Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unit testing is keeping failing... #58

Closed
huan opened this issue Jun 7, 2019 · 4 comments
Closed

Unit testing is keeping failing... #58

huan opened this issue Jun 7, 2019 · 4 comments
Labels

Comments

@huan
Copy link
Owner

huan commented Jun 7, 2019

I'm getting many headaches to looking into it and trying to fix it... :(

@test "ESMTP TLS AUTH by [email protected]/test" {
#
# # perl -MMIME::Base64 -e 'print encode_base64("testi\@testo.com\0testi\@testo.com\0test");'
# dGVzdGlAdGVzdG8uY29tAHRlc3RpQHRlc3RvLmNvbQB0ZXN0
#
FIFO_SSL_I=/tmp/ssli.$$
FIFO_SSL_O=/tmp/sslo.$$
mkfifo $FIFO_SSL_{I,O}
0<$FIFO_SSL_I &>$FIFO_SSL_O \
timeout -t 7 -s TERM \
openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25 &
exec {FD_I}> $FIFO_SSL_I
exec {FD_O}< $FIFO_SSL_O
ret=1
while read line; do
line=$(sed 's/\r$//'<<<$line)
if [[ $line =~ 'CONNECTED' ]]; then
>& $FD_I echo 'AUTH PLAIN dGVzdGlAdGVzdG8uY29tAHRlc3RpQHRlc3RvLmNvbQB0ZXN0'
elif [[ $line =~ '235 2.7.0 Authentication successful' ]]; then
>& $FD_I echo 'QUIT'
exec {FD_I}>&-
ret=0
elif [[ $line =~ '503 5.5.1 Error: already authenticated' ]]; then
>& $FD_I echo 'QUIT'
exec {FD_I}>&-
ret=0
fi
done <& $FD_O
unlink $FIFO_SSL_I
unlink $FIFO_SSL_O
[ $ret = 0 ]
}

There are no changes at all in the past dozens of weeks, what's wrong?

See: https://circleci.com/gh/huan/docker-simple-mail-forwarder/20

@huan huan added the bug label Jun 7, 2019
@huan
Copy link
Owner Author

huan commented Jun 7, 2019

version with git hash ab049ac works without any problem.

bash-4.4# openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25
CONNECTED(00000003)
depth=0 C = US, ST = Matrix, L = L, O = O, CN = simple-mail-forwarder.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = Matrix, L = L, O = O, CN = simple-mail-forwarder.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=Matrix/L=L/O=O/CN=simple-mail-forwarder.com
   i:/C=US/ST=Matrix/L=L/O=O/CN=simple-mail-forwarder.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDMDCCAhgCCQCpC0dr5fDjgzANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJV
UzEPMA0GA1UECAwGTWF0cml4MQowCAYDVQQHDAFMMQowCAYDVQQKDAFPMSIwIAYD
VQQDDBlzaW1wbGUtbWFpbC1mb3J3YXJkZXIuY29tMB4XDTE5MDYwNzE1NDkzMloX
DTI5MDYwNDE1NDkzMlowWjELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk1hdHJpeDEK
MAgGA1UEBwwBTDEKMAgGA1UECgwBTzEiMCAGA1UEAwwZc2ltcGxlLW1haWwtZm9y
d2FyZGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbRBy6q
+dlPLlGU/EYsO4Q2BatiaxNEqPYcQC8F42A9CgUONYPkLQPC+eZ7MZAtboqlk1aN
FoARrGLqsiXkc2bzqD7DUjABSwWTR3xmT5t4L0fCVafwlAoe1CRXN8R3uodeHRWR
LTbHnIL2K2KslREtv1ioJFTQ14tlzMbej3Lnc+1at5pL3R1d4u5Rrk3+KtqY0fEW
AElwhM5ilWC2aVoLoNnStbL+8TyQi2fIQMMOhlW9esw8eOZGlTYOKXMryXoact61
pKQSXaoHzP5+w1+8+nd2Ux6sWW0aPBlgwiBLemB+2/EN6IT5LEdHNMdlPLmjqojA
w+5A04eevNMi/GkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAc5uPEnCsbmUYzg/W
l0ZgwWYAh7/9fUrgwVdxXrZy514Gxbrm9QmezH0vDX0tGgouTEnJ/67e+GBHDOR/
HH56lfSlKyOTjNvOGlRY3jZuWMg8P5J54qLLdvkeABMhKAuvRInpfmXcfcmeQH+P
uzh/IKJUBi0b/2PWlbMzfoz0D+8qD8hJAbmUyMs6U3E4lQjbBdvSCDzX7n+xmVI8
NEMw/cBa7dppfGxHMt5cSZwhcsYjlE4vrM+Y4pS1HLnynlWipzJedNHPA/PvbscC
PaZMsofb3ooChcerH1sR30bAPiYSsaQ3ba0CUlYRnlrS3szNO3vAf5V56pO9jkSo
kFnmqg==
-----END CERTIFICATE-----
subject=/C=US/ST=Matrix/L=L/O=O/CN=simple-mail-forwarder.com
issuer=/C=US/ST=Matrix/L=L/O=O/CN=simple-mail-forwarder.com
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1699 bytes and written 468 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: ABEAB3EDC6F6753D17F1C706D2AC8ABF5FB503E0CFE83F9CF5D639C8C1BBDA85
    Session-ID-ctx: 
    Master-Key: 93D5EFE19D1E9475ABCBD7DD31206BBD4B80DE8A011CF9EB7A3444D010ED08885EA65D788430A54D8672C64C00F04D39
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - c2 d3 31 23 1f 80 28 d0-5f ef 83 24 4d b2 9d 8f   ..1#..(._..$M...
    0010 - 72 53 fa 24 c0 85 e8 ee-86 7e 9c 3a c0 6e 49 38   rS.$.....~.:.nI8
    0020 - 6c ba 79 bf 7a c4 e8 ea-0b 59 86 12 56 6d b9 13   l.y.z....Y..Vm..
    0030 - 81 51 88 e2 a1 93 e7 02-7d 95 67 25 fc 76 a6 cd   .Q......}.g%.v..
    0040 - dc bd e3 47 06 08 94 bb-82 51 31 70 6c 08 06 c7   ...G.....Q1pl...
    0050 - 51 42 13 c2 a7 a3 09 03-dd b2 51 a6 2b 2c fc 86   QB........Q.+,..
    0060 - ba c9 f6 27 93 cc 07 2d-be 22 10 fa 45 bb 13 a5   ...'...-."..E...
    0070 - ba be 0e f5 87 a0 47 13-92 b6 b5 cc 9b 6d c7 9f   ......G......m..
    0080 - 89 d5 07 31 b2 5b 7c 64-6a 97 ea b3 69 40 95 ba   ...1.[|dj...i@..
    0090 - 33 1c 45 3f b9 d3 32 3f-9d 9b 68 db 85 c6 0f eb   3.E?..2?..h.....

