Remove smtp_tls_security_level exception for nauta.cu

nauta.cu MX servers don't support STARTTLS
and we have maintained this exception to allow delivery to nauta.cu.
Since nauta.cu has blocked largest chatmail relay instances,
we can remove this exception.
Even if it works today for some chatmail servers,
they will likely be blocked once the number of users grows.
Even now users from nauta.cu cannot practically participate
in groups.

chatmaild/src/chatmaild/turnserver.py

@@ -6,4 +6,4 @@ def turn_credentials() -> str:
     with socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) as client_socket:
         client_socket.connect("/run/chatmail-turn/turn.socket")
         with client_socket.makefile("rb") as file:
-            return file.readline().decode("utf-8").strip()
+            return file.readline().decode("utf-8")

cmdeploy/src/cmdeploy/postfix/main.cf.j2

@@ -25,7 +25,6 @@ smtp_tls_security_level=verify
 # <https://www.postfix.org/postconf.5.html#smtp_tls_servername>
 smtp_tls_servername = hostname
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-smtp_tls_policy_maps = inline:{nauta.cu=may}
 smtp_tls_protocols = >=TLSv1.2
 smtpd_tls_protocols = >=TLSv1.2
 

cmdeploy/src/cmdeploy/remote/rdns.py

@@ -73,7 +73,9 @@ def query_dns(typ, domain):
 
     # Query authoritative nameserver directly to bypass DNS cache.
     res = shell(f"dig @{ns} -r -q {domain} -t {typ} +short", print=log_progress)
-    return next((line for line in res.split("\n") if not line.startswith(';')), '')
+    if res:
+        return res.split("\n")[0]
+    return ""
 
 
 def check_zonefile(zonefile, verbose=True):

cmdeploy/src/cmdeploy/tests/online/benchmark.py

@@ -37,7 +37,7 @@ class TestDC:
 
     def test_ping_pong(self, benchmark, cmfactory):
         ac1, ac2 = cmfactory.get_online_accounts(2)
-        chat = cmfactory.get_accepted_chat(ac1, ac2)
+        chat = cmfactory.get_protected_chat(ac1, ac2)
 
         def dc_ping_pong():
             chat.send_text("ping")
@@ -49,7 +49,7 @@ class TestDC:
 
     def test_send_10_receive_10(self, benchmark, cmfactory, lp):
         ac1, ac2 = cmfactory.get_online_accounts(2)
-        chat = cmfactory.get_accepted_chat(ac1, ac2)
+        chat = cmfactory.get_protected_chat(ac1, ac2)
 
         def dc_send_10_receive_10():
             for i in range(10):

cmdeploy/src/cmdeploy/tests/online/test_2_deltachat.py

@@ -56,7 +56,7 @@ class TestEndToEndDeltaChat:
         """Test that a DC account can send a message to a second DC account
         on the same chat-mail instance."""
         ac1, ac2 = cmfactory.get_online_accounts(2)
-        chat = cmfactory.get_accepted_chat(ac1, ac2)
+        chat = cmfactory.get_protected_chat(ac1, ac2)
         chat.send_text("message0")
 
         lp.sec("wait for ac2 to receive message")
@@ -70,7 +70,7 @@ class TestEndToEndDeltaChat:
         before quota is exceeded, and thus depends on the speed of the upload.
         """
         ac1, ac2 = cmfactory.get_online_accounts(2)
-        chat = cmfactory.get_accepted_chat(ac1, ac2)
+        chat = cmfactory.get_protected_chat(ac1, ac2)
 
         user = ac2.get_config("configured_addr")
 
