats | 55 +++++-------
.../parallel/set1/spam_virus/rspamd_full.bats | 12 +--
.../set1/spam_virus/spam_junk_folder.bats | 2 +-
test/tests/parallel/set1/tls/dhparams.bats | 2 +-
test/tests/parallel/set1/tls/letsencrypt.bats | 4 +-
test/tests/parallel/set1/tls/manual.bats | 6 +-
test/tests/parallel/set2/tls_cipherlists.bats | 2 +-
.../container_configuration/hostname.bats | 2 +-
test/tests/parallel/set3/mta/dsn.bats | 20 +++--
test/tests/parallel/set3/mta/lmtp_ip.bats | 2 +-
test/tests/parallel/set3/mta/privacy.bats | 6 +-
.../parallel/set3/mta/smtp_delivery.bats | 88 +++++++++++--------
test/tests/parallel/set3/mta/smtponly.bats | 11 ++-
test/tests/serial/mail_pop3.bats | 6 +-
test/tests/serial/mail_with_imap.bats | 28 ++++--
test/tests/serial/mail_with_ldap.bats | 57 +++++++++---
test/tests/serial/permit_docker.bats | 10 +--
test/tests/serial/test_helper.bats | 8 +-
test/tests/serial/tests.bats | 31 ++++++-
test/tests/serial/vmail-id.bats | 2 +-
119 files changed, 355 insertions(+), 455 deletions(-)
rename test/{test-files => files}/auth/added-imap-auth.txt (100%)
rename test/{test-files => files}/auth/added-pop3-auth.txt (100%)
rename test/{test-files => files}/auth/imap-auth.txt (100%)
rename test/{test-files => files}/auth/imap-ldap-auth.txt (100%)
rename test/{test-files => files}/auth/pop3-auth.txt (100%)
rename test/{test-files/email-templates/amavis-spam.txt => files/emails/amavis/spam.txt} (63%)
rename test/{test-files/email-templates/amavis-virus.txt => files/emails/amavis/virus.txt} (83%)
rename test/{test-files => files/emails}/auth/added-smtp-auth-spoofed-alias.txt (52%)
rename test/{test-files => files/emails}/auth/added-smtp-auth-spoofed.txt (53%)
rename test/{test-files => files/emails}/auth/ldap-smtp-auth-spoofed-alias.txt (57%)
rename test/{test-files => files/emails}/auth/ldap-smtp-auth-spoofed-sender-with-filter-exception.txt (58%)
rename test/{test-files => files/emails}/auth/ldap-smtp-auth-spoofed.txt (53%)
rename test/{test-files/email-templates/existing-added.txt => files/emails/existing/added.txt} (67%)
rename test/{test-files/email-templates/existing-alias-external.txt => files/emails/existing/alias-external.txt} (68%)
rename test/{test-files/email-templates/existing-alias-local.txt => files/emails/existing/alias-local.txt} (68%)
rename test/{test-files/email-templates/existing-alias-recipient-delimiter.txt => files/emails/existing/alias-recipient-delimiter.txt} (70%)
rename test/{test-files/email-templates/existing-catchall-local.txt => files/emails/existing/catchall-local.txt} (68%)
rename test/{test-files/email-templates/existing-regexp-alias-external.txt => files/emails/existing/regexp-alias-external.txt} (68%)
rename test/{test-files/email-templates/existing-regexp-alias-local.txt => files/emails/existing/regexp-alias-local.txt} (68%)
rename test/{test-files/email-templates/existing-user-and-cc-local-alias.txt => files/emails/existing/user-and-cc-local-alias.txt} (73%)
rename test/{test-files/email-templates/existing-user1.txt => files/emails/existing/user1.txt} (67%)
rename test/{test-files/email-templates/dsn-authenticated.txt => files/emails/nc_raw/dsn/authenticated.txt} (100%)
rename test/{test-files/email-templates/dsn-unauthenticated.txt => files/emails/nc_raw/dsn/unauthenticated.txt} (100%)
rename test/{test-files/email-templates => files/emails/nc_raw}/postscreen.txt (100%)
rename test/{test-files/email-templates => files/emails/nc_raw}/smtp-only.txt (100%)
rename test/{test-files/email-templates => files/emails}/non-existing-user.txt (67%)
rename test/{test-files/email-templates => files/emails}/postgrey.txt (66%)
create mode 100644 test/files/emails/postscreen.txt
rename test/{test-files/email-templates/send-privacy-email.txt => files/emails/privacy.txt} (61%)
rename test/{test-files/email-templates => files/emails}/quota-exceeded.txt (98%)
rename test/{test-files/email-templates/rspamd-pass.txt => files/emails/rspamd/pass.txt} (57%)
rename test/{test-files/email-templates/rspamd-spam-header.txt => files/emails/rspamd/spam-header.txt} (70%)
rename test/{test-files/email-templates/rspamd-spam.txt => files/emails/rspamd/spam.txt} (70%)
rename test/{test-files/email-templates/rspamd-virus.txt => files/emails/rspamd/virus.txt} (70%)
rename test/{test-files/email-templates => files/emails/sendmail}/root-email.txt (100%)
rename test/{test-files/email-templates/sieve-pipe.txt => files/emails/sieve/pipe.txt} (67%)
rename test/{test-files/email-templates/sieve-spam-folder.txt => files/emails/sieve/spam-folder.txt} (64%)
rename test/{test-files/email-templates => files/emails}/test-email.txt (100%)
rename test/{test-files/nc_templates => files/nc}/imap_special_use_folders.txt (100%)
rename test/{test-files/nc_templates => files/nc}/postgrey_whitelist.txt (100%)
rename test/{test-files/nc_templates => files/nc}/postgrey_whitelist_recipients.txt (100%)
rename test/{test-files/nc_templates => files/nc}/rspamd_imap_move_to_inbox.txt (100%)
rename test/{test-files/nc_templates => files/nc}/rspamd_imap_move_to_junk.txt (100%)
rename test/{test-files => files}/ssl/custom-dhe-params.pem (100%)
rename test/{test-files => files}/ssl/example.test/README.md (100%)
rename test/{test-files => files}/ssl/example.test/cert.ecdsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/cert.rsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/key.ecdsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/key.rsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/testssl.txt (100%)
rename test/{test-files => files}/ssl/example.test/traefik.md (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/ecdsa/ca-cert.ecdsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/ecdsa/ca-key.ecdsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/ecdsa/cert.ecdsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/ecdsa/cert.rsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/ecdsa/ecdsa.acme.json (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/ecdsa/key.ecdsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/ecdsa/key.rsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/ecdsa/rsa.acme.json (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/ecdsa/wildcard/cert.ecdsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/ecdsa/wildcard/ecdsa.acme.json (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/ecdsa/wildcard/key.ecdsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/rsa/ca-cert.rsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/rsa/ca-key.rsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/rsa/cert.ecdsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/rsa/cert.rsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/rsa/ecdsa.acme.json (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/rsa/key.ecdsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/rsa/key.rsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/rsa/rsa.acme.json (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/rsa/wildcard/cert.rsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/rsa/wildcard/key.rsa.pem (100%)
rename test/{test-files => files}/ssl/example.test/with_ca/rsa/wildcard/rsa.acme.json (100%)
delete mode 100644 test/test-files/auth/added-smtp-auth-login-wrong.txt
delete mode 100644 test/test-files/auth/added-smtp-auth-login.txt
delete mode 100644 test/test-files/auth/added-smtp-auth-plain-wrong.txt
delete mode 100644 test/test-files/auth/added-smtp-auth-plain.txt
delete mode 100644 test/test-files/auth/sasl-ldap-smtp-auth.txt
delete mode 100644 test/test-files/auth/smtp-auth-login-wrong.txt
delete mode 100644 test/test-files/auth/smtp-auth-login.txt
delete mode 100644 test/test-files/auth/smtp-auth-plain-wrong.txt
delete mode 100644 test/test-files/auth/smtp-auth-plain.txt
delete mode 100644 test/test-files/email-templates/existing-user2.txt
delete mode 100644 test/test-files/email-templates/existing-user3.txt
delete mode 100644 test/test-files/email-templates/smtp-ehlo.txt
diff --git a/.gitattributes b/.gitattributes
index d3dba13d..869c153e 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -10,7 +10,7 @@
*.yml text
### Documentation (Project, Tests, Docs site)
*.md text
-### TLS certs (test/test-files/) + DHE params (target/shared/)
+### TLS certs (test/files/) + DHE params (target/shared/)
*.pem text
*.pem.sha512sum text
@@ -90,9 +90,9 @@ TrustedHosts text
whitelist_recipients text
## MISC
-### test/config/ + test/test-files/
+### test/config/ + test/files/
*.txt text
-### test/linting/ (.ecrc.json) + test/test-files/ (*.acme.json):
+### test/linting/ (.ecrc.json) + test/files/ (*.acme.json):
*.json text
#################################################
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f37fded4..eeeb843d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,13 @@ All notable changes to this project will be documented in this file. The format
> **Note**: Changes and additions listed here are contained in the `:edge` image tag. These changes may not be as stable as released changes.
+### Updates
+
+- The test suite now uses `swaks` instead of `nc`, which has multiple benefits ([#3732](https://github.com/docker-mailserver/docker-mailserver/pull/3732)):
+ - `swaks` handles pipelining correctly, hence we can now use `reject_unauth_pipelining` in Postfix's configuration.
+ - `swaks` provides better CLI options that make many files superflous.
+ - `swaks` can also replace `openssl s_client` and handles authentication on submission ports better.
+
## [v13.1.0](https://github.com/docker-mailserver/docker-mailserver/releases/tag/v13.1.0)
### Added
diff --git a/target/scripts/build/packages.sh b/target/scripts/build/packages.sh
index ec468d41..566d5441 100644
--- a/target/scripts/build/packages.sh
+++ b/target/scripts/build/packages.sh
@@ -80,7 +80,7 @@ function _install_packages() {
# `bind9-dnsutils` provides the `dig` command
# `iputils-ping` provides the `ping` command
DEBUG_PACKAGES=(
- bind9-dnsutils iputils-ping less nano
+ bind9-dnsutils iputils-ping less nano swaks
)
apt-get "${QUIET}" --no-install-recommends install \
diff --git a/test/test-files/auth/added-imap-auth.txt b/test/files/auth/added-imap-auth.txt
similarity index 100%
rename from test/test-files/auth/added-imap-auth.txt
rename to test/files/auth/added-imap-auth.txt
diff --git a/test/test-files/auth/added-pop3-auth.txt b/test/files/auth/added-pop3-auth.txt
similarity index 100%
rename from test/test-files/auth/added-pop3-auth.txt
rename to test/files/auth/added-pop3-auth.txt
diff --git a/test/test-files/auth/imap-auth.txt b/test/files/auth/imap-auth.txt
similarity index 100%
rename from test/test-files/auth/imap-auth.txt
rename to test/files/auth/imap-auth.txt
diff --git a/test/test-files/auth/imap-ldap-auth.txt b/test/files/auth/imap-ldap-auth.txt
similarity index 100%
rename from test/test-files/auth/imap-ldap-auth.txt
rename to test/files/auth/imap-ldap-auth.txt
diff --git a/test/test-files/auth/pop3-auth.txt b/test/files/auth/pop3-auth.txt
similarity index 100%
rename from test/test-files/auth/pop3-auth.txt
rename to test/files/auth/pop3-auth.txt
diff --git a/test/test-files/email-templates/amavis-spam.txt b/test/files/emails/amavis/spam.txt
similarity index 63%
rename from test/test-files/email-templates/amavis-spam.txt
rename to test/files/emails/amavis/spam.txt
index 66be1df3..e8d26138 100644
--- a/test/test-files/email-templates/amavis-spam.txt
+++ b/test/files/emails/amavis/spam.txt
@@ -1,13 +1,6 @@
-HELO mail.external.tld
-MAIL FROM: spam@external.tld
-RCPT TO: user1@localhost.localdomain
-DATA
From: Docker Mail Server
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
-Subject: Test Message amavis-spam.txt
+Subject: Test Message amavis/spam.txt
This is a test mail.
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
-
-.
-QUIT
diff --git a/test/test-files/email-templates/amavis-virus.txt b/test/files/emails/amavis/virus.txt
similarity index 83%
rename from test/test-files/email-templates/amavis-virus.txt
rename to test/files/emails/amavis/virus.txt
index 1343a07c..2c47dcad 100644
--- a/test/test-files/email-templates/amavis-virus.txt
+++ b/test/files/emails/amavis/virus.txt
@@ -1,11 +1,7 @@
-HELO mail.external.tld
-MAIL FROM: virus@external.tld
-RCPT TO: user1@localhost.localdomain
-DATA
From: Docker Mail Server
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
-Subject: Test Message amavis-virus.txt
+Subject: Test Message amavis/virus.txt
Content-type: multipart/mixed; boundary="emailboundary"
MIME-version: 1.0
@@ -27,6 +23,3 @@ ACAA/4EAAAAAZWljYXIuY29tUEsFBgAAAAABAAEANwAAAGsAAAAAAA==
--emailboundary--
-
-.
-QUIT
diff --git a/test/test-files/auth/added-smtp-auth-spoofed-alias.txt b/test/files/emails/auth/added-smtp-auth-spoofed-alias.txt
similarity index 52%
rename from test/test-files/auth/added-smtp-auth-spoofed-alias.txt
rename to test/files/emails/auth/added-smtp-auth-spoofed-alias.txt
index 48145183..eeb68ac8 100644
--- a/test/test-files/auth/added-smtp-auth-spoofed-alias.txt
+++ b/test/files/emails/auth/added-smtp-auth-spoofed-alias.txt
@@ -1,14 +1,5 @@
-EHLO mail
-AUTH LOGIN dXNlcjFAbG9jYWxob3N0LmxvY2FsZG9tYWlu
-bXlwYXNzd29yZA==
-MAIL FROM: alias1@localhost.localdomain
-RCPT TO: user1@localhost.localdomain
-DATA
From: user1_alias
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Test Message
This is a test mail.
-
-.
-QUIT
diff --git a/test/test-files/auth/added-smtp-auth-spoofed.txt b/test/files/emails/auth/added-smtp-auth-spoofed.txt
similarity index 53%
rename from test/test-files/auth/added-smtp-auth-spoofed.txt
rename to test/files/emails/auth/added-smtp-auth-spoofed.txt
index 279b6c0e..fd96d401 100644
--- a/test/test-files/auth/added-smtp-auth-spoofed.txt
+++ b/test/files/emails/auth/added-smtp-auth-spoofed.txt
@@ -1,14 +1,5 @@
-EHLO mail
-AUTH LOGIN YWRkZWRAbG9jYWxob3N0LmxvY2FsZG9tYWlu
-bXlwYXNzd29yZA==
-MAIL FROM: user2@localhost.localdomain
-RCPT TO: user1@localhost.localdomain
-DATA
From: Not_My_Business
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Test Message
This is a test mail.