    Start Time: 1559922634
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
250 DSN

@huan
Copy link
Owner Author

huan commented Jun 7, 2019

It seems that this issue is related to the following code block:

if [ ! -f "smtp.cert" ] || [ ! -f "smtp.ec.cert" ]; then
#openssl dhparam -2 -out dh_512.pem 512
#openssl dhparam -2 -out dh_1024.pem 1024
openssl req -new -outform PEM -out smtp.cert -newkey rsa:2048 \
-nodes -keyout smtp.key -keyform PEM -days 3650 -x509 \
-subj "/C=US/ST=Matrix/L=L/O=O/CN=${SMF_DOMAIN:-simple-mail-forwarder.com}"
chown -R root.postfix /etc/postfix/cert/
chmod -R 750 /etc/postfix/cert/
fi

Which was introduced from PR #51

@huan
Copy link
Owner Author

huan commented Jun 7, 2019

Add an EC cert/key generate script, inspired from

https://security.stackexchange.com/a/93712/209762

huan added a commit that referenced this issue Jun 7, 2019
@huan
Copy link
Owner Author

huan commented Jun 7, 2019

All tests passing again. :-D

@huan huan closed this as completed Jun 7, 2019
huan added a commit that referenced this issue Jun 7, 2019
haratosan pushed a commit to haratosan/docker-simple-mail-forwarder that referenced this issue Apr 5, 2021
haratosan pushed a commit to haratosan/docker-simple-mail-forwarder that referenced this issue Apr 5, 2021
huan added a commit that referenced this issue Jul 6, 2021
…103)

* Use alpine:latest as base image

* Roll back to sillelien/base-alpine:0.10 (#23)

* fix doc

* Update README.md

* Update README.md

* Update Base to Alpine 3.8

* Update base image to Alpine 3.8
* Install s6 process manager directly
* Upgraded BATS to 1.1.0
* Install syslog-ng for postfix logging to stdout

* syslog-ng: Disable statistic messages

These spam the console too much, so disable them.

* Fix typo in README

couse => course

* Upgrade circleci from v1 to v2

* add ide config

* fix circleci config

* fix circleci config

* fix circleci config

* fix circleci config

* fix yml

* fix yml add docker run type

* fix yml add machine run type

* fix yml

* year 2019

* Add voice from Paweł Czochański

* EC key support (#51)

* Fix nickname typo

* Add support for EC keys

* Update README.md

* Update README.md

* add ec key support

* Fix layout

* Timezone tzdata packagge (#57)

Add custom timezone support

* make circler yaml linter happy

* Fix leak of EC Cert/Key problem (#58)

* code clean

* only generate not existing files (#51 #58)

* one line -> one-line

* Timezone supported

* Update author & copyright

* Update master changelog

* fix chinese charactor bug

* v1.1

* Update README.md timezone (#59)

Update README.md for Timezone support

* clean doc

* Fix H1 title

* Update README.md

* Update README.md

* Fix typo (#66)

* add auth for relayhost (#68)

