WIP: tests: Check DKIM signature in LDAP scenario

tests/ldap.nix

@@ -23,12 +23,52 @@ pkgs.nixosTest {
         settings.PermitRootLogin = "yes";
       };
 
-      environment.systemPackages = [
+      environment.systemPackages = with pkgs;[
-        (pkgs.writeScriptBin "mail-check" ''
+        fetchmail
-          ${pkgs.python3}/bin/python ${../scripts/mail-check.py} $@
+        msmtp
-        '')];
+        procmail
+        (writeScriptBin "mail-check" ''
+          ${python3}/bin/python ${../scripts/mail-check.py} $@
+        '')
+      ];
 
-      environment.etc.bind-password.text = bindPassword;
+      environment.etc = {
+        bind-password.text = bindPassword;
+        "root/.fetchmailrc" = {
+          text = ''
+            poll 127.0.0.1 with proto IMAP
+            user 'bob@example.com' there with password '${bobPassword}' is 'root' here
+            mda procmail
+          '';
+          mode = "0700";
+        };
+        "root/.procmailrc" = {
+          text = "DEFAULT=$HOME/mail";
+        };
+        "root/.msmtprc" = {
+          text = ''
+            account        alice
+            host           127.0.0.1
+            port           587
+            from           alice@example.com
+            user           alice@example.com
+            password       ${alicePassword}
+          '';
+        };
+        "root/email1".text = ''
+          Message-ID: <238902fy@host.local.network>
+          From: Alice <alice@example.com>
+          To: Bob <bob@example.com>
+          Cc:
+          Bcc:
+          Subject: This is a test Email from Alice to Bob
+          Reply-To:
+
+          Hello Bob,
+
+          I hope this mail reaches you safely.
+        '';
+      };
 
       services.openldap = {
         enable = true;
@@ -107,7 +147,7 @@ pkgs.nixosTest {
         vmailGroupName = "vmail";
         vmailUID = 5000;
 
-        enableImap = false;
+        enableImap = true;
       };
     };
   };
@@ -117,6 +157,10 @@ pkgs.nixosTest {
 
     machine.start()
     machine.wait_for_unit("multi-user.target")
+    machine.execute("cp -p /etc/root/.* ~/")
+    machine.succeed("cat ~/.fetchmailrc >&2")
+    machine.succeed("cat ~/.procmailrc >&2")
+    machine.succeed("cat ~/.msmtprc >&2")
 
     # This function retrieves the ldap table file from a postconf
     # command.
@@ -179,5 +223,20 @@ pkgs.nixosTest {
         "--dst-password-file <(echo '${bobPassword}')",
         "--ignore-dkim-spf"
       ]))
+
+
+    with subtest("Test mail properties"):
+      machine.succeed(
+        "msmtp -a alice --tls=on --tls-certcheck=off --auth=on bob@example.com < /etc/root/email1"
+      )
+
+      machine.execute("rm ~/mail/* >&2")
+      machine.wait_until_fails('[ "$(postqueue -p)" != "Mail queue is empty" ]')
+      machine.succeed("fetchmail --nosslcertck -v >&2")
+      machine.log(machine.succeed("ls -lah ~/mail/"))
+      machine.succeed("cat ~/mail/* >&2")
+
+      # Make sure virtual accounts get DKIM signed
+      machine.succeed("grep DKIM-Signature: ~/mail/*")
   '';
 }