feat(mta): support authentication for smtp relay hosts

.ci/matrix/relayhost.env

@@ -1 +1,4 @@
-RELAYHOST=[mailhog]:1025
+MP_SMTP_AUTH=user1:password1
+MP_SMTP_AUTH_ALLOW_INSECURE=true
+RELAYHOST=[mailpit]:1025
+RELAY_PASSWD_FILE=/etc/postfix/sasl_passwd_test

.env.dist

@@ -11,6 +11,8 @@ [email protected]
 # Relay mails to another SMTP server
 # https://github.com/jeboehm/docker-mailserver/wiki/Howto:-Use-External-Mail-Relay-For-Sending-Mails
 RELAYHOST=false
+RELAY_OPTIONS=false
+RELAY_PASSWD_FILE=false
 
 # Block suspicious attachments by type (bat, com, exe, dll, vbs, docm, doc, dzip)
 FILTER_MIME=false

.github/workflows/integration-tests.yml

@@ -4,6 +4,7 @@ name: Integration Tests
 
 on:
   pull_request:
+  workflow_dispatch:
 
 jobs:
   test:

.gitignore

@@ -1,2 +1,3 @@
 .env
 docker-compose.override.yml
+/config/

docker-compose.test.yml

@@ -3,8 +3,8 @@
 version: '3.5'
 
 services:
-  mailhog:
-    image: mailhog/mailhog:v1.0.1
+  mailpit:
+    image: axllent/mailpit:v1.20
 
   test:
     build: ./test
@@ -17,7 +17,7 @@ services:
       - ./test/rootfs/usr/share/tests:/usr/share/tests:ro
     env_file: .env
     depends_on:
-      - mailhog
+      - mailpit
 
   # For development
   # web:

mta/Dockerfile

@@ -17,6 +17,8 @@ ENV MAILNAME=mail.example.com \
     MDA_HOST=mda \
     MTA_HOST=mta \
     RELAYHOST=false \
+    RELAY_PASSWD_FILE=false \
+    RELAY_OPTIONS=false \
     SSL_CERT=/media/tls/mailserver.crt \
     SSL_KEY=/media/tls/mailserver.key \
     WAITSTART_TIMEOUT=1m \

mta/rootfs/etc/postfix/sasl_passwd_test

@@ -0,0 +1 @@
+[mailpit]:1025 user1:password1

mta/rootfs/usr/local/bin/entrypoint.sh

@@ -17,6 +17,21 @@ fi
 if [ "${RELAYHOST}" != "false" ]
 then
   postconf relayhost="${RELAYHOST}"
+  if [ "${RELAY_PASSWD_FILE}" != "false" ]
+  then
+    #fix permissions for postmap
+    chown root:root "${RELAY_PASSWD_FILE}"
+    chmod 600 "${RELAY_PASSWD_FILE}"
+    postmap "${RELAY_PASSWD_FILE}"
+    postconf smtp_tls_security_level=may
+    postconf smtp_sasl_auth_enable=yes
+    postconf smtp_sasl_password_maps=lmdb:"${RELAY_PASSWD_FILE}"
+    postconf smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
+  fi
+  if [ "${RELAY_OPTIONS}" != "false" ]
+  then
+    postconf smtp_sasl_security_options="${RELAY_OPTIONS}"
+  fi
 fi
 
 dockerize \

test/rootfs/usr/share/tests/080_relayhost.bats

@@ -1,17 +1,17 @@
 #!/usr/bin/env bats
 
-@test "check mailhog api for messages" {
-    if [ ${RELAYHOST} = "false" ]; then
+@test "check mailpit api for messages" {
+    if [ "${RELAYHOST}" = "false" ]; then
         echo '# Relayhost is disabled, skipping test' >&3
         skip
     fi
 
-    run curl "http://mailhog:8025/api/v2/messages"
+    run curl "http://mailpit:8025/api/v1/messages"
     [ "$status" -eq 0 ]
 }
 
 @test "send mail to mta with smtp authentification, external recipient" {
-    if [ ${RELAYHOST} = "false" ]; then
+    if [ "${RELAYHOST}" = "false" ]; then
         echo '# Relayhost is disabled, skipping test' >&3
         skip
     fi
@@ -20,15 +20,15 @@
     [ "$status" -eq 0 ]
 }
 
-@test "check mailhog api for outgoing message" {
-    if [ ${RELAYHOST} = "false" ]; then
+@test "check mailpit api for outgoing message" {
+    if [ "${RELAYHOST}" = "false" ]; then
         echo '# Relayhost is disabled, skipping test' >&3
         skip
     fi
 
-    sleep 5 # Give mailhog some time
+    sleep 5 # Give mailpit some time
 
-    RESULT=$(curl -s "http://mailhog:8025/api/v2/messages" | jq -cr .items[0].Content.Body | tr -d '[:space:]')
+    RESULT=$(curl -s "http://mailpit:8025/api/v1/messages" | jq -cr ".messages[0].Snippet" | tr -d '[:space:]')
 
     # send mail to mta with smtp authentification, external recipient
     [ "$RESULT" = "sendmailtomtawithsmtpauthentification,externalrecipient" ]