chore: Merge `helpers/sasl.sh` into `helpers/relay.sh` (#2605)
This helper was to support an earlier ENV for SASL auth support. When extracting logic into individual helpers, it was assumed this was separate from relay support, which it appears was not the case. --- The `SASL_PASSWD` ENV is specified in tests but no longer used. There is no `external-domain.com` relay configured or tested against anywhere in the project. The ENV was likely used in tests prior to improved relay support that allowed for adding more than a single set of relay credentials. --- It likewise has no real relevance anywhere else outside of `relay.sh` as it's the only portion of code to operate with it. It's only relevant for SASL auth as an SMTP client, not the SMTP server (`smtpd`) SASL support that is delegated to Dovecot. Functionality has been completely migrated into `relay.sh` as a result. Documentation is poor for this ENV, it is unlikely in wide use? Should consider for removal. --- The ENV has been dependent upon `RELAY_HOST` to actually enable postfix to use `/etc/postfix/sasl_passwd`, thus not likely relevant in existing setups? --- Migrate `/etc/postfix/sasl_passwd` check from `tests.bats` as it belongs to relay tests.
This commit is contained in:
Brennan Kinney
GitHub
parent
ffe20b8ef0
commit
40e2d88482
|
|
@ -17,7 +17,6 @@ function _import_scripts
|
|||
source "${PATH_TO_SCRIPTS}/network.sh"
|
||||
source "${PATH_TO_SCRIPTS}/postfix.sh"
|
||||
source "${PATH_TO_SCRIPTS}/relay.sh"
|
||||
source "${PATH_TO_SCRIPTS}/sasl.sh"
|
||||
source "${PATH_TO_SCRIPTS}/ssl.sh"
|
||||
source "${PATH_TO_SCRIPTS}/utils.sh"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -64,16 +64,36 @@ function _env_relay_host
|
|||
# `/etc/postfix/sasl_passwd` example at end of file.
|
||||
function _relayhost_sasl
|
||||
{
|
||||
if [[ ! -f /tmp/docker-mailserver/postfix-sasl-password.cf ]] && [[ -z ${RELAY_USER} || -z ${RELAY_PASSWORD} ]]
|
||||
if [[ ! -f /tmp/docker-mailserver/postfix-sasl-password.cf ]] \
|
||||
&& [[ -z ${RELAY_USER} || -z ${RELAY_PASSWORD} ]] \
|
||||
&& [[ -z ${SASL_PASSWD} ]]
|
||||
then
|
||||
_log 'warn' "No relay auth file found and no default set"
|
||||
_log 'warn' "Missing relay-host mapped credentials provided via ENV, or from postfix-sasl-password.cf"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_log 'trace' "Adding relay-host credential mappings to Postfix"
