Add integration tests

integration-tests/ldap-allow/config.ldif

@@ -0,0 +1,37 @@
+version: 1
+
+# Add the groupType Attribute and group class for MSAD
+# Kept for memory in case we need to enable this again
+# dn: cn={0}core,cn=schema,cn=config
+# changetype: modify
+# add: olcAttributetypes
+# olcAttributetypes: ( 1.2.840.113556.1.4.750 NAME 'groupType'
+#    SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE
+# )
+#
+# dn: cn={0}core,cn=schema,cn=config
+# changetype: modify
+# add: olcObjectClasses
+# olcObjectClasses: ( 1.2.840.113556.1.5.8 NAME 'Group'
+#         DESC 'a group of users'
+#         SUP top STRUCTURAL
+#         MUST ( groupType $ cn)
+#         MAY ( member ) )
+
+# Configure TLS
+dn: cn=config
+changetype: modify
+replace: olcTLSCertificateFile
+olcTLSCertificateFile: /etc/ldap/ssl/ldap.crt
+-
+replace: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap.key
+-
+replace: olcTLSVerifyClient
+olcTLSVerifyClient: never
+
+# Configure loging
+dn: cn=config
+changetype: modify
+replace: olcLogLevel
+olcLogLevel: stats

integration-tests/ldap-allow/data.ldif

@@ -0,0 +1,9 @@
+# demo@example.org
+dn: uid=demo,${LDAP_BASEDN}
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+cn: Demo
+sn: allowed
+mail: demo@example.org

integration-tests/ldap-allow/docker-compose.yml

@@ -0,0 +1,42 @@
+version: '3.7'
+services:
+  postfix_test_587:
+    hostname: "postfix"
+    image: "boky/postfix"
+    restart: always
+    healthcheck:
+      test: [ "CMD", "sh", "-c", "netstat -an | fgrep 587 | fgrep -q LISTEN" ]
+      interval: 10s
+      timeout: 5s
+      start_period: 10s
+      retries: 2
+    volumes:
+      - "./restricted-senders.cf:/etc/postfix/conf/restricted-senders.cf"
+    environment:
+      FORCE_COLOR: "1"
+      ALLOWED_SENDER_DOMAINS: "example.org"
+      POSTFIX_smtpd_sender_restrictions: "check_client_access ldap:/etc/postfix/conf/restricted-senders.cf"
+  ldap:
+    hostname: "ldap"
+    image: "thoteam/slapd-server-mock"
+    restart: always
+    healthcheck:
+      test: [ "CMD", "sh", "-c", "netstat -an | fgrep 389 | fgrep -q LISTEN" ]
+      interval: 10s
+      timeout: 5s
+      start_period: 10s
+      retries: 2
+    volumes:
+      - "./config.ldif:/bootstrap/config.ldif.TEMPLATE"
+      - "./data.ldif:/bootstrap/data.ldif.TEMPLATE"
+  tests:
+    image: "boky/postfix-integration-test"
+    restart: "no"
+    volumes:
+      - "../tester:/code"
+    build:
+      context: ../tester
+    command: "/" # relative path to /code
+    environment:
+      FROM: "demo@example.org"
+      TO: "test@gmail.com"

integration-tests/ldap-allow/restricted-senders.cf

@@ -0,0 +1,4 @@
+    server_host = ldap://ldap
+    search_base = dc=ldapmock,dc=local
+    query_filter = (sn=allowed)
+    result_attribute = mail

integration-tests/ldap-block/config.ldif

@@ -0,0 +1,37 @@
+version: 1
+
+# Add the groupType Attribute and group class for MSAD
+# Kept for memory in case we need to enable this again
+# dn: cn={0}core,cn=schema,cn=config
+# changetype: modify
+# add: olcAttributetypes
+# olcAttributetypes: ( 1.2.840.113556.1.4.750 NAME 'groupType'
+#    SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE
+# )
+#
+# dn: cn={0}core,cn=schema,cn=config
+# changetype: modify
+# add: olcObjectClasses
+# olcObjectClasses: ( 1.2.840.113556.1.5.8 NAME 'Group'
+#         DESC 'a group of users'
+#         SUP top STRUCTURAL
+#         MUST ( groupType $ cn)
+#         MAY ( member ) )
+
+# Configure TLS
+dn: cn=config
+changetype: modify
+replace: olcTLSCertificateFile
+olcTLSCertificateFile: /etc/ldap/ssl/ldap.crt
+-
+replace: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap.key
+-
+replace: olcTLSVerifyClient
+olcTLSVerifyClient: never
+
+# Configure loging
+dn: cn=config
+changetype: modify
+replace: olcLogLevel
+olcLogLevel: stats

integration-tests/ldap-block/data.ldif

@@ -0,0 +1,9 @@
+# demo@example.org
+dn: uid=demo,${LDAP_BASEDN}
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+cn: Demo
+sn: blocked
+mail: demo@example.org

integration-tests/ldap-block/docker-compose.yml

@@ -0,0 +1,42 @@
+version: '3.7'
+services:
+  postfix_test_587:
+    hostname: "postfix"
+    image: "boky/postfix"
+    restart: always
+    healthcheck:
+      test: [ "CMD", "sh", "-c", "netstat -an | fgrep 587 | fgrep -q LISTEN" ]
+      interval: 10s
+      timeout: 5s
+      start_period: 10s
+      retries: 2
+    volumes:
+      - "./restricted-senders.cf:/etc/postfix/conf/restricted-senders.cf"
+    environment:
+      FORCE_COLOR: "1"
+      ALLOWED_SENDER_DOMAINS: "example.org"
+      POSTFIX_smtpd_sender_restrictions: "check_client_access ldap:/etc/postfix/conf/restricted-senders.cf"
+  ldap:
+    hostname: "ldap"
+    image: "thoteam/slapd-server-mock"
+    restart: always
+    healthcheck:
+      test: [ "CMD", "sh", "-c", "netstat -an | fgrep 389 | fgrep -q LISTEN" ]
+      interval: 10s
+      timeout: 5s
+      start_period: 10s
+      retries: 2
+    volumes:
+      - "./config.ldif:/bootstrap/config.ldif.TEMPLATE"
+      - "./data.ldif:/bootstrap/data.ldif.TEMPLATE"
+  tests:
+    image: "boky/postfix-integration-test"
+    restart: "no"
+    volumes:
+      - "../tester:/code"
+    build:
+      context: ../tester
+    command: "/" # relative path to /code
+    environment:
+      FROM: "demo@example.org"
+      TO: "test@gmail.com"

integration-tests/ldap-block/restricted-senders.cf

@@ -0,0 +1,4 @@
+    server_host = ldap://ldap
+    search_base = dc=ldapmock,dc=local
+    query_filter = (sn=allowed)
+    result_attribute = mail

integration-tests/ldap-block/test.bats

@@ -0,0 +1,26 @@
+#!/usr/bin/env bats
+
+FROM=$1
+TO=$2
+
+if [ -z "$FROM" ]; then
+    FROM="demo@example.org"
+fi
+
+if [ -z "$TO" ]; then
+    TO="test@gmail.com"
+fi
+
+# Wait for postfix to startup
+wait-for-service -q tcp://postfix_test_587:587
+wait-for-service -q tcp://ldap:389
+
+SMTP_DATA="-smtp postfix_test_587 -port 587"
+
+@test "Make sure postfix rejects the message from us" {
+	! mailsend -debug \
+		-sub "Test email 1" $SMTP_DATA \
+			-from "$FROM" -to "$TO" \
+		body \
+			-msg "Hello world!\nThis is a simple test message!"
+}