Remove unneeded testing / vagrant stuff.

.gitignore

@@ -1,4 +1,4 @@
-.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory
-.vagrant/machines
-tests.pyc
+.DS_Store
 secret
+*.pyc
+site.retry

.travis.yml

@@ -1,11 +0,0 @@
-language: python
-python: "2.7"
-cache:
-  directories:
-    - $HOME/.cache/pip
-install:
-  - pip install -r requirements.txt
-  - pip install -r test-requirements.txt
-script:
-  - ansible-playbook --syntax-check -i hosts site.yml
-  - ansible-lint site.yml

.vagrant/provisioners/ansible/inventory/secret/db_admin_password

@@ -1 +0,0 @@
-postgres

.vagrant/provisioners/ansible/inventory/secret/mail_db_opendmarc_password

@@ -1 +0,0 @@
-testPassword

.vagrant/provisioners/ansible/inventory/secret/mail_db_password

@@ -1 +0,0 @@
-testPassword

.vagrant/provisioners/ansible/inventory/secret/owncloud_db_password

@@ -1 +0,0 @@
-testPassword

.vagrant/provisioners/ansible/inventory/secret/selfoss_db_password

@@ -1 +0,0 @@
-testPassword

.vagrant/provisioners/ansible/inventory/secret/selfoss_password_hash

@@ -1 +0,0 @@
-f7fbba6e0636f890e56fbbf3283e524c6fa3204ae298382d624741d0dc6638326e282c41be5e4254d8820772c5518a2c5a8c0c7f7eda19594a7eb539453e1ed7

AUTHORS.md

@@ -1,7 +0,0 @@
-# Authors
-
-Originated by [Alex Payne](https://al3x.net) ([@al3x](https://github.com/al3x)).
-
-Major contributions from [Luke Cyca](http://lukecyca.com/) ([@lukecyca](https://github.com/lukecyca)).
-
-Other talented and generous contributors to Sovereign can be viewed [on GitHub](https://github.com/sovereign/sovereign/graphs/contributors).

README.md

@@ -1,6 +1,3 @@
-[![Build Status](https://travis-ci.org/sovereign/sovereign.svg?branch=master)](https://travis-ci.org/sovereign/sovereign)
-[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/460/badge)](https://bestpractices.coreinfrastructure.org/projects/460)
-
 Introduction
 ============
 

Vagrantfile

@@ -1,46 +0,0 @@
-# -*- mode: ruby -*-
-
-Vagrant.configure('2') do |config|
-  config.vm.hostname = 'sovereign.local'
-  config.vm.network 'private_network', ip: '172.16.100.2'
-
-  config.vm.provision :ansible do |ansible|
-    ansible.playbook = 'site.yml'
-    ansible.host_key_checking = false
-    ansible.extra_vars = { ansible_ssh_user: 'vagrant', testing: true }
-    ansible.groups = {
-      "testing" => ["jessie"]
-    }
-
-    # ansible.tags = ['blog']
-    # ansible.skip_tags = ['openvpn']
-    # ansible.verbose = 'vvvv'
-  end
-
-  config.vm.provider :virtualbox do |v|
-    v.memory = 512
-  end
-
-  config.vm.provider :vmware_fusion do |v|
-    v.vmx['memsize'] = '512'
-  end
-
-  # vagrant-cachier
-  #
-  # Install the plugin by running: vagrant plugin install vagrant-cachier
-  # More information: https://github.com/fgrehm/vagrant-cachier
-  if Vagrant.has_plugin? 'vagrant-cachier'
-    config.cache.enable :apt
-    config.cache.scope = :box
-  end
-
-  # Debian 8 64-bit (officially supported)
-  config.vm.define 'jessie', primary: true do |jessie|
-    jessie.vm.box = 'box-cutter/debian8'
-  end
-
-  # Ubuntu 16.04 (LTS) 64-bit (currently unavailable)
-  config.vm.define 'xenial', autostart: false do |xenial|
-    xenial.vm.box = 'box-cutter/ubuntu1604'
-  end
-end

