add a test for imap capabilities offered from chatmail

add chatmail entry
add XCHATMAIL marker
2026-05-11 16:34:39 +00:00 · 2024-05-06 15:59:35 +02:00 · 2024-05-06 14:32:24 +02:00 · 2024-05-06 14:31:46 +02:00 · 2024-05-05 21:21:06 +00:00 · 2024-05-05 15:25:44 +00:00
7 changed files with 86 additions and 13 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,12 @@

 ## untagged

+- Emit "XCHATMAIL" capability from IMAP server 
+  ([#278](https://github.com/deltachat/chatmail/pull/278))
+
+- Move echobot `into /var/lib/echobot`
+  ([#281](https://github.com/deltachat/chatmail/pull/281))
+
 - Accept Let's Encrypt's new Terms of Services
  ([#275](https://github.com/deltachat/chatmail/pull/276))

--- a/chatmaild/src/chatmaild/doveauth.py
+++ b/chatmaild/src/chatmaild/doveauth.py
@@ -4,6 +4,7 @@ import time
 import sys
 import json
 import crypt
+from pathlib import Path
 from socketserver import (
    UnixStreamServer,
    StreamRequestHandler,
@@ -45,23 +46,32 @@ def is_allowed_to_create(config: Config, user, cleartext_password) -> bool:
        return False
    localpart, domain = parts

+    if localpart == "echo":
+        # echobot account should not be created in the database
+        return False
+
    if (
        len(localpart) > config.username_max_length
        or len(localpart) < config.username_min_length
    ):
-        if localpart != "echo":
-            logging.warning(
-                "localpart %s has to be between %s and %s chars long",
-                localpart,
-                config.username_min_length,
-                config.username_max_length,
-            )
-            return False
+        logging.warning(
+            "localpart %s has to be between %s and %s chars long",
+            localpart,
+            config.username_min_length,
+            config.username_max_length,
+        )

    return True


 def get_user_data(db, config: Config, user):
+    if user == f"echo@{config.mail_domain}":
+        return dict(
+            home=f"/home/vmail/mail/{config.mail_domain}/echo@{config.mail_domain}",
+            uid="vmail",
+            gid="vmail",
+        )
+
    with db.read_connection() as conn:
        result = conn.get_user(user)
    if result:
@@ -76,6 +86,21 @@ def lookup_userdb(db, config: Config, user):


 def lookup_passdb(db, config: Config, user, cleartext_password):
+    if user == f"echo@{config.mail_domain}":
+        # Echobot writes password it wants to log in with into /run/echobot/password
+        try:
+            password = Path("/run/echobot/password").read_text()
+        except Exception:
+            logging.exception("Exception when trying to read /run/echobot/password")
+            return None
+
+        return dict(
+            home=f"/home/vmail/mail/{config.mail_domain}/echo@{config.mail_domain}",
+            uid="vmail",
+            gid="vmail",
+            password=encrypt_password(password),
+        )
+
    with db.write_transaction() as conn:
        userdata = conn.get_user(user)
        if userdata:
--- a/chatmaild/src/chatmaild/echo.py
+++ b/chatmaild/src/chatmaild/echo.py
@@ -3,14 +3,17 @@

 it will echo back any message that has non-empty text and also supports the /help command.
 """
+
 import logging
 import os
 import sys
+import subprocess

 from deltachat_rpc_client import Bot, DeltaChat, EventType, Rpc, events
+from pathlib import Path

-from chatmaild.newemail import create_newemail_dict
 from chatmaild.config import read_config
+from chatmaild.newemail import create_newemail_dict

 hooks = events.HookCollection()

