Add /etc/mailname

2026-05-11 16:34:39 +00:00 · 2023-10-17 19:26:39 +00:00
32 changed files with 506 additions and 889 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,31 +0,0 @@
 name: CI
 on:
  pull_request:
  push:
 jobs:
  tox:
    name: chatmail tests
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: run chatmaild tests 
        working-directory: chatmaild
        run: pipx run tox
      - name: run deploy-chatmail offline tests 
        working-directory: deploy-chatmail
        run: pipx run tox
      - name: run deploy-chatmail offline tests 
        working-directory: deploy-chatmail
        run: pipx run tox
  scripts:
    name: chatmail script invocations 
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: run init.sh 
        run: ./scripts/init.sh 
      - name: run test.sh 
        run: ./scripts/test.sh 
--- a/chatmaild/pyproject.toml
+++ b/chatmaild/pyproject.toml
@@ -20,7 +20,7 @@ addopts = "-v -ra --strict-markers"
 legacy_tox_ini = """
 [tox]
 isolated_build = true
-envlist = lint,py
+envlist = lint
 [testenv:lint]
 skipdist = True
@@ -31,10 +31,4 @@ deps =
 commands =
  black --quiet --check --diff src/
  ruff src/
 [testenv]
 passenv = CHATMAIL_DOMAIN
 deps = pytest 
       pdbpp 
 commands = pytest -v -rsXx {posargs: ../tests/chatmaild}
 """
--- a/chatmaild/src/chatmaild/dictproxy.py
+++ b/chatmaild/src/chatmaild/dictproxy.py
@@ -2,13 +2,13 @@ import logging
 import os
 import sys
 import json
 import crypt
 from socketserver import (
    UnixStreamServer,
    StreamRequestHandler,
    ThreadingMixIn,
 )
 import pwd
 import subprocess
 from .database import Database
@@ -16,16 +16,22 @@ NOCREATE_FILE = "/etc/chatmail-nocreate"
 def encrypt_password(password: str):
    password = password.encode("ascii")
    # https://doc.dovecot.org/configuration_manual/authentication/password_schemes/
-    passhash = crypt.crypt(password, crypt.METHOD_SHA512)
+    process = subprocess.Popen(
-    return "{SHA512-CRYPT}" + passhash
+        ["doveadm", "pw", "-s", "SHA512-CRYPT"],
        stdin=subprocess.PIPE,
        stdout=subprocess.PIPE,
    )
    stdout_data, _stderr_data = process.communicate(
        input=password + b"\n" + password + b"\n"
    )
    return stdout_data.decode("ascii").strip()
 def create_user(db, user, password):
    if os.path.exists(NOCREATE_FILE):
-        logging.warning(
+        logging.warning(f"Didn't create account: {NOCREATE_FILE} exists. Delete the file to enable account creation.")
            f"Didn't create account: {NOCREATE_FILE} exists. Delete the file to enable account creation."
        )
        return
    with db.write_transaction() as conn:
        conn.create_user(user, password)
--- a/chatmaild/src/chatmaild/filtermail.py
+++ b/chatmaild/src/chatmaild/filtermail.py
@@ -1,14 +1,11 @@
 #!/usr/bin/env python3
 import asyncio
 import logging
 import time
 import sys
 from email.parser import BytesParser
 from email import policy
 from email.utils import parseaddr
-from aiosmtpd.smtp import SMTP
+from aiosmtpd.lmtp import LMTP
-from aiosmtpd.controller import Controller
+from aiosmtpd.controller import UnixSocketController
 from smtplib import SMTP as SMTPClient
@@ -34,124 +31,79 @@ def check_encrypted(message):
    return True
-def check_mdn(message, envelope):
+class ExampleController(UnixSocketController):
    if len(envelope.rcpt_tos) != 1:
        return False
    for name in ["auto-submitted", "chat-version"]:
        if not message.get(name):
            return False
    if message.get_content_type() != "multipart/report":
        return False
    body = message.get_body()
    if body.get_content_type() != "text/plain":
        return False
    if list(body.iter_attachments()) or list(body.iter_parts()):