-
-.
-QUIT
diff --git a/test/test-files/auth/ldap-smtp-auth-spoofed-alias.txt b/test/files/emails/auth/ldap-smtp-auth-spoofed-alias.txt
similarity index 57%
rename from test/test-files/auth/ldap-smtp-auth-spoofed-alias.txt
rename to test/files/emails/auth/ldap-smtp-auth-spoofed-alias.txt
index 007b0f99..7453675c 100644
--- a/test/test-files/auth/ldap-smtp-auth-spoofed-alias.txt
+++ b/test/files/emails/auth/ldap-smtp-auth-spoofed-alias.txt
@@ -1,15 +1,5 @@
-EHLO mail
-AUTH LOGIN
-c29tZS51c2VyQGxvY2FsaG9zdC5sb2NhbGRvbWFpbg==
-c2VjcmV0
-MAIL FROM: postmaster@localhost.localdomain
-RCPT TO: some.user@localhost.localdomain
-DATA
From: alias_address
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Test Message
This is a test mail from ldap-smtp-auth-spoofed-alias.txt
-
-.
-QUIT
diff --git a/test/test-files/auth/ldap-smtp-auth-spoofed-sender-with-filter-exception.txt b/test/files/emails/auth/ldap-smtp-auth-spoofed-sender-with-filter-exception.txt
similarity index 58%
rename from test/test-files/auth/ldap-smtp-auth-spoofed-sender-with-filter-exception.txt
rename to test/files/emails/auth/ldap-smtp-auth-spoofed-sender-with-filter-exception.txt
index bc0447af..3b500bf6 100644
--- a/test/test-files/auth/ldap-smtp-auth-spoofed-sender-with-filter-exception.txt
+++ b/test/files/emails/auth/ldap-smtp-auth-spoofed-sender-with-filter-exception.txt
@@ -1,15 +1,5 @@
-EHLO mail
-AUTH LOGIN
-c29tZS51c2VyLmVtYWlsQGxvY2FsaG9zdC5sb2NhbGRvbWFpbgo=
-c2VjcmV0
-MAIL FROM: randomspoofedaddress@localhost.localdomain
-RCPT TO: some.user@localhost.localdomain
-DATA
From: spoofed_address
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Test Message
This is a test mail from ldap-smtp-auth-spoofed-sender-with-filter-exception.txt
-
-.
-QUIT
diff --git a/test/test-files/auth/ldap-smtp-auth-spoofed.txt b/test/files/emails/auth/ldap-smtp-auth-spoofed.txt
similarity index 53%
rename from test/test-files/auth/ldap-smtp-auth-spoofed.txt
rename to test/files/emails/auth/ldap-smtp-auth-spoofed.txt
index cc0b164d..83193e17 100644
--- a/test/test-files/auth/ldap-smtp-auth-spoofed.txt
+++ b/test/files/emails/auth/ldap-smtp-auth-spoofed.txt
@@ -1,15 +1,5 @@
-EHLO mail
-AUTH LOGIN
-c29tZS51c2VyQGxvY2FsaG9zdC5sb2NhbGRvbWFpbg==
-c2VjcmV0
-MAIL FROM: ldap@localhost.localdomain
-RCPT TO: user1@localhost.localdomain
-DATA
From: forged_address
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Test Message
This is a test mail.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/existing-added.txt b/test/files/emails/existing/added.txt
similarity index 67%
rename from test/test-files/email-templates/existing-added.txt
rename to test/files/emails/existing/added.txt
index 320fa4d2..827b681f 100644
--- a/test/test-files/email-templates/existing-added.txt
+++ b/test/files/emails/existing/added.txt
@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: added@localhost.localdomain
-DATA
From: Docker Mail Server
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Test Message existing-added.txt
This is a test mail.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/existing-alias-external.txt b/test/files/emails/existing/alias-external.txt
similarity index 68%
rename from test/test-files/email-templates/existing-alias-external.txt
rename to test/files/emails/existing/alias-external.txt
index 61b1df3c..03f1af6c 100644
--- a/test/test-files/email-templates/existing-alias-external.txt
+++ b/test/files/emails/existing/alias-external.txt
@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: alias1@localhost.localdomain
-DATA
From: Docker Mail Server
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Test Message existing-alias-external.txt
This is a test mail.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/existing-alias-local.txt b/test/files/emails/existing/alias-local.txt
similarity index 68%
rename from test/test-files/email-templates/existing-alias-local.txt
rename to test/files/emails/existing/alias-local.txt
index c1bbc890..9b481a98 100644
--- a/test/test-files/email-templates/existing-alias-local.txt
+++ b/test/files/emails/existing/alias-local.txt
@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: alias2@localhost.localdomain
-DATA
From: Docker Mail Server
To: Existing Local Alias
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Test Message existing-alias-local.txt
This is a test mail.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/existing-alias-recipient-delimiter.txt b/test/files/emails/existing/alias-recipient-delimiter.txt
similarity index 70%
rename from test/test-files/email-templates/existing-alias-recipient-delimiter.txt
rename to test/files/emails/existing/alias-recipient-delimiter.txt
index 47b01397..07cb8d40 100644
--- a/test/test-files/email-templates/existing-alias-recipient-delimiter.txt
+++ b/test/files/emails/existing/alias-recipient-delimiter.txt
@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: alias1~test@localhost.localdomain
-DATA
From: Docker Mail Server
To: Existing Local Alias With Delimiter
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Test Message existing-alias-recipient-delimiter.txt
This is a test mail.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/existing-catchall-local.txt b/test/files/emails/existing/catchall-local.txt
similarity index 68%
rename from test/test-files/email-templates/existing-catchall-local.txt
rename to test/files/emails/existing/catchall-local.txt
index c80db170..ab3e1988 100644
--- a/test/test-files/email-templates/existing-catchall-local.txt
+++ b/test/files/emails/existing/catchall-local.txt
@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: wildcard@localdomain2.com
-DATA
From: Docker Mail Server
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Test Message existing-catchall-local.txt
This is a test mail.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/existing-regexp-alias-external.txt b/test/files/emails/existing/regexp-alias-external.txt
similarity index 68%
rename from test/test-files/email-templates/existing-regexp-alias-external.txt
rename to test/files/emails/existing/regexp-alias-external.txt
index 0e214db4..b50ac90f 100644
--- a/test/test-files/email-templates/existing-regexp-alias-external.txt
+++ b/test/files/emails/existing/regexp-alias-external.txt
@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: bounce-always@localhost.localdomain
-DATA
From: Docker Mail Server
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Test Message existing-regexp-alias-external.txt
This is a test mail.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/existing-regexp-alias-local.txt b/test/files/emails/existing/regexp-alias-local.txt
similarity index 68%
rename from test/test-files/email-templates/existing-regexp-alias-local.txt
rename to test/files/emails/existing/regexp-alias-local.txt
index 6af46e92..e45b7c6c 100644
--- a/test/test-files/email-templates/existing-regexp-alias-local.txt
+++ b/test/files/emails/existing/regexp-alias-local.txt
@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: test123@localhost.localdomain
-DATA
From: Docker Mail Server
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Test Message existing-regexp-alias-local.txt
This is a test mail.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/existing-user-and-cc-local-alias.txt b/test/files/emails/existing/user-and-cc-local-alias.txt
similarity index 73%
rename from test/test-files/email-templates/existing-user-and-cc-local-alias.txt
rename to test/files/emails/existing/user-and-cc-local-alias.txt
index 5fcb333b..37814f91 100644
--- a/test/test-files/email-templates/existing-user-and-cc-local-alias.txt
+++ b/test/files/emails/existing/user-and-cc-local-alias.txt
@@ -1,13 +1,6 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: user1@localhost.localdomain
-DATA
From: Docker Mail Server
To: Existing Local User
Cc: Existing Local Alias
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Test Message existing-user-and-cc-local-alias.txt
This is a test mail.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/existing-user1.txt b/test/files/emails/existing/user1.txt
similarity index 67%
rename from test/test-files/email-templates/existing-user1.txt
rename to test/files/emails/existing/user1.txt
index 5ab0333f..23d49dc9 100644
--- a/test/test-files/email-templates/existing-user1.txt
+++ b/test/files/emails/existing/user1.txt
@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: user1@localhost.localdomain
-DATA
From: Docker Mail Server
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Test Message existing-user1.txt
This is a test mail.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/dsn-authenticated.txt b/test/files/emails/nc_raw/dsn/authenticated.txt
similarity index 100%
rename from test/test-files/email-templates/dsn-authenticated.txt
rename to test/files/emails/nc_raw/dsn/authenticated.txt
diff --git a/test/test-files/email-templates/dsn-unauthenticated.txt b/test/files/emails/nc_raw/dsn/unauthenticated.txt
similarity index 100%
rename from test/test-files/email-templates/dsn-unauthenticated.txt
rename to test/files/emails/nc_raw/dsn/unauthenticated.txt
diff --git a/test/test-files/email-templates/postscreen.txt b/test/files/emails/nc_raw/postscreen.txt
similarity index 100%
rename from test/test-files/email-templates/postscreen.txt
rename to test/files/emails/nc_raw/postscreen.txt
diff --git a/test/test-files/email-templates/smtp-only.txt b/test/files/emails/nc_raw/smtp-only.txt
similarity index 100%
rename from test/test-files/email-templates/smtp-only.txt
rename to test/files/emails/nc_raw/smtp-only.txt
diff --git a/test/test-files/email-templates/non-existing-user.txt b/test/files/emails/non-existing-user.txt
similarity index 67%
rename from test/test-files/email-templates/non-existing-user.txt
rename to test/files/emails/non-existing-user.txt
index 406f6755..3d92470e 100644
--- a/test/test-files/email-templates/non-existing-user.txt
+++ b/test/files/emails/non-existing-user.txt
@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: nouser@localhost.localdomain
-DATA
From: Docker Mail Server
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Test Message non-existing-user.txt
This is a test mail.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/postgrey.txt b/test/files/emails/postgrey.txt
similarity index 66%
rename from test/test-files/email-templates/postgrey.txt
rename to test/files/emails/postgrey.txt
index 33a3b153..cdfe8f93 100644
--- a/test/test-files/email-templates/postgrey.txt
+++ b/test/files/emails/postgrey.txt
@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: user1@localhost.localdomain
-DATA
From: Docker Mail Server
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Postgrey Test Message
This is a test mail.
-
-.
-QUIT
diff --git a/test/files/emails/postscreen.txt b/test/files/emails/postscreen.txt
new file mode 100644
index 00000000..732ac897
--- /dev/null
+++ b/test/files/emails/postscreen.txt
@@ -0,0 +1,5 @@
+From: Docker Mail Server
+To: Existing Local User
+Date: Sat, 22 May 2010 07:43:25 -0400
+Subject: Test Message postscreen.txt
+This is a test mail for postscreen.
diff --git a/test/test-files/email-templates/send-privacy-email.txt b/test/files/emails/privacy.txt
similarity index 61%
rename from test/test-files/email-templates/send-privacy-email.txt
rename to test/files/emails/privacy.txt
index 0c51ec5b..1d3a1b96 100644
--- a/test/test-files/email-templates/send-privacy-email.txt
+++ b/test/files/emails/privacy.txt
@@ -1,15 +1,6 @@
-EHLO mail
-AUTH LOGIN dXNlcjFAbG9jYWxob3N0LmxvY2FsZG9tYWlu
-bXlwYXNzd29yZA==
-mail from:
-rcpt to:
-data
From: Some User
To: Some User
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0)
Gecko/20100101 Thunderbird/52.2.1
Subject: Test ESMTP Auth LOGIN and remove privacy
This is a test mail.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/quota-exceeded.txt b/test/files/emails/quota-exceeded.txt
similarity index 98%
rename from test/test-files/email-templates/quota-exceeded.txt
rename to test/files/emails/quota-exceeded.txt
index 71d221a1..c5281637 100644
--- a/test/test-files/email-templates/quota-exceeded.txt
+++ b/test/files/emails/quota-exceeded.txt
@@ -1,7 +1,3 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: quotauser@otherdomain.tld
-DATA
From: Docker Mail Server
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
@@ -20,6 +16,3 @@ Et voluptatum nobis ut odio voluptatem et quibusdam fugit ut libero sapiente vel
Sit sint obcaecati et reiciendis tenetur aut dolorum culpa. Ab veritatis maxime qui necessitatibus facilis eum voluptate asperiores non totam omnis. Nam modi officia in reiciendis odit sit rerum laudantium est rerum voluptatem ut fugit cupiditate! Sit atque sint aut delectus omnis ut asperiores enim quo reprehenderit quae! In quasi nemo ut error totam ut quia harum ut commodi tenetur? Non quod dolorum eum explicabo labore vel asperiores quas est perferendis nulla eum nemo tenetur. Ut libero blanditiis ex voluptatibus repudiandae ab reiciendis nemo id debitis impedit hic quia incidunt sed quam excepturi ut magnam odit. Qui dolor deleniti aut sunt voluptas aut blanditiis distinctio nam omnis deleniti hic omnis rerum eum magni voluptatem. Nam labore facere eum molestiae dolorum ea consectetur praesentium ut cupiditate iste ad magnam aut neque maiores! Et excepturi ducimus ut nemo voluptas eum voluptas nihil hic perferendis quos vel quasi nesciunt est praesentium dolore hic quia quis. Et maxime ducimus ea cupiditate voluptatem ad quia dolores!
