docs(README.md): Clarify security enforcement (#1011)

Make it clear which security enforcement properties a chatmail server has

README.md

@@ -8,7 +8,12 @@ Chatmail relay servers are interoperable Mail Transport Agents (MTAs) designed f
 -  **Instant/Realtime:** sub-second message delivery, realtime P2P
    streaming, privacy-preserving Push Notifications for Apple, Google, and Huawei;
 
--  **Security Enforcement**: only strict TLS, DKIM and OpenPGP with minimized metadata accepted
+-  **Security Enforcement**: Only connections with strict TLS are accepted;
+   all messages must be correctly signed with DKIM and OpenPGP-encrypted with minimized metadata.
+   There are experimental exceptions for no-DNS relays,
+   which are allowed use self-signed TLS certificates
+   and which do not need to DKIM-sign their messages.
+   Unencrypted messages are allowed in neither case.
 
 -  **Reliable Federation and Decentralization:** No spam or IP reputation checks, federating
    depends on established IETF standards and protocols.

chatmaild/src/chatmaild/config.py

@@ -71,7 +71,7 @@ class Config:
             self.iroh_relay = iroh_relay.strip()
             self.enable_iroh_relay = False
         self.privacy_postal = params.pop("privacy_postal", None)
-        self.privacy_mail = params.pop("admin_contact", params.pop("privacy_mail", None))
+        self.privacy_mail = params.pop("privacy_mail", None)
         self.privacy_pdo = params.pop("privacy_pdo", None)
         self.privacy_supervisor = params.pop("privacy_supervisor", None)
 

chatmaild/src/chatmaild/ini/chatmail.ini.f

@@ -109,8 +109,8 @@ mail_domain = {mail_domain}
 # postal address of privacy contact
 privacy_postal =
 
-# email address or invite link of admin contact
+# email address of privacy contact
-admin_contact =
+privacy_mail =
 
 # postal address of the privacy data officer
 privacy_pdo =

cmdeploy/src/cmdeploy/www.py

@@ -94,12 +94,15 @@ def _build_webpages(src_dir, build_dir, config):
     for path in src_dir.iterdir():
         if path.suffix == ".md":
             render_vars, content = prepare_template(path)
-            if config.privacy_mail.startswith("https://"):
+            render_vars["username_min_length"] = int_to_english(
-                render_vars["admin_contact"] = f"<a href='{config.privacy_mail}'>{config.privacy_mail}</a>"
+                config.username_min_length
-            elif "@" in config.privacy_mail:
+            )
-                render_vars["admin_contact"] = f"<a href='mailto:{config.privacy_mail}'>{config.privacy_mail}</a>"
+            render_vars["username_max_length"] = int_to_english(
-            else:
+                config.username_max_length
-                render_vars["admin_contact"] = config.privacy_mail
+            )
+            render_vars["password_min_length"] = int_to_english(
+                config.password_min_length
+            )
             target = build_dir.joinpath(path.stem + ".html")
 
             # recursive jinja2 rendering

www/src/privacy.md

@@ -48,7 +48,7 @@ Responsible for the processing of your personal data is:
 {{ config.privacy_postal }}
 ```
 
-E-mail: {{ admin_contact }}
+E-mail: {{ config.privacy_mail }}
 
 We have appointed a data protection officer: