Files
@ 8d272d91d3d2
Branch filter:
Location: majic-ansible-roles/roles/mail_forwarder/molecule/default/tests/test_optional.py
8d272d91d3d2
4.6 KiB
text/x-python
MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 | import os
import re
import time
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional')
def test_smtp_mailname(host):
"""
Tests if SMTP mailname has been configured correctly.
"""
hostname = host.run('hostname').stdout.strip()
mailname = host.file('/etc/mailname')
assert mailname.content_string == "%s" % hostname
def test_postfix_main_cf_file_content(host):
"""
Tests if the Postfix main configuration file content is correct.
"""
hostname = host.run('hostname').stdout.strip()
config = host.file('/etc/postfix/main.cf')
config_lines = config.content_string.split("\n")
assert "myhostname = %s" % hostname in config_lines
assert "mydestination = %s, %s, localhost.localdomain, localhost" % (hostname, hostname) in config_lines
assert "relayhost = mail-server:27" in config_lines
assert "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128" in config_lines
assert "smtp_tls_security_level=verify" in config_lines
assert "smtp_tls_CAfile=/etc/ssl/certs/smtp_relay_truststore.pem" in config_lines
assert "smtp_host_lookup = dns, native" in config_lines
def test_local_aliases(host):
"""
Tests if local aliases are configured correctly.
"""
hostname = host.run('hostname').stdout.strip()
send = host.run('swaks --suppress-data --to root@localhost')
assert send.rc == 0
message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
# Wait for a little while for message to be processed.
time.sleep(5)
with host.sudo():
mail_log = host.file('/var/log/mail.log')
pattern1 = "%s: to=<root@%s>, orig_to=<root@localhost>.*status=sent" % (message_id, hostname)
pattern2 = "%s: to=<testuser@%s>, orig_to=<root@localhost>.*status=sent" % (message_id, hostname)
assert re.search(pattern1, mail_log.content_string) is not None
assert re.search(pattern2, mail_log.content_string) is not None
def test_relay_mail_sending(host):
"""
Tests if mails are sent correctly via relay if relay has been configured.
"""
send = host.run('swaks --suppress-data --to root@domain1 --server localhost')
assert send.rc == 0
message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
# Wait for a little while for message to be processed.
time.sleep(5)
with host.sudo():
mail_log = host.file('/var/log/mail.log')
# Pattern used to verify the mail was sent over relay on designated
# port.
pattern = r"%s: to=<root@domain1>, relay=mail-server\[[^]]*\]:27.*status=sent" % message_id
assert re.search(pattern, mail_log.content_string) is not None
def test_tls_enforced_towards_relay_mail_server(host):
"""
Tests if TLS verification is enfoced towards the relay mail server.
"""
with host.sudo():
# Replace the relayhost with name that is not present in relay's
# certificate.
command = host.run("sed -i -e s#relayhost\\ =\\ mail-server#relayhost\\ =\\ domain1# /etc/postfix/main.cf")
assert command.rc == 0
command = host.run("service postfix restart")
assert command.rc == 0
# Try to send out an e-mail
send = host.run('swaks --suppress-data --to root@domain1 --server localhost')
# Restore correct relay name in the configuration file.
command = host.run("sed -i -e s#relayhost\\ =\\ domain1#relayhost\\ =\\ mail-server# /etc/postfix/main.cf")
assert command.rc == 0
command = host.run("service postfix restart")
assert command.rc == 0
# Finally check the results.
assert send.rc == 0
message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
# Wait for a little while for message to be processed.
time.sleep(5)
with host.sudo():
mail_log = host.file('/var/log/mail.log')
pattern = r"%s: to=<root@domain1>, relay=domain1.*status=deferred \(Server certificate not verified\)" % message_id
assert re.search(pattern, mail_log.content_string) is not None
def test_mail_message_size_limit(host):
"""
Tests if the mail message size limit advertised by the SMTP server
is correct.
"""
capabilities = host.run("(echo 'ehlo localhost' && sleep 2) | telnet localhost 25")
begin = capabilities.stdout.find("250-SIZE")
end = capabilities.stdout.find("\n", begin)
mail_message_size_limit = capabilities.stdout[begin:end]
assert mail_message_size_limit == "250-SIZE 20480001"
|