Sed quos quaerat vel aperiam minus non sapiente quia ut ratione dolore eum officiis rerum. Non dolor vitae qui facilis dignissimos aut voluptate odit et ullam consequuntur. Et laudantium perspiciatis sit nisi temporibus a temporibus itaque ut iure dolor a voluptatum mollitia eos officia nobis et quibusdam voluptas. Amet eligendi eos nulla corporis et blanditiis nihil vel eveniet veritatis et sunt perferendis id molestiae eius! Quo harum quod aut nemo autem ut adipisci sint sed quia sunt. Aut voluptas error ut quae perferendis eos adipisci internos. Nam rerum fugiat aut minima nostrum quo repellendus quas exercitationem tenetur. Et molestiae architecto id quibusdam reprehenderit et magnam aliquam! Quo tempora veritatis At dolorem sint ex nulla blanditiis At voluptas laudantium est molestiae exercitationem et sequi voluptates aut ipsa atque. Et animi ipsum aut atque recusandae ea nemo ullam non quisquam quos sit libero sint vel libero delectus. Eos labore quidem a velit obcaecati nam explicabo consequatur eos maxime blanditiis? Et ipsam molestiae non quia explicabo ex galisum repudiandae et tempora veniam. Sed optio repellendus ut consequatur temporibus et harum quas hic ipsa officia? Aut dolores ipsum sit nulla dignissimos id quia perferendis aut dolores dolor et quibusdam porro aut Quis consequatur.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/rspamd-pass.txt b/test/files/emails/rspamd/pass.txt
similarity index 57%
rename from test/test-files/email-templates/rspamd-pass.txt
rename to test/files/emails/rspamd/pass.txt
index 0f244740..ce9286b1 100644
--- a/test/test-files/email-templates/rspamd-pass.txt
+++ b/test/files/emails/rspamd/pass.txt
@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: pass@example.test
-RCPT TO: user1@localhost.localdomain
-DATA
From: Docker Mail Server
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
-Subject: Test Message rspamd-pass.txt
+Subject: Test Message rspamd/pass.txt
This mail should pass and Rspamd should not mark it.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/rspamd-spam-header.txt b/test/files/emails/rspamd/spam-header.txt
similarity index 70%
rename from test/test-files/email-templates/rspamd-spam-header.txt
rename to test/files/emails/rspamd/spam-header.txt
index 7be1a56d..8722e42f 100644
--- a/test/test-files/email-templates/rspamd-spam-header.txt
+++ b/test/files/emails/rspamd/spam-header.txt
@@ -1,12 +1,5 @@
-HELO mail.example.test
-MAIL FROM: spam-header@example.test
-RCPT TO: user1@localhost.localdomain
-DATA
From: Docker Mail Server
To: Existing Local User
Date: Sat, 21 Jan 2023 11:11:11 +0000
Subject: Test Message rspamd-spam-header.txt
YJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
-
-.
-QUIT
diff --git a/test/test-files/email-templates/rspamd-spam.txt b/test/files/emails/rspamd/spam.txt
similarity index 70%
rename from test/test-files/email-templates/rspamd-spam.txt
rename to test/files/emails/rspamd/spam.txt
index 88bd719c..c561e779 100644
--- a/test/test-files/email-templates/rspamd-spam.txt
+++ b/test/files/emails/rspamd/spam.txt
@@ -1,12 +1,5 @@
-HELO mail.example.test
-MAIL FROM: spam@example.test
-RCPT TO: user1@localhost.localdomain
-DATA
From: Docker Mail Server
To: Existing Local User
Date: Sat, 21 Jan 2023 11:11:11 +0000
Subject: Test Message rspamd-spam.txt
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
-
-.
-QUIT
diff --git a/test/test-files/email-templates/rspamd-virus.txt b/test/files/emails/rspamd/virus.txt
similarity index 70%
rename from test/test-files/email-templates/rspamd-virus.txt
rename to test/files/emails/rspamd/virus.txt
index c745f261..cb18927d 100644
--- a/test/test-files/email-templates/rspamd-virus.txt
+++ b/test/files/emails/rspamd/virus.txt
@@ -1,12 +1,5 @@
-HELO mail.example.test
-MAIL FROM: virus@example.test
-RCPT TO: user1@localhost.localdomain
-DATA
From: Docker Mail Server
To: Existing Local User
Date: Sat, 21 Jan 2023 11:11:11 +0000
Subject: Test Message rspamd-virus.txt
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
-
-.
-QUIT
diff --git a/test/test-files/email-templates/root-email.txt b/test/files/emails/sendmail/root-email.txt
similarity index 100%
rename from test/test-files/email-templates/root-email.txt
rename to test/files/emails/sendmail/root-email.txt
diff --git a/test/test-files/email-templates/sieve-pipe.txt b/test/files/emails/sieve/pipe.txt
similarity index 67%
rename from test/test-files/email-templates/sieve-pipe.txt
rename to test/files/emails/sieve/pipe.txt
index f13dba87..4e8cfb39 100644
--- a/test/test-files/email-templates/sieve-pipe.txt
+++ b/test/files/emails/sieve/pipe.txt
@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: user2@otherdomain.tld
-DATA
From: Sieve-pipe-test
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Sieve pipe test message
This is a test mail to sieve pipe.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/sieve-spam-folder.txt b/test/files/emails/sieve/spam-folder.txt
similarity index 64%
rename from test/test-files/email-templates/sieve-spam-folder.txt
rename to test/files/emails/sieve/spam-folder.txt
index 8e802817..7ffd09a7 100644
--- a/test/test-files/email-templates/sieve-spam-folder.txt
+++ b/test/files/emails/sieve/spam-folder.txt
@@ -1,12 +1,5 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: user1@localhost.localdomain
-DATA
From: Spambot
To: Existing Local User
Date: Sat, 22 May 2010 07:43:25 -0400
Subject: Test Message sieve-spam-folder.txt
This is a test mail.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/test-email.txt b/test/files/emails/test-email.txt
similarity index 100%
rename from test/test-files/email-templates/test-email.txt
rename to test/files/emails/test-email.txt
diff --git a/test/test-files/nc_templates/imap_special_use_folders.txt b/test/files/nc/imap_special_use_folders.txt
similarity index 100%
rename from test/test-files/nc_templates/imap_special_use_folders.txt
rename to test/files/nc/imap_special_use_folders.txt
diff --git a/test/test-files/nc_templates/postgrey_whitelist.txt b/test/files/nc/postgrey_whitelist.txt
similarity index 100%
rename from test/test-files/nc_templates/postgrey_whitelist.txt
rename to test/files/nc/postgrey_whitelist.txt
diff --git a/test/test-files/nc_templates/postgrey_whitelist_recipients.txt b/test/files/nc/postgrey_whitelist_recipients.txt
similarity index 100%
rename from test/test-files/nc_templates/postgrey_whitelist_recipients.txt
rename to test/files/nc/postgrey_whitelist_recipients.txt
diff --git a/test/test-files/nc_templates/rspamd_imap_move_to_inbox.txt b/test/files/nc/rspamd_imap_move_to_inbox.txt
similarity index 100%
rename from test/test-files/nc_templates/rspamd_imap_move_to_inbox.txt
rename to test/files/nc/rspamd_imap_move_to_inbox.txt
diff --git a/test/test-files/nc_templates/rspamd_imap_move_to_junk.txt b/test/files/nc/rspamd_imap_move_to_junk.txt
similarity index 100%
rename from test/test-files/nc_templates/rspamd_imap_move_to_junk.txt
rename to test/files/nc/rspamd_imap_move_to_junk.txt
diff --git a/test/test-files/ssl/custom-dhe-params.pem b/test/files/ssl/custom-dhe-params.pem
similarity index 100%
rename from test/test-files/ssl/custom-dhe-params.pem
rename to test/files/ssl/custom-dhe-params.pem
diff --git a/test/test-files/ssl/example.test/README.md b/test/files/ssl/example.test/README.md
similarity index 100%
rename from test/test-files/ssl/example.test/README.md
rename to test/files/ssl/example.test/README.md
diff --git a/test/test-files/ssl/example.test/cert.ecdsa.pem b/test/files/ssl/example.test/cert.ecdsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/cert.ecdsa.pem
rename to test/files/ssl/example.test/cert.ecdsa.pem
diff --git a/test/test-files/ssl/example.test/cert.rsa.pem b/test/files/ssl/example.test/cert.rsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/cert.rsa.pem
rename to test/files/ssl/example.test/cert.rsa.pem
diff --git a/test/test-files/ssl/example.test/key.ecdsa.pem b/test/files/ssl/example.test/key.ecdsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/key.ecdsa.pem
rename to test/files/ssl/example.test/key.ecdsa.pem
diff --git a/test/test-files/ssl/example.test/key.rsa.pem b/test/files/ssl/example.test/key.rsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/key.rsa.pem
rename to test/files/ssl/example.test/key.rsa.pem
diff --git a/test/test-files/ssl/example.test/testssl.txt b/test/files/ssl/example.test/testssl.txt
similarity index 100%
rename from test/test-files/ssl/example.test/testssl.txt
rename to test/files/ssl/example.test/testssl.txt
diff --git a/test/test-files/ssl/example.test/traefik.md b/test/files/ssl/example.test/traefik.md
similarity index 100%
rename from test/test-files/ssl/example.test/traefik.md
rename to test/files/ssl/example.test/traefik.md
diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/ca-cert.ecdsa.pem b/test/files/ssl/example.test/with_ca/ecdsa/ca-cert.ecdsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/ecdsa/ca-cert.ecdsa.pem
rename to test/files/ssl/example.test/with_ca/ecdsa/ca-cert.ecdsa.pem
diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/ca-key.ecdsa.pem b/test/files/ssl/example.test/with_ca/ecdsa/ca-key.ecdsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/ecdsa/ca-key.ecdsa.pem
rename to test/files/ssl/example.test/with_ca/ecdsa/ca-key.ecdsa.pem
diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/cert.ecdsa.pem b/test/files/ssl/example.test/with_ca/ecdsa/cert.ecdsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/ecdsa/cert.ecdsa.pem
rename to test/files/ssl/example.test/with_ca/ecdsa/cert.ecdsa.pem
diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/cert.rsa.pem b/test/files/ssl/example.test/with_ca/ecdsa/cert.rsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/ecdsa/cert.rsa.pem
rename to test/files/ssl/example.test/with_ca/ecdsa/cert.rsa.pem
diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/ecdsa.acme.json b/test/files/ssl/example.test/with_ca/ecdsa/ecdsa.acme.json
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/ecdsa/ecdsa.acme.json
rename to test/files/ssl/example.test/with_ca/ecdsa/ecdsa.acme.json
diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/key.ecdsa.pem b/test/files/ssl/example.test/with_ca/ecdsa/key.ecdsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/ecdsa/key.ecdsa.pem
rename to test/files/ssl/example.test/with_ca/ecdsa/key.ecdsa.pem
diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/key.rsa.pem b/test/files/ssl/example.test/with_ca/ecdsa/key.rsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/ecdsa/key.rsa.pem
rename to test/files/ssl/example.test/with_ca/ecdsa/key.rsa.pem
diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/rsa.acme.json b/test/files/ssl/example.test/with_ca/ecdsa/rsa.acme.json
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/ecdsa/rsa.acme.json
rename to test/files/ssl/example.test/with_ca/ecdsa/rsa.acme.json
diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/cert.ecdsa.pem b/test/files/ssl/example.test/with_ca/ecdsa/wildcard/cert.ecdsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/cert.ecdsa.pem
rename to test/files/ssl/example.test/with_ca/ecdsa/wildcard/cert.ecdsa.pem
diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/ecdsa.acme.json b/test/files/ssl/example.test/with_ca/ecdsa/wildcard/ecdsa.acme.json
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/ecdsa.acme.json
rename to test/files/ssl/example.test/with_ca/ecdsa/wildcard/ecdsa.acme.json
diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/key.ecdsa.pem b/test/files/ssl/example.test/with_ca/ecdsa/wildcard/key.ecdsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/key.ecdsa.pem
rename to test/files/ssl/example.test/with_ca/ecdsa/wildcard/key.ecdsa.pem
diff --git a/test/test-files/ssl/example.test/with_ca/rsa/ca-cert.rsa.pem b/test/files/ssl/example.test/with_ca/rsa/ca-cert.rsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/rsa/ca-cert.rsa.pem
rename to test/files/ssl/example.test/with_ca/rsa/ca-cert.rsa.pem
diff --git a/test/test-files/ssl/example.test/with_ca/rsa/ca-key.rsa.pem b/test/files/ssl/example.test/with_ca/rsa/ca-key.rsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/rsa/ca-key.rsa.pem
rename to test/files/ssl/example.test/with_ca/rsa/ca-key.rsa.pem
diff --git a/test/test-files/ssl/example.test/with_ca/rsa/cert.ecdsa.pem b/test/files/ssl/example.test/with_ca/rsa/cert.ecdsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/rsa/cert.ecdsa.pem
rename to test/files/ssl/example.test/with_ca/rsa/cert.ecdsa.pem
diff --git a/test/test-files/ssl/example.test/with_ca/rsa/cert.rsa.pem b/test/files/ssl/example.test/with_ca/rsa/cert.rsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/rsa/cert.rsa.pem
rename to test/files/ssl/example.test/with_ca/rsa/cert.rsa.pem
diff --git a/test/test-files/ssl/example.test/with_ca/rsa/ecdsa.acme.json b/test/files/ssl/example.test/with_ca/rsa/ecdsa.acme.json
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/rsa/ecdsa.acme.json
rename to test/files/ssl/example.test/with_ca/rsa/ecdsa.acme.json
diff --git a/test/test-files/ssl/example.test/with_ca/rsa/key.ecdsa.pem b/test/files/ssl/example.test/with_ca/rsa/key.ecdsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/rsa/key.ecdsa.pem
rename to test/files/ssl/example.test/with_ca/rsa/key.ecdsa.pem
diff --git a/test/test-files/ssl/example.test/with_ca/rsa/key.rsa.pem b/test/files/ssl/example.test/with_ca/rsa/key.rsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/rsa/key.rsa.pem
rename to test/files/ssl/example.test/with_ca/rsa/key.rsa.pem
diff --git a/test/test-files/ssl/example.test/with_ca/rsa/rsa.acme.json b/test/files/ssl/example.test/with_ca/rsa/rsa.acme.json
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/rsa/rsa.acme.json
rename to test/files/ssl/example.test/with_ca/rsa/rsa.acme.json
diff --git a/test/test-files/ssl/example.test/with_ca/rsa/wildcard/cert.rsa.pem b/test/files/ssl/example.test/with_ca/rsa/wildcard/cert.rsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/rsa/wildcard/cert.rsa.pem
rename to test/files/ssl/example.test/with_ca/rsa/wildcard/cert.rsa.pem
diff --git a/test/test-files/ssl/example.test/with_ca/rsa/wildcard/key.rsa.pem b/test/files/ssl/example.test/with_ca/rsa/wildcard/key.rsa.pem
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/rsa/wildcard/key.rsa.pem
rename to test/files/ssl/example.test/with_ca/rsa/wildcard/key.rsa.pem
diff --git a/test/test-files/ssl/example.test/with_ca/rsa/wildcard/rsa.acme.json b/test/files/ssl/example.test/with_ca/rsa/wildcard/rsa.acme.json
similarity index 100%
rename from test/test-files/ssl/example.test/with_ca/rsa/wildcard/rsa.acme.json
rename to test/files/ssl/example.test/with_ca/rsa/wildcard/rsa.acme.json
diff --git a/test/helper/common.bash b/test/helper/common.bash
index 8fb7854e..ab21ef60 100644
--- a/test/helper/common.bash
+++ b/test/helper/common.bash
@@ -469,5 +469,19 @@ function _print_mail_log_for_id() {
_run_in_container grep -F "${MAIL_ID}" /var/log/mail.log
}
+# A simple wrapper for netcat (`nc`). This is useful when sending
+# "raw" e-mails or doing IMAP-related work.