        return False
    # even with all mime-structural checks an attacker
    # could try to abuse the subject or body to contain links or other
    # annoyance -- we skip on checking subject/body for now as Delta Chat
    # should evolve to create E2E-encrypted read receipts anyway.
    # and then MDNs are just encrypted mail and can pass the border
    # to other instances.
    return True
 class SMTPController(Controller):
    def factory(self):
-        return SMTP(self.handler, **self.SMTP_kwargs)
+        return LMTP(self.handler, **self.SMTP_kwargs)
-class BeforeQueueHandler:
+class ExampleHandler:
-    def __init__(self):
+    async def handle_RCPT(self, server, session, envelope, address, rcpt_options):
-        self.send_rate_limiter = SendRateLimiter()
+        envelope.rcpt_tos.append(address)
    async def handle_MAIL(self, server, session, envelope, address, mail_options):
        logging.info(f"handle_MAIL from {address}")
        envelope.mail_from = address
        if not self.send_rate_limiter.is_sending_allowed(address):
            return f"450 4.7.1: Too much mail from {address}"
        parts = envelope.mail_from.split("@")
        if len(parts) != 2:
            return f"500 Invalid from address <{envelope.mail_from!r}>"
        return "250 OK"
    async def handle_DATA(self, server, session, envelope):
-        logging.info("handle_DATA before-queue")
+        logging.info("Processing DATA message from %s", envelope.mail_from)
-        error = check_DATA(envelope)
+
-        if error:
+        valid_recipients = []
-            return error
+
-        logging.info("re-injecting the mail that passed checks")
+        message = BytesParser(policy=policy.default).parsebytes(envelope.content)
-        client = SMTPClient("localhost", "10025")
+        mail_encrypted = check_encrypted(message)
-        client.sendmail(envelope.mail_from, envelope.rcpt_tos, envelope.content)
+
-        return "250 OK"
+        res = []
        for recipient in envelope.rcpt_tos:
            my_local_domain = envelope.mail_from.split("@")
            if len(my_local_domain) != 2:
                res += [f"500 Invalid from address <{envelope.mail_from}>"]
                continue
            if envelope.mail_from == recipient:
                # Always allow sending emails to self.
                valid_recipients += [recipient]
                res += ["250 OK"]
                continue
            recipient_local_domain = recipient.split("@")
            if len(recipient_local_domain) != 2:
                res += [f"500 Invalid address <{recipient}>"]
                continue
            is_outgoing = recipient_local_domain[1] != my_local_domain[1]
            if (
                is_outgoing
                and not mail_encrypted
                and message.get("secure-join") != "vc-request"
                and message.get("secure-join") != "vg-request"
            ):
                res += ["500 Outgoing mail must be encrypted"]
                continue
            valid_recipients += [recipient]
            res += ["250 OK"]
        # Reinject the mail back into Postfix.
        if valid_recipients:
            logging.info("Reinjecting the mail")
            client = SMTPClient("localhost", "10026")
            client.sendmail(envelope.mail_from, valid_recipients, envelope.content)
        return "\r\n".join(res)
-async def asyncmain_beforequeue(port):
+async def asyncmain(loop):
-    Controller(BeforeQueueHandler(), hostname="127.0.0.1", port=port).start()
+    controller = ExampleController(
-
+        ExampleHandler(), unix_socket="/var/spool/postfix/private/filtermail"
-
+    )
-def check_DATA(envelope):
+    controller.start()
    """the central filtering function for e-mails."""
    logging.info(f"Processing DATA message from {envelope.mail_from}")
    message = BytesParser(policy=policy.default).parsebytes(envelope.content)
    mail_encrypted = check_encrypted(message)
    _, from_addr = parseaddr(message.get("from").strip())
    logging.info(f"mime-from: {from_addr} envelope-from: {envelope.mail_from!r}")
    if envelope.mail_from.lower() != from_addr.lower():
        return f"500 Invalid FROM <{from_addr!r}> for <{envelope.mail_from!r}>"
    if not mail_encrypted and check_mdn(message, envelope):
        return
    envelope_from_domain = from_addr.split("@").pop()
    for recipient in envelope.rcpt_tos:
        if envelope.mail_from == recipient:
