From f07a9ba85266f9c3011cafe45011a7d9f45f9b7e Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Tue, 12 Jan 2016 01:02:47 +0100 Subject: [PATCH] Fix for #44 and #47, also enabling plain and login mechs. --- .gitignore | 1 - Dockerfile | 2 +- Makefile | 2 +- postfix/main.cf | 2 +- postfix/master.cf | 2 +- postfix/sasl/smtpd.conf | 5 +++-- start-mailserver.sh | 1 + test/test.sh | 4 ++++ 8 files changed, 12 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index 319c0355..1ad63838 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,4 @@ .DS_Store docker-compose.yml postfix/ssl/* -assert.sh* letsencrypt/ diff --git a/Dockerfile b/Dockerfile index 6f94a855..5f53147d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ RUN apt-get autoclean && rm -rf /var/lib/apt/lists/* # Configures Saslauthd RUN rm -rf /var/run/saslauthd && ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd RUN adduser postfix sasl -RUN echo 'NAME="saslauthd"\nSTART=yes\nMECHANISMS="sasldb"\nTHREADS=0\nPWDIR=/var/spool/postfix/var/run/saslauthd\nPIDFILE="${PWDIR}/saslauthd.pid"\nOPTIONS="-n 0 -r -m /var/spool/postfix/var/run/saslauthd"' > /etc/default/saslauthd +RUN echo 'NAME="saslauthd"\nSTART=yes\nMECHANISMS="sasldb"\nTHREADS=0\nPWDIR=/var/spool/postfix/var/run/saslauthd\nPIDFILE="${PWDIR}/saslauthd.pid"\nOPTIONS="-n 0 -c -m /var/spool/postfix/var/run/saslauthd"' > /etc/default/saslauthd # Configures Courier RUN sed -i -r 's/daemons=5/daemons=1/g' /etc/courier/authdaemonrc diff --git a/Makefile b/Makefile index e049fd92..a019057e 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ run: cp test/virtual postfix/ # Run container docker run -d --name mail -v "`pwd`/postfix":/tmp/postfix -v "`pwd`/spamassassin":/tmp/spamassassin -v "`pwd`/test":/tmp/test -h mail.my-domain.com -t $(NAME):$(VERSION) - sleep 15 + sleep 25 prepare: # Reinitialize logs diff --git a/postfix/main.cf b/postfix/main.cf index b4114b1f..32ba810e 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -43,7 +43,7 @@ smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA smtpd_sasl_auth_enable = yes smtpd_sasl_path = smtpd smtpd_sasl_type = cyrus -smtpd_sasl_security_options = noanonymous, noplaintext +smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname cyrus_sasl_config_path = /etc/postfix/sasl broken_sasl_auth_clients = yes diff --git a/postfix/master.cf b/postfix/master.cf index c782b3da..8804f632 100644 --- a/postfix/master.cf +++ b/postfix/master.cf @@ -73,7 +73,7 @@ smtp-amavis unix - - - - 2 smtp -o disable_dns_lookups=yes -o max_use=20 -127.0.0.1:10025 inet n - - - - smtpd +127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= diff --git a/postfix/sasl/smtpd.conf b/postfix/sasl/smtpd.conf index 75293ec9..f02eb91d 100644 --- a/postfix/sasl/smtpd.conf +++ b/postfix/sasl/smtpd.conf @@ -1,3 +1,4 @@ pwcheck_method: auxprop -mech_list: digest-md5 cram-md5 -log_level: 7 \ No newline at end of file +auxprop_plugin: sasldb +mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 +log_level: 7 diff --git a/start-mailserver.sh b/start-mailserver.sh index ce82eb33..117ce5c8 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -102,6 +102,7 @@ esac echo "Fixing permissions" chown -R 5000:5000 /var/mail mkdir -p /var/log/clamav && chown -R clamav:root /var/log/clamav +chown postfix.sasl /etc/sasldb2 echo "Creating /etc/mailname" echo $(hostname -d) > /etc/mailname diff --git a/test/test.sh b/test/test.sh index 43bce4f1..13a648ee 100644 --- a/test/test.sh +++ b/test/test.sh @@ -14,6 +14,10 @@ assert_raises "docker exec mail ps aux --forest | grep '/usr/sbin/amavisd-new'" assert_raises "docker exec mail nc -w 1 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'Courier-IMAP ready'" 0 assert_raises "docker exec mail /bin/sh -c 'nc -w 1 0.0.0.0 143 < /tmp/test/email-templates/test-imap.txt'" 0 +# Testing SASL +assert_raises "docker exec mail testsaslauthd -u user2 -r otherdomain.tld -p mypassword | grep 'OK \"Success.\"'" 0 +assert_raises "docker exec mail testsaslauthd -u user2 -r otherdomain.tld -p BADPASSWORD | grep 'NO \"authentication failed\"'" 0 + # Testing user creation assert "docker exec mail sasldblistusers2" "user1@localhost.localdomain: userPassword\nuser2@otherdomain.tld: userPassword" assert "docker exec mail ls -A /var/mail/localhost.localdomain/user1" "cur\nnew\ntmp"