+#
+# @param ${1} = the file that is given to `nc`
+# @param ${1} = custom parameters for `nc` [OPTIONAL] (default: 0.0.0.0 25)
+function _nc_wrapper() {
+ local FILE=${1:?Must provide name of template file}
+ local NC_PARAMETERS=${2:-0.0.0.0 25}
+
+ [[ -v CONTAINER_NAME ]] || return 1
+
+ _run_in_container_bash "nc ${NC_PARAMETERS} < /tmp/docker-mailserver-test/${FILE}.txt"
+}
+
# ? << Miscellaneous helper functions
# ! -------------------------------------------------------------------
diff --git a/test/helper/sending.bash b/test/helper/sending.bash
index 631617a1..48012178 100644
--- a/test/helper/sending.bash
+++ b/test/helper/sending.bash
@@ -8,11 +8,12 @@
# ! ATTENTION: This file requires helper functions from `common.sh`!
# Sends a mail from localhost (127.0.0.1) to a container. To send
-# a custom email, create a file at `test/test-files/`,
+# a custom email, create a file at `test/files/`,
# and provide `` as an argument to this function.
#
-# @param ${1} = template file (path) name
-# @param ${2} = parameters for `nc` [OPTIONAL] (default: `0.0.0.0 25`)
+# Parameters include all options that one can supply to `swaks`
+# itself. The `--data` parameter expects a relative path from `emails/`
+# where the contents will be implicitly provided to `swaks` via STDIN.
#
# ## Attention
#
@@ -23,17 +24,42 @@
# send the email but it will not make sure the mail queue is empty after the mail
# has been sent.
function _send_email() {
- local TEMPLATE_FILE=${1:?Must provide name of template file}
- local NC_PARAMETERS=${2:-0.0.0.0 25}
+ [[ -v CONTAINER_NAME ]] || return 1
- assert_not_equal "${NC_PARAMETERS}" ''
- assert_not_equal "${CONTAINER_NAME:-}" ''
+ # Parameter defaults common to our testing needs:
+ local EHLO='mail.external.tld'
+ local FROM='user@external.tld'
+ local TO='user1@localhost.localdomain'
+ local SERVER='0.0.0.0'
+ local PORT=25
+ # Extra options for `swaks` that aren't covered by the default options above:
+ local ADDITIONAL_SWAKS_OPTIONS=()
+ # Specifically for handling `--data` option below:
+ local FINAL_SWAKS_OPTIONS=()
- _run_in_container_bash "nc ${NC_PARAMETERS} < /tmp/docker-mailserver-test/${TEMPLATE_FILE}.txt"
- assert_success
+ while [[ ${#} -gt 0 ]]; do
+ case "${1}" in
+ ( '--ehlo' ) EHLO=${2:?--ehlo given but no argument} ; shift 2 ;;
+ ( '--from' ) FROM=${2:?--from given but no argument} ; shift 2 ;;
+ ( '--to' ) TO=${2:?--to given but no argument} ; shift 2 ;;
+ ( '--server' ) SERVER=${2:?--server given but no argument} ; shift 2 ;;
+ ( '--port' ) PORT=${2:?--port given but no argument} ; shift 2 ;;
+ ( '--data' )
+ local TEMPLATE_FILE="/tmp/docker-mailserver-test/emails/${2:?--data given but no argument provided}.txt"
+ FINAL_SWAKS_OPTIONS+=('--data')
+ FINAL_SWAKS_OPTIONS+=('-')
+ FINAL_SWAKS_OPTIONS+=('<')
+ FINAL_SWAKS_OPTIONS+=("${TEMPLATE_FILE}")
+ shift 2
+ ;;
+ ( * ) ADDITIONAL_SWAKS_OPTIONS+=("${1}") ; shift 1 ;;
+ esac
+ done
+
+ _run_in_container_bash "swaks --server ${SERVER} --port ${PORT} --ehlo ${EHLO} --from ${FROM} --to ${TO} ${ADDITIONAL_SWAKS_OPTIONS[*]} ${FINAL_SWAKS_OPTIONS[*]}"
}
-# Like `_send_mail` with two major differences:
+# Like `_send_email` with two major differences:
#
# 1. this function waits for the mail to be processed; there is no asynchronicity
# because filtering the logs in a synchronous way is easier and safer!
@@ -42,8 +68,7 @@ function _send_email() {
# No. 2 is especially useful in case you send more than one email in a single
# test file and need to assert certain log entries for each mail individually.
#
-# @param ${1} = template file (path) name
-# @param ${2} = parameters for `nc` [OPTIONAL] (default: `0.0.0.0 25`)
+# This function takes the same arguments as `_send_mail`.
#
# ## Attention
#
@@ -57,17 +82,13 @@ function _send_email() {
# chosen. Sending more than one mail at any given point in time with this function
# is UNDEFINED BEHAVIOR!
function _send_email_and_get_id() {
- local TEMPLATE_FILE=${1:?Must provide name of template file}
- local NC_PARAMETERS=${2:-0.0.0.0 25}
+ [[ -v CONTAINER_NAME ]] || return 1
+
+ _wait_for_empty_mail_queue_in_container
+ _send_email "${@}"
+ _wait_for_empty_mail_queue_in_container
+
local MAIL_ID
-
- assert_not_equal "${NC_PARAMETERS}" ''
- assert_not_equal "${CONTAINER_NAME:-}" ''
-
- _wait_for_empty_mail_queue_in_container
- _send_email "${TEMPLATE_FILE}"
- _wait_for_empty_mail_queue_in_container
-
# The unique ID Postfix (and other services) use may be different in length
# on different systems (e.g. amd64 (11) vs aarch64 (10)). Hence, we use a
# range to safely capture it.
diff --git a/test/helper/setup.bash b/test/helper/setup.bash
index 65e2999f..0dd57bd6 100644
--- a/test/helper/setup.bash
+++ b/test/helper/setup.bash
@@ -98,7 +98,7 @@ function _init_with_defaults() {
# Common complimentary test files, read-only safe to share across containers:
export TEST_FILES_CONTAINER_PATH='/tmp/docker-mailserver-test'
- export TEST_FILES_VOLUME="${REPOSITORY_ROOT}/test/test-files:${TEST_FILES_CONTAINER_PATH}:ro"
+ export TEST_FILES_VOLUME="${REPOSITORY_ROOT}/test/files:${TEST_FILES_CONTAINER_PATH}:ro"
# The config volume cannot be read-only as some data needs to be written at container startup
#
diff --git a/test/test-files/auth/added-smtp-auth-login-wrong.txt b/test/test-files/auth/added-smtp-auth-login-wrong.txt
deleted file mode 100644
index a75856f1..00000000
--- a/test/test-files/auth/added-smtp-auth-login-wrong.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-EHLO mail
-AUTH LOGIN YWRkZWRAbG9jYWxob3N0LmxvY2FsZG9tYWlu
-Bn3JKisq4HQ2RO==
-QUIT
diff --git a/test/test-files/auth/added-smtp-auth-login.txt b/test/test-files/auth/added-smtp-auth-login.txt
deleted file mode 100644
index 5276b7f4..00000000
--- a/test/test-files/auth/added-smtp-auth-login.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-EHLO mail
-AUTH LOGIN YWRkZWRAbG9jYWxob3N0LmxvY2FsZG9tYWlu
-bXlwYXNzd29yZA==
-QUIT
diff --git a/test/test-files/auth/added-smtp-auth-plain-wrong.txt b/test/test-files/auth/added-smtp-auth-plain-wrong.txt
deleted file mode 100644
index 6ce5a383..00000000
--- a/test/test-files/auth/added-smtp-auth-plain-wrong.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-EHLO mail
-AUTH PLAIN YWRkZWRAbG9jYWxob3N0LmxvY2FsZG9tYWluAGFkZGVkQGxvY2FsaG9zdC5sb2NhbGRvbWFpbgBCQURQQVNTV09SRA==
-QUIT
diff --git a/test/test-files/auth/added-smtp-auth-plain.txt b/test/test-files/auth/added-smtp-auth-plain.txt
deleted file mode 100644
index ed48d77d..00000000
--- a/test/test-files/auth/added-smtp-auth-plain.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-EHLO mail
-AUTH PLAIN YWRkZWRAbG9jYWxob3N0LmxvY2FsZG9tYWluAGFkZGVkQGxvY2FsaG9zdC5sb2NhbGRvbWFpbgBteXBhc3N3b3Jk
-QUIT
diff --git a/test/test-files/auth/sasl-ldap-smtp-auth.txt b/test/test-files/auth/sasl-ldap-smtp-auth.txt
deleted file mode 100644
index df4d7db4..00000000
--- a/test/test-files/auth/sasl-ldap-smtp-auth.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-EHLO mail
-AUTH LOGIN
-c29tZS51c2VyQGxvY2FsaG9zdC5sb2NhbGRvbWFpbg==
-c2VjcmV0
-QUIT
diff --git a/test/test-files/auth/smtp-auth-login-wrong.txt b/test/test-files/auth/smtp-auth-login-wrong.txt
deleted file mode 100644
index 39b4f01c..00000000
--- a/test/test-files/auth/smtp-auth-login-wrong.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-EHLO mail
-AUTH LOGIN dXNlcjFAbG9jYWxob3N0LmxvY2FsZG9tYWlu
-Bn3JKisq4HQ2RO==
-QUIT
diff --git a/test/test-files/auth/smtp-auth-login.txt b/test/test-files/auth/smtp-auth-login.txt
deleted file mode 100644
index 50ff99f3..00000000
--- a/test/test-files/auth/smtp-auth-login.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-EHLO mail
-AUTH LOGIN dXNlcjFAbG9jYWxob3N0LmxvY2FsZG9tYWlu
-bXlwYXNzd29yZA==
-QUIT
diff --git a/test/test-files/auth/smtp-auth-plain-wrong.txt b/test/test-files/auth/smtp-auth-plain-wrong.txt
deleted file mode 100644
index d8d8ad2a..00000000
--- a/test/test-files/auth/smtp-auth-plain-wrong.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-EHLO mail
-AUTH PLAIN WRONGPASSWORD
-QUIT
diff --git a/test/test-files/auth/smtp-auth-plain.txt b/test/test-files/auth/smtp-auth-plain.txt
deleted file mode 100644
index 2e60fdc3..00000000
--- a/test/test-files/auth/smtp-auth-plain.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-EHLO mail
-AUTH PLAIN dXNlcjFAbG9jYWxob3N0LmxvY2FsZG9tYWluAHVzZXIxQGxvY2FsaG9zdC5sb2NhbGRvbWFpbgBteXBhc3N3b3Jk
-QUIT
diff --git a/test/test-files/email-templates/existing-user2.txt b/test/test-files/email-templates/existing-user2.txt
deleted file mode 100644
index 63554f27..00000000
--- a/test/test-files/email-templates/existing-user2.txt
+++ /dev/null
@@ -1,12 +0,0 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: user2@otherdomain.tld
-DATA
-From: Docker Mail Server
-To: Existing Local User
-Date: Sat, 22 May 2010 07:43:25 -0400
-Subject: Test Message existing-user2.txt
-This is a test mail.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/existing-user3.txt b/test/test-files/email-templates/existing-user3.txt
deleted file mode 100644
index facd5328..00000000
--- a/test/test-files/email-templates/existing-user3.txt
+++ /dev/null
@@ -1,12 +0,0 @@
-HELO mail.external.tld
-MAIL FROM: user@external.tld
-RCPT TO: user3@localhost.localdomain
-DATA
-From: Docker Mail Server
-To: Existing Local User
-Date: Sat, 22 May 2010 07:43:33 -0400
-Subject: Test Message existing-user1.txt
-This is a test mail.
-
-.
