From 574a6801030b33ec8e4a59d866f16a08697832d5 Mon Sep 17 00:00:00 2001 From: casperklein Date: Sat, 25 Dec 2021 22:06:31 +0100 Subject: [PATCH 01/12] introduce ENABLE_DNSBL --- docs/content/config/environment.md | 11 ++++++++++- mailserver.env | 6 ++++++ target/scripts/start-mailserver.sh | 2 ++ target/scripts/startup/setup-stack.sh | 6 ++++++ 4 files changed, 24 insertions(+), 1 deletion(-) diff --git a/docs/content/config/environment.md b/docs/content/config/environment.md index 8a6d0f9b639..43bd18cf5ce 100644 --- a/docs/content/config/environment.md +++ b/docs/content/config/environment.md @@ -62,6 +62,15 @@ Amavis content filter (used for ClamAV & SpamAssassin) - 1/2 => Show default informational output - 3/4/5 => log debug information (very verbose) +##### ENABLE_DNSBL + +This enables the [zen.spamhaus.org](https://www.spamhaus.org/zen/) DNS block list. + +Note: Emails will be rejected, if they don't pass the spamhaus check! + +- **0** => DNS block list is disabled +- 1 => DNS block list is enabled + ##### ENABLE_CLAMAV - **0** => Clamav is disabled @@ -352,7 +361,7 @@ Note: this SpamAssassin setting needs `ENABLE_SPAMASSASSIN=1` !!! note "This SpamAssassin setting needs `ENABLE_SPAMASSASSIN=1`" By default, `docker-mailserver` is configured to quarantine spam emails. - + If emails are quarantined, they are compressed and stored in a location dependent on the `ONE_DIR` setting above. To inhibit this behaviour and deliver spam emails, set this to a very high value e.g. `100.0`. If `ONE_DIR=1` (default) the location is `/var/mail-state/lib-amavis/virusmails/`, or if `ONE_DIR=0`: `/var/lib/amavis/virusmails/`. These paths are inside the docker container. diff --git a/mailserver.env b/mailserver.env index a8924aa802b..b795e6996a8 100644 --- a/mailserver.env +++ b/mailserver.env @@ -92,6 +92,12 @@ ENABLE_AMAVIS=1 # 3/4/5 => log debug information (very verbose) AMAVIS_LOGLEVEL=0 +# This enables the zen.spamhaus.org DNS block list. +# Note: Emails will be rejected, if they don't pass the spamhaus check! +# **0** => DNS block list is disabled +# 1 => DNS block list is enabled +ENABLE_DNSBL=0 + # If you enable Fail2Ban, don't forget to add the following lines to your `docker-compose.yml`: # cap_add: # - NET_ADMIN diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh index 9948ff757f6..7aa96f4e9a3 100755 --- a/target/scripts/start-mailserver.sh +++ b/target/scripts/start-mailserver.sh @@ -23,6 +23,7 @@ VARS[DOVECOT_MAILBOX_FORMAT]="${DOVECOT_MAILBOX_FORMAT:=maildir}" VARS[DOVECOT_TLS]="${DOVECOT_TLS:=no}" VARS[ENABLE_AMAVIS]="${ENABLE_AMAVIS:=1}" VARS[ENABLE_CLAMAV]="${ENABLE_CLAMAV:=0}" +VARS[ENABLE_DNSBL]="${ENABLE_DNSBL:=0}" VARS[ENABLE_FAIL2BAN]="${ENABLE_FAIL2BAN:=0}" VARS[ENABLE_FETCHMAIL]="${ENABLE_FETCHMAIL:=0}" VARS[ENABLE_LDAP]="${ENABLE_LDAP:=0}" @@ -109,6 +110,7 @@ function register_functions [[ ${ENABLE_SASLAUTHD} -eq 1 ]] && _register_setup_function '_setup_saslauthd' [[ ${POSTFIX_INET_PROTOCOLS} != 'all' ]] && _register_setup_function '_setup_inet_protocols' [[ ${ENABLE_FAIL2BAN} -eq 1 ]] && _register_setup_function '_setup_fail2ban' + [[ ${ENABLE_DNSBL} -eq 0 ]] && _register_setup_function '_setup_dnsbl_disable' _register_setup_function '_setup_dkim' _register_setup_function '_setup_ssl' diff --git a/target/scripts/startup/setup-stack.sh b/target/scripts/startup/setup-stack.sh index 5ac1263a259..5bdca18c227 100644 --- a/target/scripts/startup/setup-stack.sh +++ b/target/scripts/startup/setup-stack.sh @@ -1511,3 +1511,9 @@ function _setup_fail2ban echo -e "[Init]\nblocktype = DROP" > /etc/fail2ban/action.d/iptables-common.local fi } + +function _setup_dnsbl_disable +{ + _notify 'task' 'Disabling zen.spamhaus.org DNS block list' + sedfile -i '/^smtpd_recipient_restrictions = / s/, reject_rbl_client zen.spamhaus.org//' /etc/postfix/main.cf +} From 446c33a6f81ec3f1ddca32176866bc73c0ae729d Mon Sep 17 00:00:00 2001 From: casperklein Date: Sat, 25 Dec 2021 23:43:36 +0100 Subject: [PATCH 02/12] fix test --- test/mail_with_postgrey.bats | 1 + 1 file changed, 1 insertion(+) diff --git a/test/mail_with_postgrey.bats b/test/mail_with_postgrey.bats index dbc93199de3..5c1eccafcdf 100644 --- a/test/mail_with_postgrey.bats +++ b/test/mail_with_postgrey.bats @@ -19,6 +19,7 @@ function setup_file() { -e POSTGREY_MAX_AGE=35 \ -e POSTGREY_AUTO_WHITELIST_CLIENTS=5 \ -e POSTGREY_TEXT="Delayed by Postgrey" \ + -e ENABLE_DNSBL=1 \ -e DMS_DEBUG=0 \ -h mail.my-domain.com -t "${NAME}" # using postfix availability as start indicator, this might be insufficient for postgrey From b3e1fc0dbb04cd5eb945f50ce776d44fbf3f2de6 Mon Sep 17 00:00:00 2001 From: casperklein Date: Wed, 29 Dec 2021 23:41:55 +0100 Subject: [PATCH 03/12] postscreen --- docs/content/config/environment.md | 10 ++++++---- mailserver.env | 9 +++++---- target/scripts/startup/setup-stack.sh | 4 ++++ 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/docs/content/config/environment.md b/docs/content/config/environment.md index 43bd18cf5ce..cea4ee3ff4b 100644 --- a/docs/content/config/environment.md +++ b/docs/content/config/environment.md @@ -64,9 +64,10 @@ Amavis content filter (used for ClamAV & SpamAssassin) ##### ENABLE_DNSBL -This enables the [zen.spamhaus.org](https://www.spamhaus.org/zen/) DNS block list. +This enables the [zen.spamhaus.org](https://www.spamhaus.org/zen/) DNS block list in postfix +and various [lists](https://github.com/docker-mailserver/docker-mailserver/blob/f7465a50888eef909dbfc01aff4202b9c7d8bc00/target/postfix/main.cf#L58-L66) in postscreen. -Note: Emails will be rejected, if they don't pass the spamhaus check! +Note: Emails will be rejected, if they don't pass the block list checks! - **0** => DNS block list is disabled - 1 => DNS block list is enabled @@ -115,8 +116,8 @@ In the majority of cases, you want `letsencrypt` or `manual`. - **empty** => SSL disabled. - letsencrypt => Support for using certificates with _Let's Encrypt_ provisioners. (Docs: [_Let's Encrypt_ Setup][docs-tls-letsencrypt]) - manual => Provide your own certificate via separate key and cert files. (Docs: [Bring Your Own Certificates][docs-tls-manual]) - - Requires: `SSL_CERT_PATH` and `SSL_KEY_PATH` ENV vars to be set to the location of the files within the container. - - Optional: `SSL_ALT_CERT_PATH` and `SSL_ALT_KEY_PATH` allow providing a 2nd certificate as a fallback for dual (aka hybrid) certificate support. Useful for ECDSA with an RSA fallback. _Presently only `manual` mode