group_vars/testing

@@ -1,67 +0,0 @@
----
-###############################################################################
-# Variables used when testing with Vagrant.  Secrets are stored in
-# `.vagrant/provisioners/ansible/inventory/secret.
-#
-# selfoss_password_hash is the SHA512 hash of `foo`
-# 
-###############################################################################
-
-# common
-domain: sovereign.local
-main_user_name: sovereign
-organization: testing
-friendly_networks:
-  - "172.16.100.0/24"
-
-# admin email
-# fail2ban reports will be sent to this address
-admin_email: "{{ main_user_name }}@{{ domain }}"
-
-# mailserver
-mail_virtual_domains:
-  - name: "{{ domain }}"
-    pk_id: 1
-mail_virtual_users:
-  - account: "{{ main_user_name }}"
-    domain: "{{ domain }}"
-    password: "foo"
-    domain_pk_id: 1
-mail_virtual_aliases:
-  - source: "root@{{ domain }}"
-    destination: "{{ admin_email }}"
-    domain_pk_id: 1
-  - source: "postmaster@{{ domain }}"
-    destination: "{{ admin_email }}"
-    domain_pk_id: 1
-  - source: "webmaster@{{ domain }}"
-    destination: "{{ admin_email }}"
-    domain_pk_id: 1
-
-# timezone
-# common_timezone will be used in the common and mailserver roles
-common_timezone: 'Etc/UTC'
-
-# znc
-irc_nick: sovereign
-irc_ident: sovereign
-irc_realname: Mr. Sovereign
-irc_quitmsg: Bye
-irc_password: "foo"
-irc_timezone: "America/New_York" #Example: "America/New_York"
-
-# xmpp
-prosody_accounts:
-  - name: "{{ main_user_name }}"
-    password: foo
-
-# openvpn
-openvpn_key_country:  "US"
-openvpn_key_province: "California"
-openvpn_key_city: "Beverly Hills"
-openvpn_key_org: "ACME CORPORATION"
-openvpn_key_ou: "Anvil Department"
-openvpn_clients:
-  - laptop
-  - phone
-  - tablet

roles/common/files/wildcard_ca.pem

@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDPjCCAiYCCQCIBIL0qFYY5DANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJB
-VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
-cyBQdHkgTHRkMRowGAYDVQQDDBEqLnNvdmVyZWlnbi5sb2NhbDAeFw0xNjAxMDkw
-OTU4MzNaFw0xNzAxMDgwOTU4MzNaMGExCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApT
-b21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxGjAY
-BgNVBAMMESouc292ZXJlaWduLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEA1Z12KXbGOq70H9rxgH+uBF2MSil5xTcxQKFpUhFOu0kIVoQ7Sa2n
-FPKYDC5aTKE7ajgO4cER44WgtBnEXGs7MHQEJL2tT0ETiDfTqSEhTpsXSzCxl7bo
-AZIrw9ntJKvTm4Ot04MXsUqeZyr6gk5XMOilluZWTLzbunigKOJItyM3VBRnLWZi
-ScznIkbKLGt2WjGIaENOR4cw+wwzOmH0UVxGtGWo/jklGtBZG8mb+fF8rH6L6VBa
-nIYHBGlg8Gy0eK430jMD/y2zqlOzY4gE5/BlwaxEupuzL+jtiYGyr7G1tUksQ49v
-UNimlAzUINB6bYnIk0MwpIxB0xECj0nz2wIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
-AQCEVVrT1ktgvA3CwuIr+/BWRfILIHyayy3FxIwF8wBymAwQiT/09JuNDsLuI2/t
-eOY9BZsaJ9BtGA7dajbwKDX83Z+WXcv2AwxbAhxUnpBCQF0MNT9Vh7ixE0rXbXeg
-bvy5D4n1MWTBaPK+MpuEEV5m/dRZOFIgf6AWDCB7QixWm7N2BGjqni5kr2EuqYw8
-JqxXXtTDTBA8BKMLxPRER+w39zD8fQouTn1pI8nVba/WdX1NlchzFrex6ByvKWQG
-joSPd39d68NNyytwmv5LWOQ2Shsk0d0UV9eoFrctPJh8cL4BPfNS7NQR12u55zn0
-NR+SN5v9/7fn+/KF1UZq5Jao
------END CERTIFICATE-----