-QUIT
diff --git a/test/test-files/email-templates/smtp-ehlo.txt b/test/test-files/email-templates/smtp-ehlo.txt
deleted file mode 100644
index 05524efd..00000000
--- a/test/test-files/email-templates/smtp-ehlo.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-EHLO mail.localhost
-QUIT
diff --git a/test/tests/parallel/set1/dovecot/dovecot_quotas.bats b/test/tests/parallel/set1/dovecot/dovecot_quotas.bats
index 2c176235..81cf9bc1 100644
--- a/test/tests/parallel/set1/dovecot/dovecot_quotas.bats
+++ b/test/tests/parallel/set1/dovecot/dovecot_quotas.bats
@@ -225,9 +225,12 @@ function teardown_file() { _default_teardown ; }
sleep 10
# send some big emails
- _send_email 'email-templates/quota-exceeded' '0.0.0.0 25'
- _send_email 'email-templates/quota-exceeded' '0.0.0.0 25'
- _send_email 'email-templates/quota-exceeded' '0.0.0.0 25'
+ _send_email --to 'quotauser@otherdomain.tld' --data 'quota-exceeded'
+ assert_success
+ _send_email --to 'quotauser@otherdomain.tld' --data 'quota-exceeded'
+ assert_success
+ _send_email --to 'quotauser@otherdomain.tld' --data 'quota-exceeded'
+ assert_success
# check for quota warn message existence
run _repeat_until_success_or_timeout 20 _exec_in_container grep -R 'Subject: quota warning' /var/mail/otherdomain.tld/quotauser/new/
assert_success
diff --git a/test/tests/parallel/set1/dovecot/dovecot_sieve.bats b/test/tests/parallel/set1/dovecot/dovecot_sieve.bats
index c2e9e6c7..e3e076a5 100644
--- a/test/tests/parallel/set1/dovecot/dovecot_sieve.bats
+++ b/test/tests/parallel/set1/dovecot/dovecot_sieve.bats
@@ -26,9 +26,11 @@ function setup_file() {
_wait_for_smtp_port_in_container
# Single mail sent from 'spam@spam.com' that is handled by User (relocate) and Global (copy) sieves for user1:
- _send_email 'email-templates/sieve-spam-folder'
+ _send_email --data 'sieve/spam-folder'
+ assert_success
# Mail for user2 triggers the sieve-pipe:
- _send_email 'email-templates/sieve-pipe'
+ _send_email --to 'user2@otherdomain.tld' --data 'sieve/pipe'
+ assert_success
_wait_for_empty_mail_queue_in_container
}
diff --git a/test/tests/parallel/set1/dovecot/mailbox_format_dbox.bats b/test/tests/parallel/set1/dovecot/mailbox_format_dbox.bats
index 8ce03d9a..033a5bde 100644
--- a/test/tests/parallel/set1/dovecot/mailbox_format_dbox.bats
+++ b/test/tests/parallel/set1/dovecot/mailbox_format_dbox.bats
@@ -26,7 +26,8 @@ function teardown() { _default_teardown ; }
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_wait_for_smtp_port_in_container
- _send_email 'email-templates/existing-user1'
+ _send_email --data 'existing/user1'
+ assert_success
_wait_for_empty_mail_queue_in_container
# Mail received should be stored as `u.1` (one file per message)
@@ -47,7 +48,8 @@ function teardown() { _default_teardown ; }
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_wait_for_smtp_port_in_container
- _send_email 'email-templates/existing-user1'
+ _send_email --data 'existing/user1'
+ assert_success
_wait_for_empty_mail_queue_in_container
# Mail received should be stored in `m.1` (1 or more messages)
diff --git a/test/tests/parallel/set1/dovecot/special_use_folders.bats b/test/tests/parallel/set1/dovecot/special_use_folders.bats
index e70899a0..fe1f554e 100644
--- a/test/tests/parallel/set1/dovecot/special_use_folders.bats
+++ b/test/tests/parallel/set1/dovecot/special_use_folders.bats
@@ -14,7 +14,8 @@ function setup_file() {
function teardown_file() { _default_teardown ; }
@test 'normal delivery works' {
- _send_email 'email-templates/existing-user1'
+ _send_email --data 'existing/user1'
+ assert_success
_count_files_in_directory_in_container /var/mail/localhost.localdomain/user1/new 1
}
@@ -26,7 +27,7 @@ function teardown_file() { _default_teardown ; }
}
@test "(IMAP) special-use folders should be created when necessary" {
- _send_email 'nc_templates/imap_special_use_folders' '-w 8 0.0.0.0 143'
+ _nc_wrapper 'nc/imap_special_use_folders' '-w 8 0.0.0.0 143'
assert_output --partial 'Drafts'
assert_output --partial 'Junk'
assert_output --partial 'Trash'
diff --git a/test/tests/parallel/set1/spam_virus/clamav.bats b/test/tests/parallel/set1/spam_virus/clamav.bats
index 31608ef8..9232f90f 100644
--- a/test/tests/parallel/set1/spam_virus/clamav.bats
+++ b/test/tests/parallel/set1/spam_virus/clamav.bats
@@ -25,34 +25,35 @@ function setup_file() {
_wait_for_service postfix
_wait_for_smtp_port_in_container
- _send_email 'email-templates/amavis-virus'
+ _send_email --from 'virus@external.tld' --data 'amavis/virus'
+ assert_success
_wait_for_empty_mail_queue_in_container
}
function teardown_file() { _default_teardown ; }
-@test "log files exist at /var/log/mail directory" {
+@test 'log files exist at /var/log/mail directory' {
_run_in_container_bash "ls -1 /var/log/mail/ | grep -E 'clamav|freshclam|mail.log' | wc -l"
assert_success
assert_output 3
}
-@test "should be identified by Amavis" {
+@test 'should be identified by Amavis' {
_run_in_container grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log
assert_success
}
-@test "freshclam cron is enabled" {
+@test 'freshclam cron is enabled' {
_run_in_container_bash "grep '/usr/bin/freshclam' -r /etc/cron.d"
assert_success
}
-@test "env CLAMAV_MESSAGE_SIZE_LIMIT is set correctly" {
+@test 'env CLAMAV_MESSAGE_SIZE_LIMIT is set correctly' {
_run_in_container grep -q '^MaxFileSize 30M$' /etc/clamav/clamd.conf
assert_success
}
-@test "rejects virus" {
+@test 'rejects virus' {
_run_in_container_bash "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep ' -> '"
assert_success
}
diff --git a/test/tests/parallel/set1/spam_virus/disabled_clamav_spamassassin.bats b/test/tests/parallel/set1/spam_virus/disabled_clamav_spamassassin.bats
index 8402422c..f2474cc0 100644
--- a/test/tests/parallel/set1/spam_virus/disabled_clamav_spamassassin.bats
+++ b/test/tests/parallel/set1/spam_virus/disabled_clamav_spamassassin.bats
@@ -12,12 +12,14 @@ function setup_file() {
--env ENABLE_CLAMAV=0
--env ENABLE_SPAMASSASSIN=0
--env AMAVIS_LOGLEVEL=2
+ --env PERMIT_DOCKER=container
)
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_wait_for_smtp_port_in_container
- _send_email 'email-templates/existing-user1'
+ _send_email --data 'existing/user1'
+ assert_success
_wait_for_empty_mail_queue_in_container
}
diff --git a/test/tests/parallel/set1/spam_virus/fail2ban.bats b/test/tests/parallel/set1/spam_virus/fail2ban.bats
index 9ae30758..8a03ba04 100644
--- a/test/tests/parallel/set1/spam_virus/fail2ban.bats
+++ b/test/tests/parallel/set1/spam_virus/fail2ban.bats
@@ -73,8 +73,17 @@ function teardown_file() {
@test "ban ip on multiple failed login" {
CONTAINER1_IP=$(_get_container_ip "${CONTAINER1_NAME}")
# Trigger a ban by failing to login twice:
- CONTAINER_NAME=${CONTAINER2_NAME} _send_email 'auth/smtp-auth-login-wrong' "${CONTAINER1_IP} 465"
- CONTAINER_NAME=${CONTAINER2_NAME} _send_email 'auth/smtp-auth-login-wrong' "${CONTAINER1_IP} 465"
+ for _ in {1..2}; do
+ CONTAINER_NAME=${CONTAINER2_NAME} _send_email \
+ --server "${CONTAINER1_IP}" \
+ --port 465 \
+ --auth PLAIN \
+ --auth-user user1@localhost.localdomain \
+ --auth-password wrongpassword
+ assert_failure
+ assert_output --partial 'authentication failed'
+ assert_output --partial 'No authentication type succeeded'
+ done
# Checking that CONTAINER2_IP is banned in "${CONTAINER1_NAME}"
CONTAINER2_IP=$(_get_container_ip "${CONTAINER2_NAME}")
diff --git a/test/tests/parallel/set1/spam_virus/postgrey_enabled.bats b/test/tests/parallel/set1/spam_virus/postgrey_enabled.bats
index e32210ca..316e3350 100644
--- a/test/tests/parallel/set1/spam_virus/postgrey_enabled.bats
+++ b/test/tests/parallel/set1/spam_virus/postgrey_enabled.bats
@@ -51,17 +51,15 @@ function teardown_file() { _default_teardown ; }
_reload_postfix
# Send test mail (it should fail to deliver):
- _send_test_mail '/tmp/docker-mailserver-test/email-templates/postgrey.txt' '25'
+ _send_email --from 'user@external.tld' --port 25 --data 'postgrey'
+ assert_failure
+ assert_output --partial 'Recipient address rejected: Delayed by Postgrey'
# Confirm mail was greylisted:
_should_have_log_entry \
'action=greylist' \
'reason=new' \
'client_address=127.0.0.1/32, sender=user@external.tld, recipient=user1@localhost.localdomain'
-
- _repeat_until_success_or_timeout 10 _run_in_container grep \
- 'Recipient address rejected: Delayed by Postgrey' \
- /var/log/mail/mail.log
}
# NOTE: This test case depends on the previous one
@@ -69,7 +67,8 @@ function teardown_file() { _default_teardown ; }
# Wait until `$POSTGREY_DELAY` seconds pass before trying again:
sleep 3
# Retry delivering test mail (it should be trusted this time):
- _send_test_mail '/tmp/docker-mailserver-test/email-templates/postgrey.txt' '25'
+ _send_email --from 'user@external.tld' --port 25 --data 'postgrey'
+ assert_success
# Confirm postgrey permitted delivery (triplet is now trusted):
_should_have_log_entry \
@@ -78,8 +77,9 @@ function teardown_file() { _default_teardown ; }
'client_address=127.0.0.1/32, sender=user@external.tld, recipient=user1@localhost.localdomain'
}
-
-# NOTE: These two whitelist tests use `test-files/nc_templates/` instead of `test-files/email-templates`.
+# NOTE: These two whitelist tests use `files/nc/` instead of `files/emails`.
+# `nc` option `-w 0` terminates the connection after sending the template, it does not wait for a response.
+# This is required for port 10023, otherwise the connection never drops.
# - This allows to bypass the SMTP protocol on port 25, and send data directly to Postgrey instead.
# - Appears to be a workaround due to `client_name=localhost` when sent from Postfix.
# - Could send over port 25 if whitelisting `localhost`,
@@ -87,7 +87,7 @@ function teardown_file() { _default_teardown ; }
# - It'd also cause the earlier greylist test to fail.
# - TODO: Actually confirm whitelist feature works correctly as these test cases are using a workaround:
@test "should whitelist sender 'user@whitelist.tld'" {
- _send_test_mail '/tmp/docker-mailserver-test/nc_templates/postgrey_whitelist.txt' '10023'
+ _nc_wrapper 'nc/postgrey_whitelist' '-w 0 0.0.0.0 10023'
_should_have_log_entry \
'action=pass' \
@@ -96,7 +96,7 @@ function teardown_file() { _default_teardown ; }
}
@test "should whitelist recipient 'user2@otherdomain.tld'" {
- _send_test_mail '/tmp/docker-mailserver-test/nc_templates/postgrey_whitelist_recipients.txt' '10023'
+ _nc_wrapper 'nc/postgrey_whitelist_recipients' '-w 0 0.0.0.0 10023'
_should_have_log_entry \
'action=pass' \
@@ -104,21 +104,10 @@ function teardown_file() { _default_teardown ; }
'client_address=127.0.0.1/32, sender=test@nonwhitelist.tld, recipient=user2@otherdomain.tld'
}
-function _send_test_mail() {
- local MAIL_TEMPLATE=$1
- local PORT=${2:-25}
-
- # `-w 0` terminates the connection after sending the template, it does not wait for a response.
- # This is required for port 10023, otherwise the connection never drops.
- # It could increase the number of seconds to wait for port 25 to allow for asserting a response,
- # but that would enforce the delay in tests for port 10023.
- _run_in_container_bash "nc -w 0 0.0.0.0 ${PORT} < ${MAIL_TEMPLATE}"
-}
-
function _should_have_log_entry() {
- local ACTION=$1
- local REASON=$2
- local TRIPLET=$3
+ local ACTION=${1}
+ local REASON=${2}
+ local TRIPLET=${3}
# Allow some extra time for logs to update to avoids a false-positive failure:
_run_until_success_or_timeout 10 _exec_in_container grep \
diff --git a/test/tests/parallel/set1/spam_virus/postscreen.bats b/test/tests/parallel/set1/spam_virus/postscreen.bats
index a1ddeb29..377b2479 100644
--- a/test/tests/parallel/set1/spam_virus/postscreen.bats
+++ b/test/tests/parallel/set1/spam_virus/postscreen.bats
@@ -37,46 +37,35 @@ function teardown_file() {
docker rm -f "${CONTAINER1_NAME}" "${CONTAINER2_NAME}"
}
+# `POSTSCREEN_ACTION=enforce` (DMS default) should reject delivery with a 550 SMTP reply
+# A legitimate mail client should speak SMTP by waiting it's turn, which postscreen defaults enforce (only on port 25)
+# https://www.postfix.org/postconf.5.html#postscreen_greet_wait
+#
+# Use `nc` to send all SMTP commands at once instead (emulate a misbehaving client that should be rejected)
+# NOTE: Postscreen only runs on port 25, avoid implicit ports in test methods
@test 'should fail send when talking out of turn' {
- CONTAINER_NAME=${CONTAINER2_NAME} _send_email 'email-templates/postscreen' "${CONTAINER1_IP} 25"
+ CONTAINER_NAME=${CONTAINER2_NAME} _nc_wrapper 'emails/nc_raw/postscreen' "${CONTAINER1_IP} 25"
+ # Expected postscreen log entry:
assert_output --partial 'Protocol error'
- # Expected postscreen log entry:
- _run_in_container cat /var/log/mail/mail.log
+ _run_in_container cat /var/log/mail.log
assert_output --partial 'COMMAND PIPELINING'
+ assert_output --partial 'DATA without valid RCPT'
}
@test "should successfully pass postscreen and get postfix greeting message (respecting postscreen_greet_wait time)" {
- # NOTE: Sometimes fails on first attempt (trying too soon?),
- # Instead of a `run` + asserting partial, Using repeat + internal grep match:
- _repeat_until_success_or_timeout 10 _should_wait_turn_speaking_smtp \
- "${CONTAINER2_NAME}" \
- "${CONTAINER1_IP}" \
- '/tmp/docker-mailserver-test/email-templates/postscreen.txt' \
- '220 mail.example.test ESMTP'
+ # Configure `send_email()` to send from the mail client container (CONTAINER2_NAME) via ENV override,
+ # mail is sent to the DMS server container (CONTAINER1_NAME) via `--server` parameter:
+ CONTAINER_NAME=${CONTAINER2_NAME} _send_email --server "${CONTAINER1_IP}" --port 25 --data 'postscreen'
+ # NOTE: Cannot assert_success due to sender address not being resolvable.
