docker
/
docker-mailserver
mirror of https://github.com/tomav/docker-mailserver.git
1
0
Fork 0
Code Issues Releases Wiki Activity

tests(refactor): Improve consistency and documentation for test helpers (#3012)

This commit is contained in:
Georg Lauterbach 2023-01-22 00:05:28 +01:00 committed by GitHub
parent fb82082cf1
commit e3c4ef76c6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
32 changed files with 936 additions and 656 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
test/helper/change-detection.bash
View File

@ -1,29 +1,86 @@
#!/bin/bash
# TODO: Functions need documentation (adhere to doc conventions!)
# ? ABOUT: Functions defined here aid with the change-detection functionality of DMS.
# ! -------------------------------------------------------------------
# ? >> Miscellaneous initialization functionality
# shellcheck disable=SC2155
load "${REPOSITORY_ROOT}/test/helper/common"
function wait_until_change_detection_event_begins() {
# ? << Miscellaneous initialization functionality
# ! -------------------------------------------------------------------
# ? >> Change-detection helpers
# TODO documentation @polarathene
#
# ## Note
#
# Relies on ENV `LOG_LEVEL=debug` or higher
#
# @param ${1} = expected count [OPTIONAL]
# @param ${2} = container name [OPTIONAL]
function _wait_until_expected_count_is_matched() {
function __get_count() {
# NOTE: `|| true` required due to `set -e` usage:
# https://github.com/docker-mailserver/docker-mailserver/pull/2997#discussion_r1070583876
_exec_in_container grep --count "${MATCH_CONTENT}" "${MATCH_IN_LOG}" || true
}
# WARNING: Keep in mind it is a '>=' comparison.
# If you provide an explict count to match, ensure it is not too low to cause a false-positive.
function __has_expected_count() {
# shellcheck disable=SC2317
[[ $(__get_count) -ge "${EXPECTED_COUNT}" ]]
}
local EXPECTED_COUNT=${1:-}
local CONTAINER_NAME=$(__handle_container_name "${2:-}")
# Ensure the container is configured with the required `LOG_LEVEL` ENV:
assert_regex "$(_exec_in_container env | grep '^LOG_LEVEL=')" '=(debug|trace)$'
# Default behaviour is to wait until one new match is found (eg: incremented),
# unless explicitly set (useful for waiting on a min count to be reached):
#
# +1 of starting count if EXPECTED_COUNT is empty
[[ -n ${EXPECTED_COUNT} ]] || EXPECTED_COUNT=$(( $(__get_count) + 1 ))
_repeat_until_success_or_timeout 20 __has_expected_count
}
function _wait_until_change_detection_event_begins() {
local MATCH_CONTENT='Change detected'
local MATCH_IN_LOG='/var/log/supervisor/changedetector.log'
_wait_until_expected_count_is_matched "${@}"
}
# NOTE: Change events can start and finish all within < 1 sec,
# Reliably track the completion of a change event by counting events:
function wait_until_change_detection_event_completes() {
# ## Note
#
# Change events can start and finish all within < 1 sec.
# Reliably track the completion of a change event by counting events.
function _wait_until_change_detection_event_completes() {
# shellcheck disable=SC2034
local MATCH_CONTENT='Completed handling of detected change'
# shellcheck disable=SC2034
local MATCH_IN_LOG='/var/log/supervisor/changedetector.log'
_wait_until_expected_count_is_matched "${@}"
}
function _get_logs_since_last_change_detection() {
local CONTAINER_NAME=${1}
# shellcheck disable=SC2034
local CONTAINER_NAME=$(__handle_container_name "${1:-}")
local MATCH_IN_FILE='/var/log/supervisor/changedetector.log'
local MATCH_STRING='Change detected'
# Read file in reverse, collect lines until match with sed is found,
# then stop and return these lines back in original order (flipped again through tac):
docker exec "${CONTAINER_NAME}" bash -c "tac ${MATCH_IN_FILE} | sed '/${MATCH_STRING}/q' | tac"
_exec_in_container_bash "tac ${MATCH_IN_FILE} | sed '/${MATCH_STRING}/q' | tac"
}
# ? << Change-detection helpers
# ! -------------------------------------------------------------------

456
test/helper/common.bash
View File

@ -1,5 +1,19 @@
#!/bin/bash
# ? ABOUT: Functions defined here aid with common functionality during tests.
# ! ATTENTION: Functions prefixed with `__` are intended for internal use within this file only, not in tests.
# ! -------------------------------------------------------------------
# ? >> Miscellaneous initialization functionality
# shellcheck disable=SC2155
# Load additional BATS libraries for more functionality.
#
# ## Note
#
# This function is internal and should not be used in tests.
function __load_bats_helper() {
load "${REPOSITORY_ROOT}/test/test_helper/bats-support/load"
load "${REPOSITORY_ROOT}/test/test_helper/bats-assert/load"
@ -7,241 +21,377 @@ function __load_bats_helper() {
__load_bats_helper
# -------------------------------------------------------------------
# like _run_in_container_explicit but infers ${1} by using the ENV CONTAINER_NAME
# WARNING: Careful using this with _until_success_or_timeout methods,
# which can be misleading in the success of `run`, not the command given to `run`.
function _run_in_container() {
run docker exec "${CONTAINER_NAME}" "${@}"
# Properly handle the container name given to tests. This makes the whole
# test suite more robust as we can be sure that the container name is
# properly set. Sometimes, we need to provide an explicit container name;
# this function eases the pain by either providing the explicitly given
# name or `CONTAINER_NAME` if it is set.
#
# @param ${1} = explicit container name [OPTIONAL]
#
# ## Attention
#
# Note that this function checks whether the name given to it starts with
# the prefix `dms-test_`. One must adhere to this naming convention.
#
# ## Panics
#
# If neither an explicit non-empty argument is given nor `CONTAINER_NAME`
# is set.
#
# ## "Calling Convention"
#
# This function should be called the following way:
#
# local SOME_VAR=$(__handle_container_name "${X:-}")
#
# Where `X` is an arbitrary argument of the function you're calling.
#
# ## Note
#
# This function is internal and should not be used in tests.
function __handle_container_name() {
if [[ -n ${1:-} ]] && [[ ${1:-} =~ ^dms-test_ ]]
then
printf '%s' "${1}"
return 0
elif [[ -n ${CONTAINER_NAME+set} ]]
then
printf '%s' "${CONTAINER_NAME}"
return 0
else
echo 'ERROR: (helper/common.sh) Container name was either provided explicitly without the required `dms-test_` prefix, or CONTAINER_NAME is not set for implicit usage' >&2
exit 1
fi
}
# @param ${1} container name [REQUIRED]
# @param ... command to execute
function _run_in_container_explicit() {
local CONTAINER_NAME=${1:?Container name must be given when using explicit}
# ? << Miscellaneous initialization functionality
# ! -------------------------------------------------------------------
# ? >> Functions to execute commands inside a container
# Execute a command inside a container with an explicit name.
#
# @param ${1} = container name
# @param ... = command to execute
function _exec_in_container_explicit() {
local CONTAINER_NAME=${1:?Container name must be provided when using explicit}
shift 1
run docker exec "${CONTAINER_NAME}" "${@}"
docker exec "${CONTAINER_NAME}" "${@}"
}
function _default_teardown() {
docker rm -f "${CONTAINER_NAME}"
# Execute a command inside the container with name ${CONTAINER_NAME}.
#
# @param ... = command to execute
function _exec_in_container() {
_exec_in_container_explicit "${CONTAINER_NAME:?Container name must be provided}" "${@}"
}
function _reload_postfix() {
local CONTAINER_NAME=${1:-${CONTAINER_NAME}}
# Reloading Postfix config after modifying it in <2 sec will cause Postfix to delay, workaround that:
docker exec "${CONTAINER_NAME}" touch -d '2 seconds ago' /etc/postfix/main.cf
docker exec "${CONTAINER_NAME}" postfix reload
# Execute a command inside a container with an explicit name. The command is run with
# BATS' `run` so you can check the exit code and use `assert_`.
#
# @param ${1} = container name
# @param ... = command to execute
function _run_in_container_explicit() {
local CONTAINER_NAME=${1:?Container name must be provided when using explicit}
shift 1
run _exec_in_container_explicit "${CONTAINER_NAME}" "${@}"
}
# -------------------------------------------------------------------
# @param ${1} target container name [IF UNSET: ${CONTAINER_NAME}]
function get_container_ip() {
local TARGET_CONTAINER_NAME=${1:-${CONTAINER_NAME}}
docker inspect --format '{{ .NetworkSettings.IPAddress }}' "${TARGET_CONTAINER_NAME}"
# Execute a command inside the container with name ${CONTAINER_NAME}. The command
# is run with BATS' `run` so you can check the exit code and use `assert_`.
#
# @param ... = command to execute
function _run_in_container() {
_run_in_container_explicit "${CONTAINER_NAME:?Container name must be provided}" "${@}"
}
# -------------------------------------------------------------------
# Execute a command inside the container with name ${CONTAINER_NAME}. Moreover,
# the command is run by Bash with `/bin/bash -c`.
#
# @param ... = command to execute with Bash
function _exec_in_container_bash() { _exec_in_container /bin/bash -c "${@}" ; }
# @param ${1} timeout
# @param --fatal-test <command eval string> additional test whose failure aborts immediately
# @param ... test to run
function repeat_until_success_or_timeout {
# Execute a command inside the container with name ${CONTAINER_NAME}. The command
# is run with BATS' `run` so you can check the exit code and use `assert_`. Moreover,
# the command is run by Bash with `/bin/bash -c`.
#
# @param ... = Bash command to execute
function _run_in_container_bash() { _run_in_container /bin/bash -c "${@}" ; }
# ? << Functions to execute commands inside a container
# ! -------------------------------------------------------------------
# ? >> Functions about executing commands with timeouts
# Repeats a given command inside a container until the timeout is over.
#
# @param ${1} = timeout
# @param ${2} = container name
# @param ... = test command for container
function _repeat_in_container_until_success_or_timeout() {
local TIMEOUT="${1:?Timeout duration must be provided}"
local CONTAINER_NAME="${2:?Container name must be provided}"
shift 2
_repeat_until_success_or_timeout \
--fatal-test "_container_is_running ${CONTAINER_NAME}" \
"${TIMEOUT}" \
_exec_in_container "${@}"
}
# Repeats a given command until the timeout is over.
#
# @option --fatal-test <COMMAND EVAL STRING> = additional test whose failure aborts immediately
# @param ${1} = timeout
# @param ... = test to run
function _repeat_until_success_or_timeout() {
local FATAL_FAILURE_TEST_COMMAND
if [[ "${1}" == "--fatal-test" ]]; then
FATAL_FAILURE_TEST_COMMAND="${2}"
if [[ "${1:-}" == "--fatal-test" ]]
then
FATAL_FAILURE_TEST_COMMAND="${2:?Provided --fatal-test but no command}"
shift 2
fi
if ! [[ "${1}" =~ ^[0-9]+$ ]]; then
echo "First parameter for timeout must be an integer, received \"${1}\""
local TIMEOUT=${1:?Timeout duration must be provided}
shift 1
if ! [[ "${TIMEOUT}" =~ ^[0-9]+$ ]]
then
echo "First parameter for timeout must be an integer, received \"${TIMEOUT}\""
return 1
fi
local TIMEOUT=${1}
local STARTTIME=${SECONDS}
shift 1
until "${@}"
do
if [[ -n ${FATAL_FAILURE_TEST_COMMAND} ]] && ! eval "${FATAL_FAILURE_TEST_COMMAND}"; then
if [[ -n ${FATAL_FAILURE_TEST_COMMAND} ]] && ! eval "${FATAL_FAILURE_TEST_COMMAND}"
then
echo "\`${FATAL_FAILURE_TEST_COMMAND}\` failed, early aborting repeat_until_success of \`${*}\`" >&2
return 1
fi
sleep 1
if [[ $(( SECONDS - STARTTIME )) -gt ${TIMEOUT} ]]; then
if [[ $(( SECONDS - STARTTIME )) -gt ${TIMEOUT} ]]
then
echo "Timed out on command: ${*}" >&2
return 1
fi
done
}
# like repeat_until_success_or_timeout but with wrapping the command to run into `run` for later bats consumption
# @param ${1} timeout
# @param ... test command to run
function run_until_success_or_timeout {
if ! [[ ${1} =~ ^[0-9]+$ ]]; then
echo "First parameter for timeout must be an integer, received \"${1}\""
# Like `_repeat_until_success_or_timeout` . The command is run with BATS' `run`
# so you can check the exit code and use `assert_`.
#
# @param ${1} = timeout
# @param ... = test command to run
function _run_until_success_or_timeout() {
local TIMEOUT=${1:?Timeout duration must be provided}
shift 1
if [[ ! ${TIMEOUT} =~ ^[0-9]+$ ]]
then
echo "First parameter for timeout must be an integer, received \"${TIMEOUT}\""
return 1
fi
local TIMEOUT=${1}
local STARTTIME=${SECONDS}
shift 1
until run "${@}" && [[ $status -eq 0 ]]
until run "${@}" && [[ ${status} -eq 0 ]]
do
sleep 1
if (( SECONDS - STARTTIME > TIMEOUT )); then
if (( SECONDS - STARTTIME > TIMEOUT ))
then
echo "Timed out on command: ${*}" >&2
return 1
fi
done
}
# @param ${1} timeout
# @param ${2} container name
# @param ... test command for container
function repeat_in_container_until_success_or_timeout() {
local TIMEOUT="${1}"
local CONTAINER_NAME="${2}"
shift 2
# ? << Functions about executing commands with timeouts
# ! -------------------------------------------------------------------
# ? >> Functions to wait until a condition is met
repeat_until_success_or_timeout --fatal-test "container_is_running ${CONTAINER_NAME}" "${TIMEOUT}" docker exec "${CONTAINER_NAME}" "${@}"
# Wait until a port is ready.
#
# @param ${1} = port
# @param ${2} = container name [OPTIONAL]
function _wait_for_tcp_port_in_container() {
local PORT=${1:?Port number must be provided}
local CONTAINER_NAME=$(__handle_container_name "${2:-}")
_repeat_until_success_or_timeout \
--fatal-test "_container_is_running ${CONTAINER_NAME}" \
"${TEST_TIMEOUT_IN_SECONDS}" \
_exec_in_container_bash "nc -z 0.0.0.0 ${PORT}"
}
function container_is_running() {
[[ "$(docker inspect -f '{{.State.Running}}' "${1}")" == "true" ]]
# Wait for SMTP port (25) to become ready.
#
# @param ${1} = name of the container [OPTIONAL]
function _wait_for_smtp_port_in_container() {
local CONTAINER_NAME=$(__handle_container_name "${1:-}")
_wait_for_tcp_port_in_container 25
}
# @param ${1} port
# @param ${2} container name
function wait_for_tcp_port_in_container() {
repeat_until_success_or_timeout --fatal-test "container_is_running ${2}" "${TEST_TIMEOUT_IN_SECONDS}" docker exec "${2}" /bin/sh -c "nc -z 0.0.0.0 ${1}"
}
# Wait until the SMPT port (25) can respond.
#
# @param ${1} = name of the container [OPTIONAL]
function _wait_for_smtp_port_in_container_to_respond() {
local CONTAINER_NAME=$(__handle_container_name "${1:-}")
# @param ${1} name of the postfix container
function wait_for_smtp_port_in_container() {
wait_for_tcp_port_in_container 25 "${1}"
}
# @param ${1} name of the postfix container
function wait_for_smtp_port_in_container_to_respond() {
local COUNT=0
until [[ $(docker exec "${1}" timeout 10 /bin/sh -c "echo QUIT | nc localhost 25") == *"221 2.0.0 Bye"* ]]; do
if [[ $COUNT -eq 20 ]]
until [[ $(_exec_in_container timeout 10 /bin/bash -c 'echo QUIT | nc localhost 25') == *'221 2.0.0 Bye'* ]]
do
if [[ ${COUNT} -eq 20 ]]
then
echo "Unable to receive a valid response from 'nc localhost 25' within 20 seconds"
return 1
fi
sleep 1
((COUNT+=1))
(( COUNT += 1 ))
done
}
# @param ${1} name of the postfix container
function wait_for_amavis_port_in_container() {
wait_for_tcp_port_in_container 10024 "${1}"
# Checks whether a service is running inside a container (${1}).
#
# @param ${1} = service name
# @param ${2} = container name [OPTIONAL]
function _should_have_service_running_in_container() {
local SERVICE_NAME="${1:?Service name must be provided}"
local CONTAINER_NAME=$(__handle_container_name "${2:-}")
_run_in_container /usr/bin/supervisorctl status "${SERVICE_NAME}"
assert_success
assert_output --partial 'RUNNING'
}
# get the private config path for the given container or test file, if no container name was given
function private_config_path() {
echo "${PWD}/test/duplicate_configs/${1:-$(basename "${BATS_TEST_FILENAME}")}"
}
# Wait until a service is running.
#
# @param ${1} = name of the service to wait for
# @param ${2} = container name [OPTIONAL]
function _wait_for_service() {
local SERVICE_NAME="${1:?Service name must be provided}"
local CONTAINER_NAME=$(__handle_container_name "${2:-}")
function container_has_service_running() {
local CONTAINER_NAME="${1}"
local SERVICE_NAME="${2}"
docker exec "${CONTAINER_NAME}" /usr/bin/supervisorctl status "${SERVICE_NAME}" | grep RUNNING >/dev/null
}
function wait_for_service() {
local CONTAINER_NAME="${1}"
local SERVICE_NAME="${2}"
repeat_until_success_or_timeout --fatal-test "container_is_running ${CONTAINER_NAME}" "${TEST_TIMEOUT_IN_SECONDS}" \
container_has_service_running "${CONTAINER_NAME}" "${SERVICE_NAME}"
}
# NOTE: Relies on ENV `LOG_LEVEL=debug` or higher
function _wait_until_expected_count_is_matched() {
function __get_count() {
# NOTE: `|| true` required due to `set -e` usage:
# https://github.com/docker-mailserver/docker-mailserver/pull/2997#discussion_r1070583876
docker exec "${CONTAINER_NAME}" grep --count "${MATCH_CONTENT}" "${MATCH_IN_LOG}" || true
}
# WARNING: Keep in mind it is a '>=' comparison.
# If you provide an explict count to match, ensure it is not too low to cause a false-positive.
function __has_expected_count() {
[[ $(__get_count) -ge "${EXPECTED_COUNT}" ]]
}
local CONTAINER_NAME=${1}
local EXPECTED_COUNT=${2}
# Ensure early failure if arg is missing:
assert_not_equal "${CONTAINER_NAME}" ''
# Ensure the container is configured with the required `LOG_LEVEL` ENV:
assert_regex \
$(docker exec "${CONTAINER_NAME}" env | grep '^LOG_LEVEL=') \
'=(debug|trace)$'
# Default behaviour is to wait until one new match is found (eg: incremented),
# unless explicitly set (useful for waiting on a min count to be reached):
if [[ -z $EXPECTED_COUNT ]]
then
# +1 of starting count:
EXPECTED_COUNT=$(( $(__get_count) + 1 ))
fi
repeat_until_success_or_timeout 20 __has_expected_count
_repeat_until_success_or_timeout \
--fatal-test "_container_is_running ${CONTAINER_NAME}" \
"${TEST_TIMEOUT_IN_SECONDS}" \
_should_have_service_running_in_container "${SERVICE_NAME}"
}
# An account added to `postfix-accounts.cf` must wait for the `changedetector` service
# to process the update before Dovecot creates the mail account and associated storage dir:
function wait_until_account_maildir_exists() {
local CONTAINER_NAME=$1
local MAIL_ACCOUNT=$2
# to process the update before Dovecot creates the mail account and associated storage dir.
#
# @param ${1} = mail account name
# @param ${2} = container name
function _wait_until_account_maildir_exists() {
local MAIL_ACCOUNT=${1:?Mail account must be provided}
local CONTAINER_NAME=$(__handle_container_name "${2:-}")
local LOCAL_PART="${MAIL_ACCOUNT%@*}"
local DOMAIN_PART="${MAIL_ACCOUNT#*@}"
local MAIL_ACCOUNT_STORAGE_DIR="/var/mail/${DOMAIN_PART}/${LOCAL_PART}"
repeat_in_container_until_success_or_timeout 60 "${CONTAINER_NAME}" bash -c "[[ -d ${MAIL_ACCOUNT_STORAGE_DIR} ]]"
_repeat_in_container_until_success_or_timeout 60 "${CONTAINER_NAME}" \
/bin/bash -c "[[ -d ${MAIL_ACCOUNT_STORAGE_DIR} ]]"
}
function add_mail_account_then_wait_until_ready() {
local CONTAINER_NAME=$1
local MAIL_ACCOUNT=$2
# Password is optional (omit when the password is not needed during the test)
local MAIL_PASS="${3:-password_not_relevant_to_test}"
run docker exec "${CONTAINER_NAME}" setup email add "${MAIL_ACCOUNT}" "${MAIL_PASS}"
assert_success
wait_until_account_maildir_exists "${CONTAINER_NAME}" "${MAIL_ACCOUNT}"
}
function wait_for_empty_mail_queue_in_container() {
local CONTAINER_NAME="${1}"
# Wait until the mail queue is empty inside a container (${1}).
#
# @param ${1} = container name [OPTIONAL]
function _wait_for_empty_mail_queue_in_container() {
local CONTAINER_NAME=$(__handle_container_name "${1:-}")
local TIMEOUT=${TEST_TIMEOUT_IN_SECONDS}
# shellcheck disable=SC2016
repeat_in_container_until_success_or_timeout "${TIMEOUT}" "${CONTAINER_NAME}" bash -c '[[ $(mailq) == *"Mail queue is empty"* ]]'
_repeat_in_container_until_success_or_timeout \
"${TIMEOUT}" \
"${CONTAINER_NAME}" \
/bin/bash -c '[[ $(mailq) == "Mail queue is empty" ]]'
}
# `lines` is a special BATS variable updated via `run`:
function _should_output_number_of_lines() {
assert_equal "${#lines[@]}" $1
# ? << Functions to wait until a condition is met
# ! -------------------------------------------------------------------
# ? >> Miscellaneous helper functions
# Adds a mail account and waits for the associated files to be created.
#
# @param ${1} = mail account name
# @param ${2} = password [OPTIONAL]
# @param ${3} = container name [OPTIONAL]
function _add_mail_account_then_wait_until_ready() {
local MAIL_ACCOUNT=${1:?Mail account must be provided}
local MAIL_PASS="${2:-password_not_relevant_to_test}"
local CONTAINER_NAME=$(__handle_container_name "${3:-}")
_run_in_container setup email add "${MAIL_ACCOUNT}" "${MAIL_PASS}"
assert_success
_wait_until_account_maildir_exists "${MAIL_ACCOUNT}"
}
# Assert that the number of lines output by a previous command matches the given
# amount (${1}). `lines` is a special BATS variable updated via `run`.
#
# @param ${1} = number of lines that the output should have
function _should_output_number_of_lines() {
assert_equal "${#lines[@]}" "${1:?Number of lines not provided}"
}
# Reloads the postfix service.
#
# @param ${1} = container name [OPTIONAL]
function _reload_postfix() {
local CONTAINER_NAME=$(__handle_container_name "${1:-}")
# Reloading Postfix config after modifying it within 2 seconds will cause Postfix to delay reading `main.cf`:
# WORKAROUND: https://github.com/docker-mailserver/docker-mailserver/pull/2998
_exec_in_container touch -d '2 seconds ago' /etc/postfix/main.cf
_exec_in_container postfix reload
}
# Get the IP of the container (${1}).
#
# @param ${1} = container name [OPTIONAL]
function _get_container_ip() {
local TARGET_CONTAINER_NAME=$(__handle_container_name "${1:-}")
docker inspect --format '{{ .NetworkSettings.IPAddress }}' "${TARGET_CONTAINER_NAME}"
}
# Check if a container is running.
#
# @param ${1} = container name [OPTIONAL]
function _container_is_running() {
local TARGET_CONTAINER_NAME=$(__handle_container_name "${1:-}")
[[ $(docker inspect -f '{{.State.Running}}' "${TARGET_CONTAINER_NAME}") == 'true' ]]
}
# Checks if the directory exists and then how many files it contains at the top-level.
#
# @param ${1} = directory
# @param ${2} = number of files that should be in ${1}
# @param ${3} = container name [OPTIONAL]
function _count_files_in_directory_in_container()
{
local DIRECTORY=${1:?No directory provided}
local NUMBER_OF_LINES=${2:?No line count provided}
local CONTAINER_NAME=$(__handle_container_name "${3:-}")
_run_in_container_bash "[[ -d ${DIRECTORY} ]]"
assert_success
_run_in_container_bash "find ${DIRECTORY} -maxdepth 1 -type f -printf 'x\n'"
assert_success
_should_output_number_of_lines "${NUMBER_OF_LINES}"
}
# ? << Miscellaneous helper functions
# ! -------------------------------------------------------------------

170
test/helper/setup.bash
View File

@ -1,7 +1,20 @@
#!/bin/bash
# -------------------------------------------------------------------
# ? ABOUT: Functions defined here should be used when initializing tests.
# ! ATTENTION: Functions prefixed with `__` are intended for internal use within this file only, not in tests.
# ! ATTENTION: This script must not use functions from `common.bash` to
# ! avoid dependency hell.
# ! -------------------------------------------------------------------
# ? >> Miscellaneous initialization functionality
# Does pre-flight checks for each test: check whether certain required variables
# are set and exports other variables.
#
# ## Note
#
# This function is internal and should not be used in tests.
function __initialize_variables() {
function __check_if_set() {
if [[ ${!1+set} != 'set' ]]
@ -28,57 +41,70 @@ function __initialize_variables() {
NUMBER_OF_LOG_LINES=${NUMBER_OF_LOG_LINES:-10}
}
# -------------------------------------------------------------------
# ? << Miscellaneous initialization functionality
# ! -------------------------------------------------------------------
# ? >> File setup
# @param ${1} relative source in test/config folder
# @param ${2} (optional) container name, defaults to ${BATS_TEST_FILENAME}
# @return path to the folder where the config is duplicated
function duplicate_config_for_container() {
# Print the private config path for the given container or test file,
# if no container name was given.
#
# @param ${1} = container name [OPTIONAL]
function _print_private_config_path() {
local TARGET_NAME=${1:-$(basename "${BATS_TEST_FILENAME}")}
echo "${REPOSITORY_ROOT}/test/duplicate_configs/${TARGET_NAME}"
}
# Create a dedicated configuration directory for a test file.
#
# @param ${1} = relative source in test/config folder
# @param ${2} = (optional) container name, defaults to ${BATS_TEST_FILENAME}
# @return = path to the folder where the config is duplicated
function _duplicate_config_for_container() {
local OUTPUT_FOLDER
OUTPUT_FOLDER=$(private_config_path "${2}") || return $?
OUTPUT_FOLDER=$(_print_private_config_path "${2}")
rm -rf "${OUTPUT_FOLDER:?}/" || return $? # cleanup
mkdir -p "${OUTPUT_FOLDER}" || return $?
cp -r "${PWD}/test/config/${1:?}/." "${OUTPUT_FOLDER}" || return $?
if [[ -z ${OUTPUT_FOLDER} ]]
then
echo "'OUTPUT_FOLDER' in '_duplicate_config_for_container' is empty" >&2
return 1
fi
rm -rf "${OUTPUT_FOLDER:?}/"
mkdir -p "${OUTPUT_FOLDER}"
cp -r "${REPOSITORY_ROOT}/test/config/${1:?}/." "${OUTPUT_FOLDER}" || return $?
echo "${OUTPUT_FOLDER}"
}
# TODO: Should also fail early on "docker logs ${1} | egrep '^[ FATAL ]'"?
# @param ${1} name of the postfix container
function wait_for_finished_setup_in_container() {
local STATUS=0
repeat_until_success_or_timeout --fatal-test "container_is_running ${1}" "${TEST_TIMEOUT_IN_SECONDS}" sh -c "docker logs ${1} | grep 'is up and running'" || STATUS=1
if [[ ${STATUS} -eq 1 ]]; then
echo "Last ${NUMBER_OF_LOG_LINES} lines of container \`${1}\`'s log"
docker logs "${1}" | tail -n "${NUMBER_OF_LOG_LINES}"
fi
return ${STATUS}
}
# Common defaults appropriate for most tests, override vars in each test when necessary.
# For all tests override in `setup_file()` via an `export` var.
# For individual test override the var via `local` var instead.
# Common defaults appropriate for most tests.
#
# Override variables in test cases within a file when necessary:
# - Use `export <VARIABLE>` in `setup_file()` to overrides for all test cases.
# - Use `local <VARIABLE>` to override within a specific test case.
#
# ## Attenton
#
# The ENV `CONTAINER_NAME` must be set before this method is called. It only affects the
# `TEST_TMP_CONFIG` directory created, but will be used in `common_container_create()`
# and implicitly in other helper methods.
#
# ## Example
#
# For example, if you need an immutable config volume that can't be affected by other tests
# in the file, then use `local TEST_TMP_CONFIG=$(duplicate_config_for_container . "${UNIQUE_ID_HERE}")`
#
# REQUIRED: `CONTAINER_NAME` must be set before this method is called.
# It only affects the `TEST_TMP_CONFIG` directory created,
# but will be used in `common_container_create()` and implicitly in other helper methods.
function init_with_defaults() {
# in the file, then use `local TEST_TMP_CONFIG=$(_duplicate_config_for_container . "${UNIQUE_ID_HERE}")`
function _init_with_defaults() {
__initialize_variables
export TEST_TMP_CONFIG
TEST_TMP_CONFIG=$(duplicate_config_for_container . "${CONTAINER_NAME}")
TEST_TMP_CONFIG=$(_duplicate_config_for_container . "${CONTAINER_NAME}")
# Common complimentary test files, read-only safe to share across containers:
export TEST_FILES_CONTAINER_PATH='/tmp/docker-mailserver-test'
export TEST_FILES_VOLUME="${REPOSITORY_ROOT}/test/test-files:${TEST_FILES_CONTAINER_PATH}:ro"
# The config volume cannot be read-only as some data needs to be written at container startup
#
# - two sed failures (unknown lines)
# - dovecot-quotas.cf (setup-stack.sh:_setup_dovecot_quotas)
# - postfix-aliases.cf (setup-stack.sh:_setup_postfix_aliases)
@ -89,22 +115,43 @@ function init_with_defaults() {
export TEST_CA_CERT="${TEST_FILES_CONTAINER_PATH}/ssl/example.test/with_ca/ecdsa/ca-cert.ecdsa.pem"
}
# Using `create` and `start` instead of only `run` allows to modify
# the container prior to starting it. Otherwise use this combined method.
# NOTE: Forwards all args to the create method at present.
function common_container_setup() {
common_container_create "${@}"
common_container_start
# ? << File setup
# ! -------------------------------------------------------------------
# ? >> Container startup
# Waits until the container has finished starting up.
#
# @param ${1} = container name
#
# TODO: Should also fail early on "docker logs ${1} | egrep '^[ FATAL ]'"?
function _wait_for_finished_setup_in_container() {
local TARGET_CONTAINER_NAME=${1:?Container name must be provided}
local STATUS=0
_repeat_until_success_or_timeout \
--fatal-test "_container_is_running ${1}" \
"${TEST_TIMEOUT_IN_SECONDS}" \
bash -c "docker logs ${TARGET_CONTAINER_NAME} | grep 'is up and running'" || STATUS=1
if [[ ${STATUS} -eq 1 ]]; then
echo "Last ${NUMBER_OF_LOG_LINES} lines of container (${TARGET_CONTAINER_NAME}) log"
docker logs "${1}" | tail -n "${NUMBER_OF_LOG_LINES}"
fi
return "${STATUS}"
}
# Common docker setup is centralized here.
# Uses `docker create` to create a container with proper defaults without starting it instantly.
#
# `X_EXTRA_ARGS` - Optional: Pass an array by it's variable name as a string, it will
# be used as a reference for appending extra config into the `docker create` below:
# @param ${1} = Pass an array by it's variable name as a string; it will be used as a
# reference for appending extra config into the `docker create` below [OPTIONAL]
#
# NOTE: Using array reference for a single input parameter, as this method is still
# under development while adapting tests to it and requirements it must serve (eg: support base config matrix in CI)
function common_container_create() {
# ## Note
#
# Using array reference for a single input parameter, as this method is still
# under development while adapting tests to it and requirements it must serve
# (eg: support base config matrix in CI)
function _common_container_create() {
[[ -n ${1} ]] && local -n X_EXTRA_ARGS=${1}
run docker create \
@ -127,9 +174,34 @@ function common_container_create() {
assert_success
}
function common_container_start() {
run docker start "${CONTAINER_NAME}"
# Starts a container given by it's name.
# Uses `CONTAINER_NAME` as the name for the `docker start` command.
#
# ## Attenton
#
# The ENV `CONTAINER_NAME` must be set before this method is called.
function _common_container_start() {
run docker start "${CONTAINER_NAME:?Container name must be set}"
assert_success
wait_for_finished_setup_in_container "${CONTAINER_NAME}"
_wait_for_finished_setup_in_container "${CONTAINER_NAME}"
}
# Using `create` and `start` instead of only `run` allows to modify
# the container prior to starting it. Otherwise use this combined method.
#
# ## Note
#
# This function forwards all arguments to `_common_container_create` at present.
function _common_container_setup() {
_common_container_create "${@}"
_common_container_start
}
# Can be used in BATS' `teardown_file` function as a default value.
#
# @param ${1} = container name [OPTIONAL]
function _default_teardown() {
local TARGET_CONTAINER_NAME=${1:-${CONTAINER_NAME}}
docker rm -f "${TARGET_CONTAINER_NAME}"
}

