mirror of
https://blitiri.com.ar/repos/chasquid
synced 2025-12-17 14:37:02 +00:00
5cdbd9ff6e
This patch fixes a variety of typos in documentation and comments, found by running `codespell`.
77 lines
2.5 KiB
Bash
Executable File
77 lines
2.5 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Test integration with dkimpy.
|
|
|
|
set -e
|
|
. "$(dirname "$0")/../util/lib.sh"
|
|
|
|
init
|
|
check_hostaliases
|
|
|
|
# Check if dkimpy tools are installed in /usr/bin, and driusan/dkim is
|
|
# installed somewhere else in $PATH.
|
|
#
|
|
# Unfortunately we need both because dkimpy's dkimverify lacks the features
|
|
# needed to use it in integration testing.
|
|
#
|
|
# We need to run them and check the help because there are other binaries with
|
|
# the same name.
|
|
# This is really hacky but the most practical way to handle it, since they
|
|
# both have the same binary names.
|
|
if ! /usr/bin/dkimsign --help 2>&1 | grep -q -- --identity; then
|
|
skip "/usr/bin/dkimsign is not dkimpy's"
|
|
fi
|
|
if ! dkimverify --help 2>&1 < /dev/null | grep -q -- "-txt string"; then
|
|
skip "dkimverify is not driusan/dkim's"
|
|
fi
|
|
|
|
generate_certs_for testserver
|
|
( mkdir -p .dkimcerts; cd .dkimcerts; dknewkey private > log 2>&1 )
|
|
|
|
# Some dkimpy versions have a bug where it can't parse the keys generated by
|
|
# its own key generator. Detect if that's the case, and if so, skip the test.
|
|
# See https://bugs.launchpad.net/dkimpy/+bug/1978835.
|
|
if ! /usr/bin/dkimsign \
|
|
testselector1 testserver .dkimcerts/private.key \
|
|
< content 2>&1 | grep -q "DKIM-Signature:"
|
|
then
|
|
skip "buggy dkimpy version"
|
|
fi
|
|
|
|
add_user user@testserver secretpassword
|
|
add_user someone@testserver secretpassword
|
|
|
|
mkdir -p .logs
|
|
chasquid -v=2 --logfile=.logs/chasquid.log --config_dir=config &
|
|
wait_until_ready 1025
|
|
|
|
# Authenticated: user@testserver -> someone@testserver
|
|
# Should be signed.
|
|
run_msmtp someone@testserver < content
|
|
wait_for_file .mail/someone@testserver
|
|
mail_diff content .mail/someone@testserver
|
|
if ! grep -q "DKIM-Signature:" .mail/someone@testserver; then
|
|
fail "mail not signed, DKIM-Signature header missing"
|
|
fi
|
|
|
|
# Verify the signature manually, just in case.
|
|
# NOTE: This is using driusan/dkim instead of dkimpy, because dkimpy can't be
|
|
# overridden to get the DNS information from anywhere else (text file or custom
|
|
# DNS server).
|
|
dkimverify -txt .dkimcerts/private.dns < .mail/someone@testserver
|
|
|
|
# Save the signed mail so we can verify it later.
|
|
# Drop the first line ("From blah") so it can be used as email contents.
|
|
tail -n +2 .mail/someone@testserver > .signed_content
|
|
|
|
# Not authenticated: someone@testserver -> someone@testserver
|
|
smtpc.py --server=localhost:1025 < .signed_content
|
|
|
|
# Check that the signature fails on modified content.
|
|
echo "Added content, invalid and not signed" >> .signed_content
|
|
if smtpc.py --server=localhost:1025 < .signed_content 2> /dev/null; then
|
|
fail "DKIM verification succeeded on modified content"
|
|
fi
|
|
|
|
success
|