docker/docker-mailserver
1
0
Fork 0
mirror of https://github.com/tomav/docker-mailserver.git synced 2024-07-16 20:58:14 +02:00
Code Issues Releases Wiki Activity
0bbec09529
docker-mailserver/test/tests/parallel/set1/spam_virus/postscreen.bats
Brennan Kinney 0bbec09529 refactor: Parallel Tests 
- `disabled_clamav_spamassassin`:
  - Just shuffling the test order around, and removing the restart test at the end which doesn't make sense.

- `postscreen`:
  - Now uses common helper for getting container IP
  - Does not appear to need the `NET_ADMIN` capability?
  - Reduced startup time for the 2nd container + additional context about it's relevance.
  - Test cases are largely the same, but refactored the `nc` alternative that properly waits it's turn. This only needs to run once. Added additional commentary and made into a generic method if needed in other tests.

- `fail2ban`:
  - Use the common container IP helper method.
  - Postscreen isn't affecting this test, it's not required to do the much slower exchange with the mail server when sending a login failure.
  - IP being passed into ENV is no longer necessary.
  - `sleep 5` in the related test cases doesn't seem necessary, can better rely on polling with timeout.
  - `sleep 10` for `setup.sh` also doesn't appear to be necessary.

- `postgrey`:
  - Reduced POSTGREY_DELAY to 3, which shaves a fair amount of wasted time while still verifying the delay works.
  - One of the checks in `main.cf` doesn't seem to need to know about the earlier spamhaus portion of the line to work, removed.
  - Better test case descriptions.
  - Improved log matching via standard method that better documents the expected triplet under test.
  - Removed a redundant whitelist file and test that didn't seem to have any relevance. Added a TODO with additional notes about a concern with these tests.
  - Reduced test time as 8 second timeouts from `-w 8` don't appear to be required, better to poll with grep instead.
  - Replaced `wc -l` commands with a new method to assert expected line count, better enabling assertions on the actual output.

- `undef_spam_subject`:
  - Split to two separate test cases, and initialize each container in their case instead of `setup_file()`, allowing for using the default `teardown()` method (and slight benefit if running in parallel).

- `permit_docker`:
  - Not a parallel test, but I realized that the repeat helper methods don't necessarily play well with `run` as the command (can cause false positive of what was successful).
2023-01-06 16:50:09 +13:00

83 lines
2.9 KiB
Bash
Raw Blame History

load "${REPOSITORY_ROOT}/test/helper/setup"
load "${REPOSITORY_ROOT}/test/helper/common"
TEST_NAME_PREFIX='Postscreen:'
CONTAINER1_NAME='dms-test_postscreen_enforce'
CONTAINER2_NAME='dms-test_postscreen_sender'
function setup() {
CONTAINER1_IP=$(get_container_ip ${CONTAINER1_NAME})
}
function setup_file() {
export CONTAINER_NAME
CONTAINER_NAME=${CONTAINER1_NAME}
local CUSTOM_SETUP_ARGUMENTS=(
--env POSTSCREEN_ACTION=enforce
)
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
# A standard DMS instance to send mail from:
# NOTE: None of DMS is actually used for this (just bash + nc).
CONTAINER_NAME=${CONTAINER2_NAME}
init_with_defaults
# No need to wait for DMS to be ready for this container:
common_container_create
run docker start "${CONTAINER_NAME}"
assert_success
# Set default implicit container fallback for helpers:
CONTAINER_NAME=${CONTAINER1_NAME}
}
function teardown_file() {
docker rm -f "${CONTAINER1_NAME}" "${CONTAINER2_NAME}"
}
@test "${TEST_NAME_PREFIX} should fail login when talking out of turn" {
_run_in_container_explicit "${CONTAINER2_NAME}" bash -c "nc ${CONTAINER1_IP} 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login.txt"
assert_success
assert_output --partial '502 5.5.2 Error: command not recognized'
# Expected postscreen log entry:
_run_in_container cat /var/log/mail/mail.log
assert_output --partial 'COMMAND PIPELINING'
}
@test "${TEST_NAME_PREFIX} should successfully login (respecting postscreen_greet_wait time)" {
# NOTE: Sometimes fails on first attempt (trying too soon?),
# Instead of a `run` + asserting partial, Using repeat + internal grep match:
repeat_until_success_or_timeout 10 _should_wait_turn_speaking_smtp \
"${CONTAINER2_NAME}" \
"${CONTAINER1_IP}" \
'/tmp/docker-mailserver-test/auth/smtp-auth-login.txt' \
'Authentication successful'
# Expected postscreen log entry:
_run_in_container cat /var/log/mail/mail.log
assert_output --partial 'PASS NEW'
}
# When postscreen is active, it prevents the usual method of piping a file through nc:
# (Won't work: _run_in_container_explicit "${CLIENT_CONTAINER_NAME}" bash -c "nc ${TARGET_CONTAINER_IP} 25 < ${SMTP_TEMPLATE}")
# The below workaround respects `postscreen_greet_wait` time (default 6 sec), talking to the mail-server in turn:
# https://www.postfix.org/postconf.5.html#postscreen_greet_wait
function _should_wait_turn_speaking_smtp() {
local CLIENT_CONTAINER_NAME=$1
local TARGET_CONTAINER_IP=$2
local SMTP_TEMPLATE=$3
local EXPECTED=$4
local UGLY_WORKAROUND='exec 3<>/dev/tcp/'"${TARGET_CONTAINER_IP}"'/25 && \
while IFS= read -r cmd; do \
head -1 <&3; \
[[ ${cmd} == "EHLO"* ]] && sleep 6; \
echo ${cmd} >&3; \
done < '"${SMTP_TEMPLATE}"
docker exec "${CLIENT_CONTAINER_NAME}" bash -c "${UGLY_WORKAROUND}" | grep "${EXPECTED}"
}
Reference in New Issue View Git Blame Copy Permalink