|
|
import os
|
|
|
|
|
|
import pytest
|
|
|
import testinfra.utils.ansible_runner
|
|
|
|
|
|
|
|
|
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
|
|
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('mail-server')
|
|
|
|
|
|
ansible_runner = testinfra.utils.ansible_runner.AnsibleRunner(
|
|
|
os.environ['MOLECULE_INVENTORY_FILE'])
|
|
|
|
|
|
def test_connectivity_from_relay(host):
|
|
|
|
|
|
@pytest.mark.parametrize("server",
|
|
|
ansible_runner.get_hosts('parameters-optional'))
|
|
|
def test_connectivity_from_authorised_relay(host, server):
|
|
|
"""
|
|
|
Tests connectivity towards mail forwarder servers from relay. Connection
|
|
|
towards parameters-mandatory should fail.
|
|
|
Tests connectivity towards mail forwarder servers from authorised
|
|
|
relay.
|
|
|
"""
|
|
|
|
|
|
with host.sudo():
|
|
|
|
|
|
ping = host.run('hping3 -S -p 25 -c 1 parameters-mandatory-stretch64')
|
|
|
assert ping.rc != 0
|
|
|
assert "100% packet loss" in ping.stderr
|
|
|
|
|
|
ping = host.run('hping3 -S -p 25 -c 1 parameters-optional-stretch64')
|
|
|
ping = host.run('hping3 -S -p 25 -c 1 %s' % server)
|
|
|
assert ping.rc == 0
|
|
|
|
|
|
ping = host.run('hping3 -S -p 25 -c 1 parameters-no-incoming-stretch64')
|
|
|
assert "100% packet loss" in ping.stderr
|
|
|
|
|
|
@pytest.mark.parametrize("server",
|
|
|
sorted(
|
|
|
set(ansible_runner.get_hosts('parameters-mandatory')) |
|
|
|
set(ansible_runner.get_hosts('parameters-no-incoming'))))
|
|
|
def test_connectivity_from_unauthorised_relay(host, server):
|
|
|
"""
|
|
|
Tests connectivity towards mail forwarder servers from unauthorised
|
|
|
relay.
|
|
|
"""
|
|
|
|
|
|
with host.sudo():
|
|
|
|
|
|
ping = host.run('hping3 -S -p 25 -c 1 %s' % server)
|
|
|
assert ping.rc != 0
|
|
|
assert "100% packet loss" in ping.stderr
|
|
|
|
|
|
|
|
|
def test_mail_reception_from_relay(host):
|
|
|
@pytest.mark.parametrize("server",
|
|
|
ansible_runner.get_hosts('parameters-optional'))
|
|
|
def test_mail_reception_from_authorised_relay(host, server):
|
|
|
"""
|
|
|
Tests if mails can be sent from relay to servers configured to use the
|
|
|
relay.
|
|
|
"""
|
|
|
|
|
|
send = host.run('swaks --suppress-data --to root@parameters-optional-stretch64 --server parameters-optional-stretch64')
|
|
|
send = host.run('swaks --suppress-data --to root@{server} --server {server}'.format(server=server))
|
|
|
assert send.rc == 0
|
|
|
|
|
|
|
|
|
def test_open_relay(host):
|
|
|
@pytest.mark.parametrize("server",
|
|
|
ansible_runner.get_hosts('parameters-optional'))
|
|
|
def test_open_relay(host, server):
|
|
|
"""
|
|
|
Tests if mail forwarder behaves as open relay.
|
|
|
"""
|
|
|
|
|
|
no_recipients_accepted = 24
|
|
|
no_recipients_accepted_error_code = 24
|
|
|
|
|
|
send = host.run('swaks --suppress-data --to root@client1 --server parameters-optional-stretch64')
|
|
|
assert send.rc == no_recipients_accepted
|
|
|
send = host.run('swaks --suppress-data --to root@client1 --server %s' % server)
|
|
|
assert send.rc == no_recipients_accepted_error_code
|
|
|
assert "Relay access denied" in send.stdout
|