diff --git a/roles/mail_forwarder/tests/test_optional.py b/roles/mail_forwarder/tests/test_optional.py new file mode 100644 index 0000000000000000000000000000000000000000..5e9cb7db158c1bac841ebfc8979c582826d46aa1 --- /dev/null +++ b/roles/mail_forwarder/tests/test_optional.py @@ -0,0 +1,112 @@ +import re + + +import testinfra.utils.ansible_runner + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + '.molecule/ansible_inventory').get_hosts('parameters-optional') + + +def test_smtp_relay_truststore_file(File): + """ + Tests if SMTP relay truststore has correct content. + """ + + truststore = File('/etc/ssl/certs/smtp_relay_truststore.pem') + + assert truststore.content == open("tests/data/x509/ca.cert.pem", "r").read().rstrip() + + +def test_smtp_mailname(File): + """ + Tests if SMTP mailname has been configured correctly. + """ + + mailname = File('/etc/mailname') + + assert mailname.content == "parameters-optional" + + +def test_postfix_main_cf_file_content(File): + """ + Tests if the Postfix main configuration file content is correct. + """ + + config = File('/etc/postfix/main.cf') + config_lines = config.content.split("\n") + + assert "myhostname = parameters-optional" in config_lines + assert "mydestination = parameters-optional, parameters-optional, localhost.localdomain, localhost" in config_lines + assert "relayhost = mail-server" in config_lines + assert "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128" in config_lines + assert "smtp_tls_security_level=verify" in config_lines + assert "smtp_tls_CAfile=/etc/ssl/certs/smtp_relay_truststore.pem" in config_lines + assert "smtp_host_lookup = dns, native" in config_lines + + +def test_local_aliases(Command, File, Sudo): + """ + Tests if local aliases are configured correctly. + """ + + send = Command('swaks --suppress-data --to root@localhost') + assert send.rc == 0 + message_id = re.search('Ok: queued as (.*)', send.stdout).group(1) + + with Sudo(): + mail_log = File('/var/log/mail.log') + pattern1 = "%s: to=, orig_to=.*status=sent" % message_id + pattern2 = "%s: to=, orig_to=.*status=sent" % message_id + + assert re.search(pattern1, mail_log.content) is not None + assert re.search(pattern2, mail_log.content) is not None + + +def test_relay_mail_sending(Command, File, Sudo): + """ + Tests if mails are sent correctly via relay if relay has been configured. + """ + + send = Command('swaks --suppress-data --to root@domain1 --server localhost') + assert send.rc == 0 + message_id = re.search('Ok: queued as (.*)', send.stdout).group(1) + + with Sudo(): + mail_log = File('/var/log/mail.log') + pattern = "%s: to=, relay=mail-server.*status=sent" % message_id + + assert re.search(pattern, mail_log.content) is not None + + +def test_tls_enforced_towards_relay_mail_server(Command, File, Sudo): + """ + Tests if TLS verification is enfoced towards the relay mail server. + """ + + with Sudo(): + # Replace the relayhost with name that is not present in relay's + # certificate. + command = Command("sed -i -e s#relayhost\\ =\\ mail-server#relayhost\\ =\\ domain1# /etc/postfix/main.cf") + assert command.rc == 0 + command = Command("service postfix restart") + assert command.rc == 0 + + # Try to send out an e-mail + send = Command('swaks --suppress-data --to root@domain1 --server localhost') + + # Restore correct relay name in the configuration file. + command = Command("sed -i -e s#relayhost\\ =\\ domain1#relayhost\\ =\\ mail-server# /etc/postfix/main.cf") + assert command.rc == 0 + command = Command("service postfix restart") + assert command.rc == 0 + + # Finally check the results. + assert send.rc == 0 + message_id = re.search('Ok: queued as (.*)', send.stdout).group(1) + + with Sudo(): + mail_log = File('/var/log/mail.log') + pattern = "%s: to=, relay=domain1.*status=deferred \(Server certificate not verified\)" % message_id + + assert re.search(pattern, mail_log.content) is not None