diff --git a/roles/mail_forwarder/molecule/default/molecule.yml b/roles/mail_forwarder/molecule/default/molecule.yml
index d567dabd47b19e11fb35d519134050000a379dee..661a2538032385118de773d3954e8b0cfc675e2a 100644
--- a/roles/mail_forwarder/molecule/default/molecule.yml
+++ b/roles/mail_forwarder/molecule/default/molecule.yml
@@ -27,6 +27,11 @@ platforms:
ip: 192.168.56.11
network_name: private_network
type: static
+ - auto_config: true
+ ip: fd00::192:168:56:11
+ network_name: private_network
+ netmask: 116
+ type: static
- name: client1
groups:
@@ -40,6 +45,11 @@ platforms:
ip: 192.168.56.12
network_name: private_network
type: static
+ - auto_config: true
+ ip: fd00::192:168:56:12
+ network_name: private_network
+ netmask: 116
+ type: static
# Bookworm
@@ -56,6 +66,11 @@ platforms:
ip: 192.168.56.21
network_name: private_network
type: static
+ - auto_config: true
+ ip: fd00::192:168:56:21
+ network_name: private_network
+ netmask: 116
+ type: static
- name: parameters-optional-bookworm
groups:
@@ -68,6 +83,11 @@ platforms:
ip: 192.168.56.22
network_name: private_network
type: static
+ - auto_config: true
+ ip: fd00::192:168:56:22
+ network_name: private_network
+ netmask: 116
+ type: static
- name: parameters-no-incoming-bookworm
groups:
@@ -80,6 +100,11 @@ platforms:
ip: 192.168.56.23
network_name: private_network
type: static
+ - auto_config: true
+ ip: fd00::192:168:56:23
+ network_name: private_network
+ netmask: 116
+ type: static
provisioner:
name: ansible
diff --git a/roles/mail_forwarder/molecule/default/prepare.yml b/roles/mail_forwarder/molecule/default/prepare.yml
index 20a61c1fddb92231e866d25bacb8e7f890520850..73680bc49d87b5cc8f017bc732561eb64d725f1d 100644
--- a/roles/mail_forwarder/molecule/default/prepare.yml
+++ b/roles/mail_forwarder/molecule/default/prepare.yml
@@ -62,6 +62,11 @@
192.168.56.21: "parameters-mandatory-bookworm"
192.168.56.22: "parameters-optional-bookworm"
192.168.56.23: "parameters-no-incoming-bookworm"
+ fd00::192:168:56:11: "mail-server domain1"
+ fd00::192:168:56:12: "client1"
+ fd00::192:168:56:21: "parameters-mandatory-bookworm"
+ fd00::192:168:56:22: "parameters-optional-bookworm"
+ fd00::192:168:56:23: "parameters-no-incoming-bookworm"
- name: Install tools for testing
ansible.builtin.apt:
@@ -157,10 +162,14 @@
name: swaks
state: present
- - name: Set-up port forwarding
+ - name: Set-up port forwarding for IPv4
ansible.builtin.command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport 27 -j REDIRECT --to-ports 25"
changed_when: false
+ - name: Set-up port forwarding for IPv4
+ ansible.builtin.command: "ip6tables -t nat -A PREROUTING -p tcp -m tcp --dport 27 -j REDIRECT --to-ports 25"
+ changed_when: false
+
handlers:
- name: Update CA certificate cache # noqa no-changed-when
diff --git a/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_client.py b/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_client.py
index e6e2920b784120e987516681d15040b24d05bda0..cf53fa086c24e043c37b91467eb20874f2478097 100644
--- a/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_client.py
+++ b/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_client.py
@@ -15,7 +15,8 @@ ansible_runner = testinfra.utils.ansible_runner.AnsibleRunner(
sorted(
set(ansible_runner.get_hosts('all')) -
set(ansible_runner.get_hosts('helper'))))
-def test_connectivity_from_client(host, server):
+@pytest.mark.parametrize('ip_protocol', [4, 6])
+def test_connectivity_from_client(host, server, ip_protocol):
"""
Tests connectivity towards mail forwarder servers from client
(non-relay). Connectivity should fail for both.
