def setUp(self):
'''Set up prior to each test_* function'''
self.haproxy_default = "/etc/default/haproxy"
self.haproxy_config = "/etc/haproxy/haproxy.cfg"
self.haproxy_daemon = testlib.TestDaemon("/etc/init.d/haproxy")
self.my_ip = self._get_my_ip()
testlib.config_set(self.haproxy_default, "ENABLED", "1", False)
default_config = '''
global
daemon
maxconn 256
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http-in
bind *:8000
default_backend servers
backend servers
server server1 127.0.0.1:80 maxconn 32
server server2 %s:80 maxconn 32
''' % self.my_ip
testlib.config_replace(self.haproxy_config, default_config)
testlib_httpd.HttpdCommon._setUp(self, clearlogs=True)
self.haproxy_daemon.restart()
def setUp(self):
'''Set up prior to each test_* function'''
self.fs_dir = os.path.abspath('.')
testlib_archive.ArchiveCommon._setUp(self)
self.dest_dir = "test-dest"
self.dest_root = os.path.join(self.tempdir, self.dest_dir)
os.mkdir(self.dest_root)
self.rsyncd_default = "/etc/default/rsync"
self.rsyncd_conf = "/etc/rsyncd.conf"
self.rsyncd_secrets = "/etc/rsyncd.secrets"
testlib.config_set(self.rsyncd_default,
'RSYNC_ENABLE',
'true',
spaces=False)
testlib.config_replace(
self.rsyncd_conf, '''[test-module]
path = %s
auth users = *
secrets file = %s
''' % (self.archive_root, self.rsyncd_secrets))
testlib.config_replace(self.rsyncd_secrets, '''gooduser:goodpass
''')
os.chmod(self.rsyncd_secrets, 0700)
self.daemon = testlib.TestDaemon("/etc/init.d/rsync")
self.daemon.force_restart()
time.sleep(1)
def setUp(self):
'''Set up prior to each test_* function'''
self.mailman_daemon = testlib.TestDaemon("/etc/init.d/mailman")
self.mailman_cfg = '/etc/mailman/mm_cfg.py'
self.mailman_aliases = '/var/lib/mailman/data/aliases'
self.mailman_pid = '/var/run/mailman/mailman.pid'
self.postfix_daemon = testlib.TestDaemon("/etc/init.d/postfix")
self.postfix_mastercf = '/etc/postfix/master.cf'
self.postfix_maincf = '/etc/postfix/main.cf'
self.postfix_transport = '/etc/postfix/transportqrt'
self.postfix_aliases = '/etc/aliases'
self.ports_file = "/etc/apache2/ports.conf"
self.mailman_site = "/etc/apache2/sites-enabled/mailman"
self.tempdir = tempfile.mkdtemp()
if self.lsb_release['Release'] >= 12.10:
self.default_site = "/etc/apache2/sites-available/000-default.conf"
else:
self.default_site = "/etc/apache2/sites-available/default"
if self.lsb_release['Release'] >= 13.10:
self.apache_pid = "/var/run/apache2/apache2.pid"
else:
self.apache_pid = "/var/run/apache2.pid"
self.cj = cookielib.LWPCookieJar()
self.opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(self.cj))
# Make sure daemons are stopped before we begin
self.postfix_daemon.stop()
self.mailman_daemon.stop()
testlib.config_replace(self.mailman_aliases, "", append=True)
testlib.config_set(self.mailman_cfg,'MTA',"'Postfix'")
subprocess.call(['/usr/lib/mailman/bin/genaliases'], stdout=subprocess.PIPE)
subprocess.call(['chown', 'root:list', self.mailman_aliases])
# Is this a packaging mistake?
subprocess.call(['chown', 'list:list', '/var/lib/mailman/archives/private'])
self._zap_lists()
subprocess.call(['/usr/sbin/newlist', '-q', '*****@*****.**', '*****@*****.**' ,'ubuntu'], stdout=subprocess.PIPE)
self._setUp_postfix()
self._setUp_apache()
self.mailman_daemon.restart()
self.user = testlib.TestUser(lower=True)
