From 43ae9fee5c34d7004f3eaa3add1bd3bcc58ef39d Mon Sep 17 00:00:00 2001 From: holger krekel Date: Thu, 14 May 2026 17:11:00 +0200 Subject: [PATCH] feat!: ignore passthrough_sender and passthrough_recipients to eliminate one more source of unencrypted messages When running "cmdeploy run" operators will see a warning if their chatmail.ini contains these unused options. --- chatmaild/src/chatmaild/config.py | 4 ++-- chatmaild/src/chatmaild/ini/chatmail.ini.f | 7 ------- chatmaild/src/chatmaild/tests/test_config.py | 8 ++++++-- cmdeploy/src/cmdeploy/cmdeploy.py | 10 ++++++++++ 4 files changed, 18 insertions(+), 11 deletions(-) diff --git a/chatmaild/src/chatmaild/config.py b/chatmaild/src/chatmaild/config.py index 5ce8de13..c837ed24 100644 --- a/chatmaild/src/chatmaild/config.py +++ b/chatmaild/src/chatmaild/config.py @@ -41,8 +41,8 @@ class Config: self.username_min_length = int(params.get("username_min_length", 9)) self.username_max_length = int(params.get("username_max_length", 9)) self.password_min_length = int(params.get("password_min_length", 9)) - self.passthrough_senders = params.get("passthrough_senders", "").split() - self.passthrough_recipients = params.get("passthrough_recipients", "").split() + _unused = ("passthrough_senders", "passthrough_recipients") + self.unused_keys = [k for k in _unused if params.get(k)] self.www_folder = params.get("www_folder", "") self.filtermail_smtp_port = int(params.get("filtermail_smtp_port", "10080")) self.filtermail_smtp_port_incoming = int( diff --git a/chatmaild/src/chatmaild/ini/chatmail.ini.f b/chatmaild/src/chatmaild/ini/chatmail.ini.f index 85bdb6d4..bb138704 100644 --- a/chatmaild/src/chatmaild/ini/chatmail.ini.f +++ b/chatmaild/src/chatmaild/ini/chatmail.ini.f @@ -42,13 +42,6 @@ mail_domain = {mail_domain} # minimum length a password must have #password_min_length = 9 -# list of chatmail addresses which can send outbound un-encrypted mail -#passthrough_senders = - -# list of e-mail recipients for which to accept outbound un-encrypted mails -# (space-separated, item may start with "@" to whitelist whole recipient domains) -#passthrough_recipients = - # Use externally managed TLS certificates instead of built-in acmetool. # Paths refer to files on the deployment server (not the build machine). # Both files must already exist before running cmdeploy. diff --git a/chatmaild/src/chatmaild/tests/test_config.py b/chatmaild/src/chatmaild/tests/test_config.py index bde15ca8..4bf34829 100644 --- a/chatmaild/src/chatmaild/tests/test_config.py +++ b/chatmaild/src/chatmaild/tests/test_config.py @@ -45,8 +45,12 @@ def test_read_config_basic_using_defaults(tmp_path, maildomain): assert example_config.username_min_length == 9 assert example_config.username_max_length == 9 assert example_config.password_min_length == 9 - assert example_config.passthrough_recipients == [] - assert example_config.passthrough_senders == [] + assert example_config.unused_keys == [] + + +def test_config_unused_keys(make_config): + config = make_config("chat.example.org", {"passthrough_senders": "x@y.org"}) + assert config.unused_keys == ["passthrough_senders"] def test_config_userstate_paths(make_config, tmp_path): diff --git a/cmdeploy/src/cmdeploy/cmdeploy.py b/cmdeploy/src/cmdeploy/cmdeploy.py index c4ea4815..953bca56 100644 --- a/cmdeploy/src/cmdeploy/cmdeploy.py +++ b/cmdeploy/src/cmdeploy/cmdeploy.py @@ -84,6 +84,15 @@ def run_cmd_options(parser): add_ssh_host_option(parser) +def _warn_unused_settings(unused_keys, out): + if unused_keys: + names = ", ".join(unused_keys) + out.red( + f"WARNING: chatmail.ini contains settings that have no effect: {names}\n" + "Please remove them from chatmail.ini." + ) + + def run_cmd(args, out): """Deploy chatmail services on the remote server.""" @@ -125,6 +134,7 @@ def run_cmd(args, out): out.green("Deploy completed.") else: out.green("Deploy completed, call `cmdeploy dns` next.") + _warn_unused_settings(args.config.unused_keys, out) return 0 except subprocess.CalledProcessError: out.red("Deploy failed")