2017-01-10 14:15:41 +01:00
load 'test_helper/bats-support/load'
load 'test_helper/bats-assert/load'
2016-10-30 12:42:29 +01:00
#
# configuration checks
#
@test "checking configuration: hostname/domainname" {
run docker run `docker inspect --format '{{ .Config.Image }}' mail`
2017-01-10 14:15:41 +01:00
assert_failure
2016-10-30 12:42:29 +01:00
}
2017-01-20 23:30:29 +01:00
@test "checking configuration: hostname/domainname override" {
run docker exec mail_smtponly /bin/bash -c "cat /etc/mailname | grep my-domain.com"
assert_success
}
2017-02-13 11:07:30 +01:00
@test "checking configuration: hostname/domainname override: check container hostname is applied correctly" {
run docker exec mail_override_hostname /bin/bash -c "hostname | grep unknown.domain.tld"
assert_success
}
@test "checking configuration: hostname/domainname override: check overriden hostname is applied to all configs" {
run docker exec mail_override_hostname /bin/bash -c "cat /etc/mailname | grep my-domain.com"
assert_success
run docker exec mail_override_hostname /bin/bash -c "postconf -n | grep mydomain | grep my-domain.com"
assert_success
run docker exec mail_override_hostname /bin/bash -c "postconf -n | grep myhostname | grep mail.my-domain.com"
assert_success
run docker exec mail_override_hostname /bin/bash -c "doveconf | grep hostname | grep mail.my-domain.com"
assert_success
run docker exec mail_override_hostname /bin/bash -c "cat /etc/opendmarc.conf | grep AuthservID | grep mail.my-domain.com"
assert_success
run docker exec mail_override_hostname /bin/bash -c "cat /etc/opendmarc.conf | grep TrustedAuthservIDs | grep mail.my-domain.com"
assert_success
run docker exec mail_override_hostname /bin/bash -c "cat /etc/amavis/conf.d/05-node_id | grep myhostname | grep mail.my-domain.com"
assert_success
}
@test "checking configuration: hostname/domainname override: check hostname in postfix HELO message" {
run docker exec mail_override_hostname /bin/bash -c "nc -w 1 0.0.0.0 25 | grep mail.my-domain.com"
assert_success
}
@test "checking configuration: hostname/domainname override: check headers of received mail" {
run docker exec mail_override_hostname /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/new | wc -l | grep 1"
assert_success
run docker exec mail_override_hostname /bin/sh -c "cat /var/mail/localhost.localdomain/user1/new/* | grep mail.my-domain.com"
assert_success
# test whether the container hostname is not found in received mail
run docker exec mail_override_hostname /bin/sh -c "cat /var/mail/localhost.localdomain/user1/new/* | grep unknown.domain.tld"
assert_failure
}
2016-02-25 00:17:01 +01:00
#
# processes
#
@test "checking process: postfix" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/lib/postfix/master'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
@test "checking process: clamd" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
@test "checking process: new" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/amavisd-new'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
@test "checking process: opendkim" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/opendkim'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
@test "checking process: opendmarc" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/opendmarc'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
2016-03-31 12:33:47 +02:00
@test "checking process: fail2ban (disabled in default configuration)" {
2016-02-25 00:17:01 +01:00
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'"
2017-01-10 14:15:41 +01:00
assert_failure
2016-03-31 12:33:47 +02:00
}
@test "checking process: fail2ban (fail2ban server enabled)" {
run docker exec mail_fail2ban /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
2016-08-21 22:13:13 +02:00
@test "checking process: fetchmail (disabled in default configuration)" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'"
2017-01-10 14:15:41 +01:00
assert_failure
2016-08-21 22:13:13 +02:00
}
@test "checking process: fetchmail (fetchmail server enabled)" {
run docker exec mail_fetchmail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'"
2017-01-10 14:15:41 +01:00
assert_success
2016-08-21 22:13:13 +02:00
}
2016-12-25 22:54:37 +01:00
@test "checking process: clamav (clamav disabled by ENABLED_CLAMAV=0)" {
run docker exec mail_disabled_clamav_spamassassin /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
2017-01-10 14:15:41 +01:00
assert_failure
2016-08-04 21:04:26 +02:00
}
2016-10-30 14:11:36 +01:00
@test "checking process: saslauthd (saslauthd server enabled)" {
run docker exec mail_with_ldap /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'"
2017-01-10 14:15:41 +01:00
assert_success
2016-10-30 14:11:36 +01:00
}
2017-01-03 10:55:03 +01:00
@test "checking process: saslauthd (saslauthd server enabled)" {
run docker exec mail_with_imap /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'"
2017-01-10 14:15:41 +01:00
assert_success
2017-01-03 10:55:03 +01:00
}
2017-02-06 10:21:18 +01:00
#
# postgrey
#
@test "checking process: postgrey (disabled in default configuration)" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/postgrey'"
assert_failure
}
@test "checking postgrey: /etc/postfix/main.cf correctly edited" {
run docker exec mail_with_postgrey /bin/bash -c "grep 'bl.spamcop.net, check_policy_service inet:127.0.0.1:10023' /etc/postfix/main.cf | wc -l"
assert_success
assert_output 1
}
@test "checking postgrey: /etc/default/postgrey correctly edited and has the default values" {
2017-04-12 19:45:47 +02:00
run docker exec mail_with_postgrey /bin/bash -c "grep '^POSTGREY_OPTS=\"--inet=127.0.0.1:10023 --delay=15 --max-age=35\"$' /etc/default/postgrey | wc -l"
2017-02-06 10:21:18 +01:00
assert_success
assert_output 1
run docker exec mail_with_postgrey /bin/bash -c "grep '^POSTGREY_TEXT=\"Delayed by postgrey\"$' /etc/default/postgrey | wc -l"
assert_success
assert_output 1
}
@test "checking process: postgrey (postgrey server enabled)" {
run docker exec mail_with_postgrey /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/postgrey'"
assert_success
}
@test "checking postgrey: there should be a log entry about a new greylisted e-mail user@external.tld in /var/log/mail/mail.log" {
#editing the postfix config in order to ensure that postgrey handles the test e-mail. The other spam checks at smtpd_recipient_restrictionswould interfere with it.