supports this feature_. + - Requires: `SSL_CERT_PATH` and `SSL_KEY_PATH` ENV vars to be set to the location of the files within the container. + - Optional: `SSL_ALT_CERT_PATH` and `SSL_ALT_KEY_PATH` allow providing a 2nd certificate as a fallback for dual (aka hybrid) certificate support. Useful for ECDSA with an RSA fallback. _Presently only `manual` mode supports this feature_. - custom => Provide your own certificate as a single file containing both the private key and full certificate chain. (Docs: `None`) - self-signed => Provide your own self-signed certificate files. Expects a self-signed CA cert for verification. **Use only for local testing of your setup**. (Docs: [Self-Signed Certificates][docs-tls-selfsigned]) @@ -492,6 +493,7 @@ The following variables overwrite the default values for ```/etc/dovecot/dovecot - => Bind dn for LDAP connection. (e.g. `cn=admin,dc=domain,dc=com`) ##### DOVECOT_DNPASS + - **empty** => same as `LDAP_BIND_PW` - => Password for LDAP dn sepecifified in `DOVECOT_DN`. diff --git a/mailserver.env b/mailserver.env index b795e6996a8..eca09380e01 100644 --- a/mailserver.env +++ b/mailserver.env @@ -92,10 +92,11 @@ ENABLE_AMAVIS=1 # 3/4/5 => log debug information (very verbose) AMAVIS_LOGLEVEL=0 -# This enables the zen.spamhaus.org DNS block list. -# Note: Emails will be rejected, if they don't pass the spamhaus check! -# **0** => DNS block list is disabled -# 1 => DNS block list is enabled +# This enables the [zen.spamhaus.org](https://www.spamhaus.org/zen/) DNS block list in postfix +# and various [lists](https://github.com/docker-mailserver/docker-mailserver/blob/f7465a50888eef909dbfc01aff4202b9c7d8bc00/target/postfix/main.cf#L58-L66) in postscreen. +# Note: Emails will be rejected, if they don't pass the block list checks! +# **0** => DNS block lists are disabled +# 1 => DNS block lists are enabled ENABLE_DNSBL=0 # If you enable Fail2Ban, don't forget to add the following lines to your `docker-compose.yml`: diff --git a/target/scripts/startup/setup-stack.sh b/target/scripts/startup/setup-stack.sh index 28f9114dc23..c439237da37 100644 --- a/target/scripts/startup/setup-stack.sh +++ b/target/scripts/startup/setup-stack.sh @@ -1517,4 +1517,8 @@ function _setup_dnsbl_disable { _notify 'task' 'Disabling zen.spamhaus.org DNS block list' sedfile -i '/^smtpd_recipient_restrictions = / s/, reject_rbl_client zen.spamhaus.org//' /etc/postfix/main.cf + + _notify 'task' 'Disabling postscreen DNS block lists' + postconf -e "postscreen_dnsbl_action = ignore" + postconf -e "postscreen_dnsbl_sites = " } From 1feda0a63c374745d746ba9149aca5fb87782cf8 Mon Sep 17 00:00:00 2001 From: casperklein Date: Thu, 30 Dec 2021 02:25:38 +0100 Subject: [PATCH 04/12] fix typo --- docs/content/config/environment.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/content/config/environment.md b/docs/content/config/environment.md index cea4ee3ff4b..632bfc96381 100644 --- a/docs/content/config/environment.md +++ b/docs/content/config/environment.md @@ -69,8 +69,8 @@ and various [lists](https://github.com/docker-mailserver/docker-mailserver/blob/ Note: Emails will be rejected, if they don't pass the block list checks! -- **0** => DNS block list is disabled -- 1 => DNS block list is enabled +- **0** => DNS block lists are disabled +- 1 => DNS block lists are enabled ##### ENABLE_CLAMAV From c8e1def988c1450ecfadda799afb650d6622d086 Mon Sep 17 00:00:00 2001 From: casperklein Date: Thu, 30 Dec 2021 11:34:59 +0100 Subject: [PATCH 05/12] wording --- target/scripts/startup/setup-stack.