|
@@ -87,13 +87,7 @@ def test_postfix_main_cf_file_content(host):
|
|
|
Tests if the Postfix main configuration file content is correct.
|
|
|
"""
|
|
|
|
|
|
# Ugly hack, but not sure how to make it work otherwise. IP
|
|
|
# address of client1 (jessie/stretch variant).
|
|
|
distribution_release = host.ansible("setup")["ansible_facts"]["ansible_distribution_release"]
|
|
|
if distribution_release == "jessie":
|
|
|
allow_relay_from_ip = "10.31.127.20"
|
|
|
elif distribution_release == "stretch":
|
|
|
allow_relay_from_ip = "10.31.127.22"
|
|
|
allow_relay_from_ip = "10.31.127.22"
|
|
|
|
|
|
hostname = host.run('hostname').stdout.strip()
|
|
|
|
|
@@ -198,15 +192,11 @@ def test_imap_tls_configuration(host):
|
|
|
|
|
|
starttls = host.run("echo 'a0001 LOGOUT' | openssl s_client -quiet -starttls imap -no_tls1_1 -no_tls1_2 -connect parameters-optional:143")
|
|
|
assert starttls.rc != 0
|
|
|
# First error message from OpenSSL in Debian 8 Jessie, second from
|
|
|
# OpenSSL in Debian 9 Stretch.
|
|
|
assert "write:errno=104" in starttls.stderr or 'SSL alert number 70' in starttls.stderr
|
|
|
assert 'SSL alert number 70' in starttls.stderr
|
|
|
|
|
|
tls = host.run("echo 'a0001 LOGOUT' | openssl s_client -quiet -no_tls1_1 -no_tls1_2 -connect parameters-optional:993")
|
|
|
assert tls.rc != 0
|
|
|
# First error message from OpenSSL in Debian 8 Jessie, second from
|
|
|
# OpenSSL in Debian 9 Stretch.
|
|
|
assert "write:errno=104" in tls.stderr or 'SSL alert number 70' in tls.stderr
|
|
|
assert 'SSL alert number 70' in tls.stderr
|
|
|
|
|
|
# Test at least one strong TLS cipher.
|
|
|
starttls_cipher = host.run("echo 'a0001 LOGOUT' | openssl s_client -starttls imap -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-optional:143")
|
|
@@ -282,9 +272,7 @@ def test_postfix_tls_configuration(host):
|
|
|
|
|
|
starttls = host.run("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_1 -no_tls1_2 -connect parameters-optional:587")
|
|
|
assert starttls.rc != 0
|
|
|
# First error message from OpenSSL in Debian 8 Jessie, second from
|
|
|
# OpenSSL in Debian 9 Stretch.
|
|
|
assert 'write:errno=104' in starttls.stderr or 'SSL alert number 70' in starttls.stderr
|
|
|
assert 'SSL alert number 70' in starttls.stderr
|
|
|
|
|
|
# Test ciphers for default port (less restrictive).
|
|
|
starttls_cipher = host.run("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-optional:25")
|