            # Always allow sending emails to self.
            continue
        res = recipient.split("@")
        if len(res) != 2:
            return f"500 Invalid address <{recipient}>"
        _recipient_addr, recipient_domain = res
        is_outgoing = recipient_domain != envelope_from_domain
        if is_outgoing and not mail_encrypted:
            is_securejoin = message.get("secure-join") in ["vc-request", "vg-request"]
            if not is_securejoin:
                return f"500 Invalid unencrypted mail to <{recipient}>"
 class SendRateLimiter:
    MAX_USER_SEND_PER_MINUTE = 80
    def __init__(self):
        self.addr2timestamps = {}
    def is_sending_allowed(self, mail_from):
        last = self.addr2timestamps.setdefault(mail_from, [])
        now = time.time()
        last[:] = [ts for ts in last if ts >= (now - 60)]
        if len(last) <= self.MAX_USER_SEND_PER_MINUTE:
            last.append(now)
            return True
        return False
 def main():
    args = sys.argv[1:]
    assert len(args) == 1
    logging.basicConfig(level=logging.INFO)
    loop = asyncio.new_event_loop()
    asyncio.set_event_loop(loop)
-    task = asyncmain_beforequeue(port=int(args[0]))
+    loop.create_task(asyncmain(loop=loop))
    loop.create_task(task)
    loop.run_forever()
 if __name__ == "__main__":
    main()
--- a/chatmaild/src/chatmaild/filtermail.service
+++ b/chatmaild/src/chatmaild/filtermail.service
@@ -1,8 +1,8 @@
 [Unit]
-Description=Chatmail Postfix BeforeQeue filter 
+Description=Email filter for chatmail servers
 [Service]
-ExecStart=/usr/local/bin/filtermail 10080
+ExecStart=/usr/local/bin/filtermail
 Restart=always
 RestartSec=30
--- a/chatmaild/src/chatmaild/test_doveauth.py
+++ b/chatmaild/src/chatmaild/test_doveauth.py
@@ -3,8 +3,8 @@ import os
 import pytest
 import chatmaild.dictproxy
-from chatmaild.dictproxy import get_user_data, lookup_passdb
+from .dictproxy import get_user_data, lookup_passdb
-from chatmaild.database import Database, DBError
+from .database import Database, DBError
@pytest.fixture()
--- a/chatmaild/src/chatmaild/test_filtermail.py
+++ b/chatmaild/src/chatmaild/test_filtermail.py
@@ -0,0 +1,290 @@
 from .filtermail import check_encrypted
 from email.parser import BytesParser
 from email import policy
 def test_filtermail():
    def check_encrypted_bstr(content):
        message = BytesParser(policy=policy.default).parsebytes(content)
        return check_encrypted(message)
    assert not check_encrypted_bstr(b"foo")
    assert not check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=",
                "Chat-Disposition-Notification-To: foobar@c2.testrun.org",
                "Chat-User-Avatar: 0",
                "From: <foobar@c2.testrun.org>",
                "To: <barbaz@c2.testrun.org>",
                "Date: Sun, 15 Oct 2023 16:41:44 +0000",
                "Message-ID: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                "References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                "Chat-Version: 1.0",
                "Autocrypt: addr=foobar@c2.testrun.org; prefer-encrypt=mutual;",
                "\tkeydata=xjMEZSrw3hYJKwYBBAHaRw8BAQdAiEKNQFU28c6qsx4vo/JHdt73RXdjMOmByf/XsGiJ7m",
                "\tnNFzxmb29iYXJAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUq8N4CGwMECwkIBwYVCAkKCwID",
                "\tFgIBFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJCX3gEAhm0MehE5byBBU1avPczr/I",
                "\tHjNLht7Qf6++mAhlJmtDcA/0C8VYJhsUpmiDjuZaMDWNv4FO2BJG6LH7gSm6n7ClMJzjgEZSrw3hIK",
                "\tKwYBBAGXVQEFAQEHQAxGG/QW0owCfMp1A+vXEMwgzWcBpNFr58kX2eXuPpM6AwEIB8J4BBgWCAAgBQ",
                "\tJlKvDeAhsMFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJDg1gEAwLf8KDoAAKyYgjyI",
                "\tvYvO9VEgBni1C4Xx1VjcaEmlDK8BALoFuUCK+enw76TtDcAUKhlhUiM6SDRExkS4Nskp/BcK",
                "MIME-Version: 1.0",
                "Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no",
                "",
                "Hi!",
                "",
                "",
            ]
        ).encode()
    )
    assert not check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=",
                "Chat-Disposition-Notification-To: foobar@c2.testrun.org",
