feat: Extend IMAP METADATA to have a unixtimestamp key

2026-06-17 17:11:09 +00:00 · 2026-06-04 10:32:54 -07:00
14 changed files with 65 additions and 22 deletions
@@ -29,7 +29,7 @@ jobs:
          ref: ${{ github.event.pull_request.head.sha }}
          persist-credentials: false
      - name: download filtermail
-        run: curl -L https://github.com/chatmail/filtermail/releases/download/v0.7.1/filtermail-x86_64 -o /usr/local/bin/filtermail && chmod +x /usr/local/bin/filtermail
+        run: curl -L https://github.com/chatmail/filtermail/releases/download/v0.7.0/filtermail-x86_64 -o /usr/local/bin/filtermail && chmod +x /usr/local/bin/filtermail
      - name: run chatmaild tests 
        working-directory: chatmaild
        run: pipx run tox
@@ -9,7 +9,8 @@ dependencies = [
  "iniconfig",
  "filelock",
  "requests",
-  "crypt-r >= 3.13.1 ; python_version >= '3.13'",
+  "crypt-r >= 3.13.1 ; python_version >= '3.11'",
+  "domain-validator",
 ]

 [tool.setuptools]
@@ -2,6 +2,7 @@ import ipaddress
 from pathlib import Path

 import iniconfig
+from domain_validator import DomainValidator

 from chatmaild.user import User

@@ -24,6 +25,7 @@ class Config:
            self.mail_domain = f"[{raw_domain}]"
            self.postfix_myhostname = ipaddress.IPv4Address(raw_domain).reverse_pointer
        else:
+            DomainValidator().validate_domain_re(raw_domain)
            self.ipv4_relay = None
            self.mail_domain = raw_domain
            self.postfix_myhostname = raw_domain
@@ -71,7 +73,7 @@ class Config:
            self.iroh_relay = iroh_relay.strip()
            self.enable_iroh_relay = False
        self.privacy_postal = params.pop("privacy_postal", None)
-        self.privacy_mail = params.pop("admin_contact", params.pop("privacy_mail", None))
+        self.privacy_mail = params.pop("privacy_mail", None)
        self.privacy_pdo = params.pop("privacy_pdo", None)
        self.privacy_supervisor = params.pop("privacy_supervisor", None)

@@ -109,8 +109,8 @@ mail_domain = {mail_domain}
 # postal address of privacy contact
 privacy_postal =

-# email address or invite link of admin contact
-admin_contact =
+# email address of privacy contact
+privacy_mail =

 # postal address of the privacy data officer
 privacy_pdo =
@@ -125,6 +125,8 @@ class MetadataDictProxy(DictProxy):
                        case "maxsmtprecipients":
                            # postfix default  (see "postconf smtpd_recipient_limit")
                            return "O1000\n"
+                        case "unixtimestamp":
+                            return f"O{int(time.time())}\n"

        logging.warning(f"lookup ignored: {parts!r}")
        return "N\n"
@@ -1,2 +1,2 @@
 "acme-enter-email": "{{ email }}"
-"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.7-June-04-2026.pdf": true
+"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf": true
@@ -166,7 +166,7 @@ class Deployer:
            return self.put_template(src, dest, **kwargs)
        return self.put_file(src, dest)

-    def put_file(self, src, dest, mode="644", **kwargs):
+    def put_file(self, src, dest, mode="644"):
        if isinstance(src, str):
            src = get_resource(src)
        res = files.put(
@@ -176,7 +176,6 @@ class Deployer:
            user="root",
            group="root",
            mode=mode,
-            **kwargs,
        )

        return self._update_restart_signals(dest, res)
@@ -164,7 +164,6 @@ class UnboundDeployer(Deployer):
        self.put_file(
            src=BytesIO(b"nameserver 127.0.0.1\nnameserver 9.9.9.9\n"),
            dest="/etc/resolv.conf",
-            force=True,
        )
        server.shell(
            name="Generate root keys for validating DNSSEC",
@@ -20,10 +20,10 @@ class FiltermailDeployer(Deployer):
            return