roles/common/files/wildcard_private.key

@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDVnXYpdsY6rvQf
-2vGAf64EXYxKKXnFNzFAoWlSEU67SQhWhDtJracU8pgMLlpMoTtqOA7hwRHjhaC0
-GcRcazswdAQkva1PQROIN9OpISFOmxdLMLGXtugBkivD2e0kq9Obg63TgxexSp5n
-KvqCTlcw6KWW5lZMvNu6eKAo4ki3IzdUFGctZmJJzOciRsosa3ZaMYhoQ05HhzD7
-DDM6YfRRXEa0Zaj+OSUa0FkbyZv58XysfovpUFqchgcEaWDwbLR4rjfSMwP/LbOq
-U7NjiATn8GXBrES6m7Mv6O2JgbKvsbW1SSxDj29Q2KaUDNQg0HpticiTQzCkjEHT
-EQKPSfPbAgMBAAECggEBAMcozbgO4vZnk3f3u13grK+pQFkMnll/Ac6OLxGyzULT
-7pArLNOesb5YB+ajeNElKa34ofdc+H62YYRI2ciIuWCNaiePKHxR4hIIarCvEMym
-0Grr9UfL4jdEvsUU84JTKTE+7dvbx0UmmtT5PyIqRCR3Y5tzGVbmZb5PJJO5la4X
-1Q8ZQHYvdFh52VXVpetp66yFpCu/EI8u9VSEBakvILpZ3yxjhskEXD18E304wn1e
-Ky+sBde6zUtXRc1rKxAzeQ/JyF1+1+xr8nI1kGryqXdNl/4S3JsdB5nL54U0pHaL
-XfLMZvRTVqKAsyjqLQzYE0bRnJz9sev85nu0J1sp/GECgYEA8Gi2izJmxpb3oDC7
-Eu388TeFOYrdg6AsXFkmKT5ssTRRT4ju03RrGWC8NlOJRhQxJloCICgmBWHLFWBG
-2OVGgOYhUr7/V12f/D2GICUcJ9SKkDbzKe0ACDPq9tzauVd9H8fY9gQfvhn0AA0v
-qG0+guGElxS+holIpbDP7VV0PykCgYEA43fp3VtneBHL4E4iZVBQaIBGMYOmE8v3
-cKSTCBgCU3jnbio85NHybI1Fw15cAXDOIsOlKescLyTw/IgRb3PbObNvpD8STS8d
-wVqen2Ir/mrsxWVn57jlSV5viGnIoI873YVJ9fl5pr/KbJ5A8//EnJwQLDq6MmQR
-zPMovp51L2MCgYEA0/rQ8t4HR5Z4VDSDz8YvYZaeD0YF2nkShH9LKdTUTFAgXiwU
-wjkF8oOckZ6JDVTinbmB5E7ib55yTq/s6HUJ/MBuo6KsTaHNXsH1EUUHlYtQfqcl
-NFO40oLM7M2CwyiEuNAj25F5V8tUnfMCkdV56DfoDLuK3+APQaItRU0zSjkCgYAW
-KGgvl+fMWm9xuiq/k8NBar1rtVdINmY0ItPvxeb0GqLwqEymPY1P5bMWBOsReNub
-p1M/checwAx5jQelw7NnO4N0jHBL9HsBisJI5FdEwUWvNOGaQPiU3Q4gS62vdkRu
-n71EqLig9a3SRtgs7I1KdClfJZldr0HMpSMi7myb4QKBgQDgeh5oDgypNBdMY4un
-Wpax1Mxse49T883Z3lIlVq+U7ZwnWLWfohSZK/kXUrolbdmo4z8yAlNKUO421sAF
-SWUWFAabEMnLq2ilv6WIG4i1ubFr4/DBV4fGcaYNMOxIENRDItn7RacddZ1EQVfC
-WBcstgic1QXyMJ+2LoC0LHdgCQ==
------END PRIVATE KEY-----

