fixup after testing on nine:

- don't remove large files already after 7 days if they are in the "new/" folder
- report which mailbox is being checked so that "journalctl -u
  chatmail-expire.service" provides sufficient output for checking
- don't trigger expiry or fsreport services during cmdeploy-run but run it from timer only

.github/ISSUE_TEMPLATE/config.yml

@@ -1 +1,5 @@
 blank_issues_enabled: true
+contact_links:
+  - name: Mutual Help Chat Group
+    url: https://i.delta.chat/#6CBFF8FFD505C0FDEA20A66674F2916EA8FBEE99&a=invitebot%40nine.testrun.org&g=Chatmail%20Mutual%20Help&x=7sFF7Ik50pWv6J1z7RVC5527&i=X69wTFfvCfs3d-JzqP0kVA3i&s=ibp-447dU-wUq-52QanwAtWc
+    about: If you have troubles setting up the relay server, feel free to ask here.

CHANGELOG.md

@@ -2,15 +2,6 @@
 
 ## untagged
 
-- acmetool: use ECDSA keys instead of RSA
-  ([#689](https://github.com/chatmail/relay/pull/689))
-
-- Require TLS 1.2 for outgoing SMTP connections
-  ([#685](https://github.com/chatmail/relay/pull/685))
-
-- require STARTTLS for incoming port 25 connections
-  ([#684](https://github.com/chatmail/relay/pull/684))
-
 - filtermail: run CPU-intensive handle_DATA in a thread pool executor
   ([#676](https://github.com/chatmail/relay/pull/676))
 
@@ -30,7 +21,7 @@
   ([#650](https://github.com/chatmail/relay/pull/650))
 
 - filtermail: accept mails from Protonmail
-  ([#616](https://github.com/chatmail/relay/pull/616))
+  ([#616](https://github.com/chatmail/relay/pull/655))
 
 - Ignore all RCPT TO: parameters
   ([#651](https://github.com/chatmail/relay/pull/651))
@@ -63,7 +54,7 @@
   to only do a single iteration over sometimes millions of messages
   instead of doing "find" commands that iterate 9 times over the messages. 
   Provide an "fsreport" CLI for more fine grained analysis of message files. 
-  ([#637](https://github.com/chatmail/relay/pull/637))
+  ([#637](https://github.com/chatmail/relay/pull/632))
 
 
 ## 1.7.0 2025-09-11

README.md

@@ -180,10 +180,6 @@ The components of chatmail are:
 - [Iroh relay](https://www.iroh.computer/docs/concepts/relay) 
   which helps client devices to establish Peer-to-Peer connections 
 
-- [TURN](https://github.com/chatmail/chatmail-turn)
-  to enable relay users to start webRTC calls
-  even if a p2p connection can't be established
-
 - and the chatmaild services, explained in the next section:
 
 ### chatmaild
@@ -308,8 +304,6 @@ Chatmail address creation will be denied while this file is present.
 [Nginx](https://www.nginx.com/) listens on port 8443 (HTTPS-ALT) and 443 (HTTPS).
 Port 443 multiplexes HTTPS, IMAP and SMTP using ALPN to redirect connections to ports 8443, 465 or 993.
 [acmetool](https://hlandau.github.io/acmetool/) listens on port 80 (HTTP).
-[chatmail-turn](https://github.com/chatmail/chatmail-turn) listens on UDP port 3478 (STUN/TURN),
-and temporarily opens UDP ports when users request them. UDP port range is not restricted, any free port may be allocated.
 
 chatmail-core based apps will, however, discover all ports and configurations
 automatically by reading the [autoconfig XML file](https://www.ietf.org/archive/id/draft-bucksch-autoconfig-00.html) from the chatmail relay server.

chatmaild/src/chatmaild/expire.py

@@ -22,30 +22,11 @@ def iter_mailboxes(basedir, maxnum):
         print_info(f"no mailboxes found at: {basedir}")
         return
 
