all tests pass

chatmaild/src/chatmaild/filtermail-after.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Chatmail Postfix AfterQueue filter 
+
+[Service]
+ExecStart=/usr/local/bin/filtermail afterqueue /var/spool/postfix/private/filtermail-afterqueue
+Restart=always
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

chatmaild/src/chatmaild/filtermail-before.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Chatmail Postfix BeforeQeue filter 
+
+[Service]
+ExecStart=/usr/local/bin/filtermail beforequeue 10080
+Restart=always
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

chatmaild/src/chatmaild/filtermail.py

@@ -1,12 +1,15 @@
 #!/usr/bin/env python3
 import asyncio
 import logging
+import time
+import sys
 from email.parser import BytesParser
 from email import policy
 from email.utils import parseaddr
 
 from aiosmtpd.lmtp import LMTP
-from aiosmtpd.controller import UnixSocketController
+from aiosmtpd.smtp import SMTP
+from aiosmtpd.controller import UnixSocketController, Controller
 from smtplib import SMTP as SMTPClient
 
 
@@ -32,12 +35,41 @@ def check_encrypted(message):
     return True
 
 
-class ExampleController(UnixSocketController):
+class BeforeQueueHandler:
-    def factory(self):
+    def __init__(self):
-        return LMTP(self.handler, **self.SMTP_kwargs)
+        self.send_rate_limiter = SendRateLimiter()
+
+    async def handle_MAIL(self, server, session, envelope, address, mail_options):
+        logging.info(f"handle_MAIL from {address}")
+        if self.send_rate_limiter.is_sending_allowed(address):
+            envelope.mail_from = address
+            return "250 OK"
+        return f"450 4.7.1: Too much mail from {address}"
+
+    async def handle_DATA(self, server, session, envelope):
+        logging.info("handle_DATA before-queue: re-injecting the mail")
+        client = SMTPClient("localhost", "10026")
+        client.sendmail(envelope.mail_from, envelope.rcpt_tos, envelope.content)
+        return "250 OK"
 
 
-class ExampleHandler:
+class SendRateLimiter:
+    MAX_USER_SEND_PER_MINUTE = 80
+
+    def __init__(self):
+        self.addr2timestamps = {}
+
+    def is_sending_allowed(self, mail_from):
+        last = self.addr2timestamps.setdefault(mail_from, [])
+        now = time.time()
+        last[:] = [ts for ts in last if ts >= (now - 60)]
+        if len(last) <= self.MAX_USER_SEND_PER_MINUTE:
+            last.append(now)
+            return True
+        return False
+
+
+class AfterQueueHandler:
     async def handle_RCPT(self, server, session, envelope, address, rcpt_options):
         envelope.rcpt_tos.append(address)
         return "250 OK"
@@ -46,8 +78,8 @@ class ExampleHandler:
         valid_recipients, res = lmtp_handle_DATA(envelope)
         # Reinject the mail back into Postfix.
         if valid_recipients:
-            logging.info("Reinjecting the mail")
+            logging.info("afterqueue: re-injecting the mail")
-            client = SMTPClient("localhost", "10026")
+            client = SMTPClient("localhost", "10027")
             client.sendmail(envelope.mail_from, valid_recipients, envelope.content)
         else:
             logging.info("no valid recipients, ignoring mail")
@@ -55,13 +87,6 @@ class ExampleHandler:
         return "\r\n".join(res)
 
 
-async def asyncmain(loop):
-    controller = ExampleController(
-        ExampleHandler(), unix_socket="/var/spool/postfix/private/filtermail"
-    )
-    controller.start()
-
-
 def lmtp_handle_DATA(envelope):
     """the central filtering function for e-mails."""
     logging.info(f"Processing DATA message from {envelope.mail_from}")
@@ -113,13 +138,35 @@ def lmtp_handle_DATA(envelope):
     return valid_recipients, res
 
 
+class UnixController(UnixSocketController):
+    def factory(self):
+        return LMTP(self.handler, **self.SMTP_kwargs)
+
+
+class SMTPController(Controller):
+    def factory(self):
+        return SMTP(self.handler, **self.SMTP_kwargs)
+
+
+async def asyncmain_afterqueue(loop, unix_socket_fn):
+    UnixController(AfterQueueHandler(), unix_socket=unix_socket_fn).start()
+
+
+async def asyncmain_beforequeue(loop, port):
+    Controller(BeforeQueueHandler(), hostname="127.0.0.1", port=port).start()
+
+
 def main():
+    args = sys.argv[1:]
+    assert len(args) == 2
     logging.basicConfig(level=logging.INFO)
     loop = asyncio.new_event_loop()
     asyncio.set_event_loop(loop)
-    loop.create_task(asyncmain(loop=loop))
+    if args[0] == "afterqueue":
+        task = asyncmain_afterqueue(loop, args[1])
+    elif args[0] == "beforequeue":
+        task = asyncmain_beforequeue(loop, port=int(args[1]))
+    else:
+        raise SystemExit(1)
+    loop.create_task(task)
     loop.run_forever()
-
-
-if __name__ == "__main__":
-    main()