24
test/helper/tls.bash
View File

@ -1,10 +1,17 @@
#!/bin/bash
# TODO: Functions need better documentation / or documentation at all (adhere to doc conventions!)
# ? ABOUT: Functions defined here can be used when testing encrypt-related functionality.
# ? NOTE: `_should_*` methods are useful for common high-level functionality.
# ! -------------------------------------------------------------------
# ? >> Miscellaneous initialization functionality
load "${REPOSITORY_ROOT}/test/helper/common"
# `_should_*` methods are useful for common high-level functionality.
# ? --------------------------------------------- Negotiate TLS
# ? << Miscellaneous initialization functionality
# ! -------------------------------------------------------------------
# ? >> Negotiate TLS
# For certs actually provisioned from LetsEncrypt the Root CA cert should not need to be provided,
# as it would already be available by default in `/etc/ssl/certs`, requiring only the cert chain (fullchain.pem).
@ -14,11 +21,12 @@ function _should_succesfully_negotiate_tls() {
local CA_CERT=${2:-${TEST_CA_CERT}}
# Postfix and Dovecot are ready:
wait_for_smtp_port_in_container_to_respond "${CONTAINER_NAME}"
wait_for_tcp_port_in_container 993 "${CONTAINER_NAME}"
_wait_for_smtp_port_in_container_to_respond
_wait_for_tcp_port_in_container 993
# Root CA cert should be present in the container:
assert docker exec "${CONTAINER_NAME}" [ -f "${CA_CERT}" ]
_run_in_container_bash "[[ -f ${CA_CERT} ]]"
assert_success
local PORTS=(25 587 465 143 993)
for PORT in "${PORTS[@]}"
@ -82,7 +90,7 @@ function _generate_openssl_cmd() {
function _get_fqdn_match_query() {
local FQDN
FQDN=$(escape_fqdn "${1}")
FQDN=$(_escape_fqdn "${1}")
# 3rd check is for wildcard support by replacing the 1st DNS label of the FQDN with a `*`,
# eg: `mail.example.test` will become `*.example.test` matching `DNS:*.example.test`.
@ -101,7 +109,7 @@ function _should_not_support_fqdn_in_cert() {
# Escapes `*` and `.` so the FQDN literal can be used in regex queries
# `sed` will match those two chars and `\\&` says to prepend a `\` to the sed match (`&`)
function escape_fqdn() {
function _escape_fqdn() {
# shellcheck disable=SC2001
sed 's|[\*\.]|\\&|g' <<< "${1}"
}

6
test/tests/parallel/set1/default_relay_host.bats
View File

@ -5,19 +5,19 @@ BATS_TEST_NAME_PREFIX='[Relay] (ENV) '
CONTAINER_NAME='dms-test_default-relay-host'
function setup_file() {
init_with_defaults
_init_with_defaults
local CUSTOM_SETUP_ARGUMENTS=(
--env DEFAULT_RELAY_HOST=default.relay.host.invalid:25
--env PERMIT_DOCKER=host
)
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
}
function teardown_file() { _default_teardown ; }
@test "'DEFAULT_RELAY_HOST' should configure 'main.cf:relayhost'" {
_run_in_container bash -c 'grep -e "^relayhost =" /etc/postfix/main.cf'
_run_in_container_bash 'grep -e "^relayhost =" /etc/postfix/main.cf'
assert_output 'relayhost = default.relay.host.invalid:25'
}

6
test/tests/parallel/set1/spam_virus/amavis.bats
View File

@ -5,7 +5,7 @@ BATS_TEST_NAME_PREFIX='[Amavis] '
CONTAINER_NAME='dms-test_amavis'
function setup_file() {
init_with_defaults
_init_with_defaults
local CUSTOM_SETUP_ARGUMENTS=(
--env ENABLE_AMAVIS=1
@ -13,14 +13,14 @@ function setup_file() {
--env ENABLE_SPAMASSASSIN=1
)
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
}
function teardown_file() { _default_teardown ; }
@test "SpamAssassin integration should be active" {
# give Amavis just a bit of time to print out its full debug log
run repeat_in_container_until_success_or_timeout 5 "${CONTAINER_NAME}" grep 'ANTI-SPAM-SA' /var/log/mail/mail.log
run _repeat_in_container_until_success_or_timeout 5 "${CONTAINER_NAME}" grep 'ANTI-SPAM-SA' /var/log/mail/mail.log
assert_success
assert_output --partial 'loaded'
refute_output --partial 'NOT loaded'

20
test/tests/parallel/set1/spam_virus/clamav.bats
View File

@ -5,7 +5,7 @@ BATS_TEST_NAME_PREFIX='[ClamAV] '
CONTAINER_NAME='dms-test_clamav'
function setup_file() {
init_with_defaults
_init_with_defaults
# Comment for maintainers about `PERMIT_DOCKER=host`:
# https://github.com/docker-mailserver/docker-mailserver/pull/2815/files#r991087509
@ -18,24 +18,24 @@ function setup_file() {
--env LOG_LEVEL=trace
)
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
# wait for ClamAV to be fully setup or we will get errors on the log
repeat_in_container_until_success_or_timeout 60 "${CONTAINER_NAME}" test -e /var/run/clamav/clamd.ctl
_repeat_in_container_until_success_or_timeout 60 "${CONTAINER_NAME}" test -e /var/run/clamav/clamd.ctl
wait_for_service "${CONTAINER_NAME}" postfix
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
_wait_for_service postfix
_wait_for_smtp_port_in_container
_run_in_container bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-virus.txt"
_run_in_container_bash "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-virus.txt"
assert_success
wait_for_empty_mail_queue_in_container "${CONTAINER_NAME}"
_wait_for_empty_mail_queue_in_container
}
function teardown_file() { _default_teardown ; }
@test "log files exist at /var/log/mail directory" {
_run_in_container bash -c "ls -1 /var/log/mail/ | grep -E 'clamav|freshclam|mail.log' | wc -l"
_run_in_container_bash "ls -1 /var/log/mail/ | grep -E 'clamav|freshclam|mail.log' | wc -l"
assert_success
assert_output 3
}
@ -46,7 +46,7 @@ function teardown_file() { _default_teardown ; }
}
@test "freshclam cron is enabled" {
_run_in_container bash -c "grep '/usr/bin/freshclam' -r /etc/cron.d"
_run_in_container_bash "grep '/usr/bin/freshclam' -r /etc/cron.d"
assert_success
}
@ -56,6 +56,6 @@ function teardown_file() { _default_teardown ; }
}
@test "rejects virus" {
_run_in_container bash -c "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep '<virus@external.tld> -> <user1@localhost.localdomain>'"
_run_in_container_bash "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep '<virus@external.tld> -> <user1@localhost.localdomain>'"
assert_success
}

12
test/tests/parallel/set1/spam_virus/disabled_clamav_spamassassin.bats
View File

@ -5,7 +5,7 @@ BATS_TEST_NAME_PREFIX='[ClamAV + SA] (disabled) '
CONTAINER_NAME='dms-test_clamav-spamassasin_disabled'
function setup_file() {
init_with_defaults
_init_with_defaults
local CUSTOM_SETUP_ARGUMENTS=(
--env ENABLE_AMAVIS=1
@ -14,12 +14,12 @@ function setup_file() {
--env AMAVIS_LOGLEVEL=2
)
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_wait_for_smtp_port_in_container
_run_in_container bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt"
_run_in_container_bash "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt"
assert_success
wait_for_empty_mail_queue_in_container "${CONTAINER_NAME}"
_wait_for_empty_mail_queue_in_container
}
function teardown_file() { _default_teardown ; }
@ -30,7 +30,7 @@ function teardown_file() { _default_teardown ; }
}
@test "SA - Amavis integration should not be active" {
_run_in_container bash -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'"
_run_in_container_bash "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'"
assert_success
}

24
test/tests/parallel/set1/spam_virus/dnsbl.bats
View File

@ -10,17 +10,17 @@ function setup_file() {
local CUSTOM_SETUP_ARGUMENTS=(
--env ENABLE_DNSBL=1
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
_init_with_defaults
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_wait_for_smtp_port_in_container
local CONTAINER_NAME=${CONTAINER2_NAME}
local CUSTOM_SETUP_ARGUMENTS=(
--env ENABLE_DNSBL=0
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
_init_with_defaults
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_wait_for_smtp_port_in_container
}
function teardown_file() {
@ -29,32 +29,32 @@ function teardown_file() {
# ENABLE_DNSBL=1
@test "(enabled) Postfix DNS block list zen.spamhaus.org" {
run docker exec "${CONTAINER1_NAME}" postconf smtpd_recipient_restrictions
_run_in_container_explicit "${CONTAINER1_NAME}" postconf smtpd_recipient_restrictions
assert_output --partial 'reject_rbl_client zen.spamhaus.org'
}
@test "(enabled) Postscreen DNS block lists -> postscreen_dnsbl_action" {
run docker exec "${CONTAINER1_NAME}" postconf postscreen_dnsbl_action
_run_in_container_explicit "${CONTAINER1_NAME}" postconf postscreen_dnsbl_action
assert_output 'postscreen_dnsbl_action = enforce'
}
@test "(enabled) Postscreen DNS block lists -> postscreen_dnsbl_sites" {
run docker exec "${CONTAINER1_NAME}" postconf postscreen_dnsbl_sites
_run_in_container_explicit "${CONTAINER1_NAME}" postconf postscreen_dnsbl_sites
assert_output 'postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]*3 bl.mailspike.net=127.0.0.[2;14;13;12;11;10] b.barracudacentral.org*2 bl.spameatingmonkey.net=127.0.0.2 dnsbl.sorbs.net psbl.surriel.com list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].[2..3]*-4'
}
# ENABLE_DNSBL=0
@test "(disabled) Postfix DNS block list zen.spamhaus.org" {
run docker exec "${CONTAINER2_NAME}" postconf smtpd_recipient_restrictions
_run_in_container_explicit "${CONTAINER2_NAME}" postconf smtpd_recipient_restrictions
refute_output --partial 'reject_rbl_client zen.spamhaus.org'
}
@test "(disabled) Postscreen DNS block lists -> postscreen_dnsbl_action" {
run docker exec "${CONTAINER2_NAME}" postconf postscreen_dnsbl_action
_run_in_container_explicit "${CONTAINER2_NAME}" postconf postscreen_dnsbl_action
assert_output 'postscreen_dnsbl_action = ignore'
}
@test "(disabled) Postscreen DNS block lists -> postscreen_dnsbl_sites" {
run docker exec "${CONTAINER2_NAME}" postconf postscreen_dnsbl_sites
_run_in_container_explicit "${CONTAINER2_NAME}" postconf postscreen_dnsbl_sites
assert_output 'postscreen_dnsbl_sites ='
}

22
test/tests/parallel/set1/spam_virus/fail2ban.bats
View File

@ -16,14 +16,14 @@ function setup_file() {
# NOTE: May no longer be needed with newer F2B:
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)"
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
_init_with_defaults
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_wait_for_smtp_port_in_container
# Create a container which will send wrong authentications and should get banned
CONTAINER_NAME=${CONTAINER2_NAME}
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_init_with_defaults
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
# Set default implicit container fallback for helpers:
CONTAINER_NAME=${CONTAINER1_NAME}
@ -72,26 +72,26 @@ function teardown_file() {
# - You could hard-code `sleep 5` on both cases to avoid the alternative assertions,
# but the polling + piping into grep approach here reliably minimizes the delay.
@test "ban ip on multiple failed login" {
CONTAINER1_IP=$(get_container_ip ${CONTAINER1_NAME})
CONTAINER1_IP=$(_get_container_ip "${CONTAINER1_NAME}")
# Trigger a ban by failing to login twice:
_run_in_container_explicit "${CONTAINER2_NAME}" bash -c "nc ${CONTAINER1_IP} 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt"
_run_in_container_explicit "${CONTAINER2_NAME}" bash -c "nc ${CONTAINER1_IP} 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt"
# Checking that CONTAINER2_IP is banned in "${CONTAINER1_NAME}"
CONTAINER2_IP=$(get_container_ip ${CONTAINER2_NAME})
run repeat_in_container_until_success_or_timeout 10 "${CONTAINER_NAME}" bash -c "fail2ban-client status postfix-sasl | grep -F '${CONTAINER2_IP}'"
CONTAINER2_IP=$(_get_container_ip "${CONTAINER2_NAME}")
run _repeat_in_container_until_success_or_timeout 10 "${CONTAINER_NAME}" /bin/bash -c "fail2ban-client status postfix-sasl | grep -F '${CONTAINER2_IP}'"
assert_success
assert_output --partial 'Banned IP list:'
# Checking that CONTAINER2_IP is banned by nftables
_run_in_container bash -c 'nft list set inet f2b-table addr-set-postfix-sasl'
_run_in_container_bash 'nft list set inet f2b-table addr-set-postfix-sasl'
assert_success
assert_output --partial "elements = { ${CONTAINER2_IP} }"
}
# NOTE: Depends on previous test case, if no IP was banned at this point, it passes regardless..
@test "unban ip works" {
CONTAINER2_IP=$(get_container_ip ${CONTAINER2_NAME})
CONTAINER2_IP=$(_get_container_ip "${CONTAINER2_NAME}")
_run_in_container fail2ban-client set postfix-sasl unbanip "${CONTAINER2_IP}"
assert_success
@ -101,7 +101,7 @@ function teardown_file() {
refute_output --partial "${CONTAINER2_IP}"
# Checking that CONTAINER2_IP is unbanned by nftables
_run_in_container bash -c 'nft list set inet f2b-table addr-set-postfix-sasl'
_run_in_container_bash 'nft list set inet f2b-table addr-set-postfix-sasl'
refute_output --partial "${CONTAINER2_IP}"
}

12
test/tests/parallel/set1/spam_virus/postgrey_enabled.bats
View File

@ -15,11 +15,11 @@ function setup_file() {
--env POSTGREY_TEXT="Delayed by Postgrey"
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_init_with_defaults
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
# Postfix needs to be ready on port 25 for nc usage below:
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
_wait_for_smtp_port_in_container
}
function teardown_file() { _default_teardown ; }
@ -60,7 +60,7 @@ function teardown_file() { _default_teardown ; }
'reason=new' \
'client_address=127.0.0.1/32, sender=user@external.tld, recipient=user1@localhost.localdomain'
repeat_until_success_or_timeout 10 _run_in_container grep \
_repeat_until_success_or_timeout 10 _run_in_container grep \
'Recipient address rejected: Delayed by Postgrey' \
/var/log/mail/mail.log
}
@ -113,7 +113,7 @@ function _send_test_mail() {
# This is required for port 10023, otherwise the connection never drops.
# It could increase the number of seconds to wait for port 25 to allow for asserting a response,
# but that would enforce the delay in tests for port 10023.
_run_in_container bash -c "nc -w 0 0.0.0.0 ${PORT} < ${MAIL_TEMPLATE}"
_run_in_container_bash "nc -w 0 0.0.0.0 ${PORT} < ${MAIL_TEMPLATE}"
}
function _should_have_log_entry() {
@ -122,7 +122,7 @@ function _should_have_log_entry() {
local TRIPLET=$3
# Allow some extra time for logs to update to avoids a false-positive failure:
run_until_success_or_timeout 10 docker exec "${CONTAINER_NAME}" grep \
_run_until_success_or_timeout 10 _exec_in_container grep \
"${ACTION}, ${REASON}," \
/var/log/mail/mail.log