-    for name in os_listdir_if_exists(basedir)[:maxnum]:
+    for name in os.listdir(basedir)[:maxnum]:
         if "@" in name:
             yield MailboxStat(basedir + "/" + name)
 
 
-def get_file_entry(path):
-    """return a FileEntry or None if the path does not exist or is not a regular file."""
-    try:
-        st = os.stat(path)
-    except FileNotFoundError:
-        return None
-    if not S_ISREG(st.st_mode):
-        return None
-    return FileEntry(path, st.st_mtime, st.st_size)
-
-
-def os_listdir_if_exists(path):
-    """return a list of names obtained from os.listdir or an empty list if the path does not exist."""
-    try:
-        return os.listdir(path)
-    except FileNotFoundError:
-        return []
-
-
 class MailboxStat:
     last_login = None
 
@@ -59,23 +40,19 @@ class MailboxStat:
 
         # scan all relevant files (without recursion)
         old_cwd = os.getcwd()
-        try:
-            os.chdir(self.basedir)
-        except FileNotFoundError:
-            return
-        for name in os_listdir_if_exists("."):
+        os.chdir(self.basedir)
+        for name in os.listdir("."):
             if name in ("cur", "new", "tmp"):
-                for msg_name in os_listdir_if_exists(name):
-                    entry = get_file_entry(f"{name}/{msg_name}")
-                    if entry is not None:
-                        self.messages.append(entry)
-
+                for msg_name in os.listdir(name):
+                    relpath = name + "/" + msg_name
+                    st = os.stat(relpath)
+                    self.messages.append(FileEntry(relpath, st.st_mtime, st.st_size))
             else:
-                entry = get_file_entry(name)
-                if entry is not None:
-                    self.extrafiles.append(entry)
+                st = os.stat(name)
+                if S_ISREG(st.st_mode):
+                    self.extrafiles.append(FileEntry(name, st.st_mtime, st.st_size))
                     if name == "password":
-                        self.last_login = entry.mtime
+                        self.last_login = st.st_mtime
         self.extrafiles.sort(key=lambda x: -x.size)
         os.chdir(old_cwd)
 
@@ -103,13 +80,9 @@ class Expiry:
             shutil.rmtree(mboxdir)
         self.del_mboxes += 1
 
-    def remove_file(self, path, mtime=None):
+    def remove_file(self, path):
         if self.verbose:
-            if mtime is not None:
-                date = datetime.fromtimestamp(mtime).strftime("%b %d")
-                print_info(f"removing {date} {path}")
-            else:
-                print_info(f"removing {path}")
+            print_info(f"removing {path}")
         if not self.dry:
             try:
                 os.unlink(path)
@@ -131,27 +104,18 @@ class Expiry:
             return
 
         # all to-be-removed files are relative to the mailbox basedir
-        try:
-            os.chdir(mbox.basedir)
-        except FileNotFoundError:
-            print_info(f"mailbox not found/vanished {mbox.basedir}")
-            return
-
+        os.chdir(mbox.basedir)
         mboxname = os.path.basename(mbox.basedir)
         if self.verbose:
-            date = datetime.fromtimestamp(mbox.last_login) if mbox.last_login else None
-            if date:
-                print_info(f"checking mailbox {date.strftime('%b %d')} {mboxname}")
-            else:
-                print_info(f"checking mailbox (no last_login) {mboxname}")
+            print_info(f"checking for mailbox messages in: {mboxname}")
         self.all_files += len(mbox.messages)
         for message in mbox.messages:
             if message.mtime < cutoff_mails:
-                self.remove_file(message.relpath, mtime=message.mtime)
+                self.remove_file(message.relpath)
             elif message.size > 200000 and message.mtime < cutoff_large_mails:
                 # we only remove noticed large files (not unnoticed ones in new/)
                 if message.relpath.startswith("cur/"):
-                    self.remove_file(message.relpath, mtime=message.mtime)
+                    self.remove_file(message.relpath)
             else:
                 continue
             changed = True

chatmaild/src/chatmaild/tests/test_expire.py

@@ -6,13 +6,7 @@ from pathlib import Path
 
 import pytest
 
-from chatmaild.expire import (
-    FileEntry,
-    MailboxStat,
-    get_file_entry,
-    iter_mailboxes,
-    os_listdir_if_exists,
-)
+from chatmaild.expire import FileEntry, MailboxStat, iter_mailboxes
 from chatmaild.expire import main as expiry_main
 from chatmaild.fsreport import main as report_main
 