2017-03-14 17:21:17 +01:00
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/permit_sasl_authenticated.*policyd-spf,$//g' /etc/postfix/main.cf"
2017-02-06 10:21:18 +01:00
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/reject_unauth_pipelining.*reject_unknown_recipient_domain,$//g' /etc/postfix/main.cf"
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/reject_rbl_client.*inet:127\.0\.0\.1:10023$//g' /etc/postfix/main.cf"
run docker exec mail_with_postgrey /bin/sh -c "sed -ie 's/smtpd_recipient_restrictions = /smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10023/g' /etc/postfix/main.cf"
2017-03-03 18:27:22 +01:00
2017-02-06 10:21:18 +01:00
run docker exec mail_with_postgrey /bin/sh -c "/etc/init.d/postfix reload"
run docker exec mail_with_postgrey /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/postgrey.txt"
sleep 5 #ensure that the information has been written into the log
run docker exec mail_with_postgrey /bin/bash -c "grep -i 'action=greylist.*user@external\.tld' /var/log/mail/mail.log | wc -l"
assert_success
assert_output 1
}
@test "checking postgrey: there should be a log entry about the retried and passed e-mail user@external.tld in /var/log/mail/mail.log" {
sleep 20 #wait 20 seconds so that postgrey would accept the message
run docker exec mail_with_postgrey /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/postgrey.txt"
sleep 8
run docker exec mail_with_postgrey /bin/sh -c "grep -i 'action=pass, reason=triplet found.*user@external\.tld' /var/log/mail/mail.log | wc -l"
assert_success
assert_output 1
}
2017-04-12 17:59:04 +02:00
@test "checking postgrey: there should be a log entry about the whitelisted and passed e-mail user@whitelist.tld in /var/log/mail/mail.log" {
run docker exec mail_with_postgrey /bin/sh -c "nc 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist.txt"
sleep 8
run docker exec mail_with_postgrey /bin/sh -c "grep -i 'action=pass, reason=client whitelist' /var/log/mail/mail.log | wc -l"
assert_success
assert_output 1
}
2016-02-25 00:17:01 +01:00
#
# imap
#
2016-04-13 23:16:46 +02:00
@test "checking process: dovecot imaplogin (enabled in default configuration)" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-29 23:52:10 +01:00
}
2016-04-13 23:16:46 +02:00
@test "checking process: dovecot imaplogin (disabled using SMTP_ONLY)" {
run docker exec mail_smtponly /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/dovecot'"
2017-01-10 14:15:41 +01:00
assert_failure
2016-02-29 23:52:10 +01:00
}
2016-02-25 00:17:01 +01:00
@test "checking imap: server is ready with STARTTLS" {
2016-04-22 17:51:14 +02:00
run docker exec mail /bin/bash -c "nc -w 2 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'ready'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
@test "checking imap: authentication works" {
2016-04-21 01:08:14 +02:00
run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-auth.txt"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
#
# pop
#
@test "checking pop: server is ready" {
run docker exec mail_pop3 /bin/bash -c "nc -w 1 0.0.0.0 110 | grep '+OK'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
@test "checking pop: authentication works" {
2016-04-21 01:08:14 +02:00
run docker exec mail_pop3 /bin/sh -c "nc -w 1 0.0.0.0 110 < /tmp/docker-mailserver-test/auth/pop3-auth.txt"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
#
# sasl
#
2016-04-17 12:01:05 +02:00
@test "checking sasl: doveadm auth test works with good password" {
run docker exec mail /bin/sh -c "doveadm auth test -x service=smtp user2@otherdomain.tld mypassword | grep 'auth succeeded'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
2016-04-17 12:01:05 +02:00
@test "checking sasl: doveadm auth test fails with bad password" {
run docker exec mail /bin/sh -c "doveadm auth test -x service=smtp user2@otherdomain.tld BADPASSWORD | grep 'auth failed'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
2016-11-15 20:48:09 +01:00
@test "checking sasl: sasl_passwd exists" {
run docker exec mail [ -f /etc/postfix/sasl_passwd ]
2017-01-10 14:15:41 +01:00
assert_success
2016-03-18 20:12:18 +01:00
}
2016-04-08 00:23:12 +02:00
#
# logs
#
@test "checking logs: mail related logs should be located in a subdirectory" {
run docker exec mail /bin/sh -c "ls -1 /var/log/mail/ | grep -E 'clamav|freshclam|mail'|wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 3
2016-04-08 00:23:12 +02:00
}
2016-02-25 00:17:01 +01:00
#
# smtp
#
@test "checking smtp: authentication works with good password (plain)" {
2016-04-21 01:08:14 +02:00
run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-plain.txt | grep 'Authentication successful'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
@test "checking smtp: authentication fails with wrong password (plain)" {
2016-04-21 01:08:14 +02:00
run docker exec mail /bin/sh -c "nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-plain-wrong.txt | grep 'authentication failed'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
@test "checking smtp: authentication works with good password (login)" {
2016-04-21 01:08:14 +02:00
run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login.txt | grep 'Authentication successful'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
@test "checking smtp: authentication fails with wrong password (login)" {
2016-04-21 01:08:14 +02:00
run docker exec mail /bin/sh -c "nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt | grep 'authentication failed'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
@test "checking smtp: delivers mail to existing account" {
2016-10-24 15:03:08 +02:00
run docker exec mail /bin/sh -c "grep 'postfix/lmtp' /var/log/mail/mail.log | grep 'status=sent' | grep ' Saved)' | wc -l"
2017-01-10 14:15:41 +01:00
assert_success
2017-03-03 18:27:22 +01:00
assert_output 7
2016-02-25 00:17:01 +01:00
}
@test "checking smtp: delivers mail to existing alias" {
2016-04-01 17:18:13 +02:00
run docker exec mail /bin/sh -c "grep 'to=<user1@localhost.localdomain>, orig_to=<alias1@localhost.localdomain>' /var/log/mail/mail.log | grep 'status=sent' | wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 1