self.s = None
# Silently allow for this connection to fail, to handle the
# initial setup of the postfix server.
try:
self.s = smtplib.SMTP('localhost', port=25)
except:
pass
def test_cve_2010_3089(self):
'''Test CVE-2010-3089'''
tempconf = os.path.join(self.tempdir, 'templist-config')
# Create a test list and insert XSS into description
subprocess.call(['/usr/sbin/newlist', '-q', '*****@*****.**', '*****@*****.**' ,'ubuntu'], stdout=subprocess.PIPE)
subprocess.call(['/usr/sbin/config_list', '-o', tempconf, 'testlist'], stdout=subprocess.PIPE)
testlib.config_set(tempconf,'description',"'<XSSTEST>'")
subprocess.call(['/usr/sbin/config_list', '-i', tempconf, 'testlist'], stdout=subprocess.PIPE)
request = "GET /cgi-bin/mailman/listinfo/testlist HTTP/1.1\nHost: localhost\nConnection: close\n\n"
self._test_raw(request, '<XSSTEST>', port=8000, invert=True)
self._test_raw(request, '<XSSTEST>', port=8000)
def test_cve_2010_3089(self):
'''Test CVE-2010-3089'''
tempconf = os.path.join(self.tempdir, 'templist-config')
# Create a test list and insert XSS into description
subprocess.call(['/usr/sbin/newlist', '-q', '*****@*****.**', '*****@*****.**' ,'ubuntu'], stdout=subprocess.PIPE)
subprocess.call(['/usr/sbin/config_list', '-o', tempconf, 'testlist'], stdout=subprocess.PIPE)
testlib.config_set(tempconf,'description',"'<XSSTEST>'")
subprocess.call(['/usr/sbin/config_list', '-i', tempconf, 'testlist'], stdout=subprocess.PIPE)
request = "GET /cgi-bin/mailman/listinfo/testlist HTTP/1.1\nHost: localhost\nConnection: close\n\n"
self._test_raw(request, '<XSSTEST>', port=8000, invert=True)
self._test_raw(request, '<XSSTEST>', port=8000)
def setUp(self):
'''Set up prior to each test_* function'''
self.mailman_daemon = testlib.TestDaemon("/etc/init.d/mailman")
self.mailman_cfg = '/etc/mailman/mm_cfg.py'
self.mailman_aliases = '/var/lib/mailman/data/aliases'
self.mailman_pid = '/var/run/mailman/mailman.pid'
self.postfix_daemon = testlib.TestDaemon("/etc/init.d/postfix")
self.postfix_mastercf = '/etc/postfix/master.cf'
self.postfix_maincf = '/etc/postfix/main.cf'
self.postfix_transport = '/etc/postfix/transportqrt'
self.postfix_aliases = '/etc/aliases'
self.apache_pid = "/var/run/apache2.pid"
self.ports_file = "/etc/apache2/ports.conf"
self.default_site = "/etc/apache2/sites-available/default"
self.mailman_site = "/etc/apache2/sites-enabled/mailman"
self.tempdir = tempfile.mkdtemp()
self.cj = cookielib.LWPCookieJar()
self.opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(self.cj))
# Make sure daemons are stopped before we begin
self.postfix_daemon.stop()
self.mailman_daemon.stop()
testlib.config_replace(self.mailman_aliases, "", append=True)
testlib.config_set(self.mailman_cfg,'MTA',"'Postfix'")
subprocess.call(['/usr/lib/mailman/bin/genaliases'], stdout=subprocess.PIPE)
subprocess.call(['chown', 'root:list', self.mailman_aliases])
# Is this a packaging mistake?
subprocess.call(['chown', 'list:list', '/var/lib/mailman/archives/private'])
self._zap_lists()
subprocess.call(['/usr/sbin/newlist', '-q', '*****@*****.**', '*****@*****.**' ,'ubuntu'], stdout=subprocess.PIPE)
self._setUp_postfix()
self._setUp_apache()
self.mailman_daemon.restart()
self.user = testlib.TestUser(lower=True)
self.s = None
# Silently allow for this connection to fail, to handle the
# initial setup of the postfix server.
try:
self.s = smtplib.SMTP('localhost', port=25)
except:
pass
def setUp(self):
'''Set up prior to each test_* function'''
self.user = testlib.TestUser()
self.user_testfile = os.path.join(self.user.home, "testfile")
self.user_teststring = "Ubuntu rocks!"