14
test/tests/parallel/set1/spam_virus/postscreen.bats
View File

@ -6,7 +6,7 @@ CONTAINER1_NAME='dms-test_postscreen_enforce'
CONTAINER2_NAME='dms-test_postscreen_sender'
function setup() {
CONTAINER1_IP=$(get_container_ip ${CONTAINER1_NAME})
CONTAINER1_IP=$(_get_container_ip ${CONTAINER1_NAME})
}
function setup_file() {
@ -16,16 +16,16 @@ function setup_file() {
local CUSTOM_SETUP_ARGUMENTS=(
--env POSTSCREEN_ACTION=enforce
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
_init_with_defaults
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_wait_for_smtp_port_in_container
# A standard DMS instance to send mail from:
# NOTE: None of DMS is actually used for this (just bash + nc).
CONTAINER_NAME=${CONTAINER2_NAME}
init_with_defaults
_init_with_defaults
# No need to wait for DMS to be ready for this container:
common_container_create
_common_container_create
run docker start "${CONTAINER_NAME}"
assert_success
@ -50,7 +50,7 @@ function teardown_file() {
@test "should successfully login (respecting postscreen_greet_wait time)" {
# NOTE: Sometimes fails on first attempt (trying too soon?),
# Instead of a `run` + asserting partial, Using repeat + internal grep match:
repeat_until_success_or_timeout 10 _should_wait_turn_speaking_smtp \
_repeat_until_success_or_timeout 10 _should_wait_turn_speaking_smtp \
"${CONTAINER2_NAME}" \
"${CONTAINER1_IP}" \
'/tmp/docker-mailserver-test/auth/smtp-auth-login.txt' \

8
test/tests/parallel/set1/spam_virus/spam_bounced.bats
View File

@ -5,7 +5,7 @@ BATS_TEST_NAME_PREFIX='[Spam] (bounced) '
CONTAINER_NAME='dms-test_spam-bounced'
function setup_file() {
init_with_defaults
_init_with_defaults
local CUSTOM_SETUP_ARGUMENTS=(
--env ENABLE_AMAVIS=1
@ -14,8 +14,8 @@ function setup_file() {
--env SPAMASSASSIN_SPAM_TO_INBOX=0
)
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container_to_respond "${CONTAINER_NAME}"
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_wait_for_smtp_port_in_container_to_respond
}
function teardown_file() { _default_teardown ; }
@ -31,6 +31,6 @@ function teardown_file() { _default_teardown ; }
assert_success
# message will be added to a queue with varying delay until amavis receives it
run repeat_until_success_or_timeout 60 sh -c "docker logs ${CONTAINER_NAME} | grep 'Blocked SPAM {NoBounceInbound,Quarantined}'"
run _repeat_until_success_or_timeout 60 sh -c "docker logs ${CONTAINER_NAME} | grep 'Blocked SPAM {NoBounceInbound,Quarantined}'"
assert_success
}

22
test/tests/parallel/set1/spam_virus/spam_junk_folder.bats
View File

@ -22,20 +22,20 @@ function teardown() { _default_teardown ; }
--env SA_SPAM_SUBJECT="SPAM: "
--env SPAMASSASSIN_SPAM_TO_INBOX=1
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
_init_with_defaults
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_wait_for_smtp_port_in_container
# send a spam message
_run_in_container bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt"
_run_in_container_bash "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt"
assert_success
# message will be added to a queue with varying delay until amavis receives it
run repeat_until_success_or_timeout 60 bash -c "docker logs ${CONTAINER_NAME} | grep 'Passed SPAM {RelayedTaggedInbound,Quarantined}'"
run _repeat_until_success_or_timeout 60 bash -c "docker logs ${CONTAINER_NAME} | grep 'Passed SPAM {RelayedTaggedInbound,Quarantined}'"
assert_success
# spam moved to Junk folder
run repeat_until_success_or_timeout 20 bash -c "docker exec ${CONTAINER_NAME} sh -c 'grep \"Subject: SPAM: \" /var/mail/localhost.localdomain/user1/.Junk/new/ -R'"
run _repeat_until_success_or_timeout 20 bash -c "docker exec ${CONTAINER_NAME} sh -c 'grep \"Subject: SPAM: \" /var/mail/localhost.localdomain/user1/.Junk/new/ -R'"
assert_success
}
@ -49,19 +49,19 @@ function teardown() { _default_teardown ; }
--env SA_SPAM_SUBJECT="SPAM: "
--env SPAMASSASSIN_SPAM_TO_INBOX=1
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
_init_with_defaults
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_wait_for_smtp_port_in_container
# send a spam message
_run_in_container /bin/bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt"
assert_success
# message will be added to a queue with varying delay until amavis receives it
run repeat_until_success_or_timeout 60 bash -c "docker logs ${CONTAINER_NAME} | grep 'Passed SPAM {RelayedTaggedInbound,Quarantined}'"
run _repeat_until_success_or_timeout 60 bash -c "docker logs ${CONTAINER_NAME} | grep 'Passed SPAM {RelayedTaggedInbound,Quarantined}'"
assert_success
# spam moved to INBOX
run repeat_until_success_or_timeout 20 bash -c "docker exec ${CONTAINER_NAME} sh -c 'grep \"Subject: SPAM: \" /var/mail/localhost.localdomain/user1/new/ -R'"
run _repeat_until_success_or_timeout 20 bash -c "docker exec ${CONTAINER_NAME} sh -c 'grep \"Subject: SPAM: \" /var/mail/localhost.localdomain/user1/new/ -R'"
assert_success
}

18
test/tests/parallel/set1/spam_virus/undef_spam_subject.bats
View File

@ -16,10 +16,10 @@ function teardown() { _default_teardown ; }
--env ENABLE_SPAMASSASSIN=1
--env SA_SPAM_SUBJECT='undef'
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_init_with_defaults
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_run_in_container bash -c "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= undef'"
_run_in_container_bash "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= undef'"
assert_success
}
@ -44,18 +44,18 @@ function teardown() { _default_teardown ; }
# NOTE: ulimit required for `ENABLE_SRS=1` until running a newer `postsrsd`
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)"
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_init_with_defaults
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_run_in_container bash -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= -5.0'"
_run_in_container_bash "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= -5.0'"
assert_success
_run_in_container bash -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'"
_run_in_container_bash "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'"
assert_success
_run_in_container bash -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 3.0'"
_run_in_container_bash "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 3.0'"
assert_success
_run_in_container bash -c "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= .SPAM: .'"
_run_in_container_bash "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= .SPAM: .'"
assert_success
}

6
test/tests/parallel/set2/template.bats
View File

@ -14,7 +14,7 @@ function setup_file() {
# ? optional setup before container is started
# ? initialize the test helpers
init_with_defaults
_init_with_defaults
# ? add custom arguments supplied to `docker run` here
local CUSTOM_SETUP_ARGUMENTS=(
@ -22,7 +22,7 @@ function setup_file() {
)
# ? use a helper to correctly setup the container
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
# ? optional setup after the container is started
}
@ -34,6 +34,6 @@ function teardown_file() { _default_teardown ; }
# ? actual unit tests
@test "default check" {
_run_in_container bash -c "true"
_run_in_container_bash "true"
assert_success
}

44
test/tests/parallel/set2/tls/tls_cipherlists.bats
View File

@ -27,7 +27,7 @@ function setup_file() {
# Only interferes (potential test failure) with `assert_output` not `assert_success`?
docker pull drwetter/testssl.sh:3.1dev
# Only used in `should_support_expected_cipherlists()` to set a storage location for `testssl.sh` JSON output:
# Only used in `_should_support_expected_cipherlists()` to set a storage location for `testssl.sh` JSON output:
# `${BATS_TMPDIR}` maps to `/tmp`: https://bats-core.readthedocs.io/en/v1.8.2/writing-tests.html#special-variables
export TLS_RESULTS_DIR="${BATS_TMPDIR}/results"
}
@ -39,38 +39,38 @@ function teardown_file() {
function teardown() { _default_teardown ; }
@test "'TLS_LEVEL=intermediate' + RSA" {
configure_and_run_dms_container 'intermediate' 'rsa'
should_support_expected_cipherlists
_configure_and_run_dms_container 'intermediate' 'rsa'
_should_support_expected_cipherlists
}
@test "'TLS_LEVEL=intermediate' + ECDSA" {
configure_and_run_dms_container 'intermediate' 'ecdsa'
should_support_expected_cipherlists
_configure_and_run_dms_container 'intermediate' 'ecdsa'
_should_support_expected_cipherlists
}
# Only ECDSA with an RSA fallback is tested.
# There isn't a situation where RSA with an ECDSA fallback would make sense.
@test "'TLS_LEVEL=intermediate' + ECDSA with RSA fallback" {
configure_and_run_dms_container 'intermediate' 'ecdsa' 'rsa'
should_support_expected_cipherlists
_configure_and_run_dms_container 'intermediate' 'ecdsa' 'rsa'
_should_support_expected_cipherlists
}
@test "'TLS_LEVEL=modern' + RSA" {
configure_and_run_dms_container 'modern' 'rsa'
should_support_expected_cipherlists
_configure_and_run_dms_container 'modern' 'rsa'
_should_support_expected_cipherlists
}
@test "'TLS_LEVEL=modern' + ECDSA" {
configure_and_run_dms_container 'modern' 'ecdsa'
should_support_expected_cipherlists
_configure_and_run_dms_container 'modern' 'ecdsa'
_should_support_expected_cipherlists
}
@test "'TLS_LEVEL=modern' + ECDSA with RSA fallback" {
configure_and_run_dms_container 'modern' 'ecdsa' 'rsa'
should_support_expected_cipherlists
_configure_and_run_dms_container 'modern' 'ecdsa' 'rsa'
_should_support_expected_cipherlists
}
function configure_and_run_dms_container() {
function _configure_and_run_dms_container() {
local TLS_LEVEL=$1
local KEY_TYPE=$2
local ALT_KEY_TYPE=$3 # Optional parameter
@ -106,23 +106,23 @@ function configure_and_run_dms_container() {
)
fi
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
_init_with_defaults
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_wait_for_smtp_port_in_container
}
function should_support_expected_cipherlists() {
function _should_support_expected_cipherlists() {
# Make a directory with test user ownership. Avoids Docker creating this with root ownership.
# TODO: Can switch to filename prefix for JSON output when this is resolved: https://github.com/drwetter/testssl.sh/issues/1845
local RESULTS_PATH="${TLS_RESULTS_DIR}/${TEST_VARIANT}"
mkdir -p "${RESULTS_PATH}"
collect_cipherlists
verify_cipherlists
_collect_cipherlists
_verify_cipherlists
}
# Verify that the collected results match our expected cipherlists:
function verify_cipherlists() {
function _verify_cipherlists() {
# SMTP: Opportunistic STARTTLS Explicit(25)
# Needs to test against cipher lists specific to Port 25 ('_p25' parameter)
check_cipherlists "${RESULTS_PATH}/port_25.json" '_p25'
@ -141,7 +141,7 @@ function verify_cipherlists() {
}
# Using `testssl.sh` we can test each port to collect a list of supported cipher suites (ordered):
function collect_cipherlists() {
function _collect_cipherlists() {
# NOTE: An rDNS query for the container IP will resolve to `<container name>.<network name>.`
# For non-CI test runs, instead of removing prior test files after this test suite completes,

14
test/tests/parallel/set2/tls/tls_letsencrypt.bats
View File

@ -14,7 +14,7 @@ function teardown() { _default_teardown ; }
# Similar to BATS `setup()` method, but invoked manually after
# CONTAINER_NAME has been adjusted for the running testcase.
function _initial_setup() {
init_with_defaults
_init_with_defaults
# Prepare certificates in the letsencrypt supported file structure:
# NOTE: Certbot uses `privkey.pem`.
@ -41,7 +41,7 @@ function _initial_setup() {
--env PERMIT_DOCKER='container'
--env SSL_TYPE='letsencrypt'
)
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
# Test that certificate files exist for the configured `hostname`:
_should_have_valid_config "${TARGET_DOMAIN}" 'privkey.pem' 'fullchain.pem'
@ -61,7 +61,7 @@ function _initial_setup() {
--env PERMIT_DOCKER='container'
--env SSL_TYPE='letsencrypt'
)
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
#test domain has certificate files
_should_have_valid_config "${TARGET_DOMAIN}" 'privkey.pem' 'fullchain.pem'
@ -102,8 +102,8 @@ function _initial_setup() {
--env SSL_DOMAIN='*.example.test'
--env SSL_TYPE='letsencrypt'
)
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_service "${CONTAINER_NAME}" 'changedetector'
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_wait_for_service 'changedetector'
}
# Test `acme.json` extraction works at container startup:
@ -180,7 +180,7 @@ function _should_have_valid_config() {
# CMD ${1} run in container with output checked to match value of ${2}:
function _has_matching_line() {
_run_in_container bash -c "${1} | grep '${2}'"
_run_in_container_bash "${1} | grep '${2}'"
assert_output "${2}"
}
@ -207,7 +207,7 @@ function _should_extract_on_changes() {
local ACME_JSON=${2}
cp "${ACME_JSON}" "${TEST_TMP_CONFIG}/letsencrypt/acme.json"
wait_until_change_detection_event_completes "${CONTAINER_NAME}"
_wait_until_change_detection_event_completes
# Expected log lines from the changedetector service:
run _get_logs_since_last_change_detection "${CONTAINER_NAME}"

8
test/tests/parallel/set2/tls/tls_manual.bats
View File

@ -30,10 +30,10 @@ function setup_file() {
--env SSL_ALT_CERT_PATH="${SSL_ALT_CERT_PATH}"
)
init_with_defaults
# Override the default set in `common_container_setup`:
_init_with_defaults
# Override the default set in `_common_container_setup`:
export TEST_FQDN="mail.${TEST_DOMAIN}"
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
}
function teardown_file() { _default_teardown ; }
@ -90,7 +90,7 @@ function teardown_file() { _default_teardown ; }
}
@test "manual cert works correctly" {
wait_for_tcp_port_in_container 587 "${CONTAINER_NAME}"
_wait_for_tcp_port_in_container 587
local TEST_COMMAND=(timeout 1 openssl s_client -connect mail.example.test:587 -starttls smtp)
local RESULT

4
test/tests/parallel/set3/config-overrides.bats
View File

@ -5,12 +5,12 @@ BATS_TEST_NAME_PREFIX='[Configuration] (overrides) '
CONTAINER_NAME='dms-test_config-overrides'
function setup_file() {
init_with_defaults
_init_with_defaults
# Move override configs into main `/tmp/docker-mailserver` config location:
mv "${TEST_TMP_CONFIG}/override-configs/"* "${TEST_TMP_CONFIG}/"
common_container_setup
_common_container_setup
}
function teardown_file() { _default_teardown ; }

18
test/tests/parallel/set3/dovecot-sieve.bats
View File

@ -8,7 +8,7 @@ BATS_TEST_NAME_PREFIX='[Dovecot] (Sieve support) '
CONTAINER_NAME='dms-test_dovecot-sieve'
function setup_file() {
init_with_defaults
_init_with_defaults
# Move sieve configs into main `/tmp/docker-mailserver` config location:
mv "${TEST_TMP_CONFIG}/dovecot-sieve/"* "${TEST_TMP_CONFIG}/"
@ -21,23 +21,23 @@ function setup_file() {
# NOTE: Cannot use ':ro', 'start-mailserver.sh' attempts to 'chown -R' /var/mail:
--volume "${TEST_TMP_CONFIG}/dovecot.sieve:/var/mail/localhost.localdomain/user1/.dovecot.sieve"
)
common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
_common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
_wait_for_smtp_port_in_container
# Single mail sent from 'spam@spam.com' that is handled by User (relocate) and Global (copy) sieves for user1:
_run_in_container bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/sieve-spam-folder.txt"
_run_in_container_bash "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/sieve-spam-folder.txt"
# Mail for user2 triggers the sieve-pipe:
_run_in_container bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/sieve-pipe.txt"
_run_in_container_bash "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/sieve-pipe.txt"
wait_for_empty_mail_queue_in_container "${CONTAINER_NAME}"
_wait_for_empty_mail_queue_in_container
}
function teardown_file() { _default_teardown ; }
# dovecot-sieve/dovecot.sieve
@test "User Sieve - should store mail from 'spam@spam.com' into recipient (user1) mailbox 'INBOX.spam'" {
_run_in_container bash -c 'ls -A /var/mail/localhost.localdomain/user1/.INBOX.spam/new'
_run_in_container_bash 'ls -A /var/mail/localhost.localdomain/user1/.INBOX.spam/new'
assert_success
_should_output_number_of_lines 1
}
@ -50,7 +50,7 @@ function teardown_file() { _default_teardown ; }
# dovecot-sieve/sieve-pipe + dovecot-sieve/user2@otherdomain.tld.dovecot.sieve
@test "Sieve Pipe - should pipe mail received for user2 into '/tmp/pipe-test.out'" {
_run_in_container bash -c 'ls -A /tmp/pipe-test.out'
_run_in_container_bash 'ls -A /tmp/pipe-test.out'
assert_success
_should_output_number_of_lines 1
}
@ -58,6 +58,6 @@ function teardown_file() { _default_teardown ; }
# Only test coverage for feature is to check that the service is listening on the expected port:
# https://doc.dovecot.org/admin_manual/pigeonhole_managesieve_server/
@test "ENV 'ENABLE_MANAGESIEVE' - should have enabled service on port 4190" {
_run_in_container bash -c 'nc -z 0.0.0.0 4190'
_run_in_container_bash 'nc -z 0.0.0.0 4190'
assert_success
}