2016-02-25 00:17:01 +01:00
}
2017-03-03 18:27:22 +01:00
@test "checking smtp: delivers mail to existing alias with recipient delimiter" {
run docker exec mail /bin/sh -c "grep 'to=<user1~test@localhost.localdomain>, orig_to=<alias1~test@localhost.localdomain>' /var/log/mail/mail.log | grep 'status=sent' | wc -l"
assert_success
assert_output 1
run docker exec mail /bin/sh -c "grep 'to=<user1~test@localhost.localdomain>' /var/log/mail/mail.log | grep 'status=bounced'"
assert_failure
}
2016-07-23 23:42:18 +02:00
@test "checking smtp: delivers mail to existing catchall" {
run docker exec mail /bin/sh -c "grep 'to=<user1@localhost.localdomain>, orig_to=<wildcard@localdomain2.com>' /var/log/mail/mail.log | grep 'status=sent' | wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 1
2016-07-23 23:42:18 +02:00
}
2016-05-24 06:30:22 +02:00
@test "checking smtp: delivers mail to regexp alias" {
run docker exec mail /bin/sh -c "grep 'to=<user1@localhost.localdomain>, orig_to=<test123@localhost.localdomain>' /var/log/mail/mail.log | grep 'status=sent' | wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 1
2016-05-24 06:30:22 +02:00
}
2017-03-03 18:27:22 +01:00
@test "checking smtp: user1 should have received 6 mails" {
2016-02-25 00:17:01 +01:00
run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/new | wc -l"
2017-01-10 14:15:41 +01:00
assert_success
2017-03-03 18:27:22 +01:00
assert_output 6
2016-02-25 00:17:01 +01:00
}
@test "checking smtp: rejects mail to unknown user" {
2016-04-01 17:18:13 +02:00
run docker exec mail /bin/sh -c "grep '<nouser@localhost.localdomain>: Recipient address rejected: User unknown in virtual mailbox table' /var/log/mail/mail.log | wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 1
2016-02-25 00:17:01 +01:00
}
2016-05-24 06:30:22 +02:00
@test "checking smtp: redirects mail to external aliases" {
2016-04-01 17:18:13 +02:00
run docker exec mail /bin/sh -c "grep -- '-> <external1@otherdomain.tld>' /var/log/mail/mail.log | wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 2
2016-02-25 00:17:01 +01:00
}
@test "checking smtp: rejects spam" {
2016-04-01 17:18:13 +02:00
run docker exec mail /bin/sh -c "grep 'Blocked SPAM' /var/log/mail/mail.log | grep spam@external.tld | wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 1
2016-02-25 00:17:01 +01:00
}
@test "checking smtp: rejects virus" {
2016-04-01 17:18:13 +02:00
run docker exec mail /bin/sh -c "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep virus@external.tld | wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 1
2016-02-25 00:17:01 +01:00
}
#
# accounts
#
@test "checking accounts: user accounts" {
2016-04-17 12:01:05 +02:00
run docker exec mail doveadm user '*'
2017-01-10 14:15:41 +01:00
assert_success
2016-04-17 12:01:05 +02:00
[ "${lines[0]}" = "user1@localhost.localdomain" ]
[ "${lines[1]}" = "user2@otherdomain.tld" ]
2016-02-25 00:17:01 +01:00
}
@test "checking accounts: user mail folders for user1" {
2016-04-17 20:10:09 +02:00
run docker exec mail /bin/bash -c "ls -A /var/mail/localhost.localdomain/user1 | grep -E '.Drafts|.Sent|.Trash|cur|new|subscriptions|tmp' | wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 7
2016-02-25 00:17:01 +01:00
}
@test "checking accounts: user mail folders for user2" {
2016-04-17 20:10:09 +02:00
run docker exec mail /bin/bash -c "ls -A /var/mail/otherdomain.tld/user2 | grep -E '.Drafts|.Sent|.Trash|cur|new|subscriptions|tmp' | wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 7
2016-02-25 00:17:01 +01:00
}
2017-03-28 10:59:02 +02:00
@test "checking accounts: comments are not parsed" {
run docker exec mail /bin/bash -c "ls /var/mail | grep 'comment'"
assert_failure
}
2016-02-25 00:17:01 +01:00
#
# postfix
#
@test "checking postfix: vhost file is correct" {
run docker exec mail cat /etc/postfix/vhost
2017-01-10 14:15:41 +01:00
assert_success
2016-07-23 23:42:18 +02:00
[ "${lines[0]}" = "localdomain2.com" ]
[ "${lines[1]}" = "localhost.localdomain" ]
[ "${lines[2]}" = "otherdomain.tld" ]
2016-02-25 00:17:01 +01:00
}
2016-03-18 20:07:58 +01:00
@test "checking postfix: main.cf overrides" {
2016-04-17 12:01:05 +02:00
run docker exec mail grep -q 'max_idle = 600s' /tmp/docker-mailserver/postfix-main.cf
2017-01-10 14:15:41 +01:00
assert_success
2016-04-17 12:01:05 +02:00
run docker exec mail grep -q 'readme_directory = /tmp' /tmp/docker-mailserver/postfix-main.cf
2017-01-10 14:15:41 +01:00
assert_success
2016-03-18 20:07:58 +01:00
}
2016-05-29 22:36:06 +02:00
#
# dovecot
#
@test "checking dovecot: config additions" {
run docker exec mail grep -q 'mail_max_userip_connections = 69' /tmp/docker-mailserver/dovecot.cf
2017-01-10 14:15:41 +01:00
assert_success
2016-05-29 22:36:06 +02:00
run docker exec mail /bin/sh -c "doveconf | grep 'mail_max_userip_connections = 69'"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 'mail_max_userip_connections = 69'
2016-05-29 22:36:06 +02:00
}
2016-02-25 00:17:01 +01:00
#
# spamassassin
#
2016-12-25 22:54:37 +01:00
@test "checking spamassassin: should be listed in amavis when enabled" {
run docker exec mail /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'"
2017-01-10 14:15:41 +01:00
assert_failure
2016-12-25 22:54:37 +01:00
}
@test "checking spamassassin: should not be listed in amavis when disabled" {
run docker exec mail_disabled_clamav_spamassassin /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'"
2017-01-10 14:15:41 +01:00
assert_success
2016-12-25 22:54:37 +01:00
}
2016-02-25 00:17:01 +01:00
@test "checking spamassassin: docker env variables are set correctly (default)" {
run docker exec mail_pop3 /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
run docker exec mail_pop3 /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
run docker exec mail_pop3 /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
@test "checking spamassassin: docker env variables are set correctly (custom)" {
run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 1.0'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
