WIP: tests: Check DKIM signature in LDAP scenario

2025-05-04 17:50:51 +05:00 · 2025-04-16 18:44:26 +02:00 · 2025-04-16 18:44:26 +02:00 · ccd796bed6
commit ccd796bed6
parent 745c6ee861
1 changed files with 65 additions and 6 deletions
--- a/tests/ldap.nix
+++ b/tests/ldap.nix
@ -23,12 +23,52 @@ pkgs.nixosTest {
        settings.PermitRootLogin = "yes";
      };

-      environment.systemPackages = [
-        (pkgs.writeScriptBin "mail-check" ''
-          ${pkgs.python3}/bin/python ${../scripts/mail-check.py} $@
-        '')];
+      environment.systemPackages = with pkgs;[
+        fetchmail
+        msmtp
+        procmail
+        (writeScriptBin "mail-check" ''
+          ${python3}/bin/python ${../scripts/mail-check.py} $@
+        '')
+      ];

-      environment.etc.bind-password.text = bindPassword;
+      environment.etc = {
+        bind-password.text = bindPassword;
+        "root/.fetchmailrc" = {
+          text = ''
+            poll 127.0.0.1 with proto IMAP
+            user 'bob@example.com' there with password '${bobPassword}' is 'root' here
+            mda procmail
+          '';
+          mode = "0700";
+        };
+        "root/.procmailrc" = {
+          text = "DEFAULT=$HOME/mail";
+        };
+        "root/.msmtprc" = {
+          text = ''
+            account        alice
+            host           127.0.0.1
+            port           587
+            from           alice@example.com
+            user           alice@example.com
+            password       ${alicePassword}
+          '';
+        };
+        "root/email1".text = ''
+          Message-ID: <238902fy@host.local.network>
+          From: Alice <alice@example.com>
+          To: Bob <bob@example.com>
+          Cc:
+          Bcc:
+          Subject: This is a test Email from Alice to Bob
+          Reply-To:
+
+          Hello Bob,
+
+          I hope this mail reaches you safely.
+        '';
+      };

      services.openldap = {
        enable = true;
@ -107,7 +147,7 @@ pkgs.nixosTest {
        vmailGroupName = "vmail";
        vmailUID = 5000;

-        enableImap = false;
+        enableImap = true;
      };
    };
  };
@ -117,6 +157,10 @@ pkgs.nixosTest {

    machine.start()
    machine.wait_for_unit("multi-user.target")
+    machine.execute("cp -p /etc/root/.* ~/")
+    machine.succeed("cat ~/.fetchmailrc >&2")
+    machine.succeed("cat ~/.procmailrc >&2")
+    machine.succeed("cat ~/.msmtprc >&2")

    # This function retrieves the ldap table file from a postconf
    # command.
@ -179,5 +223,20 @@ pkgs.nixosTest {
        "--dst-password-file <(echo '${bobPassword}')",
        "--ignore-dkim-spf"
      ]))
+
+
+    with subtest("Test mail properties"):
+      machine.succeed(
+        "msmtp -a alice --tls=on --tls-certcheck=off --auth=on bob@example.com < /etc/root/email1"
+      )
+
+      machine.execute("rm ~/mail/* >&2")
+      machine.wait_until_fails('[ "$(postqueue -p)" != "Mail queue is empty" ]')
+      machine.succeed("fetchmail --nosslcertck -v >&2")
+      machine.log(machine.succeed("ls -lah ~/mail/"))
+      machine.succeed("cat ~/mail/* >&2")
+
+      # Make sure virtual accounts get DKIM signed
+      machine.succeed("grep DKIM-Signature: ~/mail/*")
  '';
 }