roles/common/files/wildcard_public_cert.crt

@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDPjCCAiYCCQCIBIL0qFYY5DANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJB
-VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
-cyBQdHkgTHRkMRowGAYDVQQDDBEqLnNvdmVyZWlnbi5sb2NhbDAeFw0xNjAxMDkw
-OTU4MzNaFw0xNzAxMDgwOTU4MzNaMGExCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApT
-b21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxGjAY
-BgNVBAMMESouc292ZXJlaWduLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEA1Z12KXbGOq70H9rxgH+uBF2MSil5xTcxQKFpUhFOu0kIVoQ7Sa2n
-FPKYDC5aTKE7ajgO4cER44WgtBnEXGs7MHQEJL2tT0ETiDfTqSEhTpsXSzCxl7bo
-AZIrw9ntJKvTm4Ot04MXsUqeZyr6gk5XMOilluZWTLzbunigKOJItyM3VBRnLWZi
-ScznIkbKLGt2WjGIaENOR4cw+wwzOmH0UVxGtGWo/jklGtBZG8mb+fF8rH6L6VBa
-nIYHBGlg8Gy0eK430jMD/y2zqlOzY4gE5/BlwaxEupuzL+jtiYGyr7G1tUksQ49v
-UNimlAzUINB6bYnIk0MwpIxB0xECj0nz2wIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
-AQCEVVrT1ktgvA3CwuIr+/BWRfILIHyayy3FxIwF8wBymAwQiT/09JuNDsLuI2/t
-eOY9BZsaJ9BtGA7dajbwKDX83Z+WXcv2AwxbAhxUnpBCQF0MNT9Vh7ixE0rXbXeg
-bvy5D4n1MWTBaPK+MpuEEV5m/dRZOFIgf6AWDCB7QixWm7N2BGjqni5kr2EuqYw8
-JqxXXtTDTBA8BKMLxPRER+w39zD8fQouTn1pI8nVba/WdX1NlchzFrex6ByvKWQG
-joSPd39d68NNyytwmv5LWOQ2Shsk0d0UV9eoFrctPJh8cL4BPfNS7NQR12u55zn0
-NR+SN5v9/7fn+/KF1UZq5Jao
------END CERTIFICATE-----

roles/common/tasks/letsencrypt.yml

@@ -59,51 +59,6 @@
 
 - name: Get an SSL certificate for {{ domain }} from Let's Encrypt
   script: letsencrypt-gencert {{ domain }} creates=/etc/letsencrypt/live/{{ domain }}/privkey.pem
-  when: ansible_ssh_user != "vagrant"
 