|
||||
|
||||
# Start from a new `/etc/postfix/sasl_passwd`:
|
||||
: >/etc/postfix/sasl_passwd
|
||||
chown root:root /etc/postfix/sasl_passwd
|
||||
chmod 0600 /etc/postfix/sasl_passwd
|
||||
|
||||
# SASL_PASSWD is a legacy ENV, not likely in use by any users.
|
||||
#
|
||||
# Single ENV for specifying `<DEFAULT_RELAY_HOST> <RELAY_USER>:<RELAY_PASSWORD>`,
|
||||
# Where `<DEFAULT_RELAY_HOST>` must match the equivalent ENV,
|
||||
# while the other two have no dependency to their equivalent ENV.
|
||||
# SASL_PASSWD requires `smtp_sasl_password_maps` to be enabled - but that has only
|
||||
# ever been via this function which relies upon RELAY_HOST. Hence redundant.
|
||||
# TODO: Deprecate. Remove on next major version?
|
||||
if [[ -n ${SASL_PASSWD} ]]
|
||||
then
|
||||
echo "${SASL_PASSWD}" >> /etc/postfix/sasl_passwd
|
||||
fi
|
||||
|
||||
if [[ -f /tmp/docker-mailserver/postfix-sasl-password.cf ]]
|
||||
then
|
||||
_log 'trace' "Adding relay authentication from postfix-sasl-password.cf"
|
||||
|
||||
# Add domain-specific auth from config file:
|
||||
while read -r LINE
|
||||
do
|
||||
|
|
@ -93,8 +113,6 @@ function _relayhost_sasl
|
|||
echo "$(_env_relay_host) ${RELAY_USER}:${RELAY_PASSWORD}" >> /etc/postfix/sasl_passwd
|
||||
fi
|
||||
|
||||
_sasl_set_passwd_permissions
|
||||
|
||||
# Technically if only a single relay host is configured, a `static` lookup table could be used instead?:
|
||||
# postconf "smtp_sasl_password_maps = static:${RELAY_USER}:${RELAY_PASSWORD}"
|
||||
postconf 'smtp_sasl_password_maps = texthash:/etc/postfix/sasl_passwd'
|
||||
|
|
@ -196,7 +214,6 @@ function _setup_relayhost
|
|||
then
|
||||
_log 'trace' "Setting up relay hosts (default: ${RELAY_HOST})"
|
||||
|
||||
# Expects `_sasl_passwd_create` was called prior in `setup-stack.sh`
|
||||
_relayhost_sasl
|
||||
_populate_relayhost_map
|
||||
|
||||
|
|
@ -208,9 +225,6 @@ function _rebuild_relayhost
|
|||
{
|
||||
if [[ -n ${RELAY_HOST} ]]
|
||||
then
|
||||
# Start from a new `/etc/postfix/sasl_passwd` state:
|
||||
_sasl_passwd_create
|
||||
|
||||
_relayhost_sasl
|
||||
_populate_relayhost_map
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -1,22 +0,0 @@
|
|||
#! /bin/bash
|
||||
|
||||
function _sasl_passwd_create
|
||||
{
|
||||
if [[ -n ${SASL_PASSWD} ]]
|
||||
then
|
||||
# create SASL password
|
||||
echo "${SASL_PASSWD}" > /etc/postfix/sasl_passwd
|
||||
_sasl_set_passwd_permissions
|
||||
else
|
||||
rm -f /etc/postfix/sasl_passwd
|
||||
fi
|
||||
}
|
||||
|
||||
function _sasl_set_passwd_permissions
|
||||
{
|
||||
if [[ -f /etc/postfix/sasl_passwd ]]
|
||||
then
|
||||
chown root:root /etc/postfix/sasl_passwd
|
||||
chmod 0600 /etc/postfix/sasl_passwd
|
||||
fi
|
||||
}
|
||||
|
|
@ -215,7 +215,6 @@ function _register_functions
|
|||
_register_setup_function '_setup_dovecot_hostname'
|
||||
_register_setup_function '_setup_postfix_smtputf8'
|
||||
_register_setup_function '_setup_postfix_sasl'
|
||||
_register_setup_function '_setup_postfix_sasl_password'
|
||||
_register_setup_function '_setup_security_stack'
|
||||
_register_setup_function '_setup_postfix_aliases'
|
||||
_register_setup_function '_setup_postfix_vhost'
|
||||
|
|
|
|||
|
|
@ -764,21 +764,6 @@ function _setup_postfix_override_configuration
|
|||
fi
|
||||
}
|
||||
|
||||
function _setup_postfix_sasl_password
|
||||
{
|
||||
_log 'debug' 'Setting up Postfix SASL Password'
|
||||
|
||||
# support general SASL password
|
||||
_sasl_passwd_create
|
||||
|
||||
if [[ -f /etc/postfix/sasl_passwd ]]
|
||||
then
|
||||
_log 'trace' 'Loaded SASL_PASSWD'
|
||||
else
|
||||
_log 'debug' "SASL_PASSWD was not provided - '/etc/postfix/sasl_passwd' not created"
|
||||
fi
|
||||
}
|
||||
|
||||
function _setup_postfix_relay_hosts
|
||||
{
|
||||
_setup_relayhost
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ function setup_file() {
|
|||
docker run -d --name mail_privacy \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-e SASL_PASSWD="external-domain.com username:password" \
|
||||
-e ENABLE_MANAGESIEVE=1 \
|
||||
--cap-add=SYS_PTRACE \
|
||||
-e PERMIT_DOCKER=host \
|
||||
|
|
|
|||
|
|
@ -64,6 +64,11 @@ function teardown_file() {
|
|||
assert_output ''
|
||||
}
|
||||
|
||||
@test "checking relay hosts: sasl_passwd exists" {
|
||||
run docker exec mail_with_relays [ -f /etc/postfix/sasl_passwd ]
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "checking relay hosts: auth entry is added" {
|
||||
run docker exec mail_with_relays /bin/sh -c 'cat /etc/postfix/sasl_passwd | grep -e "^@domaintwo.tld\s\+smtp_user_2:smtp_password_2" | wc -l'
|
||||
assert_success
|
||||
|
|
|
|||
|
|
@ -31,7 +31,6 @@ setup_file() {
|
|||
-e SA_SPAM_SUBJECT="SPAM: " \
|
||||
-e SA_TAG=-5.0 \
|
||||
-e SA_TAG2=2.0 \
|
||||
-e SASL_PASSWD="external-domain.com username:password" \
|
||||
-e SPAMASSASSIN_SPAM_TO_INBOX=0 \
|
||||
-e SPOOF_PROTECTION=1 \
|
||||
-e SSL_TYPE='snakeoil' \
|
||||
|
|
@ -175,11 +174,6 @@ teardown_file() {
|
|||
assert_success
|
||||
}
|
||||
|
||||
@test "checking sasl: sasl_passwd exists" {
|
||||
run docker exec mail [ -f /etc/postfix/sasl_passwd ]
|
||||
assert_success
|
||||
}
|
||||
|
||||
#
|
||||
# logs
|
||||
#
|
||||
|
|
|
|||
Loading…
Reference in New Issue