12
test/tests/parallel/set3/dovecot_inet_protocol.bats
View File

@ -12,8 +12,8 @@ function teardown() { _default_teardown ; }
export CONTAINER_NAME=${CONTAINER1_NAME}
local CUSTOM_SETUP_ARGUMENTS=(--env DOVECOT_INET_PROTOCOLS=)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_init_with_defaults
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_run_in_container grep '^#listen = \*, ::' /etc/dovecot/dovecot.conf
assert_success
@ -24,8 +24,8 @@ function teardown() { _default_teardown ; }
export CONTAINER_NAME=${CONTAINER2_NAME}
local CUSTOM_SETUP_ARGUMENTS=(--env DOVECOT_INET_PROTOCOLS=ipv4)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_init_with_defaults
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_run_in_container grep '^listen = \*$' /etc/dovecot/dovecot.conf
assert_success
@ -36,8 +36,8 @@ function teardown() { _default_teardown ; }
export CONTAINER_NAME=${CONTAINER3_NAME}
local CUSTOM_SETUP_ARGUMENTS=(--env DOVECOT_INET_PROTOCOLS=ipv6)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_init_with_defaults
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_run_in_container grep '^listen = \[::\]$' /etc/dovecot/dovecot.conf
assert_success

10
test/tests/parallel/set3/helper-functions.bats
View File

@ -5,19 +5,19 @@ BATS_TEST_NAME_PREFIX='[Scripts] (helper functions inside container) '
CONTAINER_NAME='dms-test_helper_functions'
function setup_file() {
init_with_defaults
common_container_setup
_init_with_defaults
_common_container_setup
}
function teardown_file() { _default_teardown ; }
@test "_sanitize_ipv4_to_subnet_cidr" {
_run_in_container bash -c "source /usr/local/bin/helpers/index.sh; _sanitize_ipv4_to_subnet_cidr 255.255.255.255/0"
_run_in_container_bash "source /usr/local/bin/helpers/index.sh; _sanitize_ipv4_to_subnet_cidr 255.255.255.255/0"
assert_output "0.0.0.0/0"
_run_in_container bash -c "source /usr/local/bin/helpers/index.sh; _sanitize_ipv4_to_subnet_cidr 192.168.255.14/20"
_run_in_container_bash "source /usr/local/bin/helpers/index.sh; _sanitize_ipv4_to_subnet_cidr 192.168.255.14/20"
assert_output "192.168.240.0/20"
_run_in_container bash -c "source /usr/local/bin/helpers/index.sh; _sanitize_ipv4_to_subnet_cidr 192.168.255.14/32"
_run_in_container_bash "source /usr/local/bin/helpers/index.sh; _sanitize_ipv4_to_subnet_cidr 192.168.255.14/32"
assert_output "192.168.255.14/32"
}

20
test/tests/parallel/set3/process-check-restart.bats
View File

@ -64,11 +64,11 @@ ENV_PROCESS_LIST=(
# Disable Dovecot:
--env SMTP_ONLY=1
)
init_with_defaults
common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
_init_with_defaults
_common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
# Required for Postfix (when launched by wrapper script which is slow to start)
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
_wait_for_smtp_port_in_container
for PROCESS in "${CORE_PROCESS_LIST[@]}"
do
@ -102,10 +102,10 @@ ENV_PROCESS_LIST=(
# PR 2730: https://github.com/docker-mailserver/docker-mailserver/commit/672e9cf19a3bb1da309e8cea6ee728e58f905366
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)"
)
init_with_defaults
_init_with_defaults
mv "${TEST_TMP_CONFIG}/fetchmail/fetchmail.cf" "${TEST_TMP_CONFIG}/fetchmail.cf"
# Average time: 6 seconds
common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
_common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
local ENABLED_PROCESS_LIST=(
"${CORE_PROCESS_LIST[@]}"
@ -132,8 +132,8 @@ ENV_PROCESS_LIST=(
local CONTAINER_ARGS_ENV_CUSTOM=(
--env ENABLE_CLAMAV=1
)
init_with_defaults
common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
_init_with_defaults
_common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
_should_restart_when_killed 'clamd'
}
@ -144,7 +144,7 @@ function _should_restart_when_killed() {
# Wait until process has been running for at least MIN_PROCESS_AGE:
# (this allows us to more confidently check the process was restarted)
run_until_success_or_timeout 30 _check_if_process_is_running "${PROCESS}" "${MIN_PROCESS_AGE}"
_run_until_success_or_timeout 30 _check_if_process_is_running "${PROCESS}" "${MIN_PROCESS_AGE}"
# NOTE: refute_output doesn't have output to compare to when a run failure is due to a timeout
assert_success
assert_output --partial "${PROCESS}"
@ -157,13 +157,13 @@ function _should_restart_when_killed() {
# Wait until original process is not running:
# (Ignore restarted process by filtering with MIN_PROCESS_AGE, --fatal-test with `false` stops polling on error):
run repeat_until_success_or_timeout --fatal-test "_check_if_process_is_running ${PROCESS} ${MIN_PROCESS_AGE}" 30 false
run _repeat_until_success_or_timeout --fatal-test "_check_if_process_is_running ${PROCESS} ${MIN_PROCESS_AGE}" 30 false
assert_output --partial "'${PROCESS}' is not running"
assert_failure
# Should be running:
# (poll as some processes a slower to restart, such as those run by wrapper scripts adding delay via sleep)
run_until_success_or_timeout 30 _check_if_process_is_running "${PROCESS}"
_run_until_success_or_timeout 30 _check_if_process_is_running "${PROCESS}"
assert_success
assert_output --partial "${PROCESS}"
}

70
test/tests/parallel/set3/smtp-delivery.bats
View File

@ -6,7 +6,7 @@ BATS_TEST_NAME_PREFIX='[SMTP] (delivery) '
CONTAINER_NAME='dms-test_smtp-delivery'
function setup_file() {
init_with_defaults
_init_with_defaults
local CONTAINER_ARGS_ENV_CUSTOM=(
# Required not only for authentication, but delivery in these tests (via nc):
@ -43,94 +43,94 @@ function setup_file() {
mv "${TEST_TMP_CONFIG}/smtp-delivery/postfix-main.cf" "${TEST_TMP_CONFIG}/postfix-main.cf"
mv "${TEST_TMP_CONFIG}/smtp-delivery/dovecot.cf" "${TEST_TMP_CONFIG}/dovecot.cf"
common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
_common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
_run_in_container setup email add 'added@localhost.localdomain' 'mypassword'
assert_success
wait_until_change_detection_event_completes "${CONTAINER_NAME}"
_wait_until_change_detection_event_completes
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
_wait_for_smtp_port_in_container
# TODO: Move to clamav tests (For use when ClamAV is enabled):
# repeat_in_container_until_success_or_timeout 60 "${CONTAINER_NAME}" test -e /var/run/clamav/clamd.ctl
# _run_in_container bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-virus.txt"
# _repeat_in_container_until_success_or_timeout 60 "${CONTAINER_NAME}" test -e /var/run/clamav/clamd.ctl
# _run_in_container_bash "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-virus.txt"
# Required for 'delivers mail to existing alias':
_run_in_container bash -c 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-alias-external.txt'
_run_in_container_bash 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-alias-external.txt'
# Required for 'delivers mail to existing alias with recipient delimiter':
_run_in_container bash -c 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-alias-recipient-delimiter.txt'
_run_in_container_bash 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-alias-recipient-delimiter.txt'
# Required for 'delivers mail to existing catchall':
_run_in_container bash -c 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-catchall-local.txt'
_run_in_container_bash 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-catchall-local.txt'
# Required for 'delivers mail to regexp alias':
_run_in_container bash -c 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-regexp-alias-local.txt'
_run_in_container_bash 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-regexp-alias-local.txt'
# Required for 'rejects mail to unknown user':
_run_in_container bash -c 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/non-existing-user.txt'
_run_in_container_bash 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/non-existing-user.txt'
# Required for 'redirects mail to external aliases':
_run_in_container bash -c 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-regexp-alias-external.txt'
_run_in_container bash -c 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-alias-local.txt'
_run_in_container_bash 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-regexp-alias-external.txt'
_run_in_container_bash 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-alias-local.txt'
# Required for 'rejects spam':
_run_in_container bash -c 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt'
_run_in_container_bash 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt'
# Required for 'delivers mail to existing account':
_run_in_container bash -c 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt'
_run_in_container bash -c 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user2.txt'
_run_in_container bash -c 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user3.txt'
_run_in_container bash -c 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-added.txt'
_run_in_container bash -c 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user-and-cc-local-alias.txt'
_run_in_container bash -c 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/sieve-spam-folder.txt'
_run_in_container bash -c 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/sieve-pipe.txt'
_run_in_container bash -c 'sendmail root < /tmp/docker-mailserver-test/email-templates/root-email.txt'
_run_in_container_bash 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt'
_run_in_container_bash 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user2.txt'
_run_in_container_bash 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user3.txt'
_run_in_container_bash 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-added.txt'
_run_in_container_bash 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user-and-cc-local-alias.txt'
_run_in_container_bash 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/sieve-spam-folder.txt'
_run_in_container_bash 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/sieve-pipe.txt'
_run_in_container_bash 'sendmail root < /tmp/docker-mailserver-test/email-templates/root-email.txt'
wait_for_empty_mail_queue_in_container "${CONTAINER_NAME}"
_wait_for_empty_mail_queue_in_container
}
function teardown_file() { _default_teardown ; }
@test "should successfully authenticate with good password (plain)" {
_run_in_container bash -c 'nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-plain.txt'
_run_in_container_bash 'nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-plain.txt'
assert_success
assert_output --partial 'Authentication successful'
}
@test "should fail to authenticate with wrong password (plain)" {
_run_in_container bash -c 'nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-plain-wrong.txt'
_run_in_container_bash 'nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-plain-wrong.txt'
assert_output --partial 'authentication failed'
assert_success
}
@test "should successfully authenticate with good password (login)" {
_run_in_container bash -c 'nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login.txt'
_run_in_container_bash 'nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login.txt'
assert_success
assert_output --partial 'Authentication successful'
}
@test "should fail to authenticate with wrong password (login)" {
_run_in_container bash -c 'nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt'
_run_in_container_bash 'nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt'
assert_output --partial 'authentication failed'
assert_success
}
@test "[user: 'added'] should successfully authenticate with good password (plain)" {
_run_in_container bash -c 'nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-plain.txt'
_run_in_container_bash 'nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-plain.txt'
assert_success
assert_output --partial 'Authentication successful'
}
@test "[user: 'added'] should fail to authenticate with wrong password (plain)" {
_run_in_container bash -c 'nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-plain-wrong.txt'
_run_in_container_bash 'nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-plain-wrong.txt'
assert_success
assert_output --partial 'authentication failed'
}
@test "[user: 'added'] should successfully authenticate with good password (login)" {
_run_in_container bash -c 'nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-login.txt'
_run_in_container_bash 'nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-login.txt'
assert_success
assert_output --partial 'Authentication successful'
}
@test "[user: 'added'] should fail to authenticate with wrong password (login)" {
_run_in_container bash -c 'nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-login-wrong.txt'
_run_in_container_bash 'nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-login-wrong.txt'
assert_success
assert_output --partial 'authentication failed'
}
@ -141,7 +141,7 @@ function teardown_file() { _default_teardown ; }
# postfix/lmtp[1274]: 0EA424ABE7D9: to=<user1@localhost.localdomain>, relay=127.0.0.1[127.0.0.1]:24, delay=0.13, delays=0.07/0.01/0.01/0.05, dsn=2.0.0, status=sent (250 2.0.0 <user1@localhost.localdomain> ixPpB+Zvv2P7BAAAUi6ngw Saved)
local LOG_DELIVERED='postfix/lmtp.* status=sent .* Saved)'
local FORMAT_LINES="sed 's/.* to=</</g' | sed 's/, relay.*//g' | sort | uniq -c | tr -s ' '"
_run_in_container bash -c "grep '${LOG_DELIVERED}' /var/log/mail/mail.log | ${FORMAT_LINES}"
_run_in_container_bash "grep '${LOG_DELIVERED}' /var/log/mail/mail.log | ${FORMAT_LINES}"
assert_success
assert_output --partial '1 <added@localhost.localdomain>'
@ -190,7 +190,7 @@ function teardown_file() { _default_teardown ; }
}
@test "user1 should have received 8 mails" {
_run_in_container bash -c "grep Subject /var/mail/localhost.localdomain/user1/new/* | sed 's/.*Subject: //g' | sed 's/\.txt.*//g' | sed 's/VIRUS.*/VIRUS/g' | sort"
_run_in_container_bash "grep Subject /var/mail/localhost.localdomain/user1/new/* | sed 's/.*Subject: //g' | sed 's/\.txt.*//g' | sed 's/VIRUS.*/VIRUS/g' | sort"
assert_success
assert_output --partial 'Root Test Message'
@ -217,7 +217,7 @@ function teardown_file() { _default_teardown ; }
}
@test "redirects mail to external aliases" {
_run_in_container bash -c "grep 'Passed CLEAN {RelayedInbound}' /var/log/mail/mail.log | grep -- '-> <external1@otherdomain.tld>'"
_run_in_container_bash "grep 'Passed CLEAN {RelayedInbound}' /var/log/mail/mail.log | grep -- '-> <external1@otherdomain.tld>'"
assert_success
assert_output --partial '<user@external.tld> -> <external1@otherdomain.tld>'
_should_output_number_of_lines 2
@ -250,7 +250,7 @@ function teardown_file() { _default_teardown ; }
# Dovecot does not support SMTPUTF8, so while we can send we cannot receive
# Better disable SMTPUTF8 support entirely if we can't handle it correctly
@test "not advertising smtputf8" {
_run_in_container bash -c 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/smtp-ehlo.txt'
_run_in_container_bash 'nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/smtp-ehlo.txt'
assert_success
refute_output --partial 'SMTPUTF8'
}