 - name: Modify permissions to allow ssl-cert group access
   file: path=/etc/letsencrypt/archive owner=root group=ssl-cert mode=0750
-  when: ansible_ssh_user != "vagrant"
-
-### Several steps to install a self-signed wildcard key to support offline testing
-
-- name: Create live directory for testing keys
-  file: dest=/etc/letsencrypt/live/{{ domain }} state=directory
-    owner=root group=root mode=0755
-  when: ansible_ssh_user == "vagrant"
-
-- name: Copy SSL wildcard private key for testing
-  copy: src=wildcard_private.key
-    dest=/etc/letsencrypt/live/{{ domain }}/privkey.pem
-    owner=root group=ssl-cert mode=0640
-  register: private_key
-  when: ansible_ssh_user == "vagrant"
-
-- name: Copy SSL public certificate into place for testing
-  copy: src=wildcard_public_cert.crt
-    dest=/etc/letsencrypt/live/{{ domain }}/cert.pem
-    group=root owner=root mode=0644
-  register: certificate
-  notify: restart apache
-  when: ansible_ssh_user == "vagrant"
-
-- name: Copy SSL CA combined certificate into place for testing
-  copy: src=wildcard_ca.pem
-    dest=/etc/letsencrypt/live/{{ domain }}/chain.pem
-    group=root owner=root mode=0644
-  register: ca_certificate
-  notify: restart apache
-  when: ansible_ssh_user == "vagrant"
-
-- name: Create a combined SSL cert for testing
-  shell: cat /etc/letsencrypt/live/{{ domain }}/cert.pem
-    /etc/letsencrypt/live/{{ domain }}/chain.pem >
-    /etc/letsencrypt/live/{{ domain }}/fullchain.pem
-  when: (private_key.changed or certificate.changed or ca_certificate.changed) and ansible_ssh_user == "vagrant"
-
-- name: Set permissions on combined SSL public cert
-  file: name=/etc/letsencrypt/live/{{ domain }}/fullchain.pem mode=0644
-  notify: restart apache
-  when: ansible_ssh_user == "vagrant"
-
-### Back to normal

