| #!/bin/sh |
| |
| |
| t_Log "Running $0 - Postfix plain SASL test." |
| t_Log "Installing prerequisits" |
| |
| t_InstallPackage openssl |
| |
| |
| cp -a /etc/postfix/main.cf /etc/postfix/main.cf_testing |
| if [ $centos_ver = 5 ] |
| then |
| cp -a /etc/dovecot.conf /etc/dovecot.conf_testing |
| else |
| cp -a /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf_testing |
| fi |
| |
| |
| TESTDIR='/var/tmp/openssl-test' |
| mkdir $TESTDIR |
| t_Log "creating private key" |
| if [ $centos_ver = 6 ] |
| then |
| openssl genpkey -algorithm rsa -out $TESTDIR/server.key.secure -pkeyopt rsa_keygen_bits:2048 > /dev/null 2>&1 |
| else |
| openssl genrsa -passout pass:centos -des3 -rand file1:file2:file3:file4:file5 -out $TESTDIR/server.key.secure 2048 > /dev/null 2>&1 |
| fi |
| if [ $? == 1 ] |
| then t_Log "Creation of private key failed." |
| ret_val=1 |
| exit |
| fi |
| |
| |
| cat > $TESTDIR/openssl_answers<<EOF |
| [ req ] |
| default_bits = 2048 |
| distinguished_name = req_distinguished_name |
| string_mask = nombstr |
| [ req_distinguished_name ] |
| countryName = Country Name (2 letter code) |
| countryName_default = UK |
| stateOrProvinceName = State or Province Name (full name) |
| stateOrProvinceName_default = somestate |
| localityName = Locality Name (eg, city) |
| localityName_default = somecity |
| 0.organizationName = Organization Name (eg, company) |
| 0.organizationName_default = CentOS-Project |
| organizationalUnitName = Organizational Unit Name (eg, section) |
| organizationalUnitName_default = CentOS |
| EOF |
| |
| t_Log "creating server key" |
| if [ $centos_ver = 6 ] |
| then |
| openssl rsa -in $TESTDIR/server.key.secure -out $TESTDIR/server.key > /dev/null 2>&1 |
| else |
| openssl rsa -passin pass:centos -in $TESTDIR/server.key.secure -out $TESTDIR/server.key > /dev/null 2>&1 |
| fi |
| if [ $? == 1 ] |
| then t_Log "Creation of server key failed." |
| ret_val=1 |
| exit |
| fi |
| |
| openssl req -batch -config $TESTDIR/openssl_answers -new -key $TESTDIR/server.key -out $TESTDIR/server.csr > /dev/null 2>&1 |
| if [ $? == 1 ] |
| then t_Log "Creation of CSR failed." |
| ret_val=1 |
| exit |
| fi |
| |
| t_Log "creating server certificate" |
| openssl x509 -req -days 3600 -in $TESTDIR/server.csr -signkey $TESTDIR/server.key -out $TESTDIR/server.crt > /dev/null 2>&1 |
| if [ $? == 1 ] |
| then t_Log "Creation of CRT failed." |
| ret_val=1 |
| exit |
| fi |
| |
| |
| cp -a $TESTDIR/server.crt /etc/pki/tls/certs/ |
| cp -a $TESTDIR/server.key /etc/pki/tls/private/ |
| |
| |
| cat >> /etc/postfix/main.cf <<EOF |
| smtpd_sasl_auth_enable = yes |
| broken_sasl_auth_clients = yes |
| smtpd_sasl_type = dovecot |
| smtpd_sasl_path = private/auth |
| smtpd_sasl_security_options = noanonymous |
| |
| smtpd_tls_security_level = may |
| smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key |
| smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.cert |
| |
| smtpd_tls_loglevel = 1 |
| smtpd_tls_session_cache_timeout = 3600s |
| smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache |
| tls_random_source = dev:/dev/urandom |
| smtpd_tls_auth_only = yes |
| |
| smtpd_recipient_restrictions = |
| permit_mynetworks, |
| permit_sasl_authenticated, |
| reject_unauth_destination |
| EOF |
| |
| |
| if [ $centos_ver = 5 ] |
| then |
| cat > /etc/dovecot.conf <<EOF |
| protocol imap { |
| } |
| protocol pop3 { |
| } |
| protocol lda { |
| postmaster_address = postmaster@example.com |
| } |
| auth default { |
| mechanisms = plain |
| passdb pam { |
| } |
| userdb passwd { |
| } |
| user = root |
| socket listen { |
| client { |
| path = /var/spool/postfix/private/auth |
| mode = 0660 |
| user = postfix |
| group = postfix |
| } |
| } |
| } |
| dict { |
| } |
| plugin { |
| } |
| EOF |
| else |
| cat >> /etc/dovecot/dovecot.conf <<EOF |
| service auth { |
| unix_listener /var/spool/postfix/private/auth { |
| mode = 0660 |
| user = postfix |
| group = postfix |
| } |
| } |
| EOF |
| fi |
| |
| |
| t_ServiceControl postfix restart |
| t_ServiceControl dovecot restart |
| |
| |
| t_Log "Testing if postfix accepts connections and offers STARTTLS" |
| echo "ehlo test" | nc -w 3 localhost 25 | grep -q 'STARTTLS' |
| ret_val=$? |
| |
| |
| mv -f /etc/postfix/main.cf_testing /etc/postfix/main.cf |
| if [ $centos_ver = 5 ] |
| then |
| mv -f /etc/dovecot.conf_testing /etc/dovecot.conf |
| else |
| mv -f /etc/dovecot/dovecot.conf_testing /etc/dovecot/dovecot.conf |
| fi |
| rm -rf $TESTDIR/server.* |
| rm -rf /etc/pki/tls/certs/server.crt |
| rm -rf /etc/pki/tls/private/server.key |
| |
| t_CheckExitStatus $ret_val |