From 3f02dc2866b6a8f2f5ecde6a7632bb3aa82b26a3 Mon Sep 17 00:00:00 2001 From: "nix-backports[bot]" <190413589+nix-backports[bot]@users.noreply.github.com> Date: Fri, 27 Dec 2024 14:03:38 +0100 Subject: [PATCH] [Backport release-24.11] nixos/opensmtpd: fix tests, fix sendmail, add sendmail test (#368307) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * nixos/opensmtpd: fix opensmtpd test (cherry picked from commit 42c2634653c1ca5dca48ccb51a6c1949212ca6ff) * nixos/opensmtpd: fix opensmtpd-rspamd test (cherry picked from commit c340fd898c78d96ff69781af4388318c44537cf2) * fix opensmtpd's sendmail, add relevant test (cherry picked from commit fb4ff06a4be7a2b39a229bf1d1068804c18becc2) * nixos/opensmtpd: run nixfmt as requested by ci (cherry picked from commit 69a8aba1130b9475797f76a1cba01bfc77889568) --------- Co-authored-by: Léo Gaspard --- nixos/modules/services/mail/opensmtpd.nix | 6 ++- nixos/tests/opensmtpd-rspamd.nix | 10 ++--- nixos/tests/opensmtpd.nix | 45 +++++++++++++++++------ 3 files changed, 42 insertions(+), 19 deletions(-) diff --git a/nixos/modules/services/mail/opensmtpd.nix b/nixos/modules/services/mail/opensmtpd.nix index 1e846e6e55649..2fc628a64aebd 100644 --- a/nixos/modules/services/mail/opensmtpd.nix +++ b/nixos/modules/services/mail/opensmtpd.nix @@ -114,7 +114,11 @@ in }; services.mail.sendmailSetuidWrapper = lib.mkIf cfg.setSendmail ( - security.wrappers.smtpctl // { program = "sendmail"; } + security.wrappers.smtpctl + // { + source = "${sendmail}/bin/sendmail"; + program = "sendmail"; + } ); systemd.tmpfiles.rules = [ diff --git a/nixos/tests/opensmtpd-rspamd.nix b/nixos/tests/opensmtpd-rspamd.nix index 58b0e3b3414dc..20f530f99b94b 100644 --- a/nixos/tests/opensmtpd-rspamd.nix +++ b/nixos/tests/opensmtpd-rspamd.nix @@ -29,12 +29,8 @@ import ./make-test-python.nix { "${pkgs.dovecot}/libexec/dovecot/deliver -d %{user.username}" match from any for local action dovecot_deliver - action do_relay relay - # DO NOT DO THIS IN PRODUCTION! - # Setting up authentication requires a certificate which is painful in - # a test environment, but THIS WOULD BE DANGEROUS OUTSIDE OF A - # WELL-CONTROLLED ENVIRONMENT! - match from any for any action do_relay + action relay_smtp2 relay host "smtp://192.168.1.2" + match from any for any action relay_smtp2 ''; }; services.dovecot2 = { @@ -107,7 +103,7 @@ import ./make-test-python.nix { import smtplib, sys with smtplib.SMTP('192.168.1.1') as smtp: - smtp.sendmail('alice@[192.168.1.1]', 'bob@[192.168.1.2]', """ + smtp.sendmail('alice@smtp1', 'bob@smtp2', """ From: alice@smtp1 To: bob@smtp2 Subject: Test diff --git a/nixos/tests/opensmtpd.nix b/nixos/tests/opensmtpd.nix index 6e848354c103d..e1c26a7c67759 100644 --- a/nixos/tests/opensmtpd.nix +++ b/nixos/tests/opensmtpd.nix @@ -16,18 +16,33 @@ import ./make-test-python.nix { } ]; }; - environment.systemPackages = [ pkgs.opensmtpd ]; + environment.systemPackages = + let + testSendmail = pkgs.writeScriptBin "test-sendmail" '' + #!/bin/sh + set -euxo pipefail + echo "========= SENDING" >&2 + ${pkgs.system-sendmail}/bin/sendmail -v -f alice@smtp1 bob@smtp2 >&2 <&2 + ''; + in + [ + pkgs.opensmtpd + testSendmail + ]; services.opensmtpd = { enable = true; extraServerArgs = [ "-v" ]; serverConfiguration = '' listen on 0.0.0.0 - action do_relay relay - # DO NOT DO THIS IN PRODUCTION! - # Setting up authentication requires a certificate which is painful in - # a test environment, but THIS WOULD BE DANGEROUS OUTSIDE OF A - # WELL-CONTROLLED ENVIRONMENT! - match from any for any action do_relay + action relay_smtp2 relay host "smtp://192.168.1.2" + match from any for any action relay_smtp2 ''; }; }; @@ -87,7 +102,7 @@ import ./make-test-python.nix { import smtplib, sys with smtplib.SMTP('192.168.1.1') as smtp: - smtp.sendmail('alice@[192.168.1.1]', 'bob@[192.168.1.2]', """ + smtp.sendmail('alice@smtp1', 'bob@smtp2', """ From: alice@smtp1 To: bob@smtp2 Subject: Test @@ -105,16 +120,19 @@ import ./make-test-python.nix { imap.select() status, refs = imap.search(None, 'ALL') assert status == 'OK' - assert len(refs) == 1 - status, msg = imap.fetch(refs[0], 'BODY[TEXT]') + assert len(refs) == 1 and refs[0] != "" + status, msg = imap.fetch(refs[0], '(BODY[TEXT])') assert status == 'OK' content = msg[0][1] print("===> content:", content) split = content.split(b'\r\n') print("===> split:", split) - lastline = split[-3] + split.reverse() + lastline = next(filter(lambda x: x != b"", map(bytes.strip, split))) print("===> lastline:", lastline) assert lastline.strip() == b'Hello World' + imap.store(refs[0], '+FLAGS', '\\Deleted') + imap.expunge() ''; in [ @@ -143,6 +161,11 @@ import ./make-test-python.nix { smtp1.wait_until_fails("smtpctl show queue | egrep .") smtp2.wait_until_fails("smtpctl show queue | egrep .") client.succeed("check-mail-landed >&2") + + smtp1.succeed("test-sendmail") + smtp1.wait_until_fails("smtpctl show queue | egrep .") + smtp2.wait_until_fails("smtpctl show queue | egrep .") + client.succeed("check-mail-landed >&2") ''; meta.timeout = 1800;