run docker exec mail /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
run docker exec mail /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 3.0'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
2016-12-25 15:41:02 +01:00
#
# clamav
#
@test "checking clamav: should be listed in amavis when enabled" {
run docker exec mail grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log
2017-01-10 14:15:41 +01:00
assert_success
2016-12-25 15:41:02 +01:00
}
@test "checking clamav: should not be listed in amavis when disabled" {
2016-12-25 22:54:37 +01:00
run docker exec mail_disabled_clamav_spamassassin grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log
2017-01-10 14:15:41 +01:00
assert_failure
2016-12-25 15:41:02 +01:00
}
@test "checking clamav: should not be called when disabled" {
2016-12-25 22:54:37 +01:00
run docker exec mail_disabled_clamav_spamassassin grep -i 'connect to /var/run/clamav/clamd.ctl failed' /var/log/mail/mail.log
2017-01-10 14:15:41 +01:00
assert_failure
2016-12-25 15:41:02 +01:00
}
2016-02-25 00:17:01 +01:00
#
# opendkim
#
@test "checking opendkim: /etc/opendkim/KeyTable should contain 2 entries" {
run docker exec mail /bin/sh -c "cat /etc/opendkim/KeyTable | wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 2
2016-02-25 00:17:01 +01:00
}
@test "checking opendkim: /etc/opendkim/keys/ should contain 2 entries" {
run docker exec mail /bin/sh -c "ls -l /etc/opendkim/keys/ | grep '^d' | wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 2
2016-02-25 00:17:01 +01:00
}
2016-04-21 01:08:14 +02:00
@test "checking opendkim: generator creates keys, tables and TrustedHosts" {
2016-04-21 11:42:41 +02:00
rm -rf "$(pwd)/test/config/empty" && mkdir -p "$(pwd)/test/config/empty"
2016-04-20 23:01:32 +02:00
run docker run --rm \
2016-04-21 11:42:41 +02:00
-v "$(pwd)/test/config/empty/":/tmp/docker-mailserver/ \
-v "$(pwd)/test/config/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "$(pwd)/test/config/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
2016-05-29 22:36:06 +02:00
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'generate-dkim-config | wc -l'
2017-01-10 14:15:41 +01:00
assert_success
assert_output 6
2016-04-21 11:42:41 +02:00
# Check keys for localhost.localdomain
run docker run --rm \
-v "$(pwd)/test/config/empty/opendkim":/etc/opendkim \
2016-05-29 22:36:06 +02:00
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
2017-01-10 14:15:41 +01:00
assert_success
assert_output 2
2016-04-21 11:42:41 +02:00
# Check keys for otherdomain.tld
run docker run --rm \
-v "$(pwd)/test/config/empty/opendkim":/etc/opendkim \
2016-05-29 22:36:06 +02:00
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
2017-01-10 14:15:41 +01:00
assert_success
assert_output 2
2016-04-21 11:42:41 +02:00
# Check presence of tables and TrustedHosts
run docker run --rm \
-v "$(pwd)/test/config/empty/opendkim":/etc/opendkim \
2016-05-29 22:36:06 +02:00
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c "ls -1 etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 4
2016-04-20 23:01:32 +02:00
}
2016-08-24 10:06:59 +02:00
@test "checking opendkim: generator creates keys, tables and TrustedHosts without postfix-accounts.cf" {
rm -rf "$(pwd)/test/config/without-accounts" && mkdir -p "$(pwd)/test/config/without-accounts"
run docker run --rm \
-v "$(pwd)/test/config/without-accounts/":/tmp/docker-mailserver/ \
-v "$(pwd)/test/config/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'generate-dkim-config | wc -l'
2017-01-10 14:15:41 +01:00
assert_success
assert_output 5
2016-08-24 10:06:59 +02:00
# Check keys for localhost.localdomain
run docker run --rm \
-v "$(pwd)/test/config/without-accounts/opendkim":/etc/opendkim \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
2017-01-10 14:15:41 +01:00
assert_success
assert_output 2
2016-08-24 10:06:59 +02:00
# Check keys for otherdomain.tld
# run docker run --rm \
# -v "$(pwd)/test/config/without-accounts/opendkim":/etc/opendkim \
# `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
2017-01-10 14:15:41 +01:00
# assert_success
2016-08-24 10:06:59 +02:00
# [ "$output" -eq 0 ]
# Check presence of tables and TrustedHosts
run docker run --rm \
-v "$(pwd)/test/config/without-accounts/opendkim":/etc/opendkim \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c "ls -1 etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 4
2016-08-24 10:06:59 +02:00
}
@test "checking opendkim: generator creates keys, tables and TrustedHosts without postfix-virtual.cf" {
rm -rf "$(pwd)/test/config/without-virtual" && mkdir -p "$(pwd)/test/config/without-virtual"
run docker run --rm \
-v "$(pwd)/test/config/without-virtual/":/tmp/docker-mailserver/ \
-v "$(pwd)/test/config/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'generate-dkim-config | wc -l'
2017-01-10 14:15:41 +01:00
assert_success
assert_output 5
2016-08-24 10:06:59 +02:00
# Check keys for localhost.localdomain
run docker run --rm \
-v "$(pwd)/test/config/without-virtual/opendkim":/etc/opendkim \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
2017-01-10 14:15:41 +01:00
assert_success
assert_output 2
2016-08-24 10:06:59 +02:00
# Check keys for otherdomain.tld
run docker run --rm \
-v "$(pwd)/test/config/without-virtual/opendkim":/etc/opendkim \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
2017-01-10 14:15:41 +01:00
assert_success
assert_output 2
2016-08-24 10:06:59 +02:00
# Check presence of tables and TrustedHosts
run docker run --rm \
-v "$(pwd)/test/config/without-virtual/opendkim":/etc/opendkim \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c "ls -1 etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys'|wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 4
2016-08-24 10:06:59 +02:00
}
2016-02-25 00:17:01 +01:00
#
2016-04-26 19:39:08 +02:00
# ssl
2016-02-25 00:17:01 +01:00
#
2016-04-26 19:39:08 +02:00
@test "checking ssl: generated default cert works correctly" {
run docker exec mail /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 0 (ok)'"
2017-01-10 14:15:41 +01:00
