nixos-mailserver/tests/multiple.nix

# This tests is used to test features requiring several mail domains.

{
  lib,
  pkgs,
  ...
}:

let
  hashPassword =
    password:
    pkgs.runCommand "password-${password}-hashed"
      {
        buildInputs = [ pkgs.mkpasswd ];
        inherit password;
      }
      ''
        mkpasswd -s <<<"$password" > $out
      '';

  password = pkgs.writeText "password" "password";

  domainGenerator =
    domain:
    { pkgs, ... }:
    {
      imports = [
        ../default.nix
        ./lib/config.nix
      ];
      environment.systemPackages = with pkgs; [ netcat ];
      virtualisation.memorySize = 1024;
      mailserver = {
        enable = true;
        fqdn = "mail.${domain}";
        domains = [ domain ];
        localDnsResolver = false;
        loginAccounts = {
          "user@${domain}" = {
            hashedPasswordFile = hashPassword "password";
          };
        };
        enableImap = true;
        enableImapSsl = true;
      };
      services.dnsmasq = {
        enable = true;
        settings.mx-host = [
          "domain1.com,domain1,10"
          "domain2.com,domain2,10"
        ];
      };

      # breaks the test, due to running into DNS timeouts
      services.postfix-tlspol.configurePostfix = lib.mkForce false;
    };

in

{
  name = "multiple";

  nodes = {
    domain1 =
      { ... }:
      {
        imports = [
          ../default.nix
          (domainGenerator "domain1.com")
        ];
        mailserver.forwards = {
          "non-local@domain1.com" = [
            "user@domain2.com"
            "user@domain1.com"
          ];
          "non@domain1.com" = [
            "user@domain2.com"
            "user@domain1.com"
          ];
        };
      };
    domain2 = domainGenerator "domain2.com";
    client =
      { pkgs, ... }:
      {
        environment.systemPackages = [
          (pkgs.writeScriptBin "mail-check" ''
            ${pkgs.python3}/bin/python ${../scripts/mail-check.py} $@
          '')
        ];
      };
  };
  testScript = ''
    start_all()

    for domain in [domain1, domain2]:
      domain.wait_for_unit("multi-user.target")
      domain.wait_for_unit("dovecot.service")

    # TODO put this blocking into the systemd units?
    domain1.wait_until_succeeds(
        "set +e; timeout 1 nc -U /run/rspamd/rspamd-milter.sock < /dev/null; [ $? -eq 124 ]"
    )
    domain2.wait_until_succeeds(
        "set +e; timeout 1 nc -U /run/rspamd/rspamd-milter.sock < /dev/null; [ $? -eq 124 ]"
    )

    # user@domain1.com sends a mail to user@domain2.com via explicit TLS
    client.succeed(
        "mail-check send-and-read --smtp-port 587 --smtp-starttls --smtp-host domain1 --from-addr user@domain1.com --imap-host domain2 --to-addr user@domain2.com --src-password-file ${password} --dst-password-file ${password} --ignore-dkim-spf"
    )

    # Send a mail to the address forwarded via implicit TLS and check it is in the recipient mailbox
    client.succeed(
        "mail-check send-and-read --smtp-port 465 --smtp-ssl --smtp-host domain1 --from-addr user@domain1.com --imap-host domain2 --to-addr non-local@domain1.com --imap-username user@domain2.com --src-password-file ${password} --dst-password-file ${password} --ignore-dkim-spf"
    )
  '';
}