@@ -133,18 +127,3 @@ def test_expiry_cli_old_files(capsys, example_config, mbox1):
                 pytest.fail(f"failed to remove {path}\n{err}")
 
     assert "shouldstay" not in err
-
-
-def test_get_file_entry(tmp_path):
-    assert get_file_entry(str(tmp_path.joinpath("123123"))) is None
-    p = tmp_path.joinpath("x")
-    p.write_text("hello")
-    entry = get_file_entry(str(p))
-    assert entry.size == 5
-    assert entry.mtime
-
-
-def test_os_listdir_if_exists(tmp_path):
-    tmp_path.joinpath("x").write_text("hello")
-    assert len(os_listdir_if_exists(str(tmp_path))) == 1
-    assert len(os_listdir_if_exists(str(tmp_path.joinpath("123123")))) == 0

chatmaild/src/chatmaild/turnserver.py

@@ -6,4 +6,4 @@ def turn_credentials() -> str:
     with socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) as client_socket:
         client_socket.connect("/run/chatmail-turn/turn.socket")
         with client_socket.makefile("rb") as file:
-            return file.readline().decode("utf-8").strip()
+            return file.readline().decode("utf-8")

cmdeploy/src/cmdeploy/__init__.py

@@ -338,9 +338,9 @@ def _install_dovecot_package(package: str, arch: str):
 
     match (package, arch):
         case ("core", "amd64"):
-            sha256 = "dd060706f52a306fa863d874717210b9fe10536c824afe1790eec247ded5b27d"
+            sha256 = "43f593332e22ac7701c62d58b575d2ca409e0f64857a2803be886c22860f5587"
         case ("core", "arm64"):
-            sha256 = "e7548e8a82929722e973629ecc40fcfa886894cef3db88f23535149e7f730dc9"
+            sha256 = "4d21eba1a83f51c100f08f2e49f0c9f8f52f721ebc34f75018e043306da993a7"
         case ("imapd", "amd64"):
             sha256 = "8d8dc6fc00bbb6cdb25d345844f41ce2f1c53f764b79a838eb2a03103eebfa86"
         case ("imapd", "arm64"):
@@ -681,7 +681,7 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
     check_config(config)
     mail_domain = config.mail_domain
 
-    from .www import build_webpages, find_merge_conflict, get_paths
+    from .www import build_webpages, get_paths
 
     server.group(name="Create vmail group", group="vmail", system=True)
     server.user(name="Create vmail user", user="vmail", group="vmail", system=True)
@@ -823,8 +823,6 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
     # if www_folder was set to a non-existing folder, skip upload
     if not www_path.is_dir():
         logger.warning("Building web pages is disabled in chatmail.ini, skipping")
-    elif (path := find_merge_conflict(src_dir)) is not None:
-        logger.warning(f"Merge conflict found in {path}, skipping")
     else:
         # if www_folder is a hugo page, build it
         if build_dir:

cmdeploy/src/cmdeploy/acmetool/target.yaml.j2

@@ -1,8 +1,7 @@
 request:
   provider: https://acme-v02.api.letsencrypt.org/directory
   key:
-    type: ecdsa
-    ecdsa-curve: nistp256
+    type: rsa
   challenge:
     webroot-paths:
     - /var/www/html/.well-known/acme-challenge

cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2

@@ -70,12 +70,6 @@ userdb {
 # Mailboxes are stored in the "mail" directory of the vmail user home.
 mail_location = maildir:{{ config.mailboxes_dir }}/%u
 