testlib.create_fill(self.user_testfile, self.user_teststring)
self.vsftpd_conf = "/etc/vsftpd.conf"
testlib.config_set(self.vsftpd_conf,'write_enable','YES', spaces=False)
testlib.config_set(self.vsftpd_conf,'local_enable','YES', spaces=False)
self.tempdir = tempfile.mkdtemp(dir='/tmp',prefix="vsftpd-")
self.daemon = testlib.TestDaemon("/etc/init.d/vsftpd")
self.daemon.restart()
self.current_dir = os.getcwd()
def test_network_isolation(self):
'''Test network isolation'''
if self.lsb_release['Release'] < 9.10:
return self._skipped("isolate_network not supported in %s" % self.lsb_release['Codename'].capitalize())
for isolate in ['YES', 'NO']:
testlib.config_set(self.vsftpd_conf,'isolate_network',isolate, spaces=False)
self.daemon.restart()
# Download file in temp directory
os.chdir(self.tempdir)
self._download_file(user=self.user.login, password=self.user.password,
remote_file='testfile')
os.chdir(self.current_dir)
self._check_contents(os.path.join(self.tempdir,'testfile'),self.user_teststring)
# cleanup
os.unlink(os.path.join(self.tempdir,'testfile'))
def _setUp(self):
'''Create server configs.'''
# Move listener to localhost:2525
conf_file = '/etc/postfix/master.cf'
lines = open(conf_file)
contents = ''
for cfline in lines:
if cfline.startswith('smtp') and 'smtpd' in cfline and 'inet' in cfline:
contents += '127.0.0.1:2525 inet n - - - - smtpd\n'
else:
contents += "%s\n" % cfline
testlib.config_replace(conf_file, contents, append=False)
conf_file = '/etc/postfix/main.cf'
# Use mbox only
testlib.config_comment(conf_file,'home_mailbox')
testlib.config_set(conf_file,'mailbox_command','procmail -a "$EXTENSION"')
# Turn on sasl
self._setup_sasl("PLAIN")
reply = self._check_auth("PLAIN")
def _setUp(self):
'''Create server configs.'''
# Move listener to localhost:2525
conf_file = '/etc/postfix/master.cf'
lines = open(conf_file)
contents = ''
for cfline in lines:
if cfline.startswith('smtp') and 'smtpd' in cfline and 'inet' in cfline:
contents += '127.0.0.1:2525 inet n - - - - smtpd\n'
else:
contents += "%s\n" % cfline
testlib.config_replace(conf_file, contents, append=False)
conf_file = '/etc/postfix/main.cf'
# Use mbox only
testlib.config_comment(conf_file,'home_mailbox')
testlib.config_set(conf_file,'mailbox_command','procmail -a "$EXTENSION"')
# Turn on sasl
self._setup_sasl("PLAIN")
reply = self._check_auth("PLAIN")
def _setup_sasl(self, mech, other_mech="", force_sasldb=False):
'''Setup sasl for mech'''
conf_file = '/etc/postfix/main.cf'
for field in ['smtpd_sasl_type','smtpd_sasl_local_domain','smtpd_tls_auth_only']:
testlib.config_comment(conf_file,field)
testlib.config_set(conf_file,'smtpd_sasl_path','smtpd')
testlib.config_set(conf_file,'smtpd_sasl_auth_enable','yes')
#testlib.config_set(conf_file,'broken_sasl_auth_clients','yes')
testlib.config_set(conf_file,'smtpd_sasl_authenticated_header','yes')
testlib.config_set(conf_file,'smtpd_tls_loglevel','2')
# setup smtpd.conf and the sasl users
contents = ''
self.assertTrue(mech in ['LOGIN', 'PLAIN', 'CRAM-MD5', 'DIGEST-MD5'], "Invalid mech: %s" % mech)
if not force_sasldb and (mech == "PLAIN" or mech == "LOGIN"):
conf_file = '/etc/default/saslauthd'
testlib.config_set(conf_file, 'START', 'yes', spaces=False)
contents = '''
pwcheck_method: saslauthd
allowanonymouslogin: 0
allowplaintext: 1
mech_list: %s %s
''' % (mech, other_mech)
# attach SASL to postfix chroot
subprocess.call(['mkdir','-p','/var/spool/postfix/var/run/saslauthd'])
subprocess.call(['rm','-rf','/var/run/saslauthd'])
subprocess.call(['ln','-s','/var/spool/postfix/var/run/saslauthd','/var/run/saslauthd'])
subprocess.call(['/usr/sbin/service', 'saslauthd', 'stop'], stdout=subprocess.PIPE)