assert_success
2016-04-26 19:39:08 +02:00
}
2016-12-23 23:56:39 +01:00
@test "checking ssl: lets-encrypt-x3-cross-signed.pem is installed" {
run docker exec mail grep 'BEGIN CERTIFICATE' /etc/ssl/certs/lets-encrypt-x3-cross-signed.pem
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
2016-04-26 19:39:08 +02:00
@test "checking ssl: letsencrypt configuration is correct" {
run docker exec mail_pop3 /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/postfix/main.cf | wc -l'
2017-01-10 14:15:41 +01:00
assert_success
assert_output 2
2016-04-26 19:39:08 +02:00
run docker exec mail_pop3 /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/dovecot/conf.d/10-ssl.conf | wc -l'
2017-01-10 14:15:41 +01:00
assert_success
assert_output 2
2016-04-26 19:39:08 +02:00
}
2016-02-25 00:17:01 +01:00
2016-04-26 19:39:08 +02:00
@test "checking ssl: letsencrypt cert works correctly" {
2016-07-23 18:20:19 +02:00
run docker exec mail_pop3 /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
2016-08-31 15:15:39 +02:00
@test "checking ssl: manual configuration is correct" {
run docker exec mail_manual_ssl /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/postfix/main.cf | wc -l'
2017-01-10 14:15:41 +01:00
assert_success
assert_output 1
2016-08-31 15:15:39 +02:00
run docker exec mail_manual_ssl /bin/sh -c 'grep -ir "/etc/postfix/ssl/cert" /etc/dovecot/conf.d/10-ssl.conf | wc -l'
2017-01-10 14:15:41 +01:00
assert_success
assert_output 1
2016-08-31 15:15:39 +02:00
run docker exec mail_manual_ssl /bin/sh -c 'grep -ir "/etc/postfix/ssl/key" /etc/postfix/main.cf | wc -l'
2017-01-10 14:15:41 +01:00
assert_success
assert_output 1
2016-08-31 15:15:39 +02:00
run docker exec mail_manual_ssl /bin/sh -c 'grep -ir "/etc/postfix/ssl/key" /etc/dovecot/conf.d/10-ssl.conf | wc -l'
2017-01-10 14:15:41 +01:00
assert_success
assert_output 1
2016-08-31 15:15:39 +02:00
}
@test "checking ssl: manual configuration copied files correctly " {
run docker exec mail_manual_ssl /bin/sh -c 'cmp -s /etc/postfix/ssl/cert /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem'
2017-01-10 14:15:41 +01:00
assert_success
2016-08-31 15:15:39 +02:00
run docker exec mail_manual_ssl /bin/sh -c 'cmp -s /etc/postfix/ssl/key /tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem'
2017-01-10 14:15:41 +01:00
assert_success
2016-08-31 15:15:39 +02:00
}
@test "checking ssl: manual cert works correctly" {
run docker exec mail_manual_ssl /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'"
2017-01-10 14:15:41 +01:00
assert_success
2016-08-31 15:15:39 +02:00
}
2016-02-25 00:17:01 +01:00
#
# fail2ban
#
2016-04-17 22:59:35 +02:00
@test "checking fail2ban: localhost is not banned because ignored" {
2016-04-23 12:09:28 +02:00
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*127.0.0.1'"
2017-01-10 14:15:41 +01:00
assert_failure
2016-04-17 22:59:35 +02:00
run docker exec mail_fail2ban /bin/sh -c "grep 'ignoreip = 127.0.0.1/8' /etc/fail2ban/jail.conf"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
2016-06-03 01:22:16 +02:00
@test "checking fail2ban: fail2ban-jail.cf overrides" {
2016-06-04 02:46:33 +02:00
FILTERS=(sshd postfix dovecot postfix-sasl)
2016-06-04 03:12:18 +02:00
for FILTER in "${FILTERS[@]}"; do
2016-06-04 02:46:33 +02:00
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get $FILTER bantime"
2017-01-10 14:15:41 +01:00
assert_output 1234
2016-06-04 02:46:33 +02:00
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get $FILTER findtime"
2017-01-10 14:15:41 +01:00
assert_output 321
2016-06-04 02:46:33 +02:00
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get $FILTER maxretry"
2017-01-10 14:15:41 +01:00
assert_output 2
2016-06-04 02:46:33 +02:00
done
2016-06-03 01:22:16 +02:00
}
2016-02-25 00:17:01 +01:00
@test "checking fail2ban: ban ip on multiple failed login" {
2016-04-17 22:59:35 +02:00
# Getting mail_fail2ban container IP
MAIL_FAIL2BAN_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' mail_fail2ban)
2016-06-04 02:53:44 +02:00
2016-12-23 23:56:39 +01:00
# Create a container which will send wrong authentications and should banned
2016-06-04 02:53:44 +02:00
docker run --name fail-auth-mailer -e MAIL_FAIL2BAN_IP=$MAIL_FAIL2BAN_IP -v "$(pwd)/test":/tmp/docker-mailserver-test -d $(docker inspect --format '{{ .Config.Image }}' mail) tail -f /var/log/faillog
2016-04-21 01:08:14 +02:00
docker exec fail-auth-mailer /bin/sh -c 'nc $MAIL_FAIL2BAN_IP 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt'
docker exec fail-auth-mailer /bin/sh -c 'nc $MAIL_FAIL2BAN_IP 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt'
2016-06-04 02:53:44 +02:00
2016-04-17 23:16:13 +02:00
sleep 5
2016-06-04 02:53:44 +02:00
2016-04-17 22:59:35 +02:00
# Checking that FAIL_AUTH_MAILER_IP is banned in mail_fail2ban
2016-04-17 23:16:13 +02:00
FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer)
2016-06-04 02:53:44 +02:00
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep '$FAIL_AUTH_MAILER_IP'"
2017-01-10 14:15:41 +01:00
assert_success
2016-06-04 02:53:44 +02:00
# Checking that FAIL_AUTH_MAILER_IP is banned by iptables
run docker exec mail_fail2ban /bin/sh -c "iptables -L f2b-postfix-sasl -n | grep REJECT | grep '$FAIL_AUTH_MAILER_IP'"
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
@test "checking fail2ban: unban ip works" {
2016-04-17 23:44:41 +02:00
FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer)
2016-06-04 02:53:44 +02:00
2016-04-23 12:09:28 +02:00
docker exec mail_fail2ban fail2ban-client set postfix-sasl unbanip $FAIL_AUTH_MAILER_IP
2016-06-04 02:53:44 +02:00
2016-02-25 00:17:01 +01:00
sleep 5
2016-06-04 02:53:44 +02:00
2016-04-23 12:09:28 +02:00
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*$FAIL_AUTH_MAILER_IP'"
2017-01-10 14:15:41 +01:00
assert_failure
2016-06-04 02:53:44 +02:00
# Checking that FAIL_AUTH_MAILER_IP is unbanned by iptables
run docker exec mail_fail2ban /bin/sh -c "iptables -L f2b-postfix-sasl -n | grep REJECT | grep '$FAIL_AUTH_MAILER_IP'"
2017-01-10 14:15:41 +01:00
assert_failure
2016-02-25 00:17:01 +01:00
}
2016-08-21 22:13:13 +02:00
