Files
@ c063f27000b9
Branch filter:
Location: majic-ansible-roles/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_relay.py - annotation
c063f27000b9
2.0 KiB
text/x-python
MAR-175: Mail server should be opportunistic in using TLS when delivering mail to remove servers:
- Previously the mail server would only deliver mails over plaintext.
- Deploy a simple SMTP server on both client1/client2
machines. Servers are set-up to require/refuse the STARTTLS over
SMTP.
- Added tests for checking if STARTTLS is used when available for mail
delivery.
- Fixed the wrong configurtion (making sure the TLS security level is
properly set for Postfix).
- Previously the mail server would only deliver mails over plaintext.
- Deploy a simple SMTP server on both client1/client2
machines. Servers are set-up to require/refuse the STARTTLS over
SMTP.
- Added tests for checking if STARTTLS is used when available for mail
delivery.
- Fixed the wrong configurtion (making sure the TLS security level is
properly set for Postfix).
13982172ed2e 13982172ed2e 372e9ba1763f fb5e4e372902 fb5e4e372902 fb5e4e372902 fb5e4e372902 d62b3adec462 fb5e4e372902 372e9ba1763f 372e9ba1763f fb5e4e372902 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f fb5e4e372902 372e9ba1763f 372e9ba1763f fb5e4e372902 fb5e4e372902 fb5e4e372902 fb5e4e372902 372e9ba1763f fb5e4e372902 fb5e4e372902 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f fb5e4e372902 372e9ba1763f fb5e4e372902 fb5e4e372902 372e9ba1763f 372e9ba1763f 372e9ba1763f fb5e4e372902 fb5e4e372902 fb5e4e372902 fb5e4e372902 fb5e4e372902 372e9ba1763f fb5e4e372902 fb5e4e372902 fb5e4e372902 372e9ba1763f 372e9ba1763f 372e9ba1763f fb5e4e372902 fb5e4e372902 fb5e4e372902 fb5e4e372902 372e9ba1763f fb5e4e372902 372e9ba1763f 372e9ba1763f fb5e4e372902 | import os
import pytest
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('mail-server')
ansible_runner = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE'])
@pytest.mark.parametrize("server",
ansible_runner.get_hosts('parameters-optional'))
def test_connectivity_from_authorised_relay(host, server):
"""
Tests connectivity towards mail forwarder servers from authorised
relay.
"""
with host.sudo():
ping = host.run('hping3 -S -p 25 -c 1 %s' % server)
assert ping.rc == 0
@pytest.mark.parametrize("server",
sorted(
set(ansible_runner.get_hosts('parameters-mandatory')) |
set(ansible_runner.get_hosts('parameters-no-incoming'))))
def test_connectivity_from_unauthorised_relay(host, server):
"""
Tests connectivity towards mail forwarder servers from unauthorised
relay.
"""
with host.sudo():
ping = host.run('hping3 -S -p 25 -c 1 %s' % server)
assert ping.rc != 0
assert "100% packet loss" in ping.stderr
@pytest.mark.parametrize("server",
ansible_runner.get_hosts('parameters-optional'))
def test_mail_reception_from_authorised_relay(host, server):
"""
Tests if mails can be sent from relay to servers configured to use the
relay.
"""
send = host.run('swaks --suppress-data --to root@{server} --server {server}'.format(server=server))
assert send.rc == 0
@pytest.mark.parametrize("server",
ansible_runner.get_hosts('parameters-optional'))
def test_open_relay(host, server):
"""
Tests if mail forwarder behaves as open relay.
"""
no_recipients_accepted_error_code = 24
send = host.run('swaks --suppress-data --to root@client1 --server %s' % server)
assert send.rc == no_recipients_accepted_error_code
assert "Relay access denied" in send.stdout
|