test-requirements.txt

@@ -1 +0,0 @@
-ansible-lint>=2.3.9,<3

tests.py

@@ -1,383 +0,0 @@
-import unittest
-from time import sleep
-import uuid
-import socket
-import requests
-import os
-
-TEST_SERVER = 'sovereign.local'
-TEST_ADDRESS = 'sovereign@sovereign.local'
-TEST_PASSWORD = 'foo'
-CA_BUNDLE = 'roles/common/files/wildcard_ca.pem'
-
-socket.setdefaulttimeout(5)
-os.environ['REQUESTS_CA_BUNDLE'] = CA_BUNDLE
-
-class SSHTests(unittest.TestCase):
-    def test_ssh_banner(self):
-        """SSH is responding with its banner"""
-        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        s.connect((TEST_SERVER, 22))
-        data = s.recv(1024)
-        s.close()
-
-        self.assertRegexpMatches(data, '^SSH-2.0-OpenSSH')
-
-
-class WebTests(unittest.TestCase):
-    def test_blog_http(self):
-        """Blog is redirecting to https"""
-        # FIXME: requests won't verify sovereign.local with *.sovereign.local cert
-        r = requests.get('http://' + TEST_SERVER, verify=False)
-
-        # We should be redirected to https
-        self.assertEquals(r.history[0].status_code, 301)
-        self.assertEquals(r.url, 'https://' + TEST_SERVER + '/')
-
-        # 403 - Since there is no documents in the blog directory
-        self.assertEquals(r.status_code, 403)
-
-    def test_mail_autoconfig_http_and_https(self):
-        """Email autoconfiguration XML file is accessible over both HTTP and HTTPS"""
-
-        # Test getting the file over HTTP and HTTPS
-        for proto in ['http', 'https']:
-            r = requests.get(proto + '://autoconfig.' + TEST_SERVER + '/mail/config-v1.1.xml')
-
-            # 200 - We should see the XML file
-            self.assertEquals(r.status_code, 200)
-            self.assertIn('application/xml', r.headers['Content-Type'])
-            self.assertIn('clientConfig version="1.1"', r.content)
-
-    def test_webmail_http(self):
-        """Webmail is redirecting to https and displaying login page"""
-        r = requests.get('http://mail.' + TEST_SERVER)
-
-        # We should be redirected to https
-        self.assertEquals(r.history[0].status_code, 301)
-        self.assertEquals(r.url, 'https://mail.' + TEST_SERVER + '/')
-
-        # 200 - We should be at the login page
-        self.assertEquals(r.status_code, 200)
-        self.assertIn(
-            'Welcome to Roundcube Webmail',
-            r.content
-        )
-
-    def test_zpush_http_unauthorized(self):
-        r = requests.get('http://mail.' + TEST_SERVER + '/Microsoft-Server-ActiveSync')
-
-        # We should be redirected to https
-        self.assertEquals(r.history[0].status_code, 301)
-        self.assertEquals(r.url, 'https://mail.' + TEST_SERVER + '/Microsoft-Server-ActiveSync')
-
-        # Unauthorized
-        self.assertEquals(r.status_code, 401)
-
-    def test_zpush_https(self):
-        r = requests.post('https://mail.' + TEST_SERVER + '/Microsoft-Server-ActiveSync',
-                          auth=('sovereign@sovereign.local', 'foo'),
-                          params={
-                              'DeviceId': '1234',
-                              'DeviceType': 'testbot',
-                              'Cmd': 'Ping',
-                          })
-
-        self.assertEquals(r.headers['content-type'],
-                          'application/vnd.ms-sync.wbxml')
-        self.assertEquals(r.headers['ms-server-activesync'],
-                          '14.0')
-
-    def test_owncloud_http(self):
-        """ownCloud is redirecting to https and displaying login page"""
-        r = requests.get('http://cloud.' + TEST_SERVER)
-
-        # We should be redirected to https
-        self.assertEquals(r.history[0].status_code, 301)
-        self.assertEquals(r.url, 'https://cloud.' + TEST_SERVER + '/')
-
-        # 200 - We should be at the login page
-        self.assertEquals(r.status_code, 200)
-        self.assertIn(
-            'ownCloud',
-            r.content
-        )
-
-    def test_selfoss_http(self):
-        """selfoss is redirecting to https and displaying login page"""
-        r = requests.get('http://news.' + TEST_SERVER)
-
-        # We should be redirected to https
-        self.assertEquals(r.history[0].status_code, 301)
-        self.assertEquals(r.url, 'https://news.' + TEST_SERVER + '/')
-
-        # 200 - We should be at the login page
-        self.assertEquals(r.status_code, 200)
-        self.assertIn(
