nixpkgs/nixos/tests/opensmtpd-rspamd.nix

142 lines
4.5 KiB
Nix
Raw Normal View History

import ./make-test-python.nix {
name = "opensmtpd-rspamd";
nodes = {
smtp1 = { pkgs, ... }: {
imports = [ common/user-account.nix ];
networking = {
firewall.allowedTCPPorts = [ 25 143 ];
useDHCP = false;
interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [
{ address = "192.168.1.1"; prefixLength = 24; }
];
};
environment.systemPackages = [ pkgs.opensmtpd ];
services.opensmtpd = {
enable = true;
extraServerArgs = [ "-v" ];
serverConfiguration = ''
listen on 0.0.0.0
action dovecot_deliver mda \
"${pkgs.dovecot}/libexec/dovecot/deliver -d %{user.username}"
match from any for local action dovecot_deliver
action do_relay relay
# DO NOT DO THIS IN PRODUCTION!
# Setting up authentication requires a certificate which is painful in
# a test environment, but THIS WOULD BE DANGEROUS OUTSIDE OF A
# WELL-CONTROLLED ENVIRONMENT!
match from any for any action do_relay
'';
};
services.dovecot2 = {
enable = true;
enableImap = true;
mailLocation = "maildir:~/mail";
protocols = [ "imap" ];
};
};
smtp2 = { pkgs, ... }: {
imports = [ common/user-account.nix ];
networking = {
firewall.allowedTCPPorts = [ 25 143 ];
useDHCP = false;
interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [
{ address = "192.168.1.2"; prefixLength = 24; }
];
};
environment.systemPackages = [ pkgs.opensmtpd ];
services.rspamd = {
enable = true;
locals."worker-normal.inc".text = ''
bind_socket = "127.0.0.1:11333";
'';
};
services.opensmtpd = {
enable = true;
extraServerArgs = [ "-v" ];
serverConfiguration = ''
filter rspamd proc-exec "${pkgs.opensmtpd-filter-rspamd}/bin/filter-rspamd"
listen on 0.0.0.0 filter rspamd
action dovecot_deliver mda \
"${pkgs.dovecot}/libexec/dovecot/deliver -d %{user.username}"
match from any for local action dovecot_deliver
'';
};
services.dovecot2 = {
enable = true;
enableImap = true;
mailLocation = "maildir:~/mail";
protocols = [ "imap" ];
};
};
client = { pkgs, ... }: {
networking = {
useDHCP = false;
interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [
{ address = "192.168.1.3"; prefixLength = 24; }
];
};
environment.systemPackages = let
sendTestMail = pkgs.writeScriptBin "send-a-test-mail" ''
#!${pkgs.python3.interpreter}
import smtplib, sys
with smtplib.SMTP('192.168.1.1') as smtp:
smtp.sendmail('alice@[192.168.1.1]', 'bob@[192.168.1.2]', """
From: alice@smtp1
To: bob@smtp2
Subject: Test
Hello World
Here goes the spam test
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
""")
'';
checkMailBounced = pkgs.writeScriptBin "check-mail-bounced" ''
#!${pkgs.python3.interpreter}
import imaplib
with imaplib.IMAP4('192.168.1.1', 143) as imap:
imap.login('alice', 'foobar')
imap.select()
status, refs = imap.search(None, 'ALL')
assert status == 'OK'
assert len(refs) == 1
status, msg = imap.fetch(refs[0], 'BODY[TEXT]')
assert status == 'OK'
content = msg[0][1]
print("===> content:", content)
assert b"An error has occurred while attempting to deliver a message" in content
'';
in [ sendTestMail checkMailBounced ];
};
};
testScript = ''
start_all()
client.wait_for_unit("network-online.target")
smtp1.wait_for_unit("opensmtpd")
smtp2.wait_for_unit("opensmtpd")
smtp2.wait_for_unit("rspamd")
smtp2.wait_for_unit("dovecot2")
# To prevent sporadic failures during daemon startup, make sure
# services are listening on their ports before sending requests
smtp1.wait_for_open_port(25)
smtp2.wait_for_open_port(25)
smtp2.wait_for_open_port(143)
smtp2.wait_for_open_port(11333)
client.succeed("send-a-test-mail")
smtp1.wait_until_fails("smtpctl show queue | egrep .")
client.succeed("check-mail-bounced >&2")
'';
meta.timeout = 1800;
}