#
# fetchmail
#
@test "checking fetchmail: gerneral options in fetchmailrc are loaded" {
run docker exec mail_fetchmail grep 'set syslog' /etc/fetchmailrc
2017-01-10 14:15:41 +01:00
assert_success
2016-08-21 22:13:13 +02:00
}
@test "checking fetchmail: fetchmail.cf is loaded" {
run docker exec mail_fetchmail grep 'pop3.example.com' /etc/fetchmailrc
2017-01-10 14:15:41 +01:00
assert_success
2016-08-21 22:13:13 +02:00
}
2016-02-25 00:17:01 +01:00
#
# system
#
@test "checking system: freshclam cron is enabled" {
2016-10-08 19:02:47 +02:00
run docker exec mail bash -c "crontab -l | grep '/usr/bin/freshclam'"
2017-01-10 14:15:41 +01:00
assert_success
2016-10-08 19:02:47 +02:00
}
@test "checking amavis: virusmail wiper cron exists" {
2017-01-11 10:52:39 +01:00
run docker exec mail bash -c "crontab -l | grep '/usr/local/bin/virus-wiper'"
2017-01-10 14:15:41 +01:00
assert_success
2016-10-08 19:02:47 +02:00
}
@test "checking amavis: VIRUSMAILS_DELETE_DELAY override works as expected" {
2016-12-30 20:06:44 +01:00
run docker run -ti --rm -e VIRUSMAILS_DELETE_DELAY=2 `docker inspect --format '{{ .Config.Image }}' mail` /bin/bash -c 'echo $VIRUSMAILS_DELETE_DELAY | grep 2'
2017-01-10 14:15:41 +01:00
assert_success
2016-10-08 19:02:47 +02:00
}
@test "checking amavis: old virusmail is wipped by cron" {
docker exec mail bash -c 'touch -d "`date --date=2000-01-01`" /var/lib/amavis/virusmails/should-be-deleted'
2017-01-11 10:52:39 +01:00
run docker exec -ti mail bash -c '/usr/local/bin/virus-wiper'
2017-01-10 14:15:41 +01:00
assert_success
2016-10-08 19:02:47 +02:00
run docker exec mail bash -c 'ls -la /var/lib/amavis/virusmails/ | grep should-be-deleted'
2017-01-10 14:15:41 +01:00
assert_failure
2016-10-08 19:02:47 +02:00
}
@test "checking amavis: recent virusmail is not wipped by cron" {
docker exec mail bash -c 'touch -d "`date`" /var/lib/amavis/virusmails/should-not-be-deleted'
2017-01-11 10:52:39 +01:00
run docker exec -ti mail bash -c '/usr/local/bin/virus-wiper'
2017-01-10 14:15:41 +01:00
assert_success
2016-10-08 19:02:47 +02:00
run docker exec mail bash -c 'ls -la /var/lib/amavis/virusmails/ | grep should-not-be-deleted'
2017-01-10 14:15:41 +01:00
assert_success
2016-02-25 00:17:01 +01:00
}
2016-04-01 17:18:13 +02:00
@test "checking system: /var/log/mail/mail.log is error free" {
run docker exec mail grep 'non-null host address bits in' /var/log/mail/mail.log
2017-01-10 14:15:41 +01:00
assert_failure
2016-07-23 21:01:01 +02:00
run docker exec mail grep 'mail system configuration error' /var/log/mail/mail.log
2017-01-10 14:15:41 +01:00
assert_failure
2016-04-01 17:18:13 +02:00
run docker exec mail grep ': error:' /var/log/mail/mail.log
2017-01-10 14:15:41 +01:00
assert_failure
2016-09-11 14:26:04 +02:00
run docker exec mail grep -i 'is not writable' /var/log/mail/mail.log
2017-01-10 14:15:41 +01:00
assert_failure
2016-09-11 14:26:04 +02:00
run docker exec mail grep -i 'permission denied' /var/log/mail/mail.log
2017-01-10 14:15:41 +01:00
assert_failure
2016-12-23 23:56:39 +01:00
run docker exec mail grep -i '(!)connect' /var/log/mail/mail.log
2017-01-10 14:15:41 +01:00
assert_failure
2016-04-01 17:18:13 +02:00
run docker exec mail_pop3 grep 'non-null host address bits in' /var/log/mail/mail.log
2017-01-10 14:15:41 +01:00
assert_failure
2016-04-01 17:18:13 +02:00
run docker exec mail_pop3 grep ': error:' /var/log/mail/mail.log
2017-01-10 14:15:41 +01:00
assert_failure
2016-02-25 00:17:01 +01:00
}
2016-12-17 21:53:09 +01:00
@test "checking system: /var/log/auth.log is error free" {
run docker exec mail grep 'Unable to open env file: /etc/default/locale' /var/log/auth.log
2017-01-10 14:15:41 +01:00
assert_failure
2016-12-17 21:53:09 +01:00
}
2016-02-25 00:17:01 +01:00
@test "checking system: sets the server fqdn" {
run docker exec mail hostname
2017-01-10 14:15:41 +01:00
assert_success
assert_output "mail.my-domain.com"
2016-02-25 00:17:01 +01:00
}
@test "checking system: sets the server domain name in /etc/mailname" {
run docker exec mail cat /etc/mailname
2017-01-10 14:15:41 +01:00
assert_success
assert_output "my-domain.com"
2016-02-25 00:17:01 +01:00
}
2016-04-28 08:57:50 +02:00
2016-09-23 08:22:57 +02:00
@test "checking system: postfix should not log to syslog" {
run docker exec mail grep 'postfix' /var/log/syslog
2017-01-10 14:15:41 +01:00
assert_failure
2016-09-23 08:22:57 +02:00
}
2016-04-28 08:57:50 +02:00
#
# sieve
#
2016-04-28 10:25:11 +02:00
@test "checking sieve: user1 should have received 1 email in folder INBOX.spam" {
2016-04-28 08:57:50 +02:00
run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/.INBOX.spam/new | wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 1
2016-04-28 08:57:50 +02:00
}
2016-04-29 15:24:10 +02:00
2016-04-29 17:09:48 +02:00
@test "checking manage sieve: server is ready when ENABLE_MANAGESIEVE has been set" {
2016-04-29 15:24:10 +02:00
run docker exec mail /bin/bash -c "nc -z 0.0.0.0 4190"
2017-01-10 14:15:41 +01:00
assert_success
2016-04-29 15:24:10 +02:00
}
@test "checking manage sieve: disabled per default" {
run docker exec mail_pop3 /bin/bash -c "nc -z 0.0.0.0 4190"
2017-01-10 14:15:41 +01:00
assert_failure
2016-04-29 15:24:10 +02:00
}
2016-06-14 16:17:06 +02:00
#
# accounts
#
@test "checking accounts: user3 should have been added to /tmp/docker-mailserver/postfix-accounts.cf" {
docker exec mail /bin/sh -c "addmailuser user3@domain.tld mypassword"
2016-12-30 20:06:44 +01:00
run docker exec mail /bin/sh -c "grep '^user3@domain\.tld|' -i /tmp/docker-mailserver/postfix-accounts.cf"
2017-01-10 14:15:41 +01:00
assert_success
2016-06-14 16:17:06 +02:00
[ ! -z "$output" ]
}
2016-12-30 20:06:44 +01:00
@test "checking accounts: auser3 should have been added to /tmp/docker-mailserver/postfix-accounts.cf" {
docker exec mail /bin/sh -c "addmailuser auser3@domain.tld mypassword"
run docker exec mail /bin/sh -c "grep '^auser3@domain\.tld|' -i /tmp/docker-mailserver/postfix-accounts.cf"
2017-01-10 14:15:41 +01:00
assert_success
2016-12-30 20:06:44 +01:00
[ ! -z "$output" ]
}