assert subprocess.call(['/usr/sbin/service', 'saslauthd', 'start'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) == 0
# Force crackful perms so chroot'd postfix can talk to saslauthd
subprocess.call(['chmod','o+x','/var/spool/postfix/var/run/saslauthd'])
else:
plaintext = "1"
if mech == "LOGIN" or mech == "PLAIN":
plaintext = "0"
contents = '''
pwcheck_method: auxprop
allowanonymouslogin: 0
allowplaintext: %s
mech_list: %s %s
''' % (plaintext, mech, other_mech)
# Add user to sasldb2
testlib.config_replace("/etc/sasldb2", '', append=False)
rc, report = testlib.cmd(['postconf', '-h', 'myhostname'])
expected = 0
result = 'Got exit code %d, expected %d\n' % (rc, expected)
self.assertEquals(expected, rc, result + report)
child = pexpect.spawn('saslpasswd2 -c -u %s %s' % (report.strip(), self.user.login))
time.sleep(0.2)
child.expect(r'(?i)password', timeout=5)
time.sleep(0.2)
child.sendline(self.user.password)
time.sleep(0.2)
child.expect(r'.*(for verification)', timeout=5)
time.sleep(0.2)
child.sendline(self.user.password)
time.sleep(0.2)
rc = child.expect('\n', timeout=5)
time.sleep(0.2)
self.assertEquals(rc, expected, "passwd returned %d" %(rc))
child.kill(0)
os.chmod("/etc/sasldb2", 0640)
rc, report = testlib.cmd(['chgrp', 'postfix', '/etc/sasldb2'])
expected = 0
result = 'Got exit code %d, expected %d\n' % (rc, expected)
self.assertEquals(expected, rc, result + report)
# Force crackful perms so chroot'd postfix can talk to saslauthd
subprocess.call(['mv', '-f', '/etc/sasldb2', '/var/spool/postfix/etc'])
subprocess.call(['ln', '-s', '/var/spool/postfix/etc/sasldb2', '/etc/sasldb2'])
conf_file = '/etc/postfix/sasl/smtpd.conf'
testlib.config_replace(conf_file, contents, append=False)
# Restart server
self._restart_server()
def test_CVE_2011_2189(self):
'''Test CVE-2011-2189 for 60 seconds'''
# This is actually a kernel issue, but we are patching vsftpd so it
# won't trigger this. It is known to work on 2.6.32-28.55-generic.
# 2.6.36 and higher kernels are known to be ok.
if self.lsb_release['Release'] < 9.10:
return self._skipped("isolate_network not supported in %s" % self.lsb_release['Codename'].capitalize())
# prepare our files to upload
upload_topdir = os.path.join(self.tempdir, 'upload')
max_dirs = 6
max_files = 6
snippet = ""
for i in range(1,max_dirs+1):
d = os.path.join(self.tempdir, 'tmp%d' % i)
testlib.cmd(['mkdir', d])
ud = os.path.join(upload_topdir, 'tmp%d' % i)
testlib.cmd(['mkdir', '-p', ud])
for j in range(1, max_files+1):
f = os.path.join(d, 'test%d' % (j))
testlib.cmd(['dd', 'if=/dev/urandom', 'of=%s' % (f), 'bs=1', 'count=2048'])
if i == 1:
f_bn = os.path.basename(f)
snippet += "put %s -o %s.$i\n" % (f_bn, f_bn)
testlib.cmd(['chown', '-R', self.user.login, self.tempdir])
script = os.path.join(self.tempdir,'feedftp')
contents = '''#!/bin/bash
cd %s
while [ 1 ] ; do
if [ ! -d "tmp$1" ]; then
echo "tmp$1 does not exist. Stopping"
break
fi
lftp -u %s,%s localhost <<EOF
cd %s/upload/tmp$1
lcd %s/tmp$1
%s
EOF
let i=$i+1
done
''' % (self.tempdir, self.user.login, self.user.password, self.tempdir, self.tempdir, snippet)
testlib.create_fill(script, contents, mode=0755)
testlib.config_set(self.vsftpd_conf,'isolate_network','YES', spaces=False)
self.daemon.restart()
exploit = os.path.join(self.tempdir,'exploit')
contents = '''#!/bin/sh
cd %s
for i in 1 2 3 4 5 6 7 8 ; do
%s $i >/dev/null &
done
''' % (self.tempdir, script)
testlib.create_fill(exploit, contents, mode=0755)
rc, report = testlib.cmd(['wc', '-l', '/proc/vmallocinfo'])
vmalloc_baseline = int(report.split()[0])
self.listener = os.fork()
if self.listener == 0:
#args = ['/bin/sh', '-c', 'exec %s' % exploit]
args = ['/bin/sh', '-c', 'exec %s >/dev/null 2>&1' % exploit]
os.execv(args[0], args)
sys.exit(0)
time.sleep(60)
rc, report = testlib.cmd(['wc', '-l', '/proc/vmallocinfo'])
vmalloc_now = int(report.split()[0])
# kill server now
os.kill(self.listener, 15)
os.waitpid(self.listener, 0)
time.sleep(3) # let exploit be killed
testlib.cmd(['killall', '-9', os.path.basename(script)])
time.sleep(3) # let feedftp be killed
vmalloc_diff = vmalloc_now - vmalloc_baseline
#print "%d - %d = %d" % (vmalloc_now, vmalloc_baseline, vmalloc_diff)
# allow for some climb since we are on a live OS
self.assertTrue(vmalloc_diff < 5, "%d entries added to /proc/vmallocinfo!" % vmalloc_diff)
def _setup_sasl(self, mech, other_mech="", force_sasldb=False):
'''Setup sasl for mech'''
conf_file = '/etc/postfix/main.cf'
for field in ['smtpd_sasl_type','smtpd_sasl_local_domain','smtpd_tls_auth_only']:
testlib.config_comment(conf_file,field)
testlib.config_set(conf_file,'smtpd_sasl_path','smtpd')
testlib.config_set(conf_file,'smtpd_sasl_auth_enable','yes')
#testlib.config_set(conf_file,'broken_sasl_auth_clients','yes')
testlib.config_set(conf_file,'smtpd_sasl_authenticated_header','yes')
testlib.config_set(conf_file,'smtpd_tls_loglevel','2')
# setup smtpd.conf and the sasl users
contents = ''
self.assertTrue(mech in ['LOGIN', 'PLAIN', 'CRAM-MD5', 'DIGEST-MD5'], "Invalid mech: %s" % mech)
if not force_sasldb and (mech == "PLAIN" or mech == "LOGIN"):
conf_file = '/etc/default/saslauthd'
testlib.config_set(conf_file, 'START', 'yes', spaces=False)
contents = '''
pwcheck_method: saslauthd
allowanonymouslogin: 0
allowplaintext: 1
mech_list: %s %s
''' % (mech, other_mech)
# attach SASL to postfix chroot
subprocess.call(['mkdir','-p','/var/spool/postfix/var/run/saslauthd'])
subprocess.call(['rm','-rf','/var/run/saslauthd'])
subprocess.call(['ln','-s','/var/spool/postfix/var/run/saslauthd','/var/run/saslauthd'])
subprocess.call(['/etc/init.d/saslauthd', 'stop'], stdout=subprocess.PIPE)
assert subprocess.call(['/etc/init.d/saslauthd', 'start'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) == 0
# Force crackful perms so chroot'd postfix can talk to saslauthd
subprocess.call(['chmod','o+x','/var/spool/postfix/var/run/saslauthd'])
else:
plaintext = "1"
if mech == "LOGIN" or mech == "PLAIN":
plaintext = "0"
contents = '''
pwcheck_method: auxprop
allowanonymouslogin: 0
allowplaintext: %s
mech_list: %s %s
''' % (plaintext, mech, other_mech)
# Add user to sasldb2
testlib.config_replace("/etc/sasldb2", '', append=False)
rc, report = testlib.cmd(['postconf', '-h', 'myhostname'])
expected = 0
result = 'Got exit code %d, expected %d\n' % (rc, expected)
self.assertEquals(expected, rc, result + report)
child = pexpect.spawn('saslpasswd2 -c -u %s %s' % (report.strip(), self.user.login))
time.sleep(0.2)
child.expect(r'(?i)password', timeout=5)
time.sleep(0.2)
child.sendline(self.user.password)
time.sleep(0.2)
child.expect(r'.*(for verification)', timeout=5)
time.sleep(0.2)
child.sendline(self.user.password)
time.sleep(0.2)
rc = child.expect('\n', timeout=5)
time.sleep(0.2)
self.assertEquals(rc, expected, "passwd returned %d" %(rc))
child.kill(0)
os.chmod("/etc/sasldb2", 0640)
rc, report = testlib.cmd(['chgrp', 'postfix', '/etc/sasldb2'])
expected = 0
result = 'Got exit code %d, expected %d\n' % (rc, expected)
self.assertEquals(expected, rc, result + report)
# Force crackful perms so chroot'd postfix can talk to saslauthd
subprocess.call(['mv', '-f', '/etc/sasldb2', '/var/spool/postfix/etc'])
subprocess.call(['ln', '-s', '/var/spool/postfix/etc/sasldb2', '/etc/sasldb2'])
conf_file = '/etc/postfix/sasl/smtpd.conf'
testlib.config_replace(conf_file, contents, append=False)
# Restart server
self._restart_server()
def _setUp_postfix(self):
'''Create Postfix server configs.'''