                "Chat-User-Avatar: 0",
                "From: <foobar@c2.testrun.org>",
                "To: <barbaz@c2.testrun.org>",
                "Date: Sun, 15 Oct 2023 16:41:44 +0000",
                "Message-ID: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                "References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                "Chat-Version: 1.0",
                "Autocrypt: addr=foobar@c2.testrun.org; prefer-encrypt=mutual;",
                "\tkeydata=xjMEZSrw3hYJKwYBBAHaRw8BAQdAiEKNQFU28c6qsx4vo/JHdt73RXdjMOmByf/XsGiJ7m",
                "\tnNFzxmb29iYXJAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUq8N4CGwMECwkIBwYVCAkKCwID",
                "\tFgIBFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJCX3gEAhm0MehE5byBBU1avPczr/I",
                "\tHjNLht7Qf6++mAhlJmtDcA/0C8VYJhsUpmiDjuZaMDWNv4FO2BJG6LH7gSm6n7ClMJzjgEZSrw3hIK",
                "\tKwYBBAGXVQEFAQEHQAxGG/QW0owCfMp1A+vXEMwgzWcBpNFr58kX2eXuPpM6AwEIB8J4BBgWCAAgBQ",
                "\tJlKvDeAhsMFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJDg1gEAwLf8KDoAAKyYgjyI",
                "\tvYvO9VEgBni1C4Xx1VjcaEmlDK8BALoFuUCK+enw76TtDcAUKhlhUiM6SDRExkS4Nskp/BcK",
                "MIME-Version: 1.0",
                "Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no",
                "",
                "Hi!",
                "",
                "",
            ]
        ).encode()
    )
    # https://xkcd.com/1181/
    assert not check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=",
                "Chat-Disposition-Notification-To: foobar@c2.testrun.org",
                "Chat-User-Avatar: 0",
                "From: <foobar@c2.testrun.org>",
                "To: <barbaz@c2.testrun.org>",
                "Date: Sun, 15 Oct 2023 16:41:44 +0000",
                "Message-ID: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                "References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                "Chat-Version: 1.0",
                "Autocrypt: addr=foobar@c2.testrun.org; prefer-encrypt=mutual;",
                "\tkeydata=xjMEZSrw3hYJKwYBBAHaRw8BAQdAiEKNQFU28c6qsx4vo/JHdt73RXdjMOmByf/XsGiJ7m",
                "\tnNFzxmb29iYXJAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUq8N4CGwMECwkIBwYVCAkKCwID",
                "\tFgIBFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJCX3gEAhm0MehE5byBBU1avPczr/I",
                "\tHjNLht7Qf6++mAhlJmtDcA/0C8VYJhsUpmiDjuZaMDWNv4FO2BJG6LH7gSm6n7ClMJzjgEZSrw3hIK",
                "\tKwYBBAGXVQEFAQEHQAxGG/QW0owCfMp1A+vXEMwgzWcBpNFr58kX2eXuPpM6AwEIB8J4BBgWCAAgBQ",
                "\tJlKvDeAhsMFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJDg1gEAwLf8KDoAAKyYgjyI",
                "\tvYvO9VEgBni1C4Xx1VjcaEmlDK8BALoFuUCK+enw76TtDcAUKhlhUiM6SDRExkS4Nskp/BcK",
                "MIME-Version: 1.0",
                "Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no",
                "",
                "-----BEGIN PGP MESSAGE-----",
                "Hi!",
                "-----END PGP MESSAGE-----",
                "",
                "",
            ]
        ).encode()
    )
    assert check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: ...",
                "From: <barbaz@c2.testrun.org>",
                "To: <foobar@c2.testrun.org>",
                "Date: Sun, 15 Oct 2023 16:43:21 +0000",
                "Message-ID: <Mr.UVyJWZmkCKM.hGzNc6glBE_@c2.testrun.org>",
                "In-Reply-To: <Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>",
                "References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                "\t<Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>",
                "Chat-Version: 1.0",
                "Autocrypt: addr=barbaz@c2.testrun.org; prefer-encrypt=mutual;",
                "\tkeydata=xjMEZSwWjhYJKwYBBAHaRw8BAQdAQBEhqeJh0GueHB6kF/DUQqYCxARNBVokg/AzT+7LqH",
                "\trNFzxiYXJiYXpAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUsFo4CGwMECwkIBwYVCAkKCwID",
                "\tFgIBFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX9A4AEAnHWHp49eBCMHK5t66gYPiW",
                "\tXQuB1mwUjzGfYWB+0RXUoA/0xcQ3FbUNlGKW7Blp6eMFfViv6Mv2d3kNSXACB6nmcMzjgEZSwWjhIK",