* add auth for relayhost

* indent fix

* example for AUTH

* remove excess line

* environment var typo fix

* fix for mail log not displaying

* Enable GitHub Actions

* Add Actions Badge

* basic "proofreading" (#69)

* basic "proofreading"

fixed some grammatical and spelling errors, made the descriptions flow a little better

* PR revisions

* Update README.md

* add hall of flame

* Upgrade BATS & S6, with multiple-platform docker image published with version 1.2 (#76)

* v1.2

* Upgrade Alpine to 3.8 (#77)

* upgrade base image to alpine 3.8

* v1.3

* Deploy docker image arm platform from github action

* test

* test

* checkout before deploy

* clean

* use buildx as default bugild

* republish v1.2 for amd64 with s6 fix (#79)

* republish v1.3 for amd64 with s6 fix

* fix comment

* v1.2

* Add test for deleting test user (#82)

* Add makefile

* makefile

* makefile

* makefile

* 1.2.14

* add make version

* 1.2.15

* v1.3.0 for multi platforms image

* Use script to install s6 with right platforms (arm/x86) (#76)

* use aarch64 for s6 release (#76)

* v1.3.1

* Add DKIM support (#83)

* Add DKIM support

* 1.2.11

Co-authored-by: Huan (李卓桓) <[email protected]>

* generating a DKIM key for all virtualDomains

* including HOSTNAME in folder of domains for DKIM

* KeyTable, SigningTable, TrustedHosts for HOSTNAME and all virtualDomain

* Generate new DKIM data only if keys do not exist yet

* disabled opendkim.conf settings for single domain, added KeyTable,SigningTable,ExternalIgnoreList,InternalHosts

* Correct permissions of DKIM files regardless of prior creation

* Added test for multiple domains and DKIM. Ready for #88

* Updated README on DKIM for multiple domains

* Fixed indentation on entrypoint

* Fixed wrong indentation (style)

* Cleaner handling of multiple DKIM keys. No settings required. Renders #83 redundant

* Making sure we never insert the same config twice #89

* Forgot one last mention of SMF_DKIM_ALL

* Better tld naming for DKIM in README

Co-authored-by: Peeter N <[email protected]>

* DKIM test no longer changes working directory

Co-authored-by: Peeter N <[email protected]>

* More elegant generation of DKIM entries for HOSTNAME and virtual domains

* Correct switch to suppress grep complains when files miss

* Update VERSION

* Strips sender details (IP, client, user agent) when sending (#91)

* Strips sender's IP, client, and user agent headers

* Bumping patch verison number

* Allow for setting any Postfix variables in the config file (both main.cf and master.cf) (#93)

* Strips sender's IP, client, and user agent headers

* Bumping patch verison number

* SMF_POSTFIXMAIN_* to set custom postfix main.cf entries

* SMF_POSTFIXMASTER_* to set custom postfix master.cf entries

* Using sed to handle master.cf custom variables

* README.md explains env variables for custom main.cf and master.cf

* Tests for custom main.cf and master.cf

* Fixes #92

* Simplify docker run command with SMF_CONFIG

* v1.4.3 (#94)

* Add VERSION & Update README.md (#94)

* fix ignore

* 1.4.4

* add v1.4 changelog

* clean

* show version

* 1.4.5

* layout

* Update configuration after variables has been injected to the main configuration (#98)

* Add an option to override postfix's default logging configuration

* Add tests

* Update README.md

* push to build

* fix overwriting variable

* update with postfix-configuration

* delete drone for pull request

Co-authored-by: Tamaro Skaljic <[email protected]>

* Add an option to override postfix's default logging configuration (#97)

* Add an option to override postfix's default logging configuration

* Add tests

* Update README.md

* v1.4.6

* Change Postfix logging configuration tests behaviour (#99)

* fix default postfix logging configuration test

* Change logfile path in custom postfix logging configuration test

* Make postfix logging configuration tests restore the preconditions

* start PostSRSd and generate Secret

* start PostSRSd and generate Secret

* start PostSRSd if  is set

* start PostSRSd if  is set

* only start PostSRSd if  is set

* only start PostSRSd if  is set

* Updated README.md

* Updated README.md

* spelling...

* spelling...

* Updated the if-statement for PostSRSd

* Updated the if-statement for PostSRSd

Co-authored-by: Martijn Rondeel <[email protected]>
Co-authored-by: Huan LI <[email protected]>
Co-authored-by: Chris Blake <[email protected]>
Co-authored-by: universeroc <[email protected]>
Co-authored-by: Paweł Czochański <[email protected]>
Co-authored-by: me1299 <[email protected]>
Co-authored-by: David Gonzalez <[email protected]>
Co-authored-by: Choon-Siang Lai <[email protected]>
Co-authored-by: Bailey <[email protected]>
Co-authored-by: Peeter N <[email protected]>
Co-authored-by: Daniel Graziotin <[email protected]>
Co-authored-by: Daniel Graziotin <[email protected]>
Co-authored-by: Cenk Kılıç <[email protected]>
Co-authored-by: Tamaro Skaljic <[email protected]>
Co-authored-by: Linux User <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant