From 4818b57a922cbf68e66d162c62116a2ab0005095 Mon Sep 17 00:00:00 2001 From: Antoine Eiche Date: Mon, 5 Oct 2020 21:18:36 +0200 Subject: [PATCH] test.dovecot: ensure port 143 is closed when enableImap is not set The test also checks the connection on the imap port 993 is a SSL connection. --- mail-server/dovecot.nix | 4 ++++ tests/intern.nix | 9 +++++++++ 2 files changed, 13 insertions(+) diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix index 56cc1ab..4e77baf 100644 --- a/mail-server/dovecot.nix +++ b/mail-server/dovecot.nix @@ -124,6 +124,7 @@ in ${if cfg.enableImap then '' port = 143 '' else '' + # see https://dovecot.org/pipermail/dovecot/2010-March/047479.html port = 0 ''} } @@ -132,6 +133,7 @@ in port = 993 ssl = yes '' else '' + # see https://dovecot.org/pipermail/dovecot/2010-March/047479.html port = 0 ''} } @@ -143,6 +145,7 @@ in ${if cfg.enablePop3 then '' port = 110 '' else '' + # see https://dovecot.org/pipermail/dovecot/2010-March/047479.html port = 0 ''} } @@ -151,6 +154,7 @@ in port = 995 ssl = yes '' else '' + # see https://dovecot.org/pipermail/dovecot/2010-March/047479.html port = 0 ''} } diff --git a/tests/intern.nix b/tests/intern.nix index b4f42db..0799fc0 100644 --- a/tests/intern.nix +++ b/tests/intern.nix @@ -62,6 +62,8 @@ pkgs.nixosTest { vmailGroupName = "vmail"; vmailUID = 5000; + + enableImap = false; }; }; }; @@ -86,5 +88,12 @@ pkgs.nixosTest { machine.succeed( "${pkgs.curl}/bin/curl --unix-socket /run/rspamd/worker-controller.sock http://localhost/ | grep -q ''" ) + + with subtest("imap port 143 is closed and imaps is serving SSL"): + machine.wait_for_closed_port(143) + machine.wait_for_open_port(993) + machine.succeed( + "echo | ${pkgs.openssl}/bin/openssl s_client -connect localhost:993 | grep 'New, TLS'" + ) ''; }