enforce encryption for in-server mails (#535)

* enforce encryption for in-server mails * make tests work with chatmail server only support e2ee internally * fix echobot test * simplify quota-exceeded test * work around rpc-server fixture changes
2026-05-10 16:04:37 +00:00 · 2025-03-29 21:22:26 +01:00
parent ce240083c4
commit 194030a456
9 changed files with 94 additions and 75 deletions
--- a/chatmaild/src/chatmaild/echo.py
+++ b/chatmaild/src/chatmaild/echo.py
@@ -8,6 +8,7 @@ import logging
 import os
 import subprocess
 import sys
+from pathlib import Path

 from deltachat_rpc_client import Bot, DeltaChat, EventType, Rpc, events

@@ -97,6 +98,10 @@ def main():
        if not bot.is_configured():
            bot.configure(addr, password)

+        # write invite link to working directory
+        invitelink = bot.account.get_qr_code()
+        Path("invite-link.txt").write_text(invitelink)
+
        bot.run_forever()


--- a/chatmaild/src/chatmaild/filtermail.py
+++ b/chatmaild/src/chatmaild/filtermail.py
@@ -209,7 +209,6 @@ class BeforeQueueHandler:
        mail_encrypted = check_encrypted(message)

        _, from_addr = parseaddr(message.get("from").strip())
-        envelope_from_domain = from_addr.split("@").pop()

        logging.info(f"mime-from: {from_addr} envelope-from: {envelope.mail_from!r}")
        if envelope.mail_from.lower() != from_addr.lower():
@@ -223,26 +222,16 @@ class BeforeQueueHandler:
        if envelope.mail_from in self.config.passthrough_senders:
            return

-        passthrough_recipients = self.config.passthrough_recipients
-
        if mail_encrypted or is_securejoin(message):
            return

+        passthrough_recipients = self.config.passthrough_recipients
+
        for recipient in envelope.rcpt_tos:
-            if envelope.mail_from == recipient:
-                # Always allow sending emails to self.
-                continue
            if recipient_matches_passthrough(recipient, passthrough_recipients):
                continue
-            res = recipient.split("@")
-            if len(res) != 2:
-                return f"500 Invalid address <{recipient}>"
-            _recipient_addr, recipient_domain = res
-
-            is_outgoing = recipient_domain != envelope_from_domain
-            if is_outgoing:
-                print("Rejected unencrypted mail.", file=sys.stderr)
-                return f"500 Invalid unencrypted mail to <{recipient}>"
+            print("Rejected unencrypted mail.", file=sys.stderr)
+            return "500 Invalid unencrypted mail"


 class SendRateLimiter:
--- a/chatmaild/src/chatmaild/tests/plugin.py
+++ b/chatmaild/src/chatmaild/tests/plugin.py
@@ -72,9 +72,8 @@ def maildata(request):
    def maildata(name, from_addr, to_addr, subject="[...]"):
        # Using `.read_bytes().decode()` instead of `.read_text()` to preserve newlines.
        data = datadir.joinpath(name).read_bytes().decode()
-
        text = data.format(from_addr=from_addr, to_addr=to_addr, subject=subject)
-        return BytesParser(policy=policy.default).parsebytes(text.encode())
+        return BytesParser(policy=policy.SMTP).parsebytes(text.encode())

    return maildata

--- a/chatmaild/src/chatmaild/tests/test_filtermail.py
+++ b/chatmaild/src/chatmaild/tests/test_filtermail.py
@@ -29,14 +29,14 @@ def test_reject_forged_from(maildata, gencreds, handler):
    # test that the filter lets good mail through
    to_addr = gencreds()[0]
    env.content = maildata(
-        "plain.eml", from_addr=env.mail_from, to_addr=to_addr
+        "encrypted.eml", from_addr=env.mail_from, to_addr=to_addr
    ).as_bytes()

    assert not handler.check_DATA(envelope=env)

    # test that the filter rejects forged mail
    env.content = maildata(
-        "plain.eml", from_addr="forged@c3.testrun.org", to_addr=to_addr
+        "encrypted.eml", from_addr="forged@c3.testrun.org", to_addr=to_addr
    ).as_bytes()
    error = handler.check_DATA(envelope=env)
    assert "500" in error
@@ -106,7 +106,7 @@ def test_send_rate_limiter():
            break


-def test_excempt_privacy(maildata, gencreds, handler):
+def test_cleartext_excempt_privacy(maildata, gencreds, handler):
    from_addr = gencreds()[0]
    to_addr = "privacy@testrun.org"
    handler.config.passthrough_recipients = [to_addr]
@@ -130,7 +130,22 @@ def test_excempt_privacy(maildata, gencreds, handler):
    assert "500" in handler.check_DATA(envelope=env2)


-def test_passthrough_domains(maildata, gencreds, handler):
+def test_cleartext_self_send_fails(maildata, gencreds, handler):
+    from_addr = gencreds()[0]
+    to_addr = from_addr
+
+    msg = maildata("plain.eml", from_addr=from_addr, to_addr=to_addr)
+
+    class env:
+        mail_from = from_addr
+        rcpt_tos = [to_addr]
+        content = msg.as_bytes()
+
+    res = handler.check_DATA(envelope=env)
+    assert "500 Invalid unencrypted" in res
+
+
+def test_cleartext_passthrough_domains(maildata, gencreds, handler):
    from_addr = gencreds()[0]
    to_addr = "privacy@x.y.z"
    handler.config.passthrough_recipients = ["@x.y.z"]
@@ -154,7 +169,7 @@ def test_passthrough_domains(maildata, gencreds, handler):
    assert "500" in handler.check_DATA(envelope=env2)


-def test_passthrough_senders(gencreds, handler, maildata):
+def test_cleartext_passthrough_senders(gencreds, handler, maildata):
    acc1 = gencreds()[0]
    to_addr = "recipient@something.org"
    handler.config.passthrough_senders = [acc1]