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/scripts/startup/setup-stack.sh b/target/scripts/startup/setup-stack.sh index c439237da37..c8fad3fafed 100644 --- a/target/scripts/startup/setup-stack.sh +++ b/target/scripts/startup/setup-stack.sh @@ -1515,7 +1515,7 @@ function _setup_fail2ban function _setup_dnsbl_disable { - _notify 'task' 'Disabling zen.spamhaus.org DNS block list' + _notify 'task' 'Disabling postfix DNS block list (zen.spamhaus.org)' sedfile -i '/^smtpd_recipient_restrictions = / s/, reject_rbl_client zen.spamhaus.org//' /etc/postfix/main.cf _notify 'task' 'Disabling postscreen DNS block lists' From c1c3accd5e13ce0c5cc3259b6251046d7f7769eb Mon Sep 17 00:00:00 2001 From: casperklein Date: Thu, 30 Dec 2021 16:15:28 +0100 Subject: [PATCH 06/12] tests added --- test/mail_dnsbl.bats | 77 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 test/mail_dnsbl.bats diff --git a/test/mail_dnsbl.bats b/test/mail_dnsbl.bats new file mode 100644 index 00000000000..8b4b5ae5f7c --- /dev/null +++ b/test/mail_dnsbl.bats @@ -0,0 +1,77 @@ +load 'test_helper/common' + +function setup() { + run_setup_file_if_necessary +} + +function setup_file() { + local PRIVATE_CONFIG="$(duplicate_config_for_container . ${CONTAINER})" + local CONTAINER="mail_dnsbl_enabled" + local CONTAINER2="mail_dnsbl_disabled" + + docker run --rm -d --name ${CONTAINER} \ + -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ + -e ENABLE_DNSBL=1 \ + -h mail.my-domain.com \ + -t "${NAME}" + + docker run --rm -d --name ${CONTAINER2} \ + -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ + -e ENABLE_DNSBL=0 \ + -h mail.my-domain.com \ + -t "${NAME}" + + wait_for_smtp_port_in_container ${CONTAINER} + wait_for_smtp_port_in_container ${CONTAINER2} +} + +@test "first" { + skip 'only used to call setup_file from setup' +} + +# ENABLE_DNSBL=1 +@test "checking enabled postfix DNS block list zen.spamhaus.org" { + run docker exec mail_dnsbl_enabled postconf smtpd_recipient_restrictions + assert_output --partial 'reject_rbl_client zen.spamhaus.org' +} + +@test "checking enabled postscreen DNS block lists --> postscreen_dnsbl_action" { + run docker exec mail_dnsbl_enabled postconf postscreen_dnsbl_action + assert_output 'postscreen_dnsbl_action = enforce' +} + +@test "checking enabled postscreen DNS block lists --> postscreen_dnsbl_sites" { + run docker exec mail_dnsbl_enabled postconf postscreen_dnsbl_sites + assert_output 'postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net b.barracudacentral.org*2 bl.spameatingmonkey.net dnsbl.sorbs.net psbl.surriel.com list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].