35
test/tests/serial/mail_changedetector.bats
View File

@ -15,13 +15,13 @@ function setup_file() {
)
CONTAINER_NAME=${CONTAINER1_NAME}
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_init_with_defaults
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
CONTAINER_NAME=${CONTAINER2_NAME}
# NOTE: No `init_with_defaults` used here,
# Intentionally sharing previous containers config instead.
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
# Set default implicit container fallback for helpers:
CONTAINER_NAME=${CONTAINER1_NAME}
@ -32,8 +32,8 @@ function teardown_file() {
}
@test "changedetector service is ready" {
wait_for_service "${CONTAINER1_NAME}" changedetector
wait_for_service "${CONTAINER2_NAME}" changedetector
_wait_for_service changedetector "${CONTAINER1_NAME}"
_wait_for_service changedetector "${CONTAINER2_NAME}"
}
# NOTE: Non-deterministic behaviour - One container will perform change detection before the other.
@ -54,9 +54,9 @@ function teardown_file() {
_prepare_blocking_lock_test
# Wait until the 2nd change event attempts to process:
_should_block_change_event_from_processing "${CONTAINER1_NAME}" 2
_should_block_change_event_from_processing 2 "${CONTAINER1_NAME}"
# NOTE: Although the service is restarted, a change detection should still occur (previous checksum still exists):
_should_block_change_event_from_processing "${CONTAINER2_NAME}" 1
_should_block_change_event_from_processing 1 "${CONTAINER2_NAME}"
}
@test "should remove lock file when stale" {
@ -66,7 +66,7 @@ function teardown_file() {
docker exec "${CONTAINER1_NAME}" touch -d '60 seconds ago' /tmp/docker-mailserver/check-for-changes.sh.lock
# A 2nd change event should complete (or may already have if quick enough?):
wait_until_change_detection_event_completes "${CONTAINER1_NAME}" 2
_wait_until_change_detection_event_completes 2 "${CONTAINER1_NAME}"
# Should have removed the stale lock file, then handle the change event:
run _get_logs_since_last_change_detection "${CONTAINER1_NAME}"
@ -79,20 +79,20 @@ function _should_perform_standard_change_event() {
# Wait for change detection event to start and complete processing:
# NOTE: An explicit count is provided as the 2nd container may have already completed processing.
wait_until_change_detection_event_completes "${CONTAINER_NAME}" 1
_wait_until_change_detection_event_completes 1
# Container should have created it's own lock file,
# and later removed it when finished processing:
run _get_logs_since_last_change_detection "${CONTAINER_NAME}"
run _get_logs_since_last_change_detection
_assert_has_standard_change_event_logs
}
function _should_block_change_event_from_processing() {
local CONTAINER_NAME=${1}
local EXPECTED_COUNT=${2}
local EXPECTED_COUNT=${1}
local CONTAINER_NAME=${2}
# Once the next change event has started, the processing blocked log ('another execution') should be present:
wait_until_change_detection_event_begins "${CONTAINER_NAME}" "${EXPECTED_COUNT}"
_wait_until_change_detection_event_begins "${EXPECTED_COUNT}"
run _get_logs_since_last_change_detection "${CONTAINER_NAME}"
_assert_foreign_lock_exists
@ -119,19 +119,20 @@ function _assert_no_lock_actions_performed() {
}
function _prepare_blocking_lock_test {
local CONTAINER_NAME=${CONTAINER2_NAME}
# Temporarily disable the Container2 changedetector service:
docker exec "${CONTAINER2_NAME}" bash -c 'supervisorctl stop changedetector'
docker exec "${CONTAINER2_NAME}" bash -c 'rm -f /var/log/supervisor/changedetector.log'
_exec_in_container_bash 'supervisorctl stop changedetector'
_exec_in_container_bash 'rm -f /var/log/supervisor/changedetector.log'
# Create a foreign lock file to prevent change processing (in both containers):
docker exec "${CONTAINER1_NAME}" bash -c 'touch /tmp/docker-mailserver/check-for-changes.sh.lock'
_exec_in_container_explicit "${CONTAINER1_NAME}" /bin/bash -c 'touch /tmp/docker-mailserver/check-for-changes.sh.lock'
# Create a new change to detect (that the foreign lock should prevent from processing):
_create_change_event
# Restore Container2 changedetector service:
# NOTE: The last known checksum is retained in Container2,
# It will be compared to and start a change event.
docker exec "${CONTAINER2_NAME}" bash -c 'supervisorctl start changedetector'
_exec_in_container_bash 'supervisorctl start changedetector'
}
function _create_change_event() {

8
test/tests/serial/mail_fetchmail.bats
View File

@ -12,18 +12,18 @@ function setup_file() {
local CUSTOM_SETUP_ARGUMENTS=(
--env ENABLE_FETCHMAIL=1
)
init_with_defaults
_init_with_defaults
mv "${TEST_TMP_CONFIG}/fetchmail/fetchmail.cf" "${TEST_TMP_CONFIG}/fetchmail.cf"
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
CONTAINER_NAME=${CONTAINER2_NAME}
local CUSTOM_SETUP_ARGUMENTS=(
--env ENABLE_FETCHMAIL=1
--env FETCHMAIL_PARALLEL=1
)
init_with_defaults
_init_with_defaults
mv "${TEST_TMP_CONFIG}/fetchmail/fetchmail.cf" "${TEST_TMP_CONFIG}/fetchmail.cf"
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
}
function teardown_file() {

10
test/tests/serial/mail_lmtp_ip.bats
View File

@ -11,12 +11,12 @@ load "${REPOSITORY_ROOT}/test/helper/setup"
# TODO: A more appropriate test if keeping this feature would be to run Dovecot via a
# separate container to deliver mail to, and verify it was stored in the expected mail dir.
BATS_TEST_NAME_PREFIX='[ENV] (POSTFIX_DAGENT)'
BATS_TEST_NAME_PREFIX='[ENV] (POSTFIX_DAGENT) '
CONTAINER_NAME='dms-test_env_postfix-dagent'
function setup_file() {
export LMTP_URI='lmtp:127.0.0.1:24'
init_with_defaults
_init_with_defaults
local CONTAINER_ARGS_ENV_CUSTOM=(
--env PERMIT_DOCKER='container'
@ -26,7 +26,7 @@ function setup_file() {
# Configure LMTP service listener in `/etc/dovecot/conf.d/10-master.conf` to instead listen on TCP port 24:
mv "${TEST_TMP_CONFIG}/dovecot-lmtp/user-patches.sh" "${TEST_TMP_CONFIG}/"
common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
_common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
}
function teardown_file() { _default_teardown ; }
@ -37,10 +37,10 @@ function teardown_file() { _default_teardown ; }
}
@test "delivers mail to existing account" {
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
_wait_for_smtp_port_in_container
# Send a test mail:
_run_in_container bash -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt"
_run_in_container_bash "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt"
assert_success
# Verify delivery was successful, log line should look similar to:

14
test/tests/serial/mail_tls_dhparams.bats
View File

@ -1,5 +1,5 @@
load "${REPOSITORY_ROOT}/test/helper/common"
load "${REPOSITORY_ROOT}/test/helper/setup"
load "${REPOSITORY_ROOT}/test/helper/common"
# Test case
# ---------
@ -21,11 +21,11 @@ function teardown() { _default_teardown ; }
local DH_PARAMS_DEFAULT='target/shared/ffdhe4096.pem'
local DH_CHECKSUM_DEFAULT=$(sha512sum "${DH_PARAMS_DEFAULT}" | awk '{print $1}')
init_with_defaults
common_container_setup
_init_with_defaults
_common_container_setup
_should_match_service_copies "${DH_CHECKSUM_DEFAULT}"
# Verify integrity of the default supplied DH Params (ffdhe4096, should be equivalent to `target/shared/ffdhe4096.pem.sha512sum`):
# 716a462baecb43520fb1ba6f15d288ba8df4d612bf9d450474b4a1c745b64be01806e5ca4fb2151395fd4412a98831b77ea8dfd389fe54a9c768d170b9565a25
local DH_CHECKSUM_MOZILLA
@ -41,9 +41,9 @@ function teardown() { _default_teardown ; }
local DH_PARAMS_CUSTOM='test/test-files/ssl/custom-dhe-params.pem'
local DH_CHECKSUM_CUSTOM=$(sha512sum "${DH_PARAMS_CUSTOM}" | awk '{print $1}')
init_with_defaults
_init_with_defaults
cp "${DH_PARAMS_CUSTOM}" "${TEST_TMP_CONFIG}/dhparams.pem"
common_container_setup
_common_container_setup
_should_match_service_copies "${DH_CHECKSUM_CUSTOM}"
@ -58,7 +58,7 @@ function _should_match_service_copies() {
local DH_CHECKSUM=$1
function __should_have_expected_checksum() {
_run_in_container bash -c "sha512sum ${1} | awk '{print \$1}'"
_run_in_container_bash "sha512sum ${1} | awk '{print \$1}'"
assert_success
assert_output "${DH_CHECKSUM}"
}

4
test/tests/serial/no_container.bats
View File

@ -1,5 +1,5 @@
load "${REPOSITORY_ROOT}/test/helper/common"
load "${REPOSITORY_ROOT}/test/helper/setup"
load "${REPOSITORY_ROOT}/test/helper/common"
# Tests the `setup.sh` companion script.
# Only test coverage below is that the config path `-p` and image `-i` options work as intended.
@ -12,7 +12,7 @@ function setup_file() {
# Copy the base config that `setup.sh` will volume mount to a container it runs:
export TEST_TMP_CONFIG
TEST_TMP_CONFIG=$(duplicate_config_for_container . 'no_container')
TEST_TMP_CONFIG=$(_duplicate_config_for_container . 'no_container')
}
@test "'setup.sh -p <PATH> -i <IMAGE>' should correctly use options" {

18
test/tests/serial/setup-cli.bats
View File

@ -10,7 +10,7 @@ CONTAINER_NAME='dms-test_setup-cli'
# no state is reset between test-cases.
function setup_file() {
# Initializes common default vars to prepare a DMS container with:
init_with_defaults
_init_with_defaults
mv "${TEST_TMP_CONFIG}/fetchmail/fetchmail.cf" "${TEST_TMP_CONFIG}/fetchmail.cf"
# Creates and starts the container with additional ENV needed:
@ -20,12 +20,10 @@ function setup_file() {
--env LOG_LEVEL='debug'
)
common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
_common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
}
function teardown_file() {
docker rm -f "${CONTAINER_NAME}"
}
function teardown_file() { _default_teardown ; }
@test "show usage when no arguments provided" {
run ./setup.sh
@ -56,13 +54,13 @@ function teardown_file() {
# Ensure you wait until `changedetector` is finished.
# Mail account and storage directory should now be valid
wait_until_change_detection_event_completes "${CONTAINER_NAME}"
_wait_until_change_detection_event_completes
# Verify mail storage directory exists (polls if storage is slow, eg remote mount):
wait_until_account_maildir_exists "${CONTAINER_NAME}" "${MAIL_ACCOUNT}"
_wait_until_account_maildir_exists "${MAIL_ACCOUNT}"
# Verify account authentication is successful (account added to Dovecot UserDB+PassDB):
wait_for_service "${CONTAINER_NAME}" dovecot
_wait_for_service dovecot
local RESPONSE
RESPONSE=$(docker exec "${CONTAINER_NAME}" doveadm auth test "${MAIL_ACCOUNT}" "${MAIL_PASS}" | grep 'passdb')
assert_equal "${RESPONSE}" "passdb: ${MAIL_ACCOUNT} auth succeeded"
@ -91,7 +89,7 @@ function teardown_file() {
assert_success
# NOTE: this was put in place for the next test `setup.sh email del` to properly work.
wait_until_change_detection_event_completes "${CONTAINER_NAME}"
_wait_until_change_detection_event_completes
# `postfix-accounts.cf` should have an updated password hash stored:
local NEW_PASS_HASH
@ -122,7 +120,7 @@ function teardown_file() {
# of the previous test (`email udpate`) triggering. Therefore, the function
# `wait_until_change_detection_event_completes was added to the
# `setup.sh email update` test.
repeat_in_container_until_success_or_timeout 60 "${CONTAINER_NAME}" bash -c '[[ ! -d /var/mail/example.com/user ]]'
_repeat_in_container_until_success_or_timeout 60 "${CONTAINER_NAME}" bash -c '[[ ! -d /var/mail/example.com/user ]]'
# Account is not present in `postfix-accounts.cf`:
run grep "${MAIL_ACCOUNT}" "${TEST_TMP_CONFIG}/postfix-accounts.cf"