-            'selfoss',
-            r.content
-        )
-        self.assertIn(
-            'login',
-            r.content
-        )
-
-
-class IRCTests(unittest.TestCase):
-    def test_irc_auth(self):
-        """ZNC is accepting encrypted logins"""
-        import ssl
-        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        ssl_sock = ssl.wrap_socket(s, ca_certs=CA_BUNDLE, cert_reqs=ssl.CERT_REQUIRED)
-        ssl_sock.connect((TEST_SERVER, 6697))
-
-        # Check the encryption parameters
-        cipher, version, bits = ssl_sock.cipher()
-        self.assertEquals(cipher, 'AES256-GCM-SHA384')
-        self.assertEquals(version, 'TLSv1/SSLv3')
-        self.assertEquals(bits, 256)
-
-        # Login
-        ssl_sock.send('CAP REQ sasl multi-prefix\r\n')
-        ssl_sock.send('PASS foo\r\n')
-        ssl_sock.send('NICK sovereign\r\n')
-        ssl_sock.send('USER sovereign 0 * Sov\r\n')
-
-        # Read until we see the ZNC banner (or timeout)
-        while 1:
-            r = ssl_sock.recv(1024)
-            if 'Connected to ZNC' in r:
-                break
-
-
-def new_message(from_email, to_email):
-    """Creates an email (headers & body) with a random subject"""
-    from email.mime.text import MIMEText
-    msg = MIMEText('Testing')
-    msg['Subject'] = uuid.uuid4().hex[:8]
-    msg['From'] = from_email
-    msg['To'] = to_email
-    return msg.as_string(), msg['subject']
-
-
-class MailTests(unittest.TestCase):
-    def assertIMAPReceived(self, subject):
-        """Connects with IMAP and asserts the existence of an email, then deletes it"""
-        import imaplib
-
-        sleep(1)
-
-        # Login to IMAP
-        m = imaplib.IMAP4_SSL(TEST_SERVER, 993)
-        m.login(TEST_ADDRESS, TEST_PASSWORD)
-        m.select()
-
-        # Assert the message exists
-        typ, data = m.search(None, '(SUBJECT \"{}\")'.format(subject))
-        self.assertTrue(len(data[0].split()), 1)
-
-        # Delete it & logout
-        m.store(data[0].strip(), '+FLAGS', '\\Deleted')
-        m.expunge()
-        m.close()
-        m.logout()
-
-    def assertPOP3Received(self, subject):
-        """Connects with POP3S and asserts the existence of an email, then deletes it"""
-        import poplib
-
-        sleep(1)
-
-        # Login to POP3
-        mail = poplib.POP3_SSL(TEST_SERVER, 995)
-        mail.user(TEST_ADDRESS)
-        mail.pass_(TEST_PASSWORD)
-
-        # Assert the message exists
-        num = len(mail.list()[1])
-        resp, text, octets = mail.retr(num)
-        self.assertTrue("Subject: " + subject in text)
-
-        # Delete it and log out
-        mail.dele(num)
-        mail.quit()
-
-    def test_imap_requires_ssl(self):
-        """IMAP without SSL is NOT available"""
-        import imaplib
-
-        with self.assertRaisesRegexp(socket.timeout, 'timed out'):
-            imaplib.IMAP4(TEST_SERVER, 143)
-
-    def test_pop3_requires_ssl(self):
-        """POP3 without SSL is NOT available"""
-        import poplib
-
-        with self.assertRaisesRegexp(socket.timeout, 'timed out'):
-            poplib.POP3(TEST_SERVER, 110)
-
-    def test_smtps(self):
-        """Email sent from an MUA via SMTPS is delivered"""
-        import smtplib
-        msg, subject = new_message(TEST_ADDRESS, 'root@sovereign.local')
-        s = smtplib.SMTP_SSL(TEST_SERVER, 465)
-        s.login(TEST_ADDRESS, TEST_PASSWORD)
-        s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], msg)
-        s.quit()
-        self.assertIMAPReceived(subject)
-
-    def test_smtps_delimiter_to(self):
-        """Email sent to address with delimiter is delivered"""
-        import smtplib
-        msg, subject = new_message(TEST_ADDRESS, 'root+foo@sovereign.local')
-        s = smtplib.SMTP_SSL(TEST_SERVER, 465)
-        s.login(TEST_ADDRESS, TEST_PASSWORD)
-        s.sendmail(TEST_ADDRESS, ['root+foo@sovereign.local'], msg)
-        s.quit()
-        self.assertIMAPReceived(subject)
-
-    def test_smtps_requires_auth(self):
-        """SMTPS with no authentication is rejected"""
-        import smtplib
-        s = smtplib.SMTP_SSL(TEST_SERVER, 465)
-
-        with self.assertRaisesRegexp(smtplib.SMTPRecipientsRefused, 'Access denied'):
-            s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], 'Test')
-
-        s.quit()
-
-    def test_smtp(self):
-        """Email sent from an MTA is delivered"""