+ # TODO: Uncomment when proper resolution of domain names is possible:
+ # assert_success
- # Expected postscreen log entry:
- _run_in_container cat /var/log/mail/mail.log
+ # TODO: Prefer this approach when `_send_email_and_get_id()` can support separate client and server containers:
+ # local MAIL_ID=$(_send_email_and_get_id --port 25 --data 'postscreen')
+ # _print_mail_log_for_id "${MAIL_ID}"
+ # assert_output --partial "stored mail into mailbox 'INBOX'"
+
+ _run_in_container cat /var/log/mail.log
assert_output --partial 'PASS NEW'
}
-
-# When postscreen is active, it prevents the usual method of piping a file through nc:
-# (Won't work: CONTAINER_NAME=${CLIENT_CONTAINER_NAME} _send_email "${SMTP_TEMPLATE}" "${TARGET_CONTAINER_IP} 25")
-# The below workaround respects `postscreen_greet_wait` time (default 6 sec), talking to the mail-server in turn:
-# https://www.postfix.org/postconf.5.html#postscreen_greet_wait
-function _should_wait_turn_speaking_smtp() {
- local CLIENT_CONTAINER_NAME=$1
- local TARGET_CONTAINER_IP=$2
- local SMTP_TEMPLATE=$3
- local EXPECTED=$4
-
- # shellcheck disable=SC2016
- local UGLY_WORKAROUND='exec 3<>/dev/tcp/'"${TARGET_CONTAINER_IP}"'/25 && \
- while IFS= read -r cmd; do \
- head -1 <&3; \
- [[ ${cmd} == "EHLO"* ]] && sleep 6; \
- echo ${cmd} >&3; \
- done < '"${SMTP_TEMPLATE}"
-
- docker exec "${CLIENT_CONTAINER_NAME}" bash -c "${UGLY_WORKAROUND}" | grep "${EXPECTED}"
-}
diff --git a/test/tests/parallel/set1/spam_virus/rspamd_full.bats b/test/tests/parallel/set1/spam_virus/rspamd_full.bats
index ba8a23f5..2e610d72 100644
--- a/test/tests/parallel/set1/spam_virus/rspamd_full.bats
+++ b/test/tests/parallel/set1/spam_virus/rspamd_full.bats
@@ -45,10 +45,10 @@ function setup_file() {
# We will send 3 emails: the first one should pass just fine; the second one should
# be rejected due to spam; the third one should be rejected due to a virus.
- export MAIL_ID1=$(_send_email_and_get_id 'email-templates/rspamd-pass')
- export MAIL_ID2=$(_send_email_and_get_id 'email-templates/rspamd-spam')
- export MAIL_ID3=$(_send_email_and_get_id 'email-templates/rspamd-virus')
- export MAIL_ID4=$(_send_email_and_get_id 'email-templates/rspamd-spam-header')
+ export MAIL_ID1=$(_send_email_and_get_id --from 'rspamd-pass@example.test' --data 'rspamd/pass')
+ export MAIL_ID2=$(_send_email_and_get_id --from 'rspamd-spam@example.test' --data 'rspamd/spam')
+ export MAIL_ID3=$(_send_email_and_get_id --from 'rspamd-virus@example.test' --data 'rspamd/virus')
+ export MAIL_ID4=$(_send_email_and_get_id --from 'rspamd-spam-header@example.test' --data 'rspamd/spam-header')
for ID in MAIL_ID{1,2,3,4}; do
[[ -n ${!ID} ]] || { echo "${ID} is empty - aborting!" ; return 1 ; }
@@ -256,7 +256,7 @@ function teardown_file() { _default_teardown ; }
# Move an email to the "Junk" folder from "INBOX"; the first email we
# sent should pass fine, hence we can now move it.
- _send_email 'nc_templates/rspamd_imap_move_to_junk' '0.0.0.0 143'
+ _nc_wrapper 'nc/rspamd_imap_move_to_junk' '0.0.0.0 143'
sleep 1 # wait for the transaction to finish
_run_in_container cat /var/log/mail/mail.log
@@ -270,7 +270,7 @@ function teardown_file() { _default_teardown ; }
# Move an email to the "INBOX" folder from "Junk"; there should be two mails
# in the "Junk" folder, since the second email we sent during setup should
# have landed in the Junk folder already.
- _send_email 'nc_templates/rspamd_imap_move_to_inbox' '0.0.0.0 143'
+ _nc_wrapper 'nc/rspamd_imap_move_to_inbox' '0.0.0.0 143'
sleep 1 # wait for the transaction to finish
_run_in_container cat /var/log/mail/mail.log
diff --git a/test/tests/parallel/set1/spam_virus/spam_junk_folder.bats b/test/tests/parallel/set1/spam_virus/spam_junk_folder.bats
index 94a9b9c4..fea23b0b 100644
--- a/test/tests/parallel/set1/spam_virus/spam_junk_folder.bats
+++ b/test/tests/parallel/set1/spam_virus/spam_junk_folder.bats
@@ -95,7 +95,7 @@ function teardown() { _default_teardown ; }
function _should_send_spam_message() {
_wait_for_smtp_port_in_container
_wait_for_tcp_port_in_container 10024 # port 10024 is for Amavis
- _send_email 'email-templates/amavis-spam'
+ _send_email --from 'spam@external.tld' --data 'amavis/spam'
}
function _should_be_received_by_amavis() {
diff --git a/test/tests/parallel/set1/tls/dhparams.bats b/test/tests/parallel/set1/tls/dhparams.bats
index 3157034c..8b3047d1 100644
--- a/test/tests/parallel/set1/tls/dhparams.bats
+++ b/test/tests/parallel/set1/tls/dhparams.bats
@@ -38,7 +38,7 @@ function teardown() { _default_teardown ; }
# - A warning is raised about usage of potentially insecure parameters.
@test "Custom" {
export CONTAINER_NAME=${CONTAINER2_NAME}
- local DH_PARAMS_CUSTOM='test/test-files/ssl/custom-dhe-params.pem'
+ local DH_PARAMS_CUSTOM='test/files/ssl/custom-dhe-params.pem'
local DH_CHECKSUM_CUSTOM=$(sha512sum "${DH_PARAMS_CUSTOM}" | awk '{print $1}')
_init_with_defaults
diff --git a/test/tests/parallel/set1/tls/letsencrypt.bats b/test/tests/parallel/set1/tls/letsencrypt.bats
index 91a05997..bcdb1758 100644
--- a/test/tests/parallel/set1/tls/letsencrypt.bats
+++ b/test/tests/parallel/set1/tls/letsencrypt.bats
@@ -88,7 +88,7 @@ function _initial_setup() {
# All of these certs support both FQDNs (`mail.example.test` and `example.test`),
# Except for the wildcard cert (`*.example.test`), that was created with `example.test` intentionally excluded from SAN.
# We want to maintain the same FQDN (`mail.example.test`) between the _acme_ecdsa and _acme_rsa tests.
- local LOCAL_BASE_PATH="${PWD}/test/test-files/ssl/example.test/with_ca/rsa"
+ local LOCAL_BASE_PATH="${PWD}/test/files/ssl/example.test/with_ca/rsa"
function _prepare() {
# Default `acme.json` for _acme_ecdsa test:
@@ -240,7 +240,7 @@ function _copy_to_letsencrypt_storage() {
FQDN_DIR=$(echo "${DEST}" | cut -d '/' -f1)
mkdir -p "${TEST_TMP_CONFIG}/letsencrypt/${FQDN_DIR}"
- if ! cp "${PWD}/test/test-files/ssl/${SRC}" "${TEST_TMP_CONFIG}/letsencrypt/${DEST}"; then
+ if ! cp "${PWD}/test/files/ssl/${SRC}" "${TEST_TMP_CONFIG}/letsencrypt/${DEST}"; then
echo "Could not copy cert file '${SRC}'' to '${DEST}'" >&2
exit 1
fi
diff --git a/test/tests/parallel/set1/tls/manual.bats b/test/tests/parallel/set1/tls/manual.bats
index 2a55f14f..c082d6ed 100644
--- a/test/tests/parallel/set1/tls/manual.bats
+++ b/test/tests/parallel/set1/tls/manual.bats
@@ -20,7 +20,7 @@ function setup_file() {
export TEST_DOMAIN='example.test'
local CUSTOM_SETUP_ARGUMENTS=(
- --volume "${PWD}/test/test-files/ssl/${TEST_DOMAIN}/with_ca/ecdsa/:/config/ssl/:ro"
+ --volume "${PWD}/test/files/ssl/${TEST_DOMAIN}/with_ca/ecdsa/:/config/ssl/:ro"
--env LOG_LEVEL='trace'
--env SSL_TYPE='manual'
--env TLS_LEVEL='modern'
@@ -108,10 +108,10 @@ function teardown_file() { _default_teardown ; }
@test "manual cert changes are picked up by check-for-changes" {
printf '%s' 'someThingsChangedHere' \
- >>"$(pwd)/test/test-files/ssl/${TEST_DOMAIN}/with_ca/ecdsa/key.ecdsa.pem"
+ >>"$(pwd)/test/files/ssl/${TEST_DOMAIN}/with_ca/ecdsa/key.ecdsa.pem"
run timeout 15 docker exec "${CONTAINER_NAME}" bash -c "tail -F /var/log/supervisor/changedetector.log | sed '/Manual certificates have changed/ q'"
assert_success
- sed -i '/someThingsChangedHere/d' "$(pwd)/test/test-files/ssl/${TEST_DOMAIN}/with_ca/ecdsa/key.ecdsa.pem"
+ sed -i '/someThingsChangedHere/d' "$(pwd)/test/files/ssl/${TEST_DOMAIN}/with_ca/ecdsa/key.ecdsa.pem"
}
diff --git a/test/tests/parallel/set2/tls_cipherlists.bats b/test/tests/parallel/set2/tls_cipherlists.bats
index 2b9511b9..3429f516 100644
--- a/test/tests/parallel/set2/tls_cipherlists.bats
+++ b/test/tests/parallel/set2/tls_cipherlists.bats
@@ -17,7 +17,7 @@ function setup_file() {
# Contains various certs for testing TLS support (read-only):
export TLS_CONFIG_VOLUME
- TLS_CONFIG_VOLUME="${PWD}/test/test-files/ssl/${TEST_DOMAIN}/:/config/ssl/:ro"
+ TLS_CONFIG_VOLUME="${PWD}/test/files/ssl/${TEST_DOMAIN}/:/config/ssl/:ro"
# Used for connecting testssl and DMS containers via network name `TEST_DOMAIN`:
# NOTE: If the network already exists, the test will fail to start
diff --git a/test/tests/parallel/set3/container_configuration/hostname.bats b/test/tests/parallel/set3/container_configuration/hostname.bats
index fcb84b28..f5774eef 100644
--- a/test/tests/parallel/set3/container_configuration/hostname.bats
+++ b/test/tests/parallel/set3/container_configuration/hostname.bats
@@ -207,7 +207,7 @@ function _should_have_correct_mail_headers() {
# (eg: OVERRIDE_HOSTNAME or `--hostname mail --domainname example.test`)
local EXPECTED_HOSTNAME=${3:-${EXPECTED_FQDN}}
- _send_email 'email-templates/existing-user1'
+ _send_email --from 'user@external.tld' --data 'existing/user1'
_wait_for_empty_mail_queue_in_container
_count_files_in_directory_in_container '/var/mail/localhost.localdomain/user1/new/' '1'
diff --git a/test/tests/parallel/set3/mta/dsn.bats b/test/tests/parallel/set3/mta/dsn.bats
index dcbb79b6..a5228cfc 100644
--- a/test/tests/parallel/set3/mta/dsn.bats
+++ b/test/tests/parallel/set3/mta/dsn.bats
@@ -47,9 +47,11 @@ function teardown_file() {
@test "should always send a DSN when requested" {
export CONTAINER_NAME=${CONTAINER1_NAME}
- _send_email 'email-templates/dsn-unauthenticated'
- _send_email 'email-templates/dsn-authenticated' '0.0.0.0 465'
- _send_email 'email-templates/dsn-authenticated' '0.0.0.0 587'
+ # TODO replace with _send_email as soon as it supports DSN
+ # TODO ref: https://github.com/jetmore/swaks/issues/41
+ _nc_wrapper 'emails/nc_raw/dsn/unauthenticated'
+ _nc_wrapper 'emails/nc_raw/dsn/authenticated' '0.0.0.0 465'
+ _nc_wrapper 'emails/nc_raw/dsn/authenticated' '0.0.0.0 587'
_wait_for_empty_mail_queue_in_container
_run_in_container grep "${LOG_DSN}" /var/log/mail/mail.log
@@ -60,7 +62,7 @@ function teardown_file() {
@test "should only send a DSN when requested from ports 465/587" {
export CONTAINER_NAME=${CONTAINER2_NAME}
- _send_email 'email-templates/dsn-unauthenticated'
+ _nc_wrapper 'emails/nc_raw/dsn/unauthenticated'