                "\tKwYBBAGXVQEFAQEHQBpY5L2M1XHo0uxf8SX1wNLBp/OVvidoWHQF2Jz+kJsUAwEIB8J4BBgWCAAgBQ",
                "\tJlLBaOAhsMFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX/INgEA37AJaNvruYsJVanP",
                "\tIXnYw4CKd55UAwl8Zcy+M2diAbkA/0fHHcGV4r78hpbbL1Os52DPOdqYQRauIeJUeG+G6bQO",
                "MIME-Version: 1.0",
                'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";',
                '\tboundary="YFrteb74qSXmggbOxZL9dRnhymywAi"',
                "",
                "",
                "--YFrteb74qSXmggbOxZL9dRnhymywAi",
                "Content-Description: PGP/MIME version identification",
                "Content-Type: application/pgp-encrypted",
                "",
                "Version: 1",
                "",
                "",
                "--YFrteb74qSXmggbOxZL9dRnhymywAi",
                "Content-Description: OpenPGP encrypted message",
                'Content-Disposition: inline; filename="encrypted.asc";',
                'Content-Type: application/octet-stream; name="encrypted.asc"',
                "",
                "-----BEGIN PGP MESSAGE-----",
                "",
                "wU4DhW3gBZ/VvCYSAQdA8bMs2spwbKdGjVsL1ByPkNrqD7frpB73maeL6I6SzDYg",
                "O5G53tv339RdKq3WRcCtEEvxjHlUx2XNwXzC04BpmfvBTgNfPUyLDzjXnxIBB0Ae",
                "8ymwGvXMCCimHXN0Dg8Ui62KOi03h0UgheoHWovJSCDF4CKre/xtFr3nL7lq/PKI",
                "JsjVNz7/RK9FSXF6WwfONtLCyQGEuVAsB/KXfCBEyfKhaMwGHvhujRidGW5uV1no",
                "lMGl3ODmo29Lgeu2uSE7EpJRZoe6hU6ddmBkqxax61ZtkaFlGFFpdo2K8balNNdz",
                "ZsJ/9mmI9x3oOJ4/l1nhQbUO9ADbs7gJhFdV5Qkp30b5fCI7bU+aoe1ccBbLe/WM",
                "YUty1PqcuQT7XjA+XmYuL261tvW8pBetT+i33/E2d8PzzYt2IuK9qeevyS+yxdwA",
                "kfwejFWzzsUlJaDxs1x4XOxkMgSj+jo+g12dFOb7fyClsAnq23iDb8AuaT/BScAI",
                "+lO+gher69+6LmM7VGHLG5k762J1jTaQCaKt1s8TAWV99Eo4491vL6fyvk3l/Cfg",
                "RXSwiWFgj19Pn0Rq7CD9v22UE2vdUMBTcV4aw79mClk1YQ23jbF0y5DCjPdJ62Zo",
                "tskBgFt3NoWV80jZ76zIBLrrjLwCCll8JjJtFwSkt2GX5RFBsVa4A8IDht9RtEk7",
                "rrHgbSZQfkauEi/mH3/6CDZoLqSHudUZ7d4MaJwun1TkFYGe2ORwGJd4OBj3oGJp",
                "H8YBwCpk///L/fKjX0Gg3M8nrpM4wrRFhPKidAgO/kcm25X4+ZHlVkWBTCt5RWKI",
                "fHh6oLDZCqCfcgMkE1KKmwfIHaUkhq5BPRigwy6i5dh1DM4+1UCLh3dxzVbqE9b9",
                "61NB19nXdRtDA2sOUnj9ve6m/wEPyCb6/zBQZqvCBYb1/AjdXpUrFT+DbpfyxaXN",
                "XfhDVb5mNqNM/IVj0V5fvTc6vOfYbzQtPm10H+FdWWfb+rJRfyC3MA2w2IqstFe3",
                "w3bu2iE6CQvSqRvge+ZqLKt/NqYwOURiUmpuklbl3kPJ97+mfKWoiqk8Iz1VY+bb",
                "NMUC7aoGv+jcoj+WS6PYO8N6BeRVUUB3ZJSf8nzjgxm1/BcM+UD3BPrlhT11ODRs",
                "baifGbprMWwt3dhb8cQgRT8GPdpO1OsDkzL6iikMjLHWWiA99GV6ruiHsIPw6boW",
                "A6/uSOskbDHOROotKmddGTBd0iiHXAoQsJFt1ZjUkt6EHrgWs+GAvrvKpXs1mrz8",
                "uj3GwEFrHS+Xuf2UDgpszYT3hI2cL/kUtGakVR7m7vVMZqXBUbZdGAEb1PZNPwsI",
                "E4aMK02+EVB+tSN4Fzj99N2YD0inVYt+oPjr2tHhUS6aSGBNS/48Ki47DOg4Sxkn",
                "lkOWnEbCD+XTnbDd",
                "=agR5",
                "-----END PGP MESSAGE-----",
                "",
                "",
                "--YFrteb74qSXmggbOxZL9dRnhymywAi--",
                "",
                "",
            ]
        ).encode()
    )
    assert not check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: Buy Penis Enlargement at www.malicious-domain.com",
                "From: <barbaz@c2.testrun.org>",
                "To: <foobar@c2.testrun.org>",
                "Date: Sun, 15 Oct 2023 16:43:21 +0000",
                "Message-ID: <Mr.UVyJWZmkCKM.hGzNc6glBE_@c2.testrun.org>",
                "In-Reply-To: <Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>",
                "References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                "\t<Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>",
                "Chat-Version: 1.0",
                "Autocrypt: addr=barbaz@c2.testrun.org; prefer-encrypt=mutual;",
                "\tkeydata=xjMEZSwWjhYJKwYBBAHaRw8BAQdAQBEhqeJh0GueHB6kF/DUQqYCxARNBVokg/AzT+7LqH",
                "\trNFzxiYXJiYXpAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUsFo4CGwMECwkIBwYVCAkKCwID",
