doc: add changelog

CHANGELOG.md

@@ -2,19 +2,9 @@
 
 ## untagged
 
-
-## 1.6.0 2025-04-11
-
-- Handle Port-25 connect errors more gracefully (common with VPNs)
-  ([#552](https://github.com/chatmail/relay/pull/552))
-
 - Avoid "acmetool not found" during initial run
   ([#550](https://github.com/chatmail/relay/pull/550))
 
-- Fix timezone handling such that client/servers do not need to use
-  same timezone. 
-  ([#553](https://github.com/chatmail/relay/pull/553))
-
 - Enforce end-to-end encryption for incoming messages. 
   New user address mailboxes now get a `enforceE2EEincoming` file 
   which prohibits incoming cleartext messages from other domains. 
@@ -27,12 +17,6 @@
 - Enforce end-to-end encryption between local addresses 
   ([#535](https://github.com/chatmail/server/pull/535))
 
-- unbound: check that port 53 is not occupied by a different process
-  ([#537](https://github.com/chatmail/server/pull/537))
-
-- unbound: before unbound is there, use 9.9.9.9 for resolving
-  ([#518](https://github.com/chatmail/relay/pull/518))
-
 - Limit the bind for the HTTPS server on 8443 to 127.0.0.1 
   ([#522](https://github.com/chatmail/server/pull/522))
   ([#532](https://github.com/chatmail/server/pull/532))

cmdeploy/src/cmdeploy/__init__.py

@@ -11,7 +11,6 @@ from pathlib import Path
 
 from chatmaild.config import Config, read_config
 from pyinfra import facts, host
-from pyinfra.api import FactBase
 from pyinfra.facts.files import File
 from pyinfra.facts.systemd import SystemdEnabled
 from pyinfra.operations import apt, files, pip, server, systemd
@@ -19,21 +18,6 @@ from pyinfra.operations import apt, files, pip, server, systemd
 from .acmetool import deploy_acmetool
 
 
-class Port(FactBase):
-    """
-    Returns the process occuping a port.
-    """
-
-    def command(self, port: int) -> str:
-        return (
-            "ss -lptn 'src :%d' | awk 'NR>1 {print $6,$7}' | sed 's/users:((\"//;s/\".*//'"
-            % (port,)
-        )
-
-    def process(self, output: [str]) -> str:
-        return output[0]
-
-
 def _build_chatmaild(dist_dir) -> None:
     dist_dir = Path(dist_dir).resolve()
     if dist_dir.exists():
@@ -246,6 +230,7 @@ def _configure_opendkim(domain: str, dkim_selector: str = "dkim") -> bool:
     )
     need_restart |= service_file.changed
 
+
     return need_restart
 
 
@@ -592,12 +577,6 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
         ensure_newline=True,
     )
 
-    if host.get_fact(Port, port=53) != "unbound":
-        files.line(
-            name="Add 9.9.9.9 to resolv.conf",
-            path="/etc/resolv.conf",
-            line="nameserver 9.9.9.9",
-        )
     apt.update(name="apt update", cache_time=24 * 3600)
     apt.upgrade(name="upgrade apt packages", auto_remove=True)
 
@@ -609,12 +588,6 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
     # Run local DNS resolver `unbound`.
     # `resolvconf` takes care of setting up /etc/resolv.conf
     # to use 127.0.0.1 as the resolver.
-    from cmdeploy.cmdeploy import Out
-
-    process_on_53 = host.get_fact(Port, port=53)
-    if process_on_53 not in (None, "unbound"):
-        Out().red(f"Can't install unbound: port 53 is occupied by: {process_on_53}")
-        exit(1)
     apt.packages(
         name="Install unbound",
         packages=["unbound", "unbound-anchor", "dnsutils"],

cmdeploy/src/cmdeploy/cmdeploy.py

@@ -86,19 +86,15 @@ def run_cmd(args, out):
         out.red("Please re-run scripts/initenv.sh to update pyinfra to version 3.")
         return 1
 
-    try:
+    retcode = out.check_call(cmd, env=env)
-        retcode = out.check_call(cmd, env=env)
+    if retcode == 0:
-        if retcode == 0:
+        out.green("Deploy completed, call `cmdeploy dns` next.")
-            out.green("Deploy completed, call `cmdeploy dns` next.")
+    elif not remote_data["acme_account_url"]:
-        elif not remote_data["acme_account_url"]:
+        out.red("Deploy completed but letsencrypt not configured")
-            out.red("Deploy completed but letsencrypt not configured")
+        out.red("Run 'cmdeploy run' again")
-            out.red("Run 'cmdeploy run' again")
+        retcode = 0
-            retcode = 0
+    else:
-        else:
-            out.red("Deploy failed")
-    except subprocess.CalledProcessError:
         out.red("Deploy failed")
-        retcode = 1
     return retcode
 
 

cmdeploy/src/cmdeploy/tests/online/test_0_login.py

@@ -90,13 +90,8 @@ def test_concurrent_logins_same_account(
 
 
 def test_no_vrfy(chatmail_config):
-    domain = chatmail_config.mail_domain
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    sock.settimeout(10)
+    sock.connect((chatmail_config.mail_domain, 25))
-    try:
-        sock.connect((domain, 25))
-    except socket.timeout:
-        pytest.skip(f"port 25 not reachable for {domain}")
     banner = sock.recv(1024)
     print(banner)
     sock.send(b"VRFY wrongaddress@%s\r\n" % (chatmail_config.mail_domain.encode(),))

cmdeploy/src/cmdeploy/tests/online/test_1_basic.py

@@ -55,12 +55,11 @@ class TestSSHExecutor:
 
     def test_opendkim_restarted(self, sshexec):
         """check that opendkim is not running for longer than a day."""
-        cmd = "systemctl show opendkim --timestamp=utc --property=ActiveEnterTimestamp"
+        out = sshexec(call=remote.rshell.shell, kwargs=dict(command="systemctl status opendkim"))
-        out = sshexec(call=remote.rshell.shell, kwargs=dict(command=cmd))
+        assert type(out) == str
-        datestring = out.split("=")[1]
+        since_date_str = out.split("since ")[1].split(";")[0]
-        since_date = datetime.datetime.strptime(datestring, "%a %Y-%m-%d %H:%M:%S %Z")
+        since_date = datetime.datetime.strptime(since_date_str, "%a %Y-%m-%d %H:%M:%S %Z")
-        now = datetime.datetime.now(since_date.tzinfo)
+        assert (datetime.datetime.now() - since_date).total_seconds() < 60 * 60 * 24
-        assert (now - since_date).total_seconds() < 60 * 60 * 51
 
 
 def test_remote(remote, imap_or_smtp):
@@ -119,12 +118,7 @@ def test_authenticated_from(cmsetup, maildata):
 def test_reject_missing_dkim(cmsetup, maildata, from_addr):
     recipient = cmsetup.gen_users(1)[0]
     msg = maildata("encrypted.eml", from_addr=from_addr, to_addr=recipient.addr).as_string()
-    try:
+    with smtplib.SMTP(cmsetup.maildomain, 25) as s:
-        conn = smtplib.SMTP(cmsetup.maildomain, 25, timeout=10)
-    except TimeoutError:
-        pytest.skip(f"port 25 not reachable for {cmsetup.maildomain}")
-
-    with conn as s:
         with pytest.raises(smtplib.SMTPDataError, match="No valid DKIM signature"):
             s.sendmail(from_addr=from_addr, to_addrs=recipient.addr, msg=msg)