[2..3]*-4' +} + +# ENABLE_DNSBL=0 +@test "checking disabled postfix DNS block list zen.spamhaus.org" { + run docker exec mail_dnsbl_disabled postconf smtpd_recipient_restrictions + refute_output --partial 'reject_rbl_client zen.spamhaus.org' +} + +@test "checking disabled postscreen DNS block lists --> postscreen_dnsbl_action" { + run docker exec mail_dnsbl_disabled postconf postscreen_dnsbl_action + assert_output 'postscreen_dnsbl_action = ignore' +} + +@test "checking disabled postscreen DNS block lists --> postscreen_dnsbl_sites" { + run docker exec mail_dnsbl_disabled postconf postscreen_dnsbl_sites + assert_output 'postscreen_dnsbl_sites =' +} + +# cleanup +@test "checking that the container stops cleanly: mail_dnsbl_enabled" { + run docker stop -t 0 mail_dnsbl_enabled + assert_success +} + +@test "checking that the container stops cleanly: mail_dnsbl_disabled" { + run docker stop -t 0 mail_dnsbl_disabled + assert_success +} + +@test "last" { + skip 'only used to call teardown_file from teardown' +} From cc6bf6d0d3e4b231ec9e63ca8d1043a0358d309c Mon Sep 17 00:00:00 2001 From: casperklein Date: Thu, 30 Dec 2021 16:18:11 +0100 Subject: [PATCH 07/12] satisfy lint --- test/mail_dnsbl.bats | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/test/mail_dnsbl.bats b/test/mail_dnsbl.bats index 8b4b5ae5f7c..08bf6c4316c 100644 --- a/test/mail_dnsbl.bats +++ b/test/mail_dnsbl.bats @@ -5,9 +5,10 @@ function setup() { } function setup_file() { - local PRIVATE_CONFIG="$(duplicate_config_for_container . ${CONTAINER})" - local CONTAINER="mail_dnsbl_enabled" - local CONTAINER2="mail_dnsbl_disabled" + local PRIVATE_CONFIG CONTAINER CONTAINER2 + PRIVATE_CONFIG="$(duplicate_config_for_container . ${CONTAINER})" + CONTAINER="mail_dnsbl_enabled" + CONTAINER2="mail_dnsbl_disabled" docker run --rm -d --name ${CONTAINER} \ -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ @@ -21,8 +22,8 @@ function setup_file() { -h mail.my-domain.com \ -t "${NAME}" - wait_for_smtp_port_in_container ${CONTAINER} - wait_for_smtp_port_in_container ${CONTAINER2} + wait_for_smtp_port_in_container "${CONTAINER}" + wait_for_smtp_port_in_container "${CONTAINER2}" } @test "first" { From f9db353830ee99d604b105cd319579f4aaae0573 Mon Sep 17 00:00:00 2001 From: casperklein Date: Thu, 30 Dec 2021 16:22:04 +0100 Subject: [PATCH 08/12] lint again --- test/mail_dnsbl.bats | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/mail_dnsbl.bats b/test/mail_dnsbl.bats index 08bf6c4316c..69b42f36f43 100644 --- a/test/mail_dnsbl.bats +++ b/test/mail_dnsbl.bats @@ -6,17 +6,17 @@ function setup() { function setup_file() { local PRIVATE_CONFIG CONTAINER CONTAINER2 - PRIVATE_CONFIG="$(duplicate_config_for_container . ${CONTAINER})" + PRIVATE_CONFIG="$(duplicate_config_for_container . "${CONTAINER}")" CONTAINER="mail_dnsbl_enabled" CONTAINER2="mail_dnsbl_disabled" - docker run --rm -d --name ${CONTAINER} \ + docker run --rm -d --name "${CONTAINER}" \ -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ -e ENABLE_DNSBL=1 \ -h mail.my-domain.com \ -t "${NAME}" - docker run --rm -d --name ${CONTAINER2} \ + docker run --rm -d --name "${CONTAINER2}" \ -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ -e ENABLE_DNSBL=0 \ -h mail.my-domain.com \ From f378f3c4370fba4811d9d5ed1d1d1e540562c981 Mon Sep 17 00:00:00 2001 From: casperklein Date: Thu, 30 Dec 2021 21:11:40 +0100 Subject: [PATCH 09/12] tests simplified --- test/mail_dnsbl.bats | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/test/mail_dnsbl.bats