        arch = host.get_fact(facts.server.Arch)
-        url = f"https://github.com/chatmail/filtermail/releases/download/v0.7.1/filtermail-{arch}"
+        url = f"https://github.com/chatmail/filtermail/releases/download/v0.7.0/filtermail-{arch}"
        sha256sum = {
-            "x86_64": "fc2d8141166f8561b9711fb68c5327fc9421f814c46dc69671a4605a95b175c0",
-            "aarch64": "37e52c5ddb373ef29b5ead89658407c53f48d10ce055a2dbd9c606fa1ebd5f7f",
+            "x86_64": "451f295a85b3b12dbb0f89e18ec319f742ee46dec218f20f7923bfb017a248bd",
+            "aarch64": "6833061b2a2028264fdeb32f0a6123e1ff73de57dace125364016300b748452e",
        }[arch]
        self.download_executable(url, self.bin_path, sha256sum)

@@ -1,3 +1,23 @@
-/^DKIM-Signature:/            IGNORE
-/^Authentication-Results:/            IGNORE
-/^Received:/            IGNORE
+# List of headers for incoming messages 
+# that must be retained for functionality and compatibility reasons 
+/^From:/            DUNNO
+/^Message-Id:/      DUNNO
+/^Chat-/            DUNNO
+/^Content-Type:/    DUNNO
+
+# For receiving clear-text messages (still supported in May 2026)
+/^Subject:/         DUNNO
+/^Date:/            DUNNO
+/^To:/              DUNNO
+/^CC:/              DUNNO
+/^References:/      DUNNO
+/^In-Reply-To:/     DUNNO
+
+# Senders might support Autocrypt 1 but not RFC9788 (Header Protection) 
+/^Autocrypt:/       DUNNO
+
+# SecureJoin V2 protocol headers (for backward compatibility) 
+/^Secure-Join/      DUNNO
+
+# Ignore all other headers
+/.*/                IGNORE
@@ -10,11 +10,13 @@ from pathlib import Path

 import pytest
 from chatmaild.config import is_valid_ipv4, read_config
+from domain_validator import DomainValidator


 def format_mail_domain(raw_domain: str) -> str:
    if is_valid_ipv4(raw_domain):
        return f"[{raw_domain}]"
+    DomainValidator().validate_domain_re(raw_domain)
    return raw_domain


@@ -94,12 +94,15 @@ def _build_webpages(src_dir, build_dir, config):
    for path in src_dir.iterdir():
        if path.suffix == ".md":
            render_vars, content = prepare_template(path)
-            if config.privacy_mail.startswith("https://"):
-                render_vars["admin_contact"] = f"<a href='{config.privacy_mail}'>{config.privacy_mail}</a>"
-            elif "@" in config.privacy_mail:
-                render_vars["admin_contact"] = f"<a href='mailto:{config.privacy_mail}'>{config.privacy_mail}</a>"
-            else:
-                render_vars["admin_contact"] = config.privacy_mail
+            render_vars["username_min_length"] = int_to_english(
+                config.username_min_length
+            )
+            render_vars["username_max_length"] = int_to_english(
+                config.username_max_length
+            )
+            render_vars["password_min_length"] = int_to_english(
+                config.password_min_length
+            )
            target = build_dir.joinpath(path.stem + ".html")

            # recursive jinja2 rendering
@@ -225,6 +225,21 @@ Accepting and delivering mail
        nginx -.SMTP inet:465.-> smtpd-smtps
        mta2[Remote relay] -.SMTP inet:25.-> smtpd-smtp
        mta2 -.HTTPS /mxdeliv.-> nginx
+        style postfix fill:#363
+        style qmgr fill:#252
+        style authclean fill:#252
+        style cleanup fill:#252
+        style lmtp-filtermail fill:#252
+        style lmtp fill:#252
+        style bounce fill:#252
+        style smtpd-submission fill:#252
+        style smtpd-smtps fill:#252
+        style smtpd-reinject-outgoing fill:#252
+        style smtpd-reinject-incoming fill:#252
+        style smtpd-smtp fill:#252
+        style filtermail-outgoing fill:#225
+        style filtermail-incoming fill:#225
+        style filtermail-transport fill:#225

 Operational details of a chatmail relay
 ----------------------------------------
@@ -48,7 +48,7 @@ Responsible for the processing of your personal data is:
 {{ config.privacy_postal }}
 ```

-E-mail: {{ admin_contact }}
+E-mail: {{ config.privacy_mail }}

 We have appointed a data protection officer: