Added test on default ssl certs and added letsencrypt X1 and X2 certificates
This commit is contained in:
Thomas VIAL
parent
a13cbcb9aa
commit
6cf6a5df5d
|
|
@ -7,7 +7,7 @@ RUN apt-get -y upgrade
|
|||
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl \
|
||||
courier-pop courier-pop-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \
|
||||
pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \
|
||||
opendkim opendkim-tools opendmarc
|
||||
opendkim opendkim-tools opendmarc curl
|
||||
RUN apt-get autoclean && rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Configures Saslauthd
|
||||
|
|
@ -44,7 +44,6 @@ ADD postfix/default-opendkim /etc/default/opendkim
|
|||
ADD postfix/opendmarc.conf /etc/opendmarc.conf
|
||||
ADD postfix/default-opendmarc /etc/default/opendmarc
|
||||
|
||||
|
||||
# Configures Postfix
|
||||
ADD postfix/main.cf /etc/postfix/main.cf
|
||||
ADD postfix/master.cf /etc/postfix/master.cf
|
||||
|
|
@ -52,6 +51,10 @@ ADD postfix/sasl/smtpd.conf /etc/postfix/sasl/smtpd.conf
|
|||
ADD bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate
|
||||
RUN chmod +x /usr/local/bin/generate-ssl-certificate
|
||||
|
||||
# Get LetsEncrypt signed certificate
|
||||
RUN curl https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem
|
||||
RUN curl https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem
|
||||
|
||||
# Start-mailserver script
|
||||
ADD start-mailserver.sh /usr/local/bin/start-mailserver.sh
|
||||
RUN chmod +x /usr/local/bin/start-mailserver.sh
|
||||
|
|
|
|||
10
SSL.md
10
SSL.md
|
|
@ -48,3 +48,13 @@ To use the certificate:
|
|||
|
||||
* add an `DMS_SSL=self-signed` to your container environment variables
|
||||
* if a matching certificate (files listed above) is found in `postfix/ssl`, it will be automatically setup in postfix and courier-imap-ssl. You just have to place them in `postfix/ssl` folder.
|
||||
|
||||
### Testing certificate
|
||||
|
||||
From your host:
|
||||
|
||||
docker exec mail openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/
|
||||
|
||||
And you should see the certificate chain, the server certificate and:
|
||||
|
||||
Verify return code: 0 (ok)
|
||||
|
|
@ -78,5 +78,12 @@ assert "docker exec mail cat /etc/opendmarc.conf | grep ^TrustedAuthservID | wc
|
|||
# Testing hostname config
|
||||
assert "docker exec mail cat /etc/mailname" "my-domain.com"
|
||||
|
||||
# Testing presence of LetsEncrypt signed certs
|
||||
assert_raises "docker exec mail grep 'BEGIN CERTIFICATE' /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem" "0"
|
||||
assert_raises "docker exec mail grep 'BEGIN CERTIFICATE' /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem" "0"
|
||||
|
||||
# Testing generated ssl certs
|
||||
assert_raises "docker exec mail openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 0 (ok)'" "0"
|
||||
|
||||
# Ending tests
|
||||
assert_end
|
||||
|
|
|
|||
Loading…
Reference in New Issue