mirror of
https://blitiri.com.ar/repos/chasquid
synced 2025-12-21 15:17:01 +00:00
5eded4edc3
To send mails, today some tests use msmtp and others our internal smtpc.py. This works, but msmtp slows down the tests significantly, and smtpc.py is also not particularly fast, and also has some limitations. This patch introduces a new SMTP client tool written in Go, and makes almost all the tests use it. Some tests still remain on msmtp, mainly for client-check compatibility. It's likely that this will be moved in later patches to a separate special-purpose test. With this patch, integration tests take ~20% less time than before.
83 lines
2.7 KiB
Bash
Executable File
83 lines
2.7 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Test integration with dkimpy.
|
|
|
|
set -e
|
|
. "$(dirname "$0")/../util/lib.sh"
|
|
|
|
init
|
|
check_hostaliases
|
|
|
|
# Check if dkimpy tools are installed in /usr/bin, and driusan/dkim is
|
|
# installed somewhere else in $PATH.
|
|
#
|
|
# Unfortunately we need both because dkimpy's dkimverify lacks the features
|
|
# needed to use it in integration testing.
|
|
#
|
|
# We need to run them and check the help because there are other binaries with
|
|
# the same name.
|
|
# This is really hacky but the most practical way to handle it, since they
|
|
# both have the same binary names.
|
|
if ! /usr/bin/dkimsign --help 2>&1 | grep -q -- --identity; then
|
|
skip "/usr/bin/dkimsign is not dkimpy's"
|
|
fi
|
|
if ! dkimverify --help 2>&1 < /dev/null | grep -q -- "-txt string"; then
|
|
skip "dkimverify is not driusan/dkim's"
|
|
fi
|
|
|
|
generate_certs_for testserver
|
|
( mkdir -p .dkimcerts; cd .dkimcerts; dknewkey private > log 2>&1 )
|
|
|
|
# Some dkimpy versions have a bug where it can't parse the keys generated by
|
|
# its own key generator. Detect if that's the case, and if so, skip the test.
|
|
# See https://bugs.launchpad.net/dkimpy/+bug/1978835.
|
|
if ! /usr/bin/dkimsign \
|
|
testselector1 testserver .dkimcerts/private.key \
|
|
< content 2>&1 | grep -q "DKIM-Signature:"
|
|
then
|
|
skip "buggy dkimpy version"
|
|
fi
|
|
|
|
add_user user@testserver secretpassword
|
|
add_user someone@testserver secretpassword
|
|
|
|
mkdir -p .logs
|
|
chasquid -v=2 --logfile=.logs/chasquid.log --config_dir=config &
|
|
wait_until_ready 1025
|
|
|
|
# Authenticated: user@testserver -> someone@testserver
|
|
# Should be signed.
|
|
smtpc --addr=localhost:1465 \
|
|
--server_cert=config/certs/testserver/fullchain.pem \
|
|
--user=user@testserver --password=secretpassword \
|
|
someone@testserver < content
|
|
wait_for_file .mail/someone@testserver
|
|
mail_diff content .mail/someone@testserver
|
|
if ! grep -q "DKIM-Signature:" .mail/someone@testserver; then
|
|
fail "mail not signed, DKIM-Signature header missing"
|
|
fi
|
|
|
|
# Verify the signature manually, just in case.
|
|
# NOTE: This is using driusan/dkim instead of dkimpy, because dkimpy can't be
|
|
# overridden to get the DNS information from anywhere else (text file or custom
|
|
# DNS server).
|
|
dkimverify -txt .dkimcerts/private.dns < .mail/someone@testserver
|
|
|
|
# Save the signed mail so we can verify it later.
|
|
# Drop the first line ("From blah") so it can be used as email contents.
|
|
tail -n +2 .mail/someone@testserver > .signed_content
|
|
|
|
# Not authenticated: someone@testserver -> someone@testserver
|
|
smtpc --addr=localhost:1025 \
|
|
--from=someone@testserver someone@testserver < .signed_content
|
|
|
|
# Check that the signature fails on modified content.
|
|
echo "Added content, invalid and not signed" >> .signed_content
|
|
if smtpc --addr=localhost:1025 \
|
|
--from=someone@testserver someone@testserver < .signed_content \
|
|
> /dev/null 2>&1 ; then
|
|
fail "DKIM verification succeeded on modified content"
|
|
fi
|
|
|
|
success
|