git » chasquid » main » test/t-21-dkim/run.sh

#!/bin/bash

set -e
. "$(dirname "$0")/../util/lib.sh"

init
check_hostaliases

rm -rf .data-A .data-B .mail

# Build with the DNS override, so we can fake DNS records.
export GOTAGS="dnsoverride"

# srv-A has a pre-generated key, and the mail has a pre-generated header.
# Generate a key for srv-B, and append it to our statically configured zones.
# Use a fixed selector so we can be more thorough in from_B_to_A.expected.
rm -f B/domains/srv-b/*.pem
mkdir -p B/domains/srv-b/
CONFDIR=B chasquid-util dkim-keygen srv-b sel77 > /dev/null

cp zones .zones
CONFDIR=B chasquid-util dkim-dns srv-b | sed 's/"//g' >> .zones

# Launch minidns in the background using our configuration.
minidns_bg --addr=":9053" -zones=.zones >> .minidns.log 2>&1

# Two servers:
# A - listens on :1025, hosts srv-A
# B - listens on :2015, hosts srv-B

CONFDIR=A generate_certs_for srv-A
CONFDIR=A add_user user-a@srv-a nadaA

CONFDIR=B generate_certs_for srv-B
CONFDIR=B add_user user-b@srv-b nadaB

mkdir -p .logs-A .logs-B

chasquid -v=2 --logfile=.logs-A/chasquid.log --config_dir=A \
	--testing__dns_addr=127.0.0.1:9053 \
	--testing__outgoing_smtp_port=2025 &
chasquid -v=2 --logfile=.logs-B/chasquid.log --config_dir=B \
	--testing__dns_addr=127.0.0.1:9053 \
	--testing__outgoing_smtp_port=1025 &

wait_until_ready 1465
wait_until_ready 2465
wait_until_ready 9053

# Send from A to B.
smtpc --addr=localhost:1465 \
	--server_cert=A/certs/srv-A/fullchain.pem \
	--user=user-a@srv-a --password=nadaA \
	user-b@srv-b < from_A_to_B

wait_for_file .mail/user-b@srv-b
mail_diff from_A_to_B.expected .mail/user-b@srv-b

# Send from B to A.
smtpc --addr=localhost:2465 \
	--server_cert=B/certs/srv-B/fullchain.pem \
	--user=user-b@srv-b --password=nadaB \
	user-a@srv-a < from_B_to_A

wait_for_file .mail/user-a@srv-a
mail_diff from_B_to_A.expected .mail/user-a@srv-a

# Run chasquid-util dkim-verify to double check these are valid.
cat .zones | grep _domainkey.srv-b | sed 's/.*TXT//g' > .srv-b.dns.txt
CONFDIR=A chasquid-util dkim-verify -v "--txt=$(cat ./.srv-b.dns.txt)" \
	< .mail/user-a@srv-a > .chasquid-util-dkim-verify.out 2>&1
if ! grep -q ";dkim=pass" .chasquid-util-dkim-verify.out; then
	echo "chasquid-util dkim-verify output:"
	cat .chasquid-util-dkim-verify.out
	echo
	fail "Failed chasquid-util dkim-verify"
fi

# If driusan/dkim's dkimverify is available, use it to check the generated
# signature.
if dkimverify --help 2>&1 > /dev/null | grep -q -- "-txt string"; then
	# Verify B's signature only, because dkimverify only supports RSA.
	dkimverify -txt .srv-b.dns.txt < .mail/user-a@srv-a
else
	echo "skipped driusan's dkimverify cross-check (binary not available)"
fi

success
git » chasquid » main » tree

[main] / test / t-21-dkim / run.sh