@@ -23,6 +24,6 @@ def test_connectivity_from_client(host, server):
with host.sudo():
- scan = host.run('nmap -4 -p 25 -oG - %s', server)
+ scan = host.run('nmap -%s -p 25 -oG - %s', str(ip_protocol), server)
assert scan.rc == 0
assert "Ports: 25/filtered/tcp//smtp/" in scan.stdout
diff --git a/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_relay.py b/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_relay.py
index 9ae7a1cd3aa0879cba807f8f6d308d0935a76497..032737d1b0273a74106e33869f1b55af4c1b6988 100644
--- a/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_relay.py
+++ b/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_relay.py
@@ -13,7 +13,8 @@ ansible_runner = testinfra.utils.ansible_runner.AnsibleRunner(
@pytest.mark.parametrize("server",
ansible_runner.get_hosts('parameters-optional'))
-def test_connectivity_from_authorised_relay(host, server):
+@pytest.mark.parametrize('ip_protocol', [4, 6])
+def test_connectivity_from_authorised_relay(host, server, ip_protocol):
"""
Tests connectivity towards mail forwarder servers from authorised
relay.
@@ -21,7 +22,7 @@ def test_connectivity_from_authorised_relay(host, server):
with host.sudo():
- scan = host.run('nmap -p 25 -oG - %s', server)
+ scan = host.run('nmap -%s -p 25 -oG - %s', str(ip_protocol), server)
assert scan.rc == 0
assert "Ports: 25/open/tcp//smtp/" in scan.stdout
@@ -30,7 +31,8 @@ def test_connectivity_from_authorised_relay(host, server):
sorted(
set(ansible_runner.get_hosts('parameters-mandatory')) |
set(ansible_runner.get_hosts('parameters-no-incoming'))))
-def test_connectivity_from_unauthorised_relay(host, server):
+@pytest.mark.parametrize('ip_protocol', [4, 6])
+def test_connectivity_from_unauthorised_relay(host, server, ip_protocol):
"""
Tests connectivity towards mail forwarder servers from unauthorised
relay.
@@ -38,32 +40,34 @@ def test_connectivity_from_unauthorised_relay(host, server):
with host.sudo():
- scan = host.run('nmap -p 25 -oG - %s', server)
+ scan = host.run('nmap -%s -p 25 -oG - %s', str(ip_protocol), server)
assert scan.rc == 0
assert "Ports: 25/filtered/tcp//smtp/" in scan.stdout
@pytest.mark.parametrize("server",
ansible_runner.get_hosts('parameters-optional'))
-def test_mail_reception_from_authorised_relay(host, server):
+@pytest.mark.parametrize('ip_protocol', [4, 6])
+def test_mail_reception_from_authorised_relay(host, server, ip_protocol):
"""
Tests if mails can be sent from relay to servers configured to use the
relay.
"""
- send = host.run('swaks --suppress-data --to root@{server} --server {server}'.format(server=server))
+ send = host.run('swaks -%s --suppress-data --to root@%s --server %s', str(ip_protocol), server, server)
assert send.rc == 0
@pytest.mark.parametrize("server",
ansible_runner.get_hosts('parameters-optional'))
-def test_open_relay(host, server):
+@pytest.mark.parametrize('ip_protocol', [4, 6])
+def test_open_relay(host, server, ip_protocol):
"""
Tests if mail forwarder behaves as open relay.
"""
no_recipients_accepted_error_code = 24
- send = host.run('swaks --suppress-data --to root@client1 --server %s', server)
+ send = host.run('swaks -%s --suppress-data --to root@client1 --server %s', str(ip_protocol), server)
assert send.rc == no_recipients_accepted_error_code
assert "Relay access denied" in send.stdout
diff --git a/roles/mail_forwarder/molecule/default/tests/test_optional.py b/roles/mail_forwarder/molecule/default/tests/test_optional.py
index 389efe7e15bc6b3e67bfa718cbd3b3f776e5e193..d9426832b72d41d8bd022b143dbdd447d811159d 100644
--- a/roles/mail_forwarder/molecule/default/tests/test_optional.py
+++ b/roles/mail_forwarder/molecule/default/tests/test_optional.py
@@ -45,7 +45,7 @@ def test_local_aliases(host):
"""
hostname = host.run('hostname').stdout.strip()
- send = host.run('swaks --suppress-data --to root@localhost')
+ send = host.run('swaks --suppress-data --to root@localhost --server localhost')
assert send.rc == 0
message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)