@test "checking accounts: a.ser3 should have been added to /tmp/docker-mailserver/postfix-accounts.cf" {
docker exec mail /bin/sh -c "addmailuser a.ser3@domain.tld mypassword"
run docker exec mail /bin/sh -c "grep '^a\.ser3@domain\.tld|' -i /tmp/docker-mailserver/postfix-accounts.cf"
2017-01-10 14:15:41 +01:00
assert_success
2016-12-30 20:06:44 +01:00
[ ! -z "$output" ]
}
@test "checking accounts: user3 should have been removed from /tmp/docker-mailserver/postfix-accounts.cf but not auser3" {
2016-06-14 16:17:06 +02:00
docker exec mail /bin/sh -c "delmailuser user3@domain.tld"
2016-12-30 20:06:44 +01:00
run docker exec mail /bin/sh -c "grep '^user3@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf"
2017-01-10 14:15:41 +01:00
assert_failure
2016-06-14 16:17:06 +02:00
[ -z "$output" ]
2016-12-30 20:06:44 +01:00
run docker exec mail /bin/sh -c "grep '^auser3@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf"
2017-01-10 14:15:41 +01:00
assert_success
2016-12-30 20:06:44 +01:00
[ ! -z "$output" ]
2016-06-14 16:17:06 +02:00
}
2016-08-21 22:10:13 +02:00
2016-12-21 20:12:05 +01:00
@test "checking user updating password for user in /tmp/docker-mailserver/postfix-accounts.cf" {
2016-12-30 20:06:44 +01:00
docker exec mail /bin/sh -c "addmailuser user4@domain.tld mypassword"
2016-12-21 20:12:05 +01:00
2016-12-30 20:06:44 +01:00
initialpass=$(run docker exec mail /bin/sh -c "grep '^user4@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf")
2016-12-21 20:12:05 +01:00
sleep 2
2016-12-30 20:06:44 +01:00
docker exec mail /bin/sh -c "updatemailuser user4@domain.tld mynewpassword"
2016-12-21 20:12:05 +01:00
sleep 2
2016-12-30 20:06:44 +01:00
changepass=$(run docker exec mail /bin/sh -c "grep '^user4@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf")
2016-12-21 20:12:05 +01:00
if [ initialpass != changepass ]; then
status="0"
else
status="1"
fi
2016-12-30 20:06:44 +01:00
docker exec mail /bin/sh -c "delmailuser auser3@domain.tld"
2016-12-21 20:12:05 +01:00
2017-01-10 14:15:41 +01:00
assert_success
2016-12-21 20:12:05 +01:00
}
2016-08-29 13:44:36 +02:00
@test "checking accounts: listmailuser" {
run docker exec mail /bin/sh -c "listmailuser | head -n 1"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 'user1@localhost.localdomain'
2016-08-29 13:44:36 +02:00
}
2016-08-24 10:06:59 +02:00
@test "checking accounts: no error is generated when deleting a user if /tmp/docker-mailserver/postfix-accounts.cf is missing" {
run docker run --rm \
-v "$(pwd)/test/config/without-accounts/":/tmp/docker-mailserver/ \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'delmailuser user3@domain.tld'
2017-01-10 14:15:41 +01:00
assert_success
2016-08-24 10:06:59 +02:00
[ -z "$output" ]
}
@test "checking accounts: user3 should have been added to /tmp/docker-mailserver/postfix-accounts.cf even when that file does not exist" {
run docker run --rm \
-v "$(pwd)/test/config/without-accounts/":/tmp/docker-mailserver/ \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'addmailuser user3@domain.tld mypassword'
2017-01-10 14:15:41 +01:00
assert_success
2016-08-24 10:06:59 +02:00
run docker run --rm \
-v "$(pwd)/test/config/without-accounts/":/tmp/docker-mailserver/ \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'grep user3@domain.tld -i /tmp/docker-mailserver/postfix-accounts.cf'
2017-01-10 14:15:41 +01:00
assert_success
2016-08-24 10:06:59 +02:00
[ ! -z "$output" ]
}
2016-08-21 22:10:13 +02:00
#
# PERMIT_DOCKER mynetworks
#
2016-08-24 10:06:59 +02:00
2016-08-21 22:10:13 +02:00
@test "checking PERMIT_DOCKER: can get container ip" {
run docker exec mail /bin/sh -c "ip addr show eth0 | grep 'inet ' | sed 's/[^0-9\.\/]*//g' | cut -d '/' -f 1 | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}'"
2017-01-10 14:15:41 +01:00
assert_success
2016-08-21 22:10:13 +02:00
}
@test "checking PERMIT_DOCKER: opendmarc/opendkim config" {
run docker exec mail_smtponly /bin/sh -c "cat /etc/opendmarc/ignore.hosts | grep '172.16.0.0/12'"
2017-01-10 14:15:41 +01:00
assert_success
2016-08-21 22:10:13 +02:00
run docker exec mail_smtponly /bin/sh -c "cat /etc/opendkim/TrustedHosts | grep '172.16.0.0/12'"
2017-01-10 14:15:41 +01:00
assert_success
2016-08-21 22:10:13 +02:00
}
@test "checking PERMIT_DOCKER: my network value" {
run docker exec mail /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.0\.0/16'"
2017-01-10 14:15:41 +01:00
assert_success
2016-08-21 22:10:13 +02:00
run docker exec mail_pop3 /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}/32'"
2017-01-10 14:15:41 +01:00
assert_success
2016-08-21 22:10:13 +02:00
}
2016-09-01 12:10:23 +02:00
2016-09-02 09:08:41 +02:00
#
# amavis
#
@test "checking amavis: config overrides" {
run docker exec mail /bin/sh -c "grep 'Test Verification' /etc/amavis/conf.d/50-user | wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 1
2016-09-02 09:08:41 +02:00
}
2016-09-01 12:10:23 +02:00
#
# setup.sh
#
# CLI interface
@test "checking setup.sh: Without arguments: status 1, show help text" {
2016-09-02 09:08:41 +02:00
run ./setup.sh
2017-01-10 14:15:41 +01:00
assert_failure
2016-09-01 12:10:23 +02:00
[ "${lines[0]}" = "Usage: ./setup.sh [-i IMAGE_NAME] [-c CONTAINER_NAME] <subcommand> <subcommand> [args]" ]
}
@test "checking setup.sh: Wrong arguments" {
run ./setup.sh lol troll
2017-01-10 14:15:41 +01:00
assert_failure
2016-09-01 12:10:23 +02:00
[ "${lines[0]}" = "Usage: ./setup.sh [-i IMAGE_NAME] [-c CONTAINER_NAME] <subcommand> <subcommand> [args]" ]
}
# email
@test "checking setup.sh: setup.sh email add " {
run ./setup.sh -c mail email add lorem@impsum.org dolorsit
2017-01-10 14:15:41 +01:00
assert_success
2016-09-01 12:10:23 +02:00
value=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $1}')
[ "$value" = "lorem@impsum.org" ]
}
@test "checking setup.sh: setup.sh email list" {
run ./setup.sh -c mail email list
2017-01-10 14:15:41 +01:00
assert_success
2016-09-01 12:10:23 +02:00
}
2016-12-21 20:12:05 +01:00
@test "checking setup.sh: setup.sh email update" {
2017-01-09 23:53:09 +01:00
initialpass=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $2}')