_wait_for_empty_mail_queue_in_container
# DSN requests can now only be made on ports 465 and 587,
@@ -72,8 +74,8 @@ function teardown_file() {
assert_failure
# These ports are excluded via master.cf.
- _send_email 'email-templates/dsn-authenticated' '0.0.0.0 465'
- _send_email 'email-templates/dsn-authenticated' '0.0.0.0 587'
+ _nc_wrapper 'emails/nc_raw/dsn/authenticated' '0.0.0.0 465'
+ _nc_wrapper 'emails/nc_raw/dsn/authenticated' '0.0.0.0 587'
_wait_for_empty_mail_queue_in_container
_run_in_container grep "${LOG_DSN}" /var/log/mail/mail.log
@@ -83,9 +85,9 @@ function teardown_file() {
@test "should never send a DSN" {
export CONTAINER_NAME=${CONTAINER3_NAME}
- _send_email 'email-templates/dsn-unauthenticated'
- _send_email 'email-templates/dsn-authenticated' '0.0.0.0 465'
- _send_email 'email-templates/dsn-authenticated' '0.0.0.0 587'
+ _nc_wrapper 'emails/nc_raw/dsn/unauthenticated'
+ _nc_wrapper 'emails/nc_raw/dsn/authenticated' '0.0.0.0 465'
+ _nc_wrapper 'emails/nc_raw/dsn/authenticated' '0.0.0.0 587'
_wait_for_empty_mail_queue_in_container
# DSN requests are rejected regardless of origin.
diff --git a/test/tests/parallel/set3/mta/lmtp_ip.bats b/test/tests/parallel/set3/mta/lmtp_ip.bats
index 8d35c062..d8be42d9 100644
--- a/test/tests/parallel/set3/mta/lmtp_ip.bats
+++ b/test/tests/parallel/set3/mta/lmtp_ip.bats
@@ -38,7 +38,7 @@ function teardown_file() { _default_teardown ; }
@test "delivers mail to existing account" {
_wait_for_smtp_port_in_container
- _send_email 'email-templates/existing-user1' # send a test email
+ _send_email --data 'existing/user1' # send a test email
# Verify delivery was successful, log line should look similar to:
# postfix/lmtp[1274]: 0EA424ABE7D9: to=, relay=127.0.0.1[127.0.0.1]:24, delay=0.13, delays=0.07/0.01/0.01/0.05, dsn=2.0.0, status=sent (250 2.0.0 ixPpB+Zvv2P7BAAAUi6ngw Saved)
diff --git a/test/tests/parallel/set3/mta/privacy.bats b/test/tests/parallel/set3/mta/privacy.bats
index f8160827..4d4d82ba 100644
--- a/test/tests/parallel/set3/mta/privacy.bats
+++ b/test/tests/parallel/set3/mta/privacy.bats
@@ -25,7 +25,11 @@ function teardown_file() { _default_teardown ; }
# this test covers https://github.com/docker-mailserver/docker-mailserver/issues/681
@test "(Postfix) remove privacy details of the sender" {
- _run_in_container_bash "openssl s_client -quiet -starttls smtp -connect 0.0.0.0:587 < /tmp/docker-mailserver-test/email-templates/send-privacy-email.txt"
+ _send_email \
+ --port 587 -tls --auth LOGIN \
+ --auth-user user1@localhost.localdomain \
+ --auth-password mypassword \
+ --data 'privacy'
assert_success
_run_until_success_or_timeout 120 _exec_in_container_bash '[[ -d /var/mail/localhost.localdomain/user1/new ]]'
diff --git a/test/tests/parallel/set3/mta/smtp_delivery.bats b/test/tests/parallel/set3/mta/smtp_delivery.bats
index af98b2f4..169f374a 100644
--- a/test/tests/parallel/set3/mta/smtp_delivery.bats
+++ b/test/tests/parallel/set3/mta/smtp_delivery.bats
@@ -63,34 +63,55 @@ function setup_file() {
# TODO: Move to clamav tests (For use when ClamAV is enabled):
# _repeat_in_container_until_success_or_timeout 60 "${CONTAINER_NAME}" test -e /var/run/clamav/clamd.ctl
- # _send_email 'email-templates/amavis-virus'
+ # _send_email --from 'virus@external.tld' --data 'amavis/virus'
# Required for 'delivers mail to existing alias':
- _send_email 'email-templates/existing-alias-external'
+ _send_email --to alias1@localhost.localdomain --data 'existing/alias-external'
# Required for 'delivers mail to existing alias with recipient delimiter':
- _send_email 'email-templates/existing-alias-recipient-delimiter'
+ _send_email --to alias1~test@localhost.localdomain --data 'existing/alias-recipient-delimiter'
# Required for 'delivers mail to existing catchall':
- _send_email 'email-templates/existing-catchall-local'
+ _send_email --to wildcard@localdomain2.com --data 'existing/catchall-local'
# Required for 'delivers mail to regexp alias':
- _send_email 'email-templates/existing-regexp-alias-local'
+ _send_email --to test123@localhost.localdomain --data 'existing/regexp-alias-local'
# Required for 'rejects mail to unknown user':
- _send_email 'email-templates/non-existing-user'
+ _send_email --to nouser@localhost.localdomain --data 'non-existing-user'
# Required for 'redirects mail to external aliases':
- _send_email 'email-templates/existing-regexp-alias-external'
- _send_email 'email-templates/existing-alias-local'
+ _send_email --to bounce-always@localhost.localdomain --data 'existing/regexp-alias-external'
+ _send_email --to alias2@localhost.localdomain --data 'existing/alias-local'
# Required for 'rejects spam':
- _send_email 'email-templates/amavis-spam'
+ _send_email --from 'spam@external.tld' --data 'amavis/spam'
# Required for 'delivers mail to existing account':
- _send_email 'email-templates/existing-user1'
- _send_email 'email-templates/existing-user2'
- _send_email 'email-templates/existing-user3'
- _send_email 'email-templates/existing-added'
- _send_email 'email-templates/existing-user-and-cc-local-alias'
- _send_email 'email-templates/sieve-spam-folder'
- _send_email 'email-templates/sieve-pipe'
- _run_in_container_bash 'sendmail root < /tmp/docker-mailserver-test/email-templates/root-email.txt'
+ _send_email --data 'existing/user1'
+ assert_success
+ _send_email --to user2@otherdomain.tld
+ assert_success
+ _send_email --to user3@localhost.localdomain
+ assert_success
+ _send_email --to added@localhost.localdomain --data 'existing/added'
+ assert_success
+ _send_email --to user1@localhost.localdomain --data 'existing/user-and-cc-local-alias'
+ assert_success
+ _send_email --data 'sieve/spam-folder'
+ assert_success
+ _send_email --to user2@otherdomain.tld --data 'sieve/pipe'
+ assert_success
+ _run_in_container_bash 'sendmail root < /tmp/docker-mailserver-test/emails/sendmail/root-email.txt'
+ assert_success
+}
+
+function _unsuccessful() {
+ _send_email --port 465 --auth "${1}" --auth-user "${2}" --auth-password wrongpassword
+ assert_failure
+ assert_output --partial 'authentication failed'
+ assert_output --partial 'No authentication type succeeded'
+}
+
+function _successful() {
+ _send_email --port 465 --auth "${1}" --auth-user "${2}" --auth-password mypassword --quit-after AUTH
+ assert_success
+ assert_output --partial 'Authentication successful'
}
@test "should succeed at emptying mail queue" {
@@ -103,44 +124,35 @@ function setup_file() {
}
@test "should successfully authenticate with good password (plain)" {
- _send_email 'auth/smtp-auth-plain' '-w 5 0.0.0.0 465'
- assert_output --partial 'Authentication successful'
+ _successful PLAIN user1@localhost.localdomain
}
@test "should fail to authenticate with wrong password (plain)" {
- _send_email 'auth/smtp-auth-plain-wrong' '-w 20 0.0.0.0 465'
- assert_output --partial 'authentication failed'
+ _unsuccessful PLAIN user1@localhost.localdomain
}
@test "should successfully authenticate with good password (login)" {
- _send_email 'auth/smtp-auth-login' '-w 5 0.0.0.0 465'
- assert_output --partial 'Authentication successful'
+ _successful LOGIN user1@localhost.localdomain
}
@test "should fail to authenticate with wrong password (login)" {
- _send_email 'auth/smtp-auth-login-wrong' '-w 20 0.0.0.0 465'
- assert_output --partial 'authentication failed'
+ _unsuccessful LOGIN user1@localhost.localdomain
}
@test "[user: 'added'] should successfully authenticate with good password (plain)" {
- _send_email 'auth/added-smtp-auth-plain' '-w 5 0.0.0.0 465'
- assert_output --partial 'Authentication successful'
+ _successful PLAIN added@localhost.localdomain
}
@test "[user: 'added'] should fail to authenticate with wrong password (plain)" {
- _send_email 'auth/added-smtp-auth-plain-wrong' '-w 20 0.0.0.0 465'
- assert_output --partial 'authentication failed'
+ _unsuccessful PLAIN added@localhost.localdomain
}
@test "[user: 'added'] should successfully authenticate with good password (login)" {
- _send_email 'auth/added-smtp-auth-login' '-w 5 0.0.0.0 465'
- assert_success
- assert_output --partial 'Authentication successful'
+ _successful LOGIN added@localhost.localdomain
}
@test "[user: 'added'] should fail to authenticate with wrong password (login)" {
- _send_email 'auth/added-smtp-auth-login-wrong' '-w 20 0.0.0.0 465'
- assert_output --partial 'authentication failed'
+ _unsuccessful LOGIN added@localhost.localdomain
}
# TODO: Add a test covering case SPAMASSASSIN_SPAM_TO_INBOX=1 (default)
@@ -258,7 +270,13 @@ function setup_file() {
# Dovecot does not support SMTPUTF8, so while we can send we cannot receive
# Better disable SMTPUTF8 support entirely if we can't handle it correctly
@test "not advertising smtputf8" {
- _send_email 'email-templates/smtp-ehlo'
+ # Query supported extensions; SMTPUTF8 should not be available.
+ # - This query requires a EHLO greeting to the destination server.
+ _send_email \
+ --ehlo mail.external.tld \
+ --protocol ESMTP \
+ --server mail.example.test \
+ --quit-after FIRST-EHLO
refute_output --partial 'SMTPUTF8'
}
diff --git a/test/tests/parallel/set3/mta/smtponly.bats b/test/tests/parallel/set3/mta/smtponly.bats
index 66123de6..7b1f8699 100644
--- a/test/tests/parallel/set3/mta/smtponly.bats
+++ b/test/tests/parallel/set3/mta/smtponly.bats
@@ -32,7 +32,16 @@ function teardown_file() { _default_teardown ; }
assert_success
# it looks as if someone tries to send mail to another domain outside of DMS
- _send_email 'email-templates/smtp-only'
+ _send_email \
+ --ehlo mail.origin.test \
+ --protocol SSMTPA \
+ --server mail.origin.test \
+ --from user@origin.test \
+ --to user@destination.test \
+ --auth PLAIN \
+ --auth-user user@origin.test \
+ --auth-password secret
+ assert_success
_wait_for_empty_mail_queue_in_container
# this seemingly succeeds, but looking at the logs, it doesn't
diff --git a/test/tests/serial/mail_pop3.bats b/test/tests/serial/mail_pop3.bats
index cb07484a..008921e4 100644
--- a/test/tests/serial/mail_pop3.bats
+++ b/test/tests/serial/mail_pop3.bats
@@ -24,11 +24,13 @@ function teardown_file() { _default_teardown ; }
}
@test 'authentication works' {
- _send_email 'auth/pop3-auth' '-w 1 0.0.0.0 110'
+ _nc_wrapper 'auth/pop3-auth' '-w 1 0.0.0.0 110'
+ assert_success
}
@test 'added user authentication works' {
- _send_email 'auth/added-pop3-auth' '-w 1 0.0.0.0 110'
+ _nc_wrapper 'auth/added-pop3-auth' '-w 1 0.0.0.0 110'
+ assert_success
}
@test '/var/log/mail/mail.log is error-free' {
diff --git a/test/tests/serial/mail_with_imap.bats b/test/tests/serial/mail_with_imap.bats
index d729c142..eeccf888 100644
--- a/test/tests/serial/mail_with_imap.bats
+++ b/test/tests/serial/mail_with_imap.bats
@@ -21,7 +21,8 @@ function setup_file() {
function teardown_file() { _default_teardown ; }
@test '(Dovecot) LDAP RIMAP connection and authentication works' {
- _send_email 'auth/imap-auth' '-w 1 0.0.0.0 143'
+ _nc_wrapper 'auth/imap-auth' '-w 1 0.0.0.0 143'
+ assert_success
}
@test '(SASLauthd) SASL RIMAP authentication works' {
@@ -30,13 +31,30 @@ function teardown_file() { _default_teardown ; }
}
@test '(SASLauthd) RIMAP SMTP authentication works' {
- _send_email 'auth/smtp-auth-login' '-w 5 0.0.0.0 25'
- assert_output --partial 'Error: authentication not enabled'
+ _send_email \
+ --auth LOGIN \
+ --auth-user user1@localhost.localdomain \
+ --auth-password mypassword \
+ --quit-after AUTH
+ assert_failure
+ assert_output --partial 'Host did not advertise authentication'
- _send_email 'auth/smtp-auth-login' '-w 5 0.0.0.0 465'
+ _send_email \
+ --port 465 \
+ --auth LOGIN \
+ --auth-user user1@localhost.localdomain \
+ --auth-password mypassword \
+ --quit-after AUTH
+ assert_success
assert_output --partial 'Authentication successful'
- _send_email 'auth/smtp-auth-login' '-w 5 0.0.0.0 587'
+ _send_email \
+ --port 587 \
+ --auth LOGIN \
+ --auth-user user1@localhost.localdomain \
+ --auth-password mypassword \
+ --quit-after AUTH
+ assert_success
assert_output --partial 'Authentication successful'
}
diff --git a/test/tests/serial/mail_with_ldap.bats b/test/tests/serial/mail_with_ldap.bats
index b7b3884b..f2011d22 100644
--- a/test/tests/serial/mail_with_ldap.bats
+++ b/test/tests/serial/mail_with_ldap.bats
@@ -122,7 +122,6 @@ function setup_file() {
# Extra ENV needed to support specific test-cases:
local ENV_SUPPORT=(
- --env PERMIT_DOCKER=container # Required for attempting SMTP auth on port 25 via nc
# Required for openssl commands to be successul:
# NOTE: snakeoil cert is created (for `docker-mailserver.invalid`) via Debian post-install script for Postfix package.
# TODO: Use proper TLS cert
@@ -249,7 +248,7 @@ function teardown() {
# dovecot
@test "dovecot: ldap imap connection and authentication works" {
- _run_in_container_bash 'nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-ldap-auth.txt'
+ _nc_wrapper 'auth/imap-ldap-auth' '-w 1 0.0.0.0 143'
assert_success
}
@@ -327,12 +326,25 @@ function teardown() {
@test "spoofing (with LDAP): rejects sender forging" {
_wait_for_smtp_port_in_container_to_respond dms-test_ldap
- _run_in_container_bash 'openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/ldap-smtp-auth-spoofed.txt'
+ _send_email \
+ --port 465 -tlsc --auth LOGIN \
+ --auth-user some.user@localhost.localdomain \
+ --auth-password secret \
+ --ehlo mail \
+ --from ldap@localhost.localdomain \
+ --data 'auth/ldap-smtp-auth-spoofed'
assert_output --partial 'Sender address rejected: not owned by user'
}
@test "spoofing (with LDAP): accepts sending as alias" {
- _run_in_container_bash 'openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/ldap-smtp-auth-spoofed-alias.txt'
+ _send_email \
+ --port 465 -tlsc --auth LOGIN \
+ --auth-user some.user@localhost.localdomain \
+ --auth-password secret \
+ --ehlo mail \
+ --from postmaster@localhost.localdomain \
+ --to some.user@localhost.localdomain \
+ --data 'auth/ldap-smtp-auth-spoofed-alias'
assert_output --partial 'End data with'
}
@@ -341,19 +353,42 @@ function teardown() {
# Template used has invalid AUTH: https://github.com/docker-mailserver/docker-mailserver/pull/3006#discussion_r1073321432
skip 'TODO: This test seems to have been broken from the start (?)'