testlib.config_replace(self.postfix_mastercf, "", append=True)
testlib.config_set(self.postfix_maincf,'mydestination','example.com, localhost.localdomain, localhost')
# Move listener to localhost:25
master = open('/etc/postfix/master.cf.new','w')
for cfline in open(self.postfix_mastercf):
if cfline.startswith('smtp') and 'smtpd' in cfline and 'inet' in cfline:
master.write('127.0.0.1:25 inet n - - - - smtpd\n')
else:
master.write(cfline)
master.write('''mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}''')
master.close()
os.rename('/etc/postfix/master.cf.new',self.postfix_mastercf)
# Use mbox only
testlib.config_comment(self.postfix_maincf,'home_mailbox')
testlib.config_set(self.postfix_maincf,'mailbox_command','procmail -a "$EXTENSION"')
# Config mailman
testlib.config_set(self.postfix_maincf,'relay_domains','lists.example.com')
testlib.config_set(self.postfix_maincf,'transport_maps','hash:%s' % self.postfix_transport)
testlib.config_set(self.postfix_maincf,'mailman_destination_recipient_limit','1')
testlib.config_set(self.postfix_maincf,'alias_maps','hash:%s, hash:%s' % (self.postfix_aliases,self.mailman_aliases))
testlib.config_replace(self.postfix_transport, "lists.example.com mailman:")
subprocess.call(['postmap', self.postfix_transport], stdout=subprocess.PIPE)
testlib.config_replace(self.postfix_aliases, '''mailman: "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"''', append=True)
subprocess.call(['chown', 'root:list', self.postfix_aliases])
subprocess.call(['newaliases'])
# Restart server
self.postfix_daemon.restart()
# Postfix exits its init script before the master listener has started
time.sleep(2)
def _setUp_postfix(self):
'''Create Postfix server configs.'''
testlib.config_replace(self.postfix_mastercf, "", append=True)
testlib.config_set(self.postfix_maincf,'mydestination','example.com, localhost.localdomain, localhost')
# Move listener to localhost:25
master = open('/etc/postfix/master.cf.new','w')
for cfline in open(self.postfix_mastercf):
if cfline.startswith('smtp') and 'smtpd' in cfline and 'inet' in cfline:
master.write('127.0.0.1:25 inet n - - - - smtpd\n')
else:
master.write(cfline)
master.write('''mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}''')
master.close()
os.rename('/etc/postfix/master.cf.new',self.postfix_mastercf)
# Use mbox only
testlib.config_comment(self.postfix_maincf,'home_mailbox')
testlib.config_set(self.postfix_maincf,'mailbox_command','procmail -a "$EXTENSION"')
# Config mailman
testlib.config_set(self.postfix_maincf,'relay_domains','lists.example.com')
testlib.config_set(self.postfix_maincf,'transport_maps','hash:%s' % self.postfix_transport)
testlib.config_set(self.postfix_maincf,'mailman_destination_recipient_limit','1')
testlib.config_set(self.postfix_maincf,'alias_maps','hash:%s, hash:%s' % (self.postfix_aliases,self.mailman_aliases))
testlib.config_replace(self.postfix_transport, "lists.example.com mailman:")
subprocess.call(['postmap', self.postfix_transport], stdout=subprocess.PIPE)
testlib.config_replace(self.postfix_aliases, '''mailman: "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"''', append=True)
subprocess.call(['chown', 'root:list', self.postfix_aliases])
subprocess.call(['newaliases'])
# Restart server
self.postfix_daemon.restart()
# Postfix exits its init script before the master listener has started
time.sleep(2)