run ./setup.sh -c mail email update lorem@impsum.org consectetur
updatepass=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $2}')
if [ initialpass != changepass ]; then
2016-12-21 20:12:05 +01:00
status="0"
else
status="1"
fi
2017-01-10 14:15:41 +01:00
assert_success
2016-12-21 20:12:05 +01:00
}
2016-09-01 12:10:23 +02:00
@test "checking setup.sh: setup.sh email del" {
run ./setup.sh -c mail email del lorem@impsum.org
2017-01-10 14:15:41 +01:00
assert_success
2016-09-01 12:10:23 +02:00
run value=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org)
[ -z "$value" ]
}
# config
@test "checking setup.sh: setup.sh config dkim" {
run ./setup.sh -c mail config dkim
2017-01-10 14:15:41 +01:00
assert_success
2016-09-01 12:10:23 +02:00
}
# TODO: To create a test generate-ssl-certificate must be non interactive
#@test "checking setup.sh: setup.sh config ssl" {
# run ./setup.sh -c mail_ssl config ssl
2017-01-10 14:15:41 +01:00
# assert_success
2016-09-01 12:10:23 +02:00
#}
# debug
@test "checking setup.sh: setup.sh debug fetchmail" {
run ./setup.sh -c mail debug fetchmail
[ "$status" -eq 5 ]
# TODO: Fix output check
# [ "$output" = "fetchmail: no mailservers have been specified." ]
}
@test "checking setup.sh: setup.sh debug inspect" {
run ./setup.sh -c mail debug inspect
2017-01-10 14:15:41 +01:00
assert_success
2016-09-01 12:10:23 +02:00
[ "${lines[0]}" = "Image: tvial/docker-mailserver:testing" ]
[ "${lines[1]}" = "Container: mail" ]
}
@test "checking setup.sh: setup.sh debug login ls" {
run ./setup.sh -c mail debug login ls
2017-01-10 14:15:41 +01:00
assert_success
2016-09-01 12:10:23 +02:00
}
2016-10-30 14:11:36 +01:00
#
# LDAP
#
# postfix
@test "checking postfix: ldap lookup works correctly" {
run docker exec mail_with_ldap /bin/sh -c "postmap -q some.user@localhost.localdomain ldap:/etc/postfix/ldap-users.cf"
2017-01-10 14:15:41 +01:00
assert_success
assert_output "some.user@localhost.localdomain"
2016-10-30 14:11:36 +01:00
run docker exec mail_with_ldap /bin/sh -c "postmap -q postmaster@localhost.localdomain ldap:/etc/postfix/ldap-aliases.cf"
2017-01-10 14:15:41 +01:00
assert_success
assert_output "some.user@localhost.localdomain"
2016-10-30 14:11:36 +01:00
run docker exec mail_with_ldap /bin/sh -c "postmap -q employees@localhost.localdomain ldap:/etc/postfix/ldap-groups.cf"
2017-01-10 14:15:41 +01:00
assert_success
assert_output "some.user@localhost.localdomain"
2016-10-30 14:11:36 +01:00
}
# dovecot
@test "checking dovecot: ldap imap connection and authentication works" {
run docker exec mail_with_ldap /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-ldap-auth.txt"
2017-01-10 14:15:41 +01:00
assert_success
2016-10-30 14:11:36 +01:00
}
@test "checking dovecot: mail delivery works" {
run docker exec mail_with_ldap /bin/sh -c "sendmail -f user@external.tld some.user@localhost.localdomain < /tmp/docker-mailserver-test/email-templates/test-email.txt"
sleep 10
run docker exec mail_with_ldap /bin/sh -c "ls -A /var/mail/localhost.localdomain/some.user/new | wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 1
2016-10-30 14:11:36 +01:00
}
# saslauthd
@test "checking saslauthd: sasl ldap authentication works" {
run docker exec mail_with_ldap bash -c "testsaslauthd -u some.user -p secret"
2017-01-10 14:15:41 +01:00
assert_success
2016-10-30 14:11:36 +01:00
}
@test "checking saslauthd: ldap smtp authentication" {
run docker exec mail_with_ldap /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/sasl-ldap-smtp-auth.txt | grep 'Authentication successful'"
2017-01-10 14:15:41 +01:00
assert_success
2016-10-30 14:11:36 +01:00
}
2017-01-03 10:55:03 +01:00
#
# RIMAP
#
# dovecot
@test "checking dovecot: ldap rimap connection and authentication works" {
run docker exec mail_with_imap /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-auth.txt"
2017-01-10 14:15:41 +01:00
assert_success
2017-01-03 10:55:03 +01:00
}
# saslauthd
@test "checking saslauthd: sasl rimap authentication works" {
run docker exec mail_with_imap bash -c "testsaslauthd -u user1@localhost.localdomain -p mypassword"
2017-01-10 14:15:41 +01:00
assert_success
2017-01-03 10:55:03 +01:00
}
@test "checking saslauthd: rimap smtp authentication" {
run docker exec mail_with_imap /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login.txt | grep 'Authentication successful'"
2017-01-10 14:15:41 +01:00
assert_success
2017-01-03 10:55:03 +01:00
}
2017-01-09 23:52:36 +01:00
#
# Postfix VIRTUAL_TRANSPORT
#
@test "checking postfix-lmtp: virtual_transport config is set" {
2017-01-25 14:10:40 +01:00
run docker exec mail_lmtp_ip /bin/sh -c "grep 'virtual_transport = lmtp:127.0.0.1:24' /etc/postfix/main.cf"
assert_success
2017-01-09 23:52:36 +01:00
}
@test "checking postfix-lmtp: delivers mail to existing account" {
run docker exec mail_lmtp_ip /bin/sh -c "grep 'postfix/lmtp' /var/log/mail/mail.log | grep 'status=sent' | grep ' Saved)' | wc -l"
2017-01-10 14:15:41 +01:00
assert_success
assert_output 1
2017-01-09 23:52:36 +01:00
}
2017-01-25 14:10:40 +01:00
#
# PCI compliance
#
# dovecot
@test "checking dovecot: only A grade TLS ciphers are used" {
run docker run --rm -i --link mail:dovecot \
--entrypoint sh instrumentisto/nmap -c \
'nmap --script ssl-enum-ciphers -p 993 dovecot | grep "least strength: A"'
assert_success
}
@test "checking dovecot: nmap produces no warnings on TLS ciphers verifying" {
run docker run --rm -i --link mail:dovecot \
--entrypoint sh instrumentisto/nmap -c \
'nmap --script ssl-enum-ciphers -p 993 dovecot | grep "warnings" | wc -l'
assert_success
assert_output 0
}
# postfix
@test "checking postfix: only A grade TLS ciphers are used" {
run docker run --rm -i --link mail:postfix \
--entrypoint sh instrumentisto/nmap -c \
'nmap --script ssl-enum-ciphers -p 587 postfix | grep "least strength: A"'
assert_success
}
@test "checking postfix: nmap produces no warnings on TLS ciphers verifying" {
run docker run --rm -i --link mail:postfix \
--entrypoint sh instrumentisto/nmap -c \
'nmap --script ssl-enum-ciphers -p 587 postfix | grep "warnings" | wc -l'
assert_success
assert_output 0
}
