import os import re import time import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-optional']) def test_smtp_relay_truststore_file(host): """ Tests if SMTP relay truststore has correct content. """ truststore = host.file('/etc/ssl/certs/smtp_relay_truststore.pem') assert truststore.content == open("tests/data/x509/ca.cert.pem", "r").read().rstrip() def test_smtp_mailname(host): """ Tests if SMTP mailname has been configured correctly. """ hostname = host.run('hostname').stdout mailname = host.file('/etc/mailname') assert mailname.content == "%s" % hostname def test_postfix_main_cf_file_content(host): """ Tests if the Postfix main configuration file content is correct. """ hostname = host.run('hostname').stdout config = host.file('/etc/postfix/main.cf') config_lines = config.content.split("\n") assert "myhostname = %s" % hostname in config_lines assert "mydestination = %s, %s, localhost.localdomain, localhost" % (hostname, hostname) in config_lines assert "relayhost = mail-server:27" in config_lines assert "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128" in config_lines assert "smtp_tls_security_level=verify" in config_lines assert "smtp_tls_CAfile=/etc/ssl/certs/smtp_relay_truststore.pem" in config_lines assert "smtp_host_lookup = dns, native" in config_lines def test_local_aliases(host): """ Tests if local aliases are configured correctly. """ hostname = host.run('hostname').stdout send = host.run('swaks --suppress-data --to root@localhost') assert send.rc == 0 message_id = re.search('Ok: queued as (.*)', send.stdout).group(1) # Wait for a little while for message to be processed. time.sleep(5) with host.sudo(): mail_log = host.file('/var/log/mail.log') pattern1 = "%s: to=, orig_to=.*status=sent" % (message_id, hostname) pattern2 = "%s: to=, orig_to=.*status=sent" % (message_id, hostname) assert re.search(pattern1, mail_log.content) is not None assert re.search(pattern2, mail_log.content) is not None def test_relay_mail_sending(host): """ Tests if mails are sent correctly via relay if relay has been configured. """ send = host.run('swaks --suppress-data --to root@domain1 --server localhost') assert send.rc == 0 message_id = re.search('Ok: queued as (.*)', send.stdout).group(1) # Wait for a little while for message to be processed. time.sleep(5) with host.sudo(): mail_log = host.file('/var/log/mail.log') # Pattern used to verify the mail was sent over relay on designated # port. pattern = r"%s: to=, relay=mail-server\[[^]]*\]:27.*status=sent" % message_id assert re.search(pattern, mail_log.content) is not None def test_tls_enforced_towards_relay_mail_server(host): """ Tests if TLS verification is enfoced towards the relay mail server. """ with host.sudo(): # Replace the relayhost with name that is not present in relay's # certificate. command = host.run("sed -i -e s#relayhost\\ =\\ mail-server#relayhost\\ =\\ domain1# /etc/postfix/main.cf") assert command.rc == 0 command = host.run("service postfix restart") assert command.rc == 0 # Try to send out an e-mail send = host.run('swaks --suppress-data --to root@domain1 --server localhost') # Restore correct relay name in the configuration file. command = host.run("sed -i -e s#relayhost\\ =\\ domain1#relayhost\\ =\\ mail-server# /etc/postfix/main.cf") assert command.rc == 0 command = host.run("service postfix restart") assert command.rc == 0 # Finally check the results. assert send.rc == 0 message_id = re.search('Ok: queued as (.*)', send.stdout).group(1) # Wait for a little while for message to be processed. time.sleep(5) with host.sudo(): mail_log = host.file('/var/log/mail.log') pattern = "%s: to=, relay=domain1.*status=deferred \(Server certificate not verified\)" % message_id assert re.search(pattern, mail_log.content) is not None