chatmaild/src/chatmaild/filtermail.service

@@ -1,10 +0,0 @@
-[Unit]
-Description=Email filter for chatmail servers
-
-[Service]
-ExecStart=/usr/local/bin/filtermail
-Restart=always
-RestartSec=30
-
-[Install]
-WantedBy=multi-user.target

chatmaild/src/chatmaild/test_filtermail.py

@@ -1,6 +1,7 @@
-from .filtermail import check_encrypted, lmtp_handle_DATA
+from .filtermail import check_encrypted, lmtp_handle_DATA, SendRateLimiter
 from email.parser import BytesParser
 from email import policy
+import pytest
 
 
 def test_reject_forged_from():
@@ -326,3 +327,15 @@ def test_filtermail():
             ]
         ).encode()
     )
+
+
+def test_send_rate_limiter():
+    limiter = SendRateLimiter()
+    for i in range(100):
+        if limiter.is_sending_allowed("some@example.org"):
+            if i <= SendRateLimiter.MAX_USER_SEND_PER_MINUTE:
+                continue
+            pytest.fail("limiter didn't work")
+        else:
+            assert i == SendRateLimiter.MAX_USER_SEND_PER_MINUTE + 1
+            break

deploy-chatmail/src/deploy_chatmail/__init__.py

@@ -53,24 +53,25 @@ def _install_chatmaild() -> None:
             daemon_reload=True,
         )
 
-        files.put(
+        for fn in ("filtermail-after", "filtermail-before"):
-            name="upload filtermail.service",
+            files.put(
-            src=importlib.resources.files("chatmaild")
+                name=f"upload {fn}.service",
-            .joinpath("filtermail.service")
+                src=importlib.resources.files("chatmaild")
-            .open("rb"),
+                .joinpath(f"{fn}.service")
-            dest="/etc/systemd/system/filtermail.service",
+                .open("rb"),
-            user="root",
+                dest=f"/etc/systemd/system/{fn}.service",
-            group="root",
+                user="root",
-            mode="644",
+                group="root",
-        )
+                mode="644",
-        systemd.service(
+            )
-            name="Setup filtermail service",
+            systemd.service(
-            service="filtermail.service",
+                name=f"Setup {fn} service",
-            running=True,
+                service=f"{fn}.service",
-            enabled=True,
+                running=True,
-            restarted=True,
+                enabled=True,
-            daemon_reload=True,
+                restarted=True,
-        )
+                daemon_reload=True,
+            )
 
 
 def _configure_opendkim(domain: str, dkim_selector: str) -> bool:

deploy-chatmail/src/deploy_chatmail/postfix/master.cf.j2

@@ -32,7 +32,8 @@ submission inet n       -       y       -       -       smtpd
   -o smtpd_recipient_restrictions=
   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
   -o milter_macro_daemon_name=ORIGINATING
-  -o content_filter=filter:unix:private/filtermail
+  -o smtpd_proxy_filter=127.0.0.1:10080
+  -o content_filter=filter:unix:private/filtermail-afterqueue
 smtps     inet  n       -       y       -       -       smtpd
   -o syslog_name=postfix/smtps
   -o smtpd_tls_wrappermode=yes
@@ -47,7 +48,7 @@ smtps     inet  n       -       y       -       -       smtpd
   -o smtpd_recipient_restrictions=
   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
   -o milter_macro_daemon_name=ORIGINATING
-  -o content_filter=filter:unix:private/filtermail
+  -o smtpd_proxy_filter=127.0.0.1:10080
 #628       inet  n       -       y       -       -       qmqpd
 pickup    unix  n       -       y       60      1       pickup
 cleanup   unix  n       -       y       -       0       cleanup
@@ -77,4 +78,6 @@ postlog   unix-dgram n  -       n       -       1       postlogd
 filter    unix -        n       n       -       -       lmtp
 # Local SMTP server for reinjecting filered mail.
 localhost:10026 inet  n       -       n       -       10      smtpd
+        -o content_filter=filter:unix:private/filtermail-afterqueue
+localhost:10027 inet  n       -       n       -       10      smtpd
         -o content_filter=

online-tests/test_0_login.py

@@ -1,4 +1,5 @@
 import pytest
+import smtplib
 
 
 def test_login_basic_functioning(imap_or_smtp, gencreds, lp):
@@ -34,3 +35,22 @@ def test_login_same_password(imap_or_smtp, gencreds):
     imap_or_smtp.login(user1, password1)
     imap_or_smtp.connect()
     imap_or_smtp.login(user2, password1)
+
+
+@pytest.mark.slow
+def test_exceed_rate_limit(cmsetup, gencreds, mailgen):
+    """Test that the per-account send-mail limit is exceeded."""
+    user1, user2 = cmsetup.gen_users(2)
+    mail = mailgen.get_encrypted(user1.addr, user2.addr)
+    for i in range(100):
+        print("Sending mail", str(i))
+        try:
+            user1.smtp.sendmail(user1.addr, [user2.addr], mail)
+        except smtplib.SMTPException as e:
+            if i < 80:
+                pytest.fail(f"rate limit was exceeded too early with msg {i}")
+            outcome = e.recipients[user2.addr]
+            assert outcome[0] == 450
+            assert b'4.7.1: Too much mail from' in outcome[1]
+            return
+    pytest.fail("Rate limit was not exceeded")