b/test/mail_dnsbl.bats index 69b42f36f43..15718e78e9d 100644 --- a/test/mail_dnsbl.bats +++ b/test/mail_dnsbl.bats @@ -26,10 +26,6 @@ function setup_file() { wait_for_smtp_port_in_container "${CONTAINER2}" } -@test "first" { - skip 'only used to call setup_file from setup' -} - # ENABLE_DNSBL=1 @test "checking enabled postfix DNS block list zen.spamhaus.org" { run docker exec mail_dnsbl_enabled postconf smtpd_recipient_restrictions @@ -63,16 +59,6 @@ function setup_file() { } # cleanup -@test "checking that the container stops cleanly: mail_dnsbl_enabled" { - run docker stop -t 0 mail_dnsbl_enabled - assert_success -} - -@test "checking that the container stops cleanly: mail_dnsbl_disabled" { - run docker stop -t 0 mail_dnsbl_disabled - assert_success -} - -@test "last" { - skip 'only used to call teardown_file from teardown' +function teardown() { + docker rm -f mail_dnsbl_enabled mail_dnsbl_disabled } From 88742aa02de62d1304e221f8619b13dda63fee1f Mon Sep 17 00:00:00 2001 From: casperklein Date: Fri, 31 Dec 2021 00:51:44 +0100 Subject: [PATCH 10/12] use correct teardown function --- test/mail_dnsbl.bats | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/test/mail_dnsbl.bats b/test/mail_dnsbl.bats index 15718e78e9d..3f92875f4ad 100644 --- a/test/mail_dnsbl.bats +++ b/test/mail_dnsbl.bats @@ -1,9 +1,5 @@ load 'test_helper/common' -function setup() { - run_setup_file_if_necessary -} - function setup_file() { local PRIVATE_CONFIG CONTAINER CONTAINER2 PRIVATE_CONFIG="$(duplicate_config_for_container . "${CONTAINER}")" @@ -59,6 +55,6 @@ function setup_file() { } # cleanup -function teardown() { +function teardown_file() { docker rm -f mail_dnsbl_enabled mail_dnsbl_disabled } From e468391232ae841bcf48d678a8f251fc6c5c4a11 Mon Sep 17 00:00:00 2001 From: casperklein Date: Fri, 31 Dec 2021 00:57:28 +0100 Subject: [PATCH 11/12] unsatisfy markdownlint --- docs/content/config/environment.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/content/config/environment.md b/docs/content/config/environment.md index 632bfc96381..fca6c91258b 100644 --- a/docs/content/config/environment.md +++ b/docs/content/config/environment.md @@ -116,8 +116,8 @@ In the majority of cases, you want `letsencrypt` or `manual`. - **empty** => SSL disabled. - letsencrypt => Support for using certificates with _Let's Encrypt_ provisioners. (Docs: [_Let's Encrypt_ Setup][docs-tls-letsencrypt]) - manual => Provide your own certificate via separate key and cert files. (Docs: [Bring Your Own Certificates][docs-tls-manual]) - - Requires: `SSL_CERT_PATH` and `SSL_KEY_PATH` ENV vars to be set to the location of the files within the container. - - Optional: `SSL_ALT_CERT_PATH` and `SSL_ALT_KEY_PATH` allow providing a 2nd certificate as a fallback for dual (aka hybrid) certificate support. Useful for ECDSA with an RSA fallback. _Presently only `manual` mode supports this feature_. + - Requires: `SSL_CERT_PATH` and `SSL_KEY_PATH` ENV vars to be set to the location of the files within the container. + - Optional: `SSL_ALT_CERT_PATH` and `SSL_ALT_KEY_PATH` allow providing a 2nd certificate as a fallback for dual (aka hybrid) certificate support. Useful for ECDSA with an RSA fallback. _Presently only `manual` mode supports this feature_. - custom => Provide your own certificate as a single file containing both the private key and full certificate chain. (Docs: `None`) - self-signed => Provide your own self-signed certificate files. Expects a self-signed CA cert for verification. **Use only for local testing of your setup**. (Docs: [Self-Signed Certificates][docs-tls-selfsigned]) From 620bf6f774e396a97a3553880eaf41933e4a5377 Mon Sep 17 00:00:00 2001 From: casperklein Date: Fri, 31 Dec 2021 17:07:14 +0100 Subject: [PATCH 12/12] final test fix :-D --- test/mail_dnsbl.bats | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/test/mail_dnsbl.bats b/test/mail_dnsbl.bats index 3f92875f4ad..08d6ad515c0 100644 --- a/test/mail_dnsbl.bats +++ b/test/mail_dnsbl.bats @@ -1,10 +1,11 @@ load 'test_helper/common' +CONTAINER="mail_dnsbl_enabled" +CONTAINER2="mail_dnsbl_disabled" + function setup_file() { - local PRIVATE_CONFIG CONTAINER CONTAINER2 + local PRIVATE_CONFIG PRIVATE_CONFIG="$(duplicate_config_for_container . "${CONTAINER}")" - CONTAINER="mail_dnsbl_enabled" - CONTAINER2="mail_dnsbl_disabled" docker run --rm -d --name "${CONTAINER}" \ -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ @@ -24,37 +25,37 @@ function setup_file() { # ENABLE_DNSBL=1 @test "checking enabled postfix DNS block list zen.spamhaus.org" { - run docker exec mail_dnsbl_enabled postconf smtpd_recipient_restrictions + run docker exec "${CONTAINER}" postconf smtpd_recipient_restrictions assert_output --partial 'reject_rbl_client zen.spamhaus.org' } @test "checking enabled postscreen DNS block lists --> postscreen_dnsbl_action" { - run docker exec mail_dnsbl_enabled postconf postscreen_dnsbl_action + run docker exec "${CONTAINER}" postconf postscreen_dnsbl_action assert_output 'postscreen_dnsbl_action = enforce' } @test "checking enabled postscreen DNS block lists --> postscreen_dnsbl_sites" { - run docker exec mail_dnsbl_enabled postconf postscreen_dnsbl_sites + run docker exec "${CONTAINER}" postconf postscreen_dnsbl_sites assert_output 'postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net b.barracudacentral.org*2 bl.spameatingmonkey.net dnsbl.sorbs.net psbl.surriel.com list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].[2..3]*-4' } # ENABLE_DNSBL=0 @test "checking disabled postfix DNS block list zen.spamhaus.org" { - run docker exec mail_dnsbl_disabled postconf smtpd_recipient_restrictions + run docker exec "${CONTAINER2}" postconf smtpd_recipient_restrictions refute_output --partial 'reject_rbl_client zen.spamhaus.org' } @test "checking disabled postscreen DNS block lists --> postscreen_dnsbl_action" { - run docker exec mail_dnsbl_disabled postconf postscreen_dnsbl_action + run docker exec "${CONTAINER2}" postconf postscreen_dnsbl_action assert_output 'postscreen_dnsbl_action = ignore' } @test "checking disabled postscreen DNS block lists --> postscreen_dnsbl_sites" { - run docker exec mail_dnsbl_disabled postconf postscreen_dnsbl_sites + run docker exec "${CONTAINER2}" postconf postscreen_dnsbl_sites assert_output 'postscreen_dnsbl_sites =' } # cleanup function teardown_file() { - docker rm -f mail_dnsbl_enabled mail_dnsbl_disabled + docker rm -f "${CONTAINER}" "${CONTAINER2}" }