Closed greenshrike closed 2 years ago
There used to be, but I don't recall if there still is, some conditions under which a perfectly functional dovecot jail would fail this test while staged. Now that I'm thinking about it, it was probably when the stage jail didn't have its IP in the list of jails allowed to connect to mysql, a problem long since fixed. The test should now be required to pass.
I've only tested it a little but I think #490 will do the trick.
After provisioning a new Dovecot jail, basic functionality is tested.
First, Dovecot is started:
If Dovecot fails to start, apparently the script exits.
If Dovecot does start, IMAP and POP3 are then tested:
However, while telnet sessions are emulated to test POP3/IMAP, there is no actual check to see if they succeed.
So if, for example, one upgrades to a recent Dovecot lacking support for the Vpopmail backend, and Dovecot's config still references said unsupported back end, while the Dovecot master process will start up just fine, and even listen on the requested ports, Dovecot will be unable to actually authenticate any user:
Unfortunately, the failure to check if the POP3/IMAP logins succeed means the the provision script is satisfied if Dovecot merely starts up, possibly resulting in a broken Dovecot jail being promoted, the server's mail retrieval services failing, and the sysadmin needing to do an emergency restoration of the previous Dovecot jail.
As such, the POP3 and IMAP tests serve little useful function and may lead sysadmins to have a false sense of security that their Dovecot upgrade has succeeded when it, in fact, has not.