lordwelch/chasquid
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

You must login to view /lordwelch/chasquid/src/commit/df673c63fba6a986ce3665ca18432e1696a61a6f/README.md.
The GitHub option should be usable for most people, it only links via username.

Files
master
chasquid/test/t-21-dkim/run.sh
Alberto Bertogli 7a2e49c849 test/t-21-dkim: Add cross-tool check against driusan/dkimverify 
This patch adds a cross-tool integration check that uses
driusan/dkim's dkimverify to confirm it can verify our own DKIM signatures.

It is optional, since the tool may not be present.
2024-03-12 20:43:21 +00:00

89 lines
2.6 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
set -e
. "$(dirname "$0")/../util/lib.sh"
init
check_hostaliases
rm -rf .data-A .data-B .mail
# Build with the DNS override, so we can fake DNS records.
export GOTAGS="dnsoverride"
# srv-A has a pre-generated key, and the mail has a pre-generated header.
# Generate a key for srv-B, and append it to our statically configured zones.
# Use a fixed selector so we can be more thorough in from_B_to_A.expected.
rm -f B/domains/srv-b/*.pem
mkdir -p B/domains/srv-b/
CONFDIR=B chasquid-util dkim-keygen srv-b sel77 > /dev/null
cp zones .zones
CONFDIR=B chasquid-util dkim-dns srv-b | sed 's/"//g' >> .zones
# Launch minidns in the background using our configuration.
minidns_bg --addr=":9053" -zones=.zones >> .minidns.log 2>&1
# Two servers:
# A - listens on :1025, hosts srv-A
# B - listens on :2015, hosts srv-B
CONFDIR=A generate_certs_for srv-A
CONFDIR=A add_user user-a@srv-a nadaA
CONFDIR=B generate_certs_for srv-B
CONFDIR=B add_user user-b@srv-b nadaB
mkdir -p .logs-A .logs-B
chasquid -v=2 --logfile=.logs-A/chasquid.log --config_dir=A \
--testing__dns_addr=127.0.0.1:9053 \
--testing__outgoing_smtp_port=2025 &
chasquid -v=2 --logfile=.logs-B/chasquid.log --config_dir=B \
--testing__dns_addr=127.0.0.1:9053 \
--testing__outgoing_smtp_port=1025 &
wait_until_ready 1465
wait_until_ready 2465
wait_until_ready 9053
# Send from A to B.
smtpc --addr=localhost:1465 \
--server_cert=A/certs/srv-A/fullchain.pem \
--user=user-a@srv-a --password=nadaA \
user-b@srv-b < from_A_to_B
wait_for_file .mail/user-b@srv-b
mail_diff from_A_to_B.expected .mail/user-b@srv-b
# Send from B to A.
smtpc --addr=localhost:2465 \
--server_cert=B/certs/srv-B/fullchain.pem \
--user=user-b@srv-b --password=nadaB \
user-a@srv-a < from_B_to_A
wait_for_file .mail/user-a@srv-a
mail_diff from_B_to_A.expected .mail/user-a@srv-a
# Run chasquid-util dkim-verify to double check these are valid.
cat .zones | grep _domainkey.srv-b | sed 's/.*TXT//g' > .srv-b.dns.txt
CONFDIR=A chasquid-util dkim-verify -v "--txt=$(cat ./.srv-b.dns.txt)" \
< .mail/user-a@srv-a > .chasquid-util-dkim-verify.out 2>&1
if ! grep -q ";dkim=pass" .chasquid-util-dkim-verify.out; then
echo "chasquid-util dkim-verify output:"
cat .chasquid-util-dkim-verify.out
echo
fail "Failed chasquid-util dkim-verify"
fi
# If driusan/dkim's dkimverify is available, use it to check the generated
# signature.
if dkimverify --help 2>&1 > /dev/null | grep -q -- "-txt string"; then
# Verify B's signature only, because dkimverify only supports RSA.
dkimverify -txt .srv-b.dns.txt < .mail/user-a@srv-a
else
echo "skipped driusan's dkimverify cross-check (binary not available)"
fi
success
Reference in New Issue View Git Blame Copy Permalink