-        import smtplib
-        msg, subject = new_message('someone@example.com', TEST_ADDRESS)
-        s = smtplib.SMTP(TEST_SERVER, 25)
-        s.sendmail('someone@example.com', [TEST_ADDRESS], msg)
-        s.quit()
-        self.assertIMAPReceived(subject)
-
-    def test_smtp_tls(self):
-        """Email sent from an MTA via SMTP+TLS is delivered"""
-        import smtplib
-        msg, subject = new_message('someone@example.com', TEST_ADDRESS)
-        s = smtplib.SMTP(TEST_SERVER, 25)
-        s.starttls()
-        s.sendmail('someone@example.com', [TEST_ADDRESS], msg)
-        s.quit()
-        self.assertIMAPReceived(subject)
-
-    def test_smtps_headers(self):
-        """Email sent from an MUA has DKIM and TLS headers"""
-        import smtplib
-        import imaplib
-
-        # Send a message to root
-        msg, subject = new_message(TEST_ADDRESS, 'root@sovereign.local')
-        s = smtplib.SMTP_SSL(TEST_SERVER, 465)
-        s.login(TEST_ADDRESS, TEST_PASSWORD)
-        s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], msg)
-        s.quit()
-
-        sleep(1)
-
-        # Get the message
-        m = imaplib.IMAP4_SSL(TEST_SERVER, 993)
-        m.login(TEST_ADDRESS, TEST_PASSWORD)
-        m.select()
-        _, res = m.search(None, '(SUBJECT \"{}\")'.format(subject))
-        _, data = m.fetch(res[0], '(RFC822)')
-
-        self.assertIn(
-            'DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sovereign.local;',
-            data[0][1]
-        )
-
-        self.assertIn(
-            'ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)',
-            data[0][1]
-        )
-
-        # Clean up
-        m.store(res[0].strip(), '+FLAGS', '\\Deleted')
-        m.expunge()
-        m.close()
-        m.logout()
-
-    def test_smtp_headers(self):
-        """Email sent from an MTA via SMTP+TLS has TLS headers"""
-        import smtplib
-        import imaplib
-
-        # Send a message to root
-        msg, subject = new_message('someone@example.com', TEST_ADDRESS)
-        s = smtplib.SMTP(TEST_SERVER, 25)
-        s.starttls()
-        s.sendmail('someone@example.com', [TEST_ADDRESS], msg)
-        s.quit()
-
-        sleep(1)
-
-        # Get the message
-        m = imaplib.IMAP4_SSL(TEST_SERVER, 993)
-        m.login(TEST_ADDRESS, TEST_PASSWORD)
-        m.select()
-        _, res = m.search(None, '(SUBJECT \"{}\")'.format(subject))
-        _, data = m.fetch(res[0], '(RFC822)')
-
-        self.assertIn(
-            'ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)',
-            data[0][1]
-        )
-
-        # Clean up
-        m.store(res[0].strip(), '+FLAGS', '\\Deleted')
-        m.expunge()
-        m.close()
-        m.logout()
-
-    def test_pop3s(self):
-        """Connects with POP3S and asserts the existance of an email, then deletes it"""
-        import smtplib
-        msg, subject = new_message(TEST_ADDRESS, 'root@sovereign.local')
-        s = smtplib.SMTP_SSL(TEST_SERVER, 465)
-        s.login(TEST_ADDRESS, TEST_PASSWORD)
-        s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], msg)
-        s.quit()
-        self.assertPOP3Received(subject)
-
-
-class XMPPTests(unittest.TestCase):
-    def test_xmpp_c2s(self):
-        """Prosody is listening on 5222 for clients and requiring TLS"""
-
-        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        s.connect((TEST_SERVER, 5222))
-
-        # Based off http://wiki.xmpp.org/web/Programming_Jabber_Clients
-        s.send("<stream:stream xmlns:stream='http://etherx.jabber.org/streams' "
-               "xmlns='jabber:client' to='sovereign.local' version='1.0'>")
-
-        data = s.recv(1024)
-        s.close()
-
-        self.assertRegexpMatches(
-            data,
-            "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>"
-        )
-
-    def test_xmpp_s2s(self):
-        """Prosody is listening on 5269 for servers"""
-
-        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        s.connect((TEST_SERVER, 5269))
-
-        # Base off http://xmpp.org/extensions/xep-0114.html
-        s.send("<stream:stream xmlns:stream='http://etherx.jabber.org/streams' "
-               "xmlns='jabber:component:accept' to='sovereign.local'>")
-
-        data = s.recv(1024)
-        s.close()
-
-        self.assertRegexpMatches(
-            data,
-            "from='sovereign.local'"
-        )