Document email authentication requirements

.github/workflows/test-and-deploy.yaml

@@ -56,7 +56,7 @@ jobs:
           # restore acme & dkim state to staging.testrun.org
           rsync -avz acme-restore/acme/ root@staging.testrun.org:/var/lib/acme || true
           rsync -avz dkimkeys-restore/dkimkeys/ root@staging.testrun.org:/etc/dkimkeys || true
-          ssh -o StrictHostKeyChecking=accept-new -v root@staging.testrun.org chown root:root -R /var/lib/acme || true
+          ssh -o StrictHostKeyChecking=accept-new -v root@staging.testrun.org chown root:root -R /var/lib/acme
 
       - name: run formatting checks 
         run: cmdeploy fmt -v 

CHANGELOG.md

@@ -2,15 +2,6 @@
 
 ## untagged
 
-- Accept Let's Encrypt's new Terms of Services
-  ([#275](https://github.com/deltachat/chatmail/pull/276))
-
-- Reload Dovecot and Postfix when TLS certificate updates
-  ([#271](https://github.com/deltachat/chatmail/pull/271))
-
-- Use forked version of dovecot without hardcoded delays
-  ([#270](https://github.com/deltachat/chatmail/pull/270))
-
 ## 1.2.0 - 2024-04-04
 
 - Install dig on the server to resolve DNS records

cmdeploy/src/cmdeploy/__init__.py

@@ -483,23 +483,6 @@ def deploy_chatmail(config_path: Path) -> None:
         commands=["test -d /home/vmail && chown -R vmail:vmail /home/vmail"],
     )
 
-    # Add our OBS repository for dovecot_no_delay
-    files.put(
-        name = "Add Deltachat OBS GPG key to apt keyring",
-        src = importlib.resources.files(__package__).joinpath("obs-home-deltachat.gpg"),
-        dest = "/etc/apt/keyrings/obs-home-deltachat.gpg",
-        user="root",
-        group="root",
-        mode="644",
-    )
-
-    files.line(
-        name = "Add DeltaChat OBS home repository to sources.list",
-        path = "/etc/apt/sources.list",
-        line = "deb [signed-by=/etc/apt/keyrings/obs-home-deltachat.gpg] https://download.opensuse.org/repositories/home:/deltachat/Debian_12/ ./",
-        ensure_newline = True,
-    )
-
     apt.update(name="apt update", cache_time=24 * 3600)
 
     apt.packages(
@@ -530,6 +513,7 @@ def deploy_chatmail(config_path: Path) -> None:
 
     # Deploy acmetool to have TLS certificates.
     deploy_acmetool(
+        nginx_hook=True,
         domains=[mail_domain, f"mta-sts.{mail_domain}", f"www.{mail_domain}"],
     )
 

cmdeploy/src/cmdeploy/acmetool/__init__.py

@@ -5,7 +5,7 @@ from pyinfra import host
 from pyinfra.facts.systemd import SystemdStatus
 
 
-def deploy_acmetool(email="", domains=[]):
+def deploy_acmetool(nginx_hook=False, email="", domains=[]):
     """Deploy acmetool."""
     apt.packages(
         name="Install acmetool",
@@ -20,13 +20,16 @@ def deploy_acmetool(email="", domains=[]):
         mode="644",
     )
 
-    files.put(
+    if nginx_hook:
-        src=importlib.resources.files(__package__).joinpath("acmetool.hook").open("rb"),
+        files.put(
-        dest="/usr/lib/acme/hooks/nginx",
+            src=importlib.resources.files(__package__)
-        user="root",
+            .joinpath("acmetool.hook")
-        group="root",
+            .open("rb"),
-        mode="744",
+            dest="/usr/lib/acme/hooks/nginx",
-    )
+            user="root",
+            group="root",
+            mode="744",
+        )
 
     files.template(
         src=importlib.resources.files(__package__).joinpath("response-file.yaml.j2"),
@@ -71,5 +74,5 @@ def deploy_acmetool(email="", domains=[]):
 
     server.shell(
         name=f"Request certificate for: { ', '.join(domains) }",
-        commands=[f"acmetool want --xlog.severity=debug { ' '.join(domains)}"],
+        commands=[f"acmetool want { ' '.join(domains)}"],
     )

cmdeploy/src/cmdeploy/acmetool/acmetool.hook

@@ -3,5 +3,3 @@ set -e
 EVENT_NAME="$1"
 [ "$EVENT_NAME" = "live-updated" ] || exit 42
 systemctl restart nginx.service
-systemctl reload dovecot.service
-systemctl reload postfix.service

cmdeploy/src/cmdeploy/acmetool/response-file.yaml.j2

@@ -1,2 +1,2 @@
 "acme-enter-email": "{{ email }}"
-"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf": true
+"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf": true

cmdeploy/src/cmdeploy/tests/online/test_0_login.py

@@ -2,7 +2,6 @@ import pytest
 import threading
 import queue
 import socket
-import time
 
 from chatmaild.config import read_config
 from cmdeploy.cmdeploy import main
@@ -82,14 +81,7 @@ def test_concurrent_logins_same_account(
         assert login_results.get()
 
 
-def test_no_vrfy(chatmail_config, remote):
+def test_no_vrfy(chatmail_config):
-    found = False
-    while not found:
-        for line in remote.iter_output(logcmd="journalctl -u echobot"):
-            print(line)
-            if "successfully logged into imap server" in line:
-                found = True
-                break
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     sock.connect((chatmail_config.mail_domain, 25))
     banner = sock.recv(1024)