412
test/tests/serial/tests.bats
View File

@ -2,10 +2,15 @@ load "${REPOSITORY_ROOT}/test/helper/common"
load "${REPOSITORY_ROOT}/test/helper/change-detection"
load "${REPOSITORY_ROOT}/test/helper/setup"
# TODO: These tests date back to the very beginning of DMS and therefore
# TODO: lack the more advanced test suite functions that make tests more
# TODO: robust. As a consequence, the tests should be adjusted.
BATS_TEST_NAME_PREFIX='[General] '
CONTAINER_NAME='mail'
setup_file() {
init_with_defaults
function setup_file() {
_init_with_defaults
mv "${TEST_TMP_CONFIG}/user-patches/user-patches.sh" "${TEST_TMP_CONFIG}/user-patches.sh"
@ -23,32 +28,27 @@ setup_file() {
--ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)"
--health-cmd "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
)
common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
_common_container_setup 'CONTAINER_ARGS_ENV_CUSTOM'
# generate accounts after container has been started
docker exec mail setup email add 'added@localhost.localdomain' 'mypassword'
docker exec mail setup email add 'pass@localhost.localdomain' 'may be \a `p^a.*ssword'
_add_mail_account_then_wait_until_ready 'added@localhost.localdomain' 'mypassword'
_add_mail_account_then_wait_until_ready 'pass@localhost.localdomain' 'may be \a `p^a.*ssword'
# this relies on the checksum file being updated after all changes have been applied
wait_until_change_detection_event_completes mail
wait_for_service mail postfix
wait_for_smtp_port_in_container mail
_wait_for_service postfix
_wait_for_smtp_port_in_container
}
teardown_file() {
docker rm -f mail
}
function teardown_file() { _default_teardown ; }
#
# configuration checks
#
@test "checking configuration: user-patches.sh executed" {
run docker logs mail
@test "configuration: user-patches.sh executed" {
run docker logs "${CONTAINER_NAME}"
assert_output --partial "Default user-patches.sh successfully executed"
}
@test "checking configuration: hostname/domainname" {
@test "configuration: hostname/domainname" {
run docker run "${IMAGE_NAME:?}"
assert_success
}
@ -62,12 +62,12 @@ teardown_file() {
# it may result in a false-positive `unhealthy` state.
# Be careful with re-locating this test if earlier tests could potentially fail it by
# triggering the `changedetector` service.
@test "checking container healthcheck" {
@test "container healthcheck" {
# ensure, that at least 30 seconds have passed since container start
while [[ "$(docker inspect --format='{{.State.Health.Status}}' mail)" == "starting" ]]; do
while [[ "$(docker inspect --format='{{.State.Health.Status}}' "${CONTAINER_NAME}")" == "starting" ]]; do
sleep 1
done
run docker inspect --format='{{.State.Health.Status}}' mail
run docker inspect --format='{{.State.Health.Status}}' "${CONTAINER_NAME}"
assert_output "healthy"
assert_success
}
@ -76,18 +76,18 @@ teardown_file() {
# imap
#
@test "checking imap: server is ready with STARTTLS" {
run docker exec mail /bin/bash -c "nc -w 2 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'ready'"
@test "imap: server is ready with STARTTLS" {
_run_in_container_bash "nc -w 2 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'ready'"
assert_success
}
@test "checking imap: authentication works" {
run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-auth.txt"
@test "imap: authentication works" {
_run_in_container_bash "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-auth.txt"
assert_success
}
@test "checking imap: added user authentication works" {
run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/added-imap-auth.txt"
@test "imap: added user authentication works" {
_run_in_container_bash "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/added-imap-auth.txt"
assert_success
}
@ -95,13 +95,13 @@ teardown_file() {
# sasl
#
@test "checking sasl: doveadm auth test works with good password" {
run docker exec mail /bin/sh -c "doveadm auth test -x service=smtp user2@otherdomain.tld mypassword | grep 'auth succeeded'"
@test "sasl: doveadm auth test works with good password" {
_run_in_container_bash "doveadm auth test -x service=smtp user2@otherdomain.tld mypassword | grep 'auth succeeded'"
assert_success
}
@test "checking sasl: doveadm auth test fails with bad password" {
run docker exec mail /bin/sh -c "doveadm auth test -x service=smtp user2@otherdomain.tld BADPASSWORD | grep 'auth failed'"
@test "sasl: doveadm auth test fails with bad password" {
_run_in_container_bash "doveadm auth test -x service=smtp user2@otherdomain.tld BADPASSWORD | grep 'auth failed'"
assert_success
}
@ -109,8 +109,8 @@ teardown_file() {
# logs
#
@test "checking logs: mail related logs should be located in a subdirectory" {
run docker exec mail /bin/sh -c "ls -1 /var/log/mail/ | grep -E 'mail.log'"
@test "logs: mail related logs should be located in a subdirectory" {
_run_in_container_bash "ls -1 /var/log/mail/ | grep -E 'mail.log'"
assert_success
}
@ -118,8 +118,8 @@ teardown_file() {
# accounts
#
@test "checking accounts: user accounts" {
run docker exec mail doveadm user '*'
@test "accounts: user accounts" {
_run_in_container doveadm user '*'
assert_success
assert_line --index 0 "user1@localhost.localdomain"
assert_line --index 1 "user2@otherdomain.tld"
@ -127,28 +127,28 @@ teardown_file() {
assert_line --index 3 "added@localhost.localdomain"
}
@test "checking accounts: user mail folder for user1" {
run docker exec mail /bin/bash -c "ls -d /var/mail/localhost.localdomain/user1"
@test "accounts: user mail folder for user1" {
_run_in_container_bash "ls -d /var/mail/localhost.localdomain/user1"
assert_success
}
@test "checking accounts: user mail folder for user2" {
run docker exec mail /bin/bash -c "ls -d /var/mail/otherdomain.tld/user2"
@test "accounts: user mail folder for user2" {
_run_in_container_bash "ls -d /var/mail/otherdomain.tld/user2"
assert_success
}
@test "checking accounts: user mail folder for user3" {
run docker exec mail /bin/bash -c "ls -d /var/mail/localhost.localdomain/user3"
@test "accounts: user mail folder for user3" {
_run_in_container_bash "ls -d /var/mail/localhost.localdomain/user3"
assert_success
}
@test "checking accounts: user mail folder for added user" {
run docker exec mail /bin/bash -c "ls -d /var/mail/localhost.localdomain/added"
@test "accounts: user mail folder for added user" {
_run_in_container_bash "ls -d /var/mail/localhost.localdomain/added"
assert_success
}
@test "checking accounts: comments are not parsed" {
run docker exec mail /bin/bash -c "ls /var/mail | grep 'comment'"
@test "accounts: comments are not parsed" {
_run_in_container_bash "ls /var/mail | grep 'comment'"
assert_failure
}
@ -156,8 +156,8 @@ teardown_file() {
# postfix
#
@test "checking postfix: vhost file is correct" {
run docker exec mail cat /etc/postfix/vhost
@test "postfix: vhost file is correct" {
_run_in_container cat /etc/postfix/vhost
assert_success
assert_line --index 0 "localdomain2.com"
assert_line --index 1 "localhost.localdomain"
@ -168,19 +168,19 @@ teardown_file() {
# postsrsd
#
@test "checking SRS: main.cf entries" {
run docker exec mail grep "sender_canonical_maps = tcp:localhost:10001" /etc/postfix/main.cf
@test "SRS: main.cf entries" {
_run_in_container grep "sender_canonical_maps = tcp:localhost:10001" /etc/postfix/main.cf
assert_success
run docker exec mail grep "sender_canonical_classes = envelope_sender" /etc/postfix/main.cf
_run_in_container grep "sender_canonical_classes = envelope_sender" /etc/postfix/main.cf
assert_success
run docker exec mail grep "recipient_canonical_maps = tcp:localhost:10002" /etc/postfix/main.cf
_run_in_container grep "recipient_canonical_maps = tcp:localhost:10002" /etc/postfix/main.cf
assert_success
run docker exec mail grep "recipient_canonical_classes = envelope_recipient,header_recipient" /etc/postfix/main.cf
_run_in_container grep "recipient_canonical_classes = envelope_recipient,header_recipient" /etc/postfix/main.cf
assert_success
}
@test "checking SRS: fallback to hostname is handled correctly" {
run docker exec mail grep "SRS_DOMAIN=example.test" /etc/default/postsrsd
@test "SRS: fallback to hostname is handled correctly" {
_run_in_container grep "SRS_DOMAIN=example.test" /etc/default/postsrsd
assert_success
}
@ -188,81 +188,81 @@ teardown_file() {
# system
#
@test "checking system: freshclam cron is disabled" {
run docker exec mail bash -c "grep '/usr/bin/freshclam' -r /etc/cron.d"
@test "system: freshclam cron is disabled" {
_run_in_container_bash "grep '/usr/bin/freshclam' -r /etc/cron.d"
assert_failure
}
@test "checking amavis: virusmail wiper cron exists" {
run docker exec mail bash -c "crontab -l | grep '/usr/local/bin/virus-wiper'"
@test "amavis: virusmail wiper cron exists" {
_run_in_container_bash "crontab -l | grep '/usr/local/bin/virus-wiper'"
assert_success
}
@test "checking amavis: VIRUSMAILS_DELETE_DELAY override works as expected" {
@test "amavis: VIRUSMAILS_DELETE_DELAY override works as expected" {
# shellcheck disable=SC2016
run docker run --rm -e VIRUSMAILS_DELETE_DELAY=2 "${IMAGE_NAME:?}" /bin/bash -c 'echo "${VIRUSMAILS_DELETE_DELAY}"'
assert_output 2
}
@test "checking amavis: old virusmail is wipped by cron" {
docker exec mail bash -c 'touch -d "`date --date=2000-01-01`" /var/lib/amavis/virusmails/should-be-deleted'
run docker exec mail bash -c '/usr/local/bin/virus-wiper'
@test "amavis: old virusmail is wipped by cron" {
_exec_in_container_bash 'touch -d "`date --date=2000-01-01`" /var/lib/amavis/virusmails/should-be-deleted'
_run_in_container_bash '/usr/local/bin/virus-wiper'
assert_success
run docker exec mail bash -c 'ls -la /var/lib/amavis/virusmails/ | grep should-be-deleted'
_run_in_container_bash 'ls -la /var/lib/amavis/virusmails/ | grep should-be-deleted'
assert_failure
}
@test "checking amavis: recent virusmail is not wipped by cron" {
docker exec mail bash -c 'touch -d "`date`" /var/lib/amavis/virusmails/should-not-be-deleted'
run docker exec mail bash -c '/usr/local/bin/virus-wiper'
@test "amavis: recent virusmail is not wipped by cron" {
_exec_in_container_bash 'touch -d "`date`" /var/lib/amavis/virusmails/should-not-be-deleted'
_run_in_container_bash '/usr/local/bin/virus-wiper'
assert_success
run docker exec mail bash -c 'ls -la /var/lib/amavis/virusmails/ | grep should-not-be-deleted'
_run_in_container_bash 'ls -la /var/lib/amavis/virusmails/ | grep should-not-be-deleted'
assert_success
}
@test "checking system: /var/log/mail/mail.log is error free" {
run docker exec mail grep 'non-null host address bits in' /var/log/mail/mail.log
@test "system: /var/log/mail/mail.log is error free" {
_run_in_container grep 'non-null host address bits in' /var/log/mail/mail.log
assert_failure
run docker exec mail grep 'mail system configuration error' /var/log/mail/mail.log
_run_in_container grep 'mail system configuration error' /var/log/mail/mail.log
assert_failure
run docker exec mail grep ': error:' /var/log/mail/mail.log
_run_in_container grep ': error:' /var/log/mail/mail.log
assert_failure
run docker exec mail grep -i 'is not writable' /var/log/mail/mail.log
_run_in_container grep -i 'is not writable' /var/log/mail/mail.log
assert_failure
run docker exec mail grep -i 'permission denied' /var/log/mail/mail.log
_run_in_container grep -i 'permission denied' /var/log/mail/mail.log
assert_failure
run docker exec mail grep -i '(!)connect' /var/log/mail/mail.log
_run_in_container grep -i '(!)connect' /var/log/mail/mail.log
assert_failure
run docker exec mail grep -i 'using backwards-compatible default setting' /var/log/mail/mail.log
_run_in_container grep -i 'using backwards-compatible default setting' /var/log/mail/mail.log
assert_failure
run docker exec mail grep -i 'connect to 127.0.0.1:10023: Connection refused' /var/log/mail/mail.log
_run_in_container grep -i 'connect to 127.0.0.1:10023: Connection refused' /var/log/mail/mail.log
assert_failure
}
@test "checking system: /var/log/auth.log is error free" {
run docker exec mail grep 'Unable to open env file: /etc/default/locale' /var/log/auth.log
@test "system: /var/log/auth.log is error free" {
_run_in_container grep 'Unable to open env file: /etc/default/locale' /var/log/auth.log
assert_failure
}
@test "checking system: sets the server fqdn" {
run docker exec mail hostname
@test "system: sets the server fqdn" {
_run_in_container hostname
assert_success
assert_output "mail.example.test"
}
@test "checking system: sets the server domain name in /etc/mailname" {
run docker exec mail cat /etc/mailname
@test "system: sets the server domain name in /etc/mailname" {
_run_in_container cat /etc/mailname
assert_success
assert_output "example.test"
}
@test "checking system: postfix should not log to syslog" {
run docker exec mail grep 'postfix' /var/log/syslog
@test "system: postfix should not log to syslog" {
_run_in_container grep 'postfix' /var/log/syslog
assert_failure
}
@test "checking system: amavis decoders installed and available" {
run docker exec mail /bin/sh -c "grep -E '.*(Internal decoder|Found decoder) for\s+\..*' /var/log/mail/mail.log*|grep -Eo '(mail|Z|gz|bz2|xz|lzma|lrz|lzo|lz4|rpm|cpio|tar|deb|rar|arj|arc|zoo|doc|cab|tnef|zip|kmz|7z|jar|swf|lha|iso|exe)' | sort | uniq"
@test "system: amavis decoders installed and available" {
_run_in_container_bash "grep -E '.*(Internal decoder|Found decoder) for\s+\..*' /var/log/mail/mail.log*|grep -Eo '(mail|Z|gz|bz2|xz|lzma|lrz|lzo|lz4|rpm|cpio|tar|deb|rar|arj|arc|zoo|doc|cab|tnef|zip|kmz|7z|jar|swf|lha|iso|exe)' | sort | uniq"
assert_success
# Support for doc and zoo removed in buster
cat <<'EOF' | assert_output
@ -298,88 +298,88 @@ EOF
#
# accounts
#
@test "checking accounts: user_without_domain creation should be rejected since user@domain format is required" {
run docker exec mail /bin/sh -c "addmailuser user_without_domain mypassword"
@test "accounts: user_without_domain creation should be rejected since user@domain format is required" {
_run_in_container_bash "addmailuser user_without_domain mypassword"
assert_failure
assert_output --partial 'should include the domain (eg: user@example.com)'
}
@test "checking accounts: user3 should have been added to /tmp/docker-mailserver/postfix-accounts.cf" {
docker exec mail /bin/sh -c "addmailuser user3@domain.tld mypassword"
@test "accounts: user3 should have been added to /tmp/docker-mailserver/postfix-accounts.cf" {
_exec_in_container_bash "addmailuser user3@domain.tld mypassword"
run docker exec mail /bin/sh -c "grep '^user3@domain\.tld|' -i /tmp/docker-mailserver/postfix-accounts.cf"
_run_in_container_bash "grep '^user3@domain\.tld|' -i /tmp/docker-mailserver/postfix-accounts.cf"
assert_success
[[ -n ${output} ]]
}
@test "checking accounts: auser3 should have been added to /tmp/docker-mailserver/postfix-accounts.cf" {
docker exec mail /bin/sh -c "addmailuser auser3@domain.tld mypassword"
@test "accounts: auser3 should have been added to /tmp/docker-mailserver/postfix-accounts.cf" {
_exec_in_container_bash "addmailuser auser3@domain.tld mypassword"
run docker exec mail /bin/sh -c "grep '^auser3@domain\.tld|' -i /tmp/docker-mailserver/postfix-accounts.cf"
_run_in_container_bash "grep '^auser3@domain\.tld|' -i /tmp/docker-mailserver/postfix-accounts.cf"
assert_success
[[ -n ${output} ]]
}
@test "checking accounts: a.ser3 should have been added to /tmp/docker-mailserver/postfix-accounts.cf" {
docker exec mail /bin/sh -c "addmailuser a.ser3@domain.tld mypassword"
@test "accounts: a.ser3 should have been added to /tmp/docker-mailserver/postfix-accounts.cf" {
_exec_in_container_bash "addmailuser a.ser3@domain.tld mypassword"
run docker exec mail /bin/sh -c "grep '^a\.ser3@domain\.tld|' -i /tmp/docker-mailserver/postfix-accounts.cf"
_run_in_container_bash "grep '^a\.ser3@domain\.tld|' -i /tmp/docker-mailserver/postfix-accounts.cf"
assert_success
[[ -n ${output} ]]
}
@test "checking accounts: user3 should have been removed from /tmp/docker-mailserver/postfix-accounts.cf but not auser3" {
wait_until_account_maildir_exists mail 'user3@domain.tld'
@test "accounts: user3 should have been removed from /tmp/docker-mailserver/postfix-accounts.cf but not auser3" {
_wait_until_account_maildir_exists 'user3@domain.tld'
docker exec mail /bin/sh -c "delmailuser -y user3@domain.tld"
_exec_in_container_bash "delmailuser -y user3@domain.tld"
run docker exec mail /bin/sh -c "grep '^user3@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf"
_run_in_container_bash "grep '^user3@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf"
assert_failure
[[ -z ${output} ]]
run docker exec mail /bin/sh -c "grep '^auser3@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf"
_run_in_container_bash "grep '^auser3@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf"
assert_success
[[ -n ${output} ]]
}
@test "checking user updating password for user in /tmp/docker-mailserver/postfix-accounts.cf" {
add_mail_account_then_wait_until_ready mail 'user4@domain.tld'
@test "user updating password for user in /tmp/docker-mailserver/postfix-accounts.cf" {
_add_mail_account_then_wait_until_ready 'user4@domain.tld'
initialpass=$(docker exec mail /bin/sh -c "grep '^user4@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf")
initialpass=$(_exec_in_container_bash "grep '^user4@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf")
sleep 2
docker exec mail /bin/sh -c "updatemailuser user4@domain.tld mynewpassword"
_exec_in_container_bash "updatemailuser user4@domain.tld mynewpassword"
sleep 2
changepass=$(docker exec mail /bin/sh -c "grep '^user4@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf")
changepass=$(_exec_in_container_bash "grep '^user4@domain\.tld' -i /tmp/docker-mailserver/postfix-accounts.cf")
[[ ${initialpass} != "${changepass}" ]]
run docker exec mail /bin/sh -c "delmailuser -y auser3@domain.tld"
_run_in_container_bash "delmailuser -y auser3@domain.tld"
assert_success
}
@test "checking accounts: listmailuser (quotas disabled)" {
run docker exec mail /bin/sh -c "echo 'ENABLE_QUOTAS=0' >> /etc/dms-settings && listmailuser | head -n 1"
@test "accounts: listmailuser (quotas disabled)" {
_run_in_container_bash "echo 'ENABLE_QUOTAS=0' >> /etc/dms-settings && listmailuser | head -n 1"