                "\tFgIBFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX9A4AEAnHWHp49eBCMHK5t66gYPiW",
                "\tXQuB1mwUjzGfYWB+0RXUoA/0xcQ3FbUNlGKW7Blp6eMFfViv6Mv2d3kNSXACB6nmcMzjgEZSwWjhIK",
                "\tKwYBBAGXVQEFAQEHQBpY5L2M1XHo0uxf8SX1wNLBp/OVvidoWHQF2Jz+kJsUAwEIB8J4BBgWCAAgBQ",
                "\tJlLBaOAhsMFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX/INgEA37AJaNvruYsJVanP",
                "\tIXnYw4CKd55UAwl8Zcy+M2diAbkA/0fHHcGV4r78hpbbL1Os52DPOdqYQRauIeJUeG+G6bQO",
                "MIME-Version: 1.0",
                'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";',
                '\tboundary="YFrteb74qSXmggbOxZL9dRnhymywAi"',
                "",
                "",
                "--YFrteb74qSXmggbOxZL9dRnhymywAi",
                "Content-Description: PGP/MIME version identification",
                "Content-Type: application/pgp-encrypted",
                "",
                "Version: 1",
                "",
                "",
                "--YFrteb74qSXmggbOxZL9dRnhymywAi",
                "Content-Description: OpenPGP encrypted message",
                'Content-Disposition: inline; filename="encrypted.asc";',
                'Content-Type: application/octet-stream; name="encrypted.asc"',
                "",
                "-----BEGIN PGP MESSAGE-----",
                "",
                "wU4DhW3gBZ/VvCYSAQdA8bMs2spwbKdGjVsL1ByPkNrqD7frpB73maeL6I6SzDYg",
                "O5G53tv339RdKq3WRcCtEEvxjHlUx2XNwXzC04BpmfvBTgNfPUyLDzjXnxIBB0Ae",
                "8ymwGvXMCCimHXN0Dg8Ui62KOi03h0UgheoHWovJSCDF4CKre/xtFr3nL7lq/PKI",
                "JsjVNz7/RK9FSXF6WwfONtLCyQGEuVAsB/KXfCBEyfKhaMwGHvhujRidGW5uV1no",
                "lMGl3ODmo29Lgeu2uSE7EpJRZoe6hU6ddmBkqxax61ZtkaFlGFFpdo2K8balNNdz",
                "ZsJ/9mmI9x3oOJ4/l1nhQbUO9ADbs7gJhFdV5Qkp30b5fCI7bU+aoe1ccBbLe/WM",
                "YUty1PqcuQT7XjA+XmYuL261tvW8pBetT+i33/E2d8PzzYt2IuK9qeevyS+yxdwA",
                "kfwejFWzzsUlJaDxs1x4XOxkMgSj+jo+g12dFOb7fyClsAnq23iDb8AuaT/BScAI",
                "+lO+gher69+6LmM7VGHLG5k762J1jTaQCaKt1s8TAWV99Eo4491vL6fyvk3l/Cfg",
                "RXSwiWFgj19Pn0Rq7CD9v22UE2vdUMBTcV4aw79mClk1YQ23jbF0y5DCjPdJ62Zo",
                "tskBgFt3NoWV80jZ76zIBLrrjLwCCll8JjJtFwSkt2GX5RFBsVa4A8IDht9RtEk7",
                "rrHgbSZQfkauEi/mH3/6CDZoLqSHudUZ7d4MaJwun1TkFYGe2ORwGJd4OBj3oGJp",
                "H8YBwCpk///L/fKjX0Gg3M8nrpM4wrRFhPKidAgO/kcm25X4+ZHlVkWBTCt5RWKI",
                "fHh6oLDZCqCfcgMkE1KKmwfIHaUkhq5BPRigwy6i5dh1DM4+1UCLh3dxzVbqE9b9",
                "61NB19nXdRtDA2sOUnj9ve6m/wEPyCb6/zBQZqvCBYb1/AjdXpUrFT+DbpfyxaXN",
                "XfhDVb5mNqNM/IVj0V5fvTc6vOfYbzQtPm10H+FdWWfb+rJRfyC3MA2w2IqstFe3",
                "w3bu2iE6CQvSqRvge+ZqLKt/NqYwOURiUmpuklbl3kPJ97+mfKWoiqk8Iz1VY+bb",
                "NMUC7aoGv+jcoj+WS6PYO8N6BeRVUUB3ZJSf8nzjgxm1/BcM+UD3BPrlhT11ODRs",
                "baifGbprMWwt3dhb8cQgRT8GPdpO1OsDkzL6iikMjLHWWiA99GV6ruiHsIPw6boW",
                "A6/uSOskbDHOROotKmddGTBd0iiHXAoQsJFt1ZjUkt6EHrgWs+GAvrvKpXs1mrz8",
                "uj3GwEFrHS+Xuf2UDgpszYT3hI2cL/kUtGakVR7m7vVMZqXBUbZdGAEb1PZNPwsI",
                "E4aMK02+EVB+tSN4Fzj99N2YD0inVYt+oPjr2tHhUS6aSGBNS/48Ki47DOg4Sxkn",
                "lkOWnEbCD+XTnbDd",
                "=agR5",
                "-----END PGP MESSAGE-----",
                "",
                "",
                "--YFrteb74qSXmggbOxZL9dRnhymywAi--",
                "",
                "",
            ]
        ).encode()
    )
    assert not check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: Message opened",
                "From: <barbaz@c2.testrun.org>",
                "To: <foobar@c2.testrun.org>",
                "Date: Sun, 15 Oct 2023 16:43:25 +0000",
                "Message-ID: <Mr.78MWtlV7RAi.goCFzBhCYfy@c2.testrun.org>",
                "Auto-Submitted: auto-replied",
                "Chat-Version: 1.0",
                "MIME-Version: 1.0",
                "Content-Type: multipart/report; report-type=disposition-notification;",
                '\tboundary="Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi"',
                "",
                "",
                "--Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi",