- _run_in_container_bash 'openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/ldap-smtp-auth-spoofed-sender-with-filter-exception.txt'
+ _send_email \
+ --port 465 -tlsc --auth LOGIN \
+ --auth-user some.user.email@localhost.localdomain \
+ --auth-password secret \
+ --ehlo mail \
+ --from randomspoofedaddress@localhost.localdomain \
+ --to some.user@localhost.localdomain \
+ --data 'auth/ldap-smtp-auth-spoofed-sender-with-filter-exception'
assert_output --partial 'Sender address rejected: not owned by user'
}
@test "saslauthd: ldap smtp authentication" {
- # Requires ENV `PERMIT_DOCKER=container`
- _send_email 'auth/sasl-ldap-smtp-auth' '-w 5 0.0.0.0 25'
- assert_output --partial 'Error: authentication not enabled'
+ _send_email \
+ --auth LOGIN \
+ --auth-user some.user@localhost.localdomain \
+ --auth-password wrongpassword \
+ --quit-after AUTH
+ assert_failure
+ assert_output --partial 'Host did not advertise authentication'
- _run_in_container_bash 'openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt'
+ _send_email \
+ --port 465 -tlsc \
+ --auth LOGIN \
+ --auth-user some.user@localhost.localdomain \
+ --auth-password secret \
+ --quit-after AUTH
+ assert_success
assert_output --partial 'Authentication successful'
- _run_in_container_bash 'openssl s_client -quiet -starttls smtp -connect 0.0.0.0:587 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt'
+ _send_email \
+ --port 587 -tls \
+ --auth LOGIN \
+ --auth-user some.user@localhost.localdomain \
+ --auth-password secret \
+ --quit-after AUTH
+ assert_success
assert_output --partial 'Authentication successful'
}
@@ -391,7 +426,7 @@ function _should_successfully_deliver_mail_to() {
local SENDER_ADDRESS='user@external.tld'
local RECIPIENT_ADDRESS=${1:?Recipient address is required}
local MAIL_STORAGE_RECIPIENT=${2:?Recipient storage location is required}
- local MAIL_TEMPLATE='/tmp/docker-mailserver-test/email-templates/test-email.txt'
+ local MAIL_TEMPLATE='/tmp/docker-mailserver-test/emails/test-email.txt'
_run_in_container_bash "sendmail -f ${SENDER_ADDRESS} ${RECIPIENT_ADDRESS} < ${MAIL_TEMPLATE}"
_wait_for_empty_mail_queue_in_container
diff --git a/test/tests/serial/permit_docker.bats b/test/tests/serial/permit_docker.bats
index 85f00484..2ebf5e3e 100644
--- a/test/tests/serial/permit_docker.bats
+++ b/test/tests/serial/permit_docker.bats
@@ -13,7 +13,7 @@ setup_file() {
PRIVATE_CONFIG=$(duplicate_config_for_container . mail_smtponly_second_network)
docker create --name mail_smtponly_second_network \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
- -v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
+ -v "$(pwd)/test/files":/tmp/docker-mailserver-test:ro \
-e SMTP_ONLY=1 \
-e PERMIT_DOCKER=connected-networks \
-e OVERRIDE_HOSTNAME=mail.my-domain.com \
@@ -26,7 +26,7 @@ setup_file() {
PRIVATE_CONFIG=$(duplicate_config_for_container . mail_smtponly_second_network_sender)
docker run -d --name mail_smtponly_second_network_sender \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
- -v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
+ -v "$(pwd)/test/files":/tmp/docker-mailserver-test:ro \
-e SMTP_ONLY=1 \
-e PERMIT_DOCKER=connected-networks \
-e OVERRIDE_HOSTNAME=mail.my-domain.com \
@@ -39,7 +39,7 @@ setup_file() {
# create another container that enforces authentication even on local connections
docker run -d --name mail_smtponly_force_authentication \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
- -v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
+ -v "$(pwd)/test/files":/tmp/docker-mailserver-test:ro \
-e SMTP_ONLY=1 \
-e PERMIT_DOCKER=none \
-e OVERRIDE_HOSTNAME=mail.my-domain.com \
@@ -68,7 +68,7 @@ teardown_file() {
_reload_postfix mail_smtponly_second_network
# we should be able to send from the other container on the second network!
- run docker exec mail_smtponly_second_network_sender /bin/sh -c "nc mail_smtponly_second_network 25 < /tmp/docker-mailserver-test/email-templates/smtp-only.txt"
+ run docker exec mail_smtponly_second_network_sender /bin/sh -c "nc mail_smtponly_second_network 25 < /tmp/docker-mailserver-test/emails/nc_raw/smtp-only.txt"
assert_output --partial "250 2.0.0 Ok: queued as "
repeat_in_container_until_success_or_timeout 60 mail_smtponly_second_network /bin/sh -c 'grep -cE "to=.*status\=sent" /var/log/mail/mail.log'
}
@@ -80,7 +80,7 @@ teardown_file() {
_reload_postfix mail_smtponly_force_authentication
# the mailserver should require authentication and a protocol error should occur when using TLS
- run docker exec mail_smtponly_force_authentication /bin/sh -c "nc localhost 25 < /tmp/docker-mailserver-test/email-templates/smtp-only.txt"
+ run docker exec mail_smtponly_force_authentication /bin/sh -c "nc localhost 25 < /tmp/docker-mailserver-test/emails/nc_raw/smtp-only.txt"
assert_output --partial "550 5.5.1 Protocol error"
[[ ${status} -ge 0 ]]
}
diff --git a/test/tests/serial/test_helper.bats b/test/tests/serial/test_helper.bats
index ecca3d85..a3ffa6cf 100644
--- a/test/tests/serial/test_helper.bats
+++ b/test/tests/serial/test_helper.bats
@@ -171,7 +171,7 @@ BATS_TEST_NAME_PREFIX='test helper functions:'
# enable ClamAV to make message delivery slower, so we can detect it
CONTAINER_NAME=$(docker run -d --rm \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
- -v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
+ -v "$(pwd)/test/files":/tmp/docker-mailserver-test:ro \
-e ENABLE_CLAMAV=1 \
-h mail.my-domain.com \
-t "${NAME}")
@@ -186,7 +186,7 @@ BATS_TEST_NAME_PREFIX='test helper functions:'
[[ ${SECONDS} -lt 5 ]]
# fill the queue with a message
- docker exec "${CONTAINER_NAME}" /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-virus.txt"
+ docker exec "${CONTAINER_NAME}" /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/emails/amavis-virus.txt"
# that should still be stuck in the queue
! TEST_TIMEOUT_IN_SECONDS=0 wait_for_empty_mail_queue_in_container "${CONTAINER_NAME}"
@@ -203,7 +203,7 @@ BATS_TEST_NAME_PREFIX='test helper functions:'
# enable ClamAV to make message delivery slower, so we can detect it
CONTAINER_NAME=$(docker run -d --rm \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
- -v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
+ -v "$(pwd)/test/files":/tmp/docker-mailserver-test:ro \
-e ENABLE_CLAMAV=1 \
-h mail.my-domain.com \
-t "${NAME}")
@@ -213,7 +213,7 @@ BATS_TEST_NAME_PREFIX='test helper functions:'
wait_for_smtp_port_in_container "${CONTAINER_NAME}" || docker logs "${CONTAINER_NAME}"
# fill the queue with a message
- docker exec "${CONTAINER_NAME}" /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-virus.txt"
+ docker exec "${CONTAINER_NAME}" /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/emails/amavis-virus.txt"
# give it some time to clear the queue
SECONDS=0
diff --git a/test/tests/serial/tests.bats b/test/tests/serial/tests.bats
index 094454f0..26deb541 100644
--- a/test/tests/serial/tests.bats
+++ b/test/tests/serial/tests.bats
@@ -80,11 +80,13 @@ function teardown_file() { _default_teardown ; }
}
@test "imap: authentication works" {
- _send_email 'auth/imap-auth' '-w 1 0.0.0.0 143'
+ _nc_wrapper 'auth/imap-auth' '-w 1 0.0.0.0 143'
+ assert_success
}
@test "imap: added user authentication works" {
- _send_email 'auth/added-imap-auth' '-w 1 0.0.0.0 143'
+ _nc_wrapper 'auth/added-imap-auth' '-w 1 0.0.0.0 143'
+ assert_success
}
#
@@ -288,13 +290,34 @@ EOF
@test "spoofing: rejects sender forging" {
# rejection of spoofed sender
_wait_for_smtp_port_in_container_to_respond
- _run_in_container_bash "openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/added-smtp-auth-spoofed.txt"
+
+ # An authenticated user cannot use an envelope sender (MAIL FROM)
+ # address they do not own according to `main.cf:smtpd_sender_login_maps` lookup
+ _send_email \
+ --port 465 -tlsc --auth LOGIN \
+ --auth-user added@localhost.localdomain \
+ --auth-password mypassword \
+ --ehlo mail \
+ --from user2@localhost.localdomain \
+ --data 'auth/added-smtp-auth-spoofed'
assert_output --partial 'Sender address rejected: not owned by user'
}
@test "spoofing: accepts sending as alias" {
- _run_in_container_bash "openssl s_client -quiet -connect 0.0.0.0:465 < /tmp/docker-mailserver-test/auth/added-smtp-auth-spoofed-alias.txt | grep 'End data with'"
+ # An authenticated account should be able to send mail from an alias,
+ # Verifies `main.cf:smtpd_sender_login_maps` includes /etc/postfix/virtual
+ # The envelope sender address (MAIL FROM) is the lookup key
+ # to each table. Address is authorized when a result that maps to
+ # the DMS account is returned.
+ _send_email \
+ --port 465 -tlsc --auth LOGIN \
+ --auth-user user1@localhost.localdomain \
+ --auth-password mypassword \
+ --ehlo mail \
+ --from alias1@localhost.localdomain \
+ --data 'auth/added-smtp-auth-spoofed-alias'
assert_success
+ assert_output --partial 'End data with'
}
#
diff --git a/test/tests/serial/vmail-id.bats b/test/tests/serial/vmail-id.bats
index b44670b2..0f54ea96 100644
--- a/test/tests/serial/vmail-id.bats
+++ b/test/tests/serial/vmail-id.bats
@@ -20,7 +20,7 @@ function setup_file() {
function teardown_file() { _default_teardown ; }
@test 'should successfully deliver mail' {
- _send_email 'email-templates/existing-user1'
+ _send_email --data 'existing/user1'
_wait_for_empty_mail_queue_in_container
# Should be successfully sent (received) by Postfix:
From 25c7024cc4c7a6ee81be70144f6ecaf4fddf44ca Mon Sep 17 00:00:00 2001
From: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Date: Wed, 3 Jan 2024 02:02:59 +0100
Subject: [PATCH 43/43] security(Postfix): Protect against "SMTP Smuggling"
attack (#3727)
View `CHANGELOG.md` entry and PR for details.
---------
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
---
CHANGELOG.md | 15 ++++++++++++++-
target/postfix/main.cf | 6 ++++++
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index eeeb843d..b6e6d906 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,10 +2,23 @@
All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-## [Unreleased](https://github.com/docker-mailserver/docker-mailserver/compare/v13.0.0...HEAD)
+## [Unreleased](https://github.com/docker-mailserver/docker-mailserver/compare/v13.1.0...HEAD)
> **Note**: Changes and additions listed here are contained in the `:edge` image tag. These changes may not be as stable as released changes.
+### Security
+
+DMS is now secured against the [recently published spoofing attack "SMTP Smuggling"](https://www.postfix.org/smtp-smuggling.html) that affected Postfix ([#3727](https://github.com/docker-mailserver/docker-mailserver/pull/3727)):
+- Postfix upgraded from `3.5.18` to `3.5.23` which provides the [long-term fix with `smtpd_forbid_bare_newline = yes`](https://www.postfix.org/smtp-smuggling.html#long)
+- If you are unable to upgrade to this release of DMS, you may follow [these instructions](https://github.com/docker-mailserver/docker-mailserver/issues/3719#issuecomment-1870865118) for applying the [short-term workaround](https://www.postfix.org/smtp-smuggling.html#short).
+- This change should not cause compatibility concerns for legitimate mail clients, however if you use software like `netcat` to send mail to DMS (_like our test-suite previously did_) it may now be rejected (_especially with the the short-term workaround `smtpd_data_restrictions = reject_unauth_pipelining`_).
+- **NOTE:** This Postfix update also includes the new parameter [`smtpd_forbid_bare_newline_exclusions`](https://www.postfix.org/postconf.5.html#smtpd_forbid_bare_newline_exclusions) which defaults to `$mynetworks` for excluding trusted mail clients excluded from the restriction.
+ - With our default `PERMIT_DOCKER=none` this is not a concern.
+ - Presently the Docker daemon config has `user-proxy: true` enabled by default.
+ - On a host that can be reached by IPv6, this will route to a DMS IPv4 only container implicitly through the Docker network bridge gateway which rewrites the source address.
+ - If your `PERMIT_DOCKER` setting allows that gateway IP, then it is part of `$mynetworks` and this attack would not be prevented from such connections.
+ - If this affects your deployment, refer to [our IPv6 docs](https://docker-mailserver.github.io/docker-mailserver/v13.2/config/advanced/ipv6/) for advice on handling IPv6 correctly in Docker. Alternatively [use our `postfix-main.cf`](https://docker-mailserver.github.io/docker-mailserver/v13.2/config/advanced/override-defaults/postfix/) to set `smtpd_forbid_bare_newline_exclusions=` as empty.
+
### Updates
- The test suite now uses `swaks` instead of `nc`, which has multiple benefits ([#3732](https://github.com/docker-mailserver/docker-mailserver/pull/3732)):
diff --git a/target/postfix/main.cf b/target/postfix/main.cf
index 8c329c94..a9230347 100644
--- a/target/postfix/main.cf
+++ b/target/postfix/main.cf
@@ -57,6 +57,12 @@ smtpd_sender_restrictions = $dms_smtpd_sender_restrictions
smtpd_discard_ehlo_keywords = silent-discard, dsn
disable_vrfy_command = yes
+# Security - Prevent SMTP Smuggling attack
+# https://www.postfix.org/smtp-smuggling.html#long
+smtpd_forbid_bare_newline = yes
+# It is possible to exclude clients on trusted networks from this restriction (the upstream default is `$mynetwork`):
+# smtpd_forbid_bare_newline_exclusions = $mynetworks
+
# Custom defined parameters for DMS:
dms_smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain
# Submission ports 587 and 465 support for SPOOF_PROTECTION=1
|