-# index/cache files are not very useful for chatmail relay operations 
-# but it's not clear how to disable them completely. 
-# According to https://doc.dovecot.org/2.3/settings/advanced/#core_setting-mail_cache_max_size
-# if the cache file becomes larger than the specified size, it is truncated by dovecot 
-mail_cache_max_size = 500K
-
 namespace inbox {
   inbox = yes
 

cmdeploy/src/cmdeploy/postfix/main.cf.j2

@@ -26,7 +26,6 @@ smtp_tls_security_level=verify
 smtp_tls_servername = hostname
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 smtp_tls_policy_maps = inline:{nauta.cu=may}
-smtp_tls_protocols = >=TLSv1.2
 smtpd_tls_protocols = >=TLSv1.2
 
 # Disable anonymous cipher suites

cmdeploy/src/cmdeploy/postfix/master.cf.j2

@@ -14,7 +14,6 @@ smtp      inet  n       -       y       -       -       smtpd -v
 {%- else %}
 smtp      inet  n       -       y       -       -       smtpd 
 {%- endif %}
-  -o smtpd_tls_security_level=encrypt
   -o smtpd_proxy_filter=127.0.0.1:{{ config.filtermail_smtp_port_incoming }}
 submission inet n       -       y       -       5000    smtpd
   -o syslog_name=postfix/submission

cmdeploy/src/cmdeploy/tests/online/benchmark.py

@@ -37,7 +37,7 @@ class TestDC:
 
     def test_ping_pong(self, benchmark, cmfactory):
         ac1, ac2 = cmfactory.get_online_accounts(2)
-        chat = cmfactory.get_accepted_chat(ac1, ac2)
+        chat = cmfactory.get_protected_chat(ac1, ac2)
 
         def dc_ping_pong():
             chat.send_text("ping")
@@ -49,7 +49,7 @@ class TestDC:
 
     def test_send_10_receive_10(self, benchmark, cmfactory, lp):
         ac1, ac2 = cmfactory.get_online_accounts(2)
-        chat = cmfactory.get_accepted_chat(ac1, ac2)
+        chat = cmfactory.get_protected_chat(ac1, ac2)
 
         def dc_send_10_receive_10():
             for i in range(10):

cmdeploy/src/cmdeploy/tests/online/test_0_login.py

@@ -1,5 +1,5 @@
 import queue
-import smtplib
+import socket
 import threading
 
 import pytest
@@ -91,23 +91,25 @@ def test_concurrent_logins_same_account(
 
 def test_no_vrfy(chatmail_config):
     domain = chatmail_config.mail_domain
-
-    s = smtplib.SMTP(domain)
-    s.starttls()
-
-    s.putcmd("vrfy", f"wrongaddress@{chatmail_config.mail_domain}")
-    result = s.getreply()
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    sock.settimeout(10)
+    try:
+        sock.connect((domain, 25))
+    except socket.timeout:
+        pytest.skip(f"port 25 not reachable for {domain}")
+    banner = sock.recv(1024)
+    print(banner)
+    sock.send(b"VRFY wrongaddress@%s\r\n" % (chatmail_config.mail_domain.encode(),))
+    result = sock.recv(1024)
     print(result)
-    s.putcmd("vrfy", f"echo@{chatmail_config.mail_domain}")
-    result2 = s.getreply()
+    sock.send(b"VRFY echo@%s\r\n" % (chatmail_config.mail_domain.encode(),))
+    result2 = sock.recv(1024)
     print(result2)
-    assert result[0] == result2[0] == 252
-    assert result[1][0:6] == result2[1][0:6] == b"2.0.0 "
-    s.putcmd("vrfy", "wrongaddress")
-    result = s.getreply()
+    assert result[0:10] == result2[0:10]
+    sock.send(b"VRFY wrongaddress\r\n")
+    result = sock.recv(1024)
     print(result)
-    s.putcmd("vrfy", "echo")
-    result2 = s.getreply()
+    sock.send(b"VRFY echo\r\n")
+    result2 = sock.recv(1024)
     print(result2)
-    assert result[0] == result2[0] == 252
-    assert result[1][0:6] == result2[1][0:6] == b"2.0.0 "
+    assert result[0:10] == result2[0:10] == b"252 2.0.0 "