                "Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no",
                "",
                'The "Hi!" message you sent was displayed on the screen of the recipient.',
                "",
                "This is no guarantee the content was read.",
                "",
                "",
                "--Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi",
                "Content-Type: message/disposition-notification",
                "",
                "Reporting-UA: Delta Chat 1.124.1",
                "Original-Recipient: rfc822;barbaz@c2.testrun.org",
                "Final-Recipient: rfc822;barbaz@c2.testrun.org",
                "Original-Message-ID: <Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>",
                "Disposition: manual-action/MDN-sent-automatically; displayed",
                "",
                "",
                "--Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi--",
                "",
                "",
            ]
        ).encode()
    )
--- a/deploy-chatmail/src/deploy_chatmail/init.py
+++ b/deploy-chatmail/src/deploy_chatmail/init.py
@@ -34,28 +34,43 @@ def _install_chatmaild() -> None:
            commands=[f"pip install --break-system-packages {remote_path}"],
        )
-        for fn in (
+        files.put(
-            "doveauth-dictproxy",
+            name="upload doveauth-dictproxy.service",
-            "filtermail",
+            src=importlib.resources.files("chatmaild")
-        ):
+            .joinpath("doveauth-dictproxy.service")
-            files.put(
+            .open("rb"),
-                name=f"Upload {fn}.service",
+            dest="/etc/systemd/system/doveauth-dictproxy.service",
-                src=importlib.resources.files("chatmaild")
+            user="root",
-                .joinpath(f"{fn}.service")
+            group="root",
-                .open("rb"),
+            mode="644",
-                dest=f"/etc/systemd/system/{fn}.service",
+        )
-                user="root",
+        systemd.service(
-                group="root",
+            name="Setup doveauth-dictproxy service",
-                mode="644",
+            service="doveauth-dictproxy.service",
-            )
+            running=True,
-            systemd.service(
+            enabled=True,
-                name=f"Setup {fn} service",
+            restarted=True,
-                service=f"{fn}.service",
+            daemon_reload=True,
-                running=True,
+        )
-                enabled=True,
+
-                restarted=True,
+        files.put(
-                daemon_reload=True,
+            name="upload filtermail.service",
-            )
+            src=importlib.resources.files("chatmaild")
            .joinpath("filtermail.service")
            .open("rb"),
            dest="/etc/systemd/system/filtermail.service",
            user="root",
            group="root",
            mode="644",
        )
        systemd.service(
            name="Setup filtermail service",
            service="filtermail.service",
            running=True,
            enabled=True,
            restarted=True,
            daemon_reload=True,
        )
 def _configure_opendkim(domain: str, dkim_selector: str) -> bool:
@@ -158,33 +173,6 @@ def _configure_dovecot(mail_server: str, debug: bool = False) -> bool:
    return need_restart
 def _configure_nginx(domain: str, debug: bool = False) -> bool:
    """Configures nginx HTTP server."""
    need_restart = False
    main_config = files.template(
        src=importlib.resources.files(__package__).joinpath("nginx.conf.j2"),
        dest="/etc/nginx/nginx.conf",
        user="root",
        group="root",
        mode="644",
        config={"domain_name": domain},
    )
    need_restart |= main_config.changed
    autoconfig = files.template(
        src=importlib.resources.files(__package__).joinpath("autoconfig.xml.j2"),
        dest="/var/www/html/.well-known/autoconfig/mail/config-v1.1.xml",
        user="root",
        group="root",
        mode="644",
        config={"domain_name": domain},
    )
    need_restart |= autoconfig.changed
    return need_restart
 def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> None:
    """Deploy a chat-mail instance.