@@ -153,7 +153,7 @@ def test_hide_senders_ip_address(cmfactory):
     assert ipaddress.ip_address(public_ip)
 
     user1, user2 = cmfactory.get_online_accounts(2)
-    chat = cmfactory.get_accepted_chat(user1, user2)
+    chat = cmfactory.get_protected_chat(user1, user2)
 
     chat.send_text("testing submission header cleanup")
     user2._evtracker.wait_next_incoming_message()

cmdeploy/src/cmdeploy/tests/test_dns.py

@@ -1,5 +1,3 @@
-from copy import deepcopy
-
 import pytest
 
 from cmdeploy import remote
@@ -10,63 +8,38 @@ from cmdeploy.dns import check_full_zone, check_initial_remote_data
 def mockdns_base(monkeypatch):
     qdict = {}
 
-    def shell(command, fail_ok=False, print=print):
-        if command.startswith("dig"):
-            if command == "dig":
-                return "."
-            if "SOA" in command:
-                return (
-                    "delta.chat. 21600 IN SOA ns1.first-ns.de. dns.hetzner.com."
-                    " 2025102800 14400 1800 604800 3600"
-                )
-            command_chunks = command.split()
-            domain, typ = command_chunks[4], command_chunks[6]
-            try:
-                return qdict[typ][domain]
-            except KeyError:
-                return ""
-        return remote.rshell.shell(command=command, fail_ok=fail_ok, print=print)
+    def query_dns(typ, domain):
+        try:
+            return qdict[typ][domain]
+        except KeyError:
+            return ""
 
-    monkeypatch.setattr(remote.rdns, shell.__name__, shell)
+    monkeypatch.setattr(remote.rdns, query_dns.__name__, query_dns)
     return qdict
 
 
 @pytest.fixture
-def mockdns_expected():
-    return {
-        "A": {"some.domain": "1.1.1.1"},
-        "AAAA": {"some.domain": "fde5:cd7a:9e1c:3240:5a99:936f:cdac:53ae"},
-        "CNAME": {
-            "mta-sts.some.domain": "some.domain.",
-            "www.some.domain": "some.domain.",
-        },
-    }
-
-
-@pytest.fixture(params=["plain", "with-dns-comments"])
-def mockdns(request, mockdns_base, mockdns_expected):
-    mockdns_base.update(deepcopy(mockdns_expected))
-    match request.param:
-        case "plain":
-            pass
-        case "with-dns-comments":
-            for typ, data in mockdns_base.items():
-                for host, result in data.items():
-                    mockdns_base[typ][host] = (
-                        ";; some unsuccessful attempt result\n"
-                        "; and another with a single semicolon\n"
-                        f"{result}"
-                    )
+def mockdns(mockdns_base):
+    mockdns_base.update(
+        {
+            "A": {"some.domain": "1.1.1.1"},
+            "AAAA": {"some.domain": "fde5:cd7a:9e1c:3240:5a99:936f:cdac:53ae"},
+            "CNAME": {
+                "mta-sts.some.domain": "some.domain.",
+                "www.some.domain": "some.domain.",
+            },
+        }
+    )
     return mockdns_base
 
 
 class TestPerformInitialChecks:
-    def test_perform_initial_checks_ok1(self, mockdns, mockdns_expected):
+    def test_perform_initial_checks_ok1(self, mockdns):
         remote_data = remote.rdns.perform_initial_checks("some.domain")
-        assert remote_data["A"] == mockdns_expected["A"]["some.domain"]
-        assert remote_data["AAAA"] == mockdns_expected["AAAA"]["some.domain"]
-        assert remote_data["MTA_STS"] == mockdns_expected["CNAME"]["mta-sts.some.domain"]
-        assert remote_data["WWW"] == mockdns_expected["CNAME"]["www.some.domain"]
+        assert remote_data["A"] == mockdns["A"]["some.domain"]
+        assert remote_data["AAAA"] == mockdns["AAAA"]["some.domain"]
+        assert remote_data["MTA_STS"] == mockdns["CNAME"]["mta-sts.some.domain"]
+        assert remote_data["WWW"] == mockdns["CNAME"]["www.some.domain"]
 
     @pytest.mark.parametrize("drop", ["A", "AAAA"])
     def test_perform_initial_checks_with_one_of_A_AAAA(self, mockdns, drop):