assert_success
assert_output '* user1@localhost.localdomain'
}
@test "checking accounts: listmailuser (quotas enabled)" {
run docker exec mail /bin/sh -c "sed -i '/ENABLE_QUOTAS=0/d' /etc/dms-settings; listmailuser | head -n 1"
@test "accounts: listmailuser (quotas enabled)" {
_run_in_container_bash "sed -i '/ENABLE_QUOTAS=0/d' /etc/dms-settings; listmailuser | head -n 1"
assert_success
assert_output '* user1@localhost.localdomain ( 0 / ~ ) [0%]'
}
@test "checking accounts: no error is generated when deleting a user if /tmp/docker-mailserver/postfix-accounts.cf is missing" {
@test "accounts: no error is generated when deleting a user if /tmp/docker-mailserver/postfix-accounts.cf is missing" {
run docker run --rm \
-v "$(duplicate_config_for_container without-accounts/ without-accounts-deleting-user)":/tmp/docker-mailserver/ \
-v "$(_duplicate_config_for_container without-accounts/ without-accounts-deleting-user)":/tmp/docker-mailserver/ \
"${IMAGE_NAME:?}" /bin/sh -c 'delmailuser -y user3@domain.tld'
assert_success
[[ -z ${output} ]]
}
@test "checking accounts: user3 should have been added to /tmp/docker-mailserver/postfix-accounts.cf even when that file does not exist" {
@test "accounts: user3 should have been added to /tmp/docker-mailserver/postfix-accounts.cf even when that file does not exist" {
local PRIVATE_CONFIG
PRIVATE_CONFIG=$(duplicate_config_for_container without-accounts/ without-accounts_file_does_not_exist)
PRIVATE_CONFIG=$(_duplicate_config_for_container without-accounts/ without-accounts_file_does_not_exist)
run docker run --rm \
-v "${PRIVATE_CONFIG}/without-accounts/":/tmp/docker-mailserver/ \
"${IMAGE_NAME:?}" /bin/sh -c 'addmailuser user3@domain.tld mypassword'
@ -392,104 +392,104 @@ EOF
}
@test "checking quota: setquota user must be existing" {
add_mail_account_then_wait_until_ready mail 'quota_user@domain.tld'
@test "quota: setquota user must be existing" {
_add_mail_account_then_wait_until_ready 'quota_user@domain.tld'
run docker exec mail /bin/sh -c "setquota quota_user 50M"
_run_in_container_bash "setquota quota_user 50M"
assert_failure
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 50M"
_run_in_container_bash "setquota quota_user@domain.tld 50M"
assert_success
run docker exec mail /bin/sh -c "setquota username@fulldomain 50M"
_run_in_container_bash "setquota username@fulldomain 50M"
assert_failure
run docker exec mail /bin/sh -c "delmailuser -y quota_user@domain.tld"
_run_in_container_bash "delmailuser -y quota_user@domain.tld"
assert_success
}
@test "checking quota: setquota <quota> must be well formatted" {
add_mail_account_then_wait_until_ready mail 'quota_user@domain.tld'
@test "quota: setquota <quota> must be well formatted" {
_add_mail_account_then_wait_until_ready 'quota_user@domain.tld'
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 26GIGOTS"
_run_in_container_bash "setquota quota_user@domain.tld 26GIGOTS"
assert_failure
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 123"
_run_in_container_bash "setquota quota_user@domain.tld 123"
assert_failure
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld M"
_run_in_container_bash "setquota quota_user@domain.tld M"
assert_failure
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld -60M"
_run_in_container_bash "setquota quota_user@domain.tld -60M"
assert_failure
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 10B"
_run_in_container_bash "setquota quota_user@domain.tld 10B"
assert_success
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 10k"
_run_in_container_bash "setquota quota_user@domain.tld 10k"
assert_success
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 10M"
_run_in_container_bash "setquota quota_user@domain.tld 10M"
assert_success
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 10G"
_run_in_container_bash "setquota quota_user@domain.tld 10G"
assert_success
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 10T"
_run_in_container_bash "setquota quota_user@domain.tld 10T"
assert_success
run docker exec mail /bin/sh -c "delmailuser -y quota_user@domain.tld"
_run_in_container_bash "delmailuser -y quota_user@domain.tld"
assert_success
}
@test "checking quota: delquota user must be existing" {
add_mail_account_then_wait_until_ready mail 'quota_user@domain.tld'
@test "quota: delquota user must be existing" {
_add_mail_account_then_wait_until_ready 'quota_user@domain.tld'
run docker exec mail /bin/sh -c "delquota uota_user@domain.tld"
_run_in_container_bash "delquota uota_user@domain.tld"
assert_failure
run docker exec mail /bin/sh -c "delquota quota_user"
_run_in_container_bash "delquota quota_user"
assert_failure
run docker exec mail /bin/sh -c "delquota dontknowyou@domain.tld"
_run_in_container_bash "delquota dontknowyou@domain.tld"
assert_failure
run docker exec mail /bin/sh -c "setquota quota_user@domain.tld 10T"
_run_in_container_bash "setquota quota_user@domain.tld 10T"
assert_success
run docker exec mail /bin/sh -c "delquota quota_user@domain.tld"
_run_in_container_bash "delquota quota_user@domain.tld"
assert_success
run docker exec mail /bin/sh -c "grep -i 'quota_user@domain.tld' /tmp/docker-mailserver/dovecot-quotas.cf"
_run_in_container_bash "grep -i 'quota_user@domain.tld' /tmp/docker-mailserver/dovecot-quotas.cf"
assert_failure
run docker exec mail /bin/sh -c "delmailuser -y quota_user@domain.tld"
_run_in_container_bash "delmailuser -y quota_user@domain.tld"
assert_success
}
@test "checking quota: delquota allow when no quota for existing user" {
add_mail_account_then_wait_until_ready mail 'quota_user@domain.tld'
@test "quota: delquota allow when no quota for existing user" {
_add_mail_account_then_wait_until_ready 'quota_user@domain.tld'
run docker exec mail /bin/sh -c "grep -i 'quota_user@domain.tld' /tmp/docker-mailserver/dovecot-quotas.cf"
_run_in_container_bash "grep -i 'quota_user@domain.tld' /tmp/docker-mailserver/dovecot-quotas.cf"
assert_failure
run docker exec mail /bin/sh -c "delquota quota_user@domain.tld"
_run_in_container_bash "delquota quota_user@domain.tld"
assert_success
run docker exec mail /bin/sh -c "delquota quota_user@domain.tld"
_run_in_container_bash "delquota quota_user@domain.tld"
assert_success
run docker exec mail /bin/sh -c "delmailuser -y quota_user@domain.tld"
_run_in_container_bash "delmailuser -y quota_user@domain.tld"
assert_success
}
@test "checking quota: dovecot quota present in postconf" {
run docker exec mail /bin/bash -c "postconf | grep 'check_policy_service inet:localhost:65265'"
@test "quota: dovecot quota present in postconf" {
_run_in_container_bash "postconf | grep 'check_policy_service inet:localhost:65265'"
assert_success
}
@test "checking quota: dovecot mailbox max size must be equal to postfix mailbox max size" {
postfix_mailbox_size=$(docker exec mail sh -c "postconf | grep -Po '(?<=mailbox_size_limit = )[0-9]+'")
@test "quota: dovecot mailbox max size must be equal to postfix mailbox max size" {
postfix_mailbox_size=$(_exec_in_container_bash "postconf | grep -Po '(?<=mailbox_size_limit = )[0-9]+'")
run echo "${postfix_mailbox_size}"
refute_output ""
# dovecot relies on virtual_mailbox_size by default
postfix_virtual_mailbox_size=$(docker exec mail sh -c "postconf | grep -Po '(?<=virtual_mailbox_limit = )[0-9]+'")
postfix_virtual_mailbox_size=$(_exec_in_container_bash "postconf | grep -Po '(?<=virtual_mailbox_limit = )[0-9]+'")
assert_equal "${postfix_virtual_mailbox_size}" "${postfix_mailbox_size}"
postfix_mailbox_size_mb=$(( postfix_mailbox_size / 1000000))
dovecot_mailbox_size_mb=$(docker exec mail sh -c "doveconf | grep -oP '(?<=quota_rule \= \*\:storage=)[0-9]+'")
dovecot_mailbox_size_mb=$(_exec_in_container_bash "doveconf | grep -oP '(?<=quota_rule \= \*\:storage=)[0-9]+'")
run echo "${dovecot_mailbox_size_mb}"
refute_output ""
@ -497,92 +497,92 @@ EOF
}
@test "checking quota: dovecot message max size must be equal to postfix messsage max size" {
postfix_message_size=$(docker exec mail sh -c "postconf | grep -Po '(?<=message_size_limit = )[0-9]+'")
@test "quota: dovecot message max size must be equal to postfix messsage max size" {
postfix_message_size=$(_exec_in_container_bash "postconf | grep -Po '(?<=message_size_limit = )[0-9]+'")
run echo "${postfix_message_size}"
refute_output ""
postfix_message_size_mb=$(( postfix_message_size / 1000000))
dovecot_message_size_mb=$(docker exec mail sh -c "doveconf | grep -oP '(?<=quota_max_mail_size = )[0-9]+'")
dovecot_message_size_mb=$(_exec_in_container_bash "doveconf | grep -oP '(?<=quota_max_mail_size = )[0-9]+'")
run echo "${dovecot_message_size_mb}"
refute_output ""
assert_equal "${postfix_message_size_mb}" "${dovecot_message_size_mb}"
}
@test "checking quota: quota directive is removed when mailbox is removed" {
add_mail_account_then_wait_until_ready mail 'quserremoved@domain.tld'
@test "quota: quota directive is removed when mailbox is removed" {
_add_mail_account_then_wait_until_ready 'quserremoved@domain.tld'
run docker exec mail /bin/sh -c "setquota quserremoved@domain.tld 12M"
_run_in_container_bash "setquota quserremoved@domain.tld 12M"
assert_success
run docker exec mail /bin/sh -c 'cat /tmp/docker-mailserver/dovecot-quotas.cf | grep -E "^quserremoved@domain.tld\:12M\$" | wc -l | grep 1'
_run_in_container_bash 'cat /tmp/docker-mailserver/dovecot-quotas.cf | grep -E "^quserremoved@domain.tld\:12M\$" | wc -l | grep 1'
assert_success
run docker exec mail /bin/sh -c "delmailuser -y quserremoved@domain.tld"
_run_in_container_bash "delmailuser -y quserremoved@domain.tld"
assert_success
run docker exec mail /bin/sh -c 'cat /tmp/docker-mailserver/dovecot-quotas.cf | grep -E "^quserremoved@domain.tld\:12M\$"'
_run_in_container_bash 'cat /tmp/docker-mailserver/dovecot-quotas.cf | grep -E "^quserremoved@domain.tld\:12M\$"'
assert_failure
}
@test "checking quota: dovecot applies user quota" {
run docker exec mail /bin/sh -c "doveadm quota get -u 'user1@localhost.localdomain' | grep 'User quota STORAGE'"
@test "quota: dovecot applies user quota" {
_run_in_container_bash "doveadm quota get -u 'user1@localhost.localdomain' | grep 'User quota STORAGE'"
assert_output --partial "- 0"
run docker exec mail /bin/sh -c "setquota user1@localhost.localdomain 50M"
_run_in_container_bash "setquota user1@localhost.localdomain 50M"
assert_success
# wait until quota has been updated
run repeat_until_success_or_timeout 20 sh -c "docker exec mail sh -c 'doveadm quota get -u user1@localhost.localdomain | grep -oP \"(User quota STORAGE\s+[0-9]+\s+)51200(.*)\"'"
run _repeat_until_success_or_timeout 20 _exec_in_container_bash 'doveadm quota get -u user1@localhost.localdomain | grep -oP "(User quota STORAGE\s+[0-9]+\s+)51200(.*)"'
assert_success
run docker exec mail /bin/sh -c "delquota user1@localhost.localdomain"
_run_in_container_bash "delquota user1@localhost.localdomain"
assert_success
# wait until quota has been updated
run repeat_until_success_or_timeout 20 sh -c "docker exec mail sh -c 'doveadm quota get -u user1@localhost.localdomain | grep -oP \"(User quota STORAGE\s+[0-9]+\s+)-(.*)\"'"
run _repeat_until_success_or_timeout 20 _exec_in_container_bash 'doveadm quota get -u user1@localhost.localdomain | grep -oP "(User quota STORAGE\s+[0-9]+\s+)-(.*)"'
assert_success
}
@test "checking quota: warn message received when quota exceeded" {
@test "quota: warn message received when quota exceeded" {
skip 'disabled as it fails randomly: https://github.com/docker-mailserver/docker-mailserver/pull/2511'
# create user
add_mail_account_then_wait_until_ready mail 'quotauser@otherdomain.tld'
run docker exec mail /bin/sh -c 'setquota quotauser@otherdomain.tld 10k'
_add_mail_account_then_wait_until_ready 'quotauser@otherdomain.tld'
_run_in_container_bash 'setquota quotauser@otherdomain.tld 10k'
assert_success
# wait until quota has been updated
run repeat_until_success_or_timeout 20 sh -c "docker exec mail sh -c 'doveadm quota get -u quotauser@otherdomain.tld | grep -oP \"(User quota STORAGE\s+[0-9]+\s+)10(.*)\"'"
run _repeat_until_success_or_timeout 20 _exec_in_container_bash 'doveadm quota get -u quotauser@otherdomain.tld | grep -oP \"(User quota STORAGE\s+[0-9]+\s+)10(.*)\"'
assert_success
# dovecot and postfix has been restarted
wait_for_service mail postfix
wait_for_service mail dovecot
_wait_for_service postfix
_wait_for_service dovecot
sleep 10
# send some big emails
run docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/quota-exceeded.txt"
_run_in_container_bash "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/quota-exceeded.txt"
assert_success
run docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/quota-exceeded.txt"
_run_in_container_bash "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/quota-exceeded.txt"
assert_success
run docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/quota-exceeded.txt"
_run_in_container_bash "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/quota-exceeded.txt"
assert_success
# check for quota warn message existence
run repeat_until_success_or_timeout 20 sh -c "docker exec mail sh -c 'grep \"Subject: quota warning\" /var/mail/otherdomain.tld/quotauser/new/ -R'"
run _repeat_until_success_or_timeout 20 _exec_in_container_bash 'grep \"Subject: quota warning\" /var/mail/otherdomain.tld/quotauser/new/ -R'
assert_success
run repeat_until_success_or_timeout 20 sh -c "docker logs mail | grep 'Quota exceeded (mailbox for user is full)'"
run _repeat_until_success_or_timeout 20 sh -c "docker logs mail | grep 'Quota exceeded (mailbox for user is full)'"
assert_success
# ensure only the first big message and the warn message are present (other messages are rejected: mailbox is full)
run docker exec mail sh -c 'ls /var/mail/otherdomain.tld/quotauser/new/ | wc -l'
_run_in_container sh -c 'ls /var/mail/otherdomain.tld/quotauser/new/ | wc -l'
assert_success
assert_output "2"
run docker exec mail /bin/sh -c "delmailuser -y quotauser@otherdomain.tld"
_run_in_container_bash "delmailuser -y quotauser@otherdomain.tld"
assert_success
}
@ -590,13 +590,13 @@ EOF
# PERMIT_DOCKER mynetworks
#
@test "checking PERMIT_DOCKER: can get container ip" {
run docker exec mail /bin/sh -c "ip addr show eth0 | grep 'inet ' | sed 's/[^0-9\.\/]*//g' | cut -d '/' -f 1 | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}'"
@test "PERMIT_DOCKER: can get container ip" {
_run_in_container_bash "ip addr show eth0 | grep 'inet ' | sed 's/[^0-9\.\/]*//g' | cut -d '/' -f 1 | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}'"
assert_success
}
@test "checking PERMIT_DOCKER: my network value" {
run docker exec mail /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.0\.0/16'"
@test "PERMIT_DOCKER: my network value" {
_run_in_container_bash "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.0\.0/16'"
assert_success
}
@ -604,16 +604,16 @@ EOF
# amavis
#
@test "checking amavis: config overrides" {
run docker exec mail /bin/sh -c "grep 'Test Verification' /etc/amavis/conf.d/50-user | wc -l"
@test "amavis: config overrides" {
_run_in_container_bash "grep 'Test Verification' /etc/amavis/conf.d/50-user | wc -l"
assert_success
assert_output 1
}
# TODO investigate why this test fails
@test "checking user login: predefined user can login" {
@test "user login: predefined user can login" {
skip 'disabled as it fails randomly: https://github.com/docker-mailserver/docker-mailserver/pull/2177'
run docker exec mail /bin/bash -c "doveadm auth test -x service=smtp pass@localhost.localdomain 'may be \\a \`p^a.*ssword' | grep 'passdb'"
_run_in_container_bash "doveadm auth test -x service=smtp pass@localhost.localdomain 'may be \\a \`p^a.*ssword' | grep 'passdb'"
assert_output "passdb: pass@localhost.localdomain auth succeeded"
}
@ -623,20 +623,20 @@ EOF
# postfix
@test "checking dovecot: postmaster address" {
run docker exec mail /bin/sh -c "grep 'postmaster_address = postmaster@example.test' /etc/dovecot/conf.d/15-lda.conf"
@test "dovecot: postmaster address" {
_run_in_container_bash "grep 'postmaster_address = postmaster@example.test' /etc/dovecot/conf.d/15-lda.conf"
assert_success
}
@test "checking spoofing: rejects sender forging" {
# checking rejection of spoofed sender
wait_for_smtp_port_in_container_to_respond mail
run docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-spoofed.txt"
@test "spoofing: rejects sender forging" {
# rejection of spoofed sender
_wait_for_smtp_port_in_container_to_respond
_run_in_container_bash "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-spoofed.txt"
assert_output --partial 'Sender address rejected: not owned by user'
}
@test "checking spoofing: accepts sending as alias" {
run docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-spoofed-alias.txt | grep 'End data with'"
@test "spoofing: accepts sending as alias" {
_run_in_container_bash "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/auth/added-smtp-auth-spoofed-alias.txt | grep 'End data with'"
assert_success
}
@ -644,22 +644,16 @@ EOF
# Pflogsumm delivery check
#
@test "checking pflogsum delivery" {
# checking logrotation working and report being sent
docker exec mail logrotate --force /etc/logrotate.d/maillog
@test "pflogsum delivery" {
# logrotation working and report being sent
_exec_in_container logrotate --force /etc/logrotate.d/maillog
sleep 10
run docker exec mail grep "Subject: Postfix Summary for " /var/mail/localhost.localdomain/user1/new/ -R
_run_in_container grep "Subject: Postfix Summary for " /var/mail/localhost.localdomain/user1/new/ -R
assert_success
# check sender is the one specified in REPORT_SENDER
run docker exec mail grep "From: report1@mail.example.test" /var/mail/localhost.localdomain/user1/new/ -R
_run_in_container grep "From: report1@mail.example.test" /var/mail/localhost.localdomain/user1/new/ -R
assert_success
# check sender is not the default one.
run docker exec mail grep "From: mailserver-report@mail.example.test" /var/mail/localhost.localdomain/user1/new/ -R
_run_in_container grep "From: mailserver-report@mail.example.test" /var/mail/localhost.localdomain/user1/new/ -R
assert_failure
}
#
# supervisor
#