@@ -75,9 +78,23 @@ def main():
        account = accounts[0] if accounts else deltachat.add_account()

        bot = Bot(account, hooks)
+
+        config = read_config(sys.argv[1])
+
+        # Create password file
+        if bot.is_configured():
+            password = bot.account.get_config("mail_pw")
+        else:
+            password = create_newemail_dict(config)["password"]
+        Path("/run/echobot/password").write_text(password)
+
+        # Give the user which doveauth runs as access to the password file.
+        subprocess.run(
+            ["/usr/bin/setfacl", "-m", "user:vmail:r", "/run/echobot/password"],
+            check=True,
+        )
+
        if not bot.is_configured():
-            config = read_config(sys.argv[1])
-            password = create_newemail_dict(config).get("password")
            email = "echo@" + config.mail_domain
            bot.configure(email, password)
        bot.run_forever()
--- a/cmdeploy/src/cmdeploy/init.py
+++ b/cmdeploy/src/cmdeploy/init.py
@@ -477,6 +477,7 @@ def deploy_chatmail(config_path: Path) -> None:
        groups=["opendkim"],
        system=True,
    )
+    server.user(name="Create echobot user", user="echobot", system=True)

    server.shell(
        name="Fix file owner in /home/vmail",
--- a/cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2
+++ b/cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2
@@ -27,7 +27,7 @@ mail_plugins = quota
 # these are the capabilities Delta Chat cares about actually 
 # so let's keep the network overhead per login small
 # https://github.com/deltachat/deltachat-core-rust/blob/master/src/imap/capabilities.rs
-imap_capability = IMAP4rev1 IDLE MOVE QUOTA CONDSTORE NOTIFY METADATA XDELTAPUSH
+imap_capability = IMAP4rev1 IDLE MOVE QUOTA CONDSTORE NOTIFY METADATA XDELTAPUSH XCHATMAIL


 # Authentication for system users.
--- a/cmdeploy/src/cmdeploy/service/echobot.service.f
+++ b/cmdeploy/src/cmdeploy/service/echobot.service.f
@@ -7,6 +7,20 @@ Environment="PATH={remote_venv_dir}:$PATH"
 Restart=always
 RestartSec=30

+User=echobot
+Group=echobot
+
+# Create /var/lib/echobot
+StateDirectory=echobot
+
+# Create /run/echobot
+#
+# echobot stores /run/echobot/password
+# with a password there, which doveauth then reads.
+RuntimeDirectory=echobot
+
+WorkingDirectory=/var/lib/echobot
+
 # Apply security restrictions suggested by
 #   systemd-analyze security echobot.service
 CapabilityBoundingSet=
@@ -16,7 +30,10 @@ NoNewPrivileges=true
 PrivateDevices=true
 PrivateMounts=true
 PrivateTmp=true
-PrivateUsers=true
+
+# We need to know about doveauth user to give it access to /run/echobot/password
+PrivateUsers=false
+
 ProtectClock=true
 ProtectControlGroups=true
 ProtectHostname=true
--- a/cmdeploy/src/cmdeploy/tests/online/test_0_login.py
+++ b/cmdeploy/src/cmdeploy/tests/online/test_0_login.py
@@ -14,6 +14,13 @@ def test_init(tmp_path, maildomain):
    assert config.mail_domain == maildomain


+def test_capabilities(imap):
+    imap.connect()
+    capas = imap.conn.capabilities
+    assert "XCHATMAIL" in capas
+    assert "XDELTAPUSH" in capas
+
+
 def test_login_basic_functioning(imap_or_smtp, gencreds, lp):
    """Test a) that an initial login creates a user automatically
    and b) verify we can also login a second time with the same password
Author	SHA1	Message	Date
holger krekel	3fe29be4d9	add a test for imap capabilities offered from chatmail	2024-05-06 15:59:35 +02:00
holger krekel	2ffce508bd	add chatmail entry	2024-05-06 14:32:24 +02:00
holger krekel	49b4bad8c3	add XCHATMAIL marker	2024-05-06 14:31:46 +02:00
link2xt	462e92cca0	Add changelog entry for 281	2024-05-05 21:21:06 +00:00
link2xt	e1b1a945b1	Authenticate echobot by passing /run/echobot/password to doveauth	2024-05-05 15:25:44 +00:00
link2xt	0493e27312	Move echobot into /var/lib/echobot	2024-05-05 15:25:44 +00:00
link2xt	e4f8c78efe	Merge pull request #276 from deltachat/acmetool-tos acmetool: accept new terms of services	2024-05-02 13:29:28 +00:00