mirror of
https://github.com/bokysan/docker-postfix.git
synced 2024-09-20 06:46:10 +08:00
Fix for #38
The postfix configuration was a bit too permissive with `mynetworks`. This commit: - adds `reject` at the end of `*restrictions` list - adds tests for this feature
This commit is contained in:
parent
bd67c9547c
commit
51173d36e0
|
@ -25,7 +25,7 @@ services:
|
|||
- "../tester:/code"
|
||||
build:
|
||||
context: ../tester
|
||||
command: "/"
|
||||
command: "/" # relative path to /code
|
||||
environment:
|
||||
FROM: "demo@example.org"
|
||||
TO: "test@gmail.com"
|
|
@ -26,7 +26,7 @@ services:
|
|||
- "../tester:/code"
|
||||
build:
|
||||
context: ../tester
|
||||
command: "/"
|
||||
command: "/" # relative path to /code
|
||||
environment:
|
||||
FROM: "demo@example.org"
|
||||
TO: "test@gmail.com"
|
||||
|
|
|
@ -24,7 +24,7 @@ services:
|
|||
- "../tester:/code"
|
||||
build:
|
||||
context: ../tester
|
||||
command: "/"
|
||||
command: "/" # relative path to /code
|
||||
environment:
|
||||
FROM: "demo@example.org"
|
||||
TO: "test@gmail.com"
|
|
@ -26,7 +26,7 @@ services:
|
|||
- "../tester:/code"
|
||||
build:
|
||||
context: ../tester
|
||||
command: "/"
|
||||
command: "/" # relative path to /code
|
||||
environment:
|
||||
FROM: "demo@example.org"
|
||||
TO: "test@gmail.com"
|
||||
|
|
32
integration-tests/non-allowed-networks/docker-compose.yml
Normal file
32
integration-tests/non-allowed-networks/docker-compose.yml
Normal file
|
@ -0,0 +1,32 @@
|
|||
version: '3.7'
|
||||
services:
|
||||
postfix_test_587:
|
||||
hostname: "postfix"
|
||||
image: "boky/postfix"
|
||||
build:
|
||||
context: ../..
|
||||
restart: always
|
||||
healthcheck:
|
||||
test: [ "CMD", "sh", "-c", "netstat -an | fgrep 587 | fgrep -q LISTEN" ]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
start_period: 10s
|
||||
retries: 2
|
||||
environment:
|
||||
FORCE_COLOR: "1"
|
||||
ALLOWED_SENDER_DOMAINS: "example.org"
|
||||
POSTFIX_mynetworks: "1.1.1.1/32"
|
||||
POSTFIX_smtpd_end_of_data_restrictions: "check_client_access static:discard"
|
||||
LOG_FORMAT: "json"
|
||||
tests:
|
||||
image: "boky/postfix-integration-test"
|
||||
restart: "no"
|
||||
volumes:
|
||||
- ".:/code"
|
||||
build:
|
||||
context: ../tester
|
||||
command: "/"
|
||||
environment:
|
||||
FROM: "demo@example.org"
|
||||
TO: "test@gmail.com"
|
||||
SKIP_INVALID_DOMAIN_SEND: "1"
|
25
integration-tests/non-allowed-networks/test.bats
Executable file
25
integration-tests/non-allowed-networks/test.bats
Executable file
|
@ -0,0 +1,25 @@
|
|||
#!/usr/bin/env bats
|
||||
|
||||
FROM=$1
|
||||
TO=$2
|
||||
|
||||
if [ -z "$FROM" ]; then
|
||||
FROM="demo@example.org"
|
||||
fi
|
||||
|
||||
if [ -z "$TO" ]; then
|
||||
TO="test@gmail.com"
|
||||
fi
|
||||
|
||||
# Wait for postfix to startup
|
||||
wait-for-service -q tcp://postfix_test_587:587
|
||||
|
||||
SMTP_DATA="-smtp postfix_test_587 -port 587"
|
||||
|
||||
@test "Make sure postfix rejects the message from us" {
|
||||
! mailsend \
|
||||
-sub "Test email 1" $SMTP_DATA \
|
||||
-from "$FROM" -to "$TO" \
|
||||
body \
|
||||
-msg "Hello world!\nThis is a simple test message!"
|
||||
}
|
|
@ -71,8 +71,12 @@ postfix_restrict_message_size() {
|
|||
postfix_reject_invalid_helos() {
|
||||
do_postconf -e smtpd_delay_reject=yes
|
||||
do_postconf -e smtpd_helo_required=yes
|
||||
# Fast reject -- reject straight away when the client is connecting
|
||||
do_postconf -e "smtpd_client_restrictions=permit_mynetworks,reject"
|
||||
# Reject / accept on EHLO / HELO command
|
||||
do_postconf -e "smtpd_helo_restrictions=permit_mynetworks,reject_invalid_helo_hostname,permit"
|
||||
do_postconf -e "smtpd_sender_restrictions=permit_mynetworks"
|
||||
# Delayed reject -- reject on MAIL FROM command. Not strictly neccessary to have both, but doesn't hurt
|
||||
do_postconf -e "smtpd_sender_restrictions=permit_mynetworks,reject"
|
||||
}
|
||||
|
||||
postfix_set_hostname() {
|
||||
|
|
|
@ -13,5 +13,4 @@ RUN apk add --no-cache bash bats && \
|
|||
|
||||
WORKDIR /code
|
||||
ENTRYPOINT ["/usr/bin/bats"]
|
||||
|
||||
CMD ["-v"]
|
|
@ -19,4 +19,4 @@ chown -R opendkim:opendkim /etc/opendkim
|
|||
|
||||
su opendkim -s /bin/bash -c 'cat /etc/opendkim/keys/example.org.private' > /dev/null
|
||||
su opendkim -s /bin/bash -c 'cat /etc/opendkim/keys/example.org.txt' > /dev/null
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue