New Dovecot jail is promoted even if POP3/IMAP testing fails

[greenshrike]

After provisioning a new Dovecot jail, basic functionality is tested.

First, Dovecot is started:

start_dovecot()
{
        tell_status "starting dovecot"
        stage_sysrc dovecot_enable=YES
        stage_sysrc dovecot_config="/data/etc/dovecot.conf"
        stage_exec service dovecot start || exit
}

If Dovecot fails to start, apparently the script exits.

If Dovecot does start, IMAP and POP3 are then tested:

test_imap()
{
        pkg install -y empty

        POST_USER="postmaster@${TOASTER_MAIL_DOMAIN}"
        POST_PASS=$(jexec vpopmail /usr/local/vpopmail/bin/vuserinfo -C "${POST_USER}")

        rm -f in out

        echo "testing IMAP AUTH as $POST_USER"

        # empty -v -f -i in -o out telnet "$(get_jail_ip stage)" 143
        empty -v -f -i in -o out openssl s_client -quiet -crlf -connect "$(get_jail_ip stage):993"
        empty -v -w -i out -o in "ready"             ". LOGIN $POST_USER $POST_PASS\n"
        empty -v -w -i out -o in "Logged in"         ". LIST \"\" \"*\"\n"
        empty -v -w -i out -o in "List completed"    ". SELECT INBOX\n"
        # shellcheck disable=SC2050
        if [ "has" = "some messages" ]; then
                empty -v -w -i out -o in "Select completed"  ". FETCH 1 BODY\n"
                empty -v -w -i out -o in "OK Fetch completed" ". LOGOUT\n"
        else
                empty -v -w -i out -o in "Select completed" ". LOGOUT\n"
        fi
        echo "Logout completed"
}

test_pop3()
{
        pkg install -y empty

        POST_USER="postmaster@${TOASTER_MAIL_DOMAIN}"
        POST_PASS=$(jexec vpopmail /usr/local/vpopmail/bin/vuserinfo -C "${POST_USER}")

        rm -f in out

        echo "testing POP3 AUTH as $POST_USER"

        # empty -v -f -i in -o out telnet "$(get_jail_ip stage)" 110
        empty -v -f -i in -o out openssl s_client -quiet -crlf -connect "$(get_jail_ip stage):995"
        empty -v -w -i out -o in "\+OK." "user $POST_USER\n"
        empty -v -w -i out -o in "\+OK" "pass $POST_PASS\n"
        empty -v -w -i out -o in "OK Logged in" "list\n"
        empty -v -w -i out -o in "." "quit\n"
}

However, while telnet sessions are emulated to test POP3/IMAP, there is no actual check to see if they succeed.

So if, for example, one upgrades to a recent Dovecot lacking support for the Vpopmail backend, and Dovecot's config still references said unsupported back end, while the Dovecot master process will start up just fine, and even listen on the requested ports, Dovecot will be unable to actually authenticate any user:

Jul  8 23:12:54 dovecot dovecot[20152]: master: Dovecot v2.3.13 (89f716dc2) starting up for imap, pop3, lmtp, sieve
Jul  8 23:12:54 dovecot dovecot[20201]: auth: Fatal: Unknown passdb driver 'vpopmail'
Jul  8 23:12:54 dovecot dovecot[20152]: master: Error: service(auth): command startup failed, throttling for 2.000 secs
Jul  8 23:12:56 dovecot dovecot[20201]: auth: Fatal: Unknown passdb driver 'vpopmail'
Jul  8 23:12:56 dovecot dovecot[20152]: master: Error: service(auth): command startup failed, throttling for 4.000 secs
Jul  8 23:12:56 dovecot dovecot[20201]: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=x.x.x.x, lip=172.16.15.15, session=
Jul  8 23:12:56 dovecot dovecot[20201]: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 1 secs): user=<>, rip=x.x.x.x, lip=172.16.15.15, TLS, session=
Jul  8 23:12:56 dovecot dovecot[20201]: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=x.x.x.x, lip=172.16.15.15, TLS, session=

Unfortunately, the failure to check if the POP3/IMAP logins succeed means the the provision script is satisfied if Dovecot merely starts up, possibly resulting in a broken Dovecot jail being promoted, the server's mail retrieval services failing, and the sysadmin needing to do an emergency restoration of the previous Dovecot jail.

As such, the POP3 and IMAP tests serve little useful function and may lead sysadmins to have a false sense of security that their Dovecot upgrade has succeeded when it, in fact, has not.

[msimerson]

There used to be, but I don't recall if there still is, some conditions under which a perfectly functional dovecot jail would fail this test while staged. Now that I'm thinking about it, it was probably when the stage jail didn't have its IP in the list of jails allowed to connect to mysql, a problem long since fixed. The test should now be required to pass.

[msimerson]

I've only tested it a little but I think #490 will do the trick.