Reject unencrypted incoming mail (#538)

* draft blocking of incoming non-encrypted mail * create a new enforceE2EE file in address dirs by default and only accept incoming cleartext file if the enforceE2EE file is missing * Update cmdeploy/src/cmdeploy/service/filtermail.service.f Co-authored-by: l <link2xt@testrun.org> * fix benchmark so they setup encryption * hack around limitations of aiosmtpd's handliung of RCPTO options * add tests, and split incoming/outgoing handlers for clarity * document mailbox directory structure, some streamlining of features/E2EE in intro * use SMTP response code "523 Encryption Needed" * filtermail: care for the case that the recipient does not exist Co-authored-by: missytake <missytake@systemli.org> * Update chatmaild/src/chatmaild/filtermail.py Co-authored-by: l <link2xt@testrun.org> * Update chatmaild/src/chatmaild/filtermail.py Co-authored-by: l <link2xt@testrun.org> * remove debug info print * ensure multipart/report type for mailer-daemon messages * Allow sending out Autocrypt Setup Messages --------- Co-authored-by: l <link2xt@testrun.org> Co-authored-by: missytake <missytake@systemli.org>
2026-05-10 16:04:37 +00:00 · 2025-04-01 20:52:43 +02:00
parent 194030a456
commit c4f0146e16
17 changed files with 358 additions and 42 deletions
--- a/README.md
+++ b/README.md
@@ -1,20 +1,23 @@

 <img width="800px" src="www/src/collage-top.png"/>

-# Chatmail servers for secure instant messaging 
+# Chatmail servers for end-to-end encrypted instant messaging 

-Chatmail servers are interoperable email routing machines optimized for:
+Chatmail servers are interoperable e-mail routing machines optimized for 

 - **Convenience:** Low friction instant onboarding

 - **Privacy:** No name, phone numbers,  email required or collected 
+
+- **End-to-End Encryption enforced**: only OpenPGP messages with metadata minimization allowed 
+
 - **Instant:** Privacy-preserving push notifications for Apple, Google, and Huawei

 - **Speed:** Message delivery in well under a second.

- **Security:** Strict TLS, DKIM and OpenPGP with metadata-minimization rules enforced.
+- **Transport Security:** Strict TLS and DKIM enforced. 

- **Reliability:** No spam or IP reputation checks, rate-limits suitable for realtime chats.
+- **Reliability:** No spam or IP reputation checks; rate-limits are suitable for realtime chats.

 - **Efficiency:** Messages are only stored for transit and removed automatically.

@@ -191,9 +194,9 @@ A short overview:
  to authenticate users
  to send mails for them.

- [`filtermail`](https://github.com/chatmail/server/blob/main/chatmaild/src/chatmaild/filtermail.py) prevents
-  unencrypted email from leaving the chatmail service
-  and is integrated into Postfix's outbound mail pipelines.
+- [`filtermail`](https://github.com/chatmail/server/blob/main/chatmaild/src/chatmaild/filtermail.py) 
+  prevents unencrypted email from leaving or entering the chatmail service
+  and is integrated into Postfix's outbound and inbound mail pipelines.

 - [`chatmail-metadata`](https://github.com/chatmail/server/blob/main/chatmaild/src/chatmaild/metadata.py) is contacted by a
  [dovecot lua script](https://github.com/chatmail/server/blob/main/cmdeploy/src/cmdeploy/dovecot/push_notification.lua)
@@ -237,7 +240,6 @@ by the according markdown `.md` file in the `www/src` directory.

 ### Refining the web pages

-
 ```
 scripts/cmdeploy webdev
 ```
@@ -252,6 +254,23 @@ This starts a local live development cycle for chatmail web pages:

 - Starts a browser window automatically where you can "refresh" as needed.

+## Mailbox directory layout
+
+Fresh chatmail server addresses have a mailbox directory that contains: 
+
+- a `password` file with the salted password required for authenticating
+  whether a login may use the address to send/receive messages. 
+  If you modify the password file manually, you effectively block the user. 
+
+- `enforceE2EEincoming` is a default-created file with each address. 
+  If present the file indicates that this chatmail address rejects incoming cleartext messages.
+  If absent the address accepts incoming cleartext messages. 
+
+- `dovecot*`, `cur`, `new` and `tmp` represent IMAP/mailbox state. 
+  If the address is only used by one device, the Maildir directories
+  will typically be empty unless the user of that address hasn't been online 
+  for a while. 
+

 ## Emergency Commands to disable automatic account creation