@@ -206,7 +194,7 @@ def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> N
    )
    # Deploy acmetool to have TLS certificates.
-    deploy_acmetool(nginx_hook=True, domains=[mail_server])
+    deploy_acmetool(domains=[mail_server])
    apt.packages(
        name="Install Postfix",
@@ -226,17 +214,11 @@ def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> N
        ],
    )
    apt.packages(
        name="Install nginx",
        packages=["nginx"],
    )
    _install_chatmaild()
    debug = False
    dovecot_need_restart = _configure_dovecot(mail_server, debug=debug)
    postfix_need_restart = _configure_postfix(mail_domain, debug=debug)
    opendkim_need_restart = _configure_opendkim(mail_domain, dkim_selector)
    nginx_need_restart = _configure_nginx(mail_domain)
    systemd.service(
        name="Start and enable OpenDKIM",
@@ -262,14 +244,6 @@ def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> N
        restarted=dovecot_need_restart,
    )
    systemd.service(
        name="Start and enable nginx",
        service="nginx.service",
        running=True,
        enabled=True,
        restarted=nginx_need_restart,
    )
    # This file is used by auth proxy.
    # https://wiki.debian.org/EtcMailName
    server.shell(
@@ -277,22 +251,6 @@ def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> N
        commands=[f"echo {mail_domain} >/etc/mailname; chmod 644 /etc/mailname"],
    )
    journald_conf = files.put(
        name="Configure journald",
        src=importlib.resources.files(__package__).joinpath("journald.conf"),
        dest="/etc/systemd/journald.conf",
        user="root",
        group="root",
        mode="644",
    )
    systemd.service(
        name="Start and enable journald",
        service="systemd-journald.service",
        running=True,
        enabled=True,
        restarted=journald_conf,
    )
    def callback():
        result = server.shell(
            commands=[
--- a/deploy-chatmail/src/deploy_chatmail/acmetool/init.py
+++ b/deploy-chatmail/src/deploy_chatmail/acmetool/init.py
@@ -1,6 +1,6 @@
 import importlib.resources
-from pyinfra.operations import apt, files, server
+from pyinfra.operations import apt, files, systemd, server
 def deploy_acmetool(nginx_hook=False, email="", domains=[]):
@@ -38,13 +38,22 @@ def deploy_acmetool(nginx_hook=False, email="", domains=[]):
        email=email,
    )
-    files.template(
+    service_file = files.put(
-        src=importlib.resources.files(__package__).joinpath("target.yaml.j2"),
+        src=importlib.resources.files(__package__)
-        dest="/var/lib/acme/conf/target",
+        .joinpath("acmetool-redirector.service")
        .open("rb"),
        dest="/etc/systemd/system/acmetool-redirector.service",
        user="root",
        group="root",
        mode="644",
    )
    systemd.service(
        name="Setup acmetool-redirector service",
        service="acmetool-redirector.service",
        running=False,
        enabled=False,
        restarted=service_file.changed,
    )
    for domain in domains:
        server.shell(
--- a/deploy-chatmail/src/deploy_chatmail/acmetool/acmetool-redirector.service
+++ b/deploy-chatmail/src/deploy_chatmail/acmetool/acmetool-redirector.service
@@ -0,0 +1,11 @@
 [Unit]
 Description=acmetool HTTP redirector
 [Service]
 Type=notify
 ExecStart=/usr/bin/acmetool redirector --service.uid=daemon
 Restart=always
 RestartSec=30
 [Install]
 WantedBy=multi-user.target
--- a/deploy-chatmail/src/deploy_chatmail/acmetool/target.yaml.j2
+++ b/deploy-chatmail/src/deploy_chatmail/acmetool/target.yaml.j2
@@ -1,7 +0,0 @@
 request:
  provider: https://acme-v02.api.letsencrypt.org/directory
  key:
    type: rsa
  challenge:
    webroot-paths:
    - /var/www/html/.well-known/acme-challenge
--- a/deploy-chatmail/src/deploy_chatmail/autoconfig.xml.j2
+++ b/deploy-chatmail/src/deploy_chatmail/autoconfig.xml.j2
@@ -1,37 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <clientConfig version="1.1">
  <emailProvider id="{{ config.domain_name }}">
    <domain>{{ config.domain_name }}</domain>
    <displayName>{{ config.domain_name }} chatmail</displayName>
    <displayShortName>{{ config.domain_name }}</displayShortName>
    <incomingServer type="imap">
      <hostname>{{ config.domain_name }}</hostname>
      <port>993</port>
      <socketType>SSL</socketType>
      <authentication>password-cleartext</authentication>
      <username>%EMAILADDRESS%</username>
    