cmdeploy/src/cmdeploy/tests/online/test_1_basic.py

@@ -143,7 +143,6 @@ def test_reject_missing_dkim(cmsetup, maildata, from_addr):
         "encrypted.eml", from_addr=from_addr, to_addr=recipient.addr
     ).as_string()
     conn = smtplib.SMTP(cmsetup.maildomain, 25, timeout=10)
-    conn.starttls()
 
     with conn as s:
         with pytest.raises(smtplib.SMTPDataError, match="No valid DKIM signature"):

cmdeploy/src/cmdeploy/tests/online/test_2_deltachat.py

@@ -56,7 +56,7 @@ class TestEndToEndDeltaChat:
         """Test that a DC account can send a message to a second DC account
         on the same chat-mail instance."""
         ac1, ac2 = cmfactory.get_online_accounts(2)
-        chat = cmfactory.get_accepted_chat(ac1, ac2)
+        chat = cmfactory.get_protected_chat(ac1, ac2)
         chat.send_text("message0")
 
         lp.sec("wait for ac2 to receive message")
@@ -70,7 +70,7 @@ class TestEndToEndDeltaChat:
         before quota is exceeded, and thus depends on the speed of the upload.
         """
         ac1, ac2 = cmfactory.get_online_accounts(2)
-        chat = cmfactory.get_accepted_chat(ac1, ac2)
+        chat = cmfactory.get_protected_chat(ac1, ac2)
 
         user = ac2.get_config("configured_addr")
 
@@ -153,7 +153,7 @@ def test_hide_senders_ip_address(cmfactory):
     assert ipaddress.ip_address(public_ip)
 
     user1, user2 = cmfactory.get_online_accounts(2)
-    chat = cmfactory.get_accepted_chat(user1, user2)
+    chat = cmfactory.get_protected_chat(user1, user2)
 
     chat.send_text("testing submission header cleanup")
     user2._evtracker.wait_next_incoming_message()

cmdeploy/src/cmdeploy/www.py

@@ -4,7 +4,6 @@ import time
 import traceback
 import webbrowser
 from pathlib import Path
-import re
 
 import markdown
 from chatmaild.config import read_config
@@ -13,9 +12,6 @@ from jinja2 import Template
 from .genqr import gen_qr_png_data
 
 
-_MERGE_CONFLICT_RE = re.compile(r"^<<<<<<<.+^=======.+^>>>>>>>", re.DOTALL | re.MULTILINE)
-
-
 def snapshot_dir_stats(somedir):
     d = {}
     for path in somedir.iterdir():
@@ -120,17 +116,6 @@ def _build_webpages(src_dir, build_dir, config):
     return build_dir
 
 
-def find_merge_conflict(src_dir) -> Path:
-    assert src_dir.exists(), src_dir
-    result = None
-    for path in src_dir.iterdir():
-        if path.suffix in [".css", ".html", ".md"]:
-            if _MERGE_CONFLICT_RE.search(path.read_text()):
-                result = path
-                break
-    return result
-
-
 def main():
     path = importlib.resources.files(__package__)
     reporoot = path.joinpath("../../../").resolve()

www/src/page-layout.html

@@ -9,11 +9,7 @@
     <title>{{ config.mail_domain }} {{ pagename }}</title>
     <link rel="stylesheet" href="./main.css">
     <link rel="icon" href="/logo.svg">
-<<<<<<< HEAD
-    <link rel="mask-icon" href="/logo.svg" color="#000000">
-=======
-    <link rel=”mask-icon” href=”/logo.svg” color=”#000001">
->>>>>>> 2da7de8 (make logo slightly brighter)
+    <link rel=”mask-icon” href=”/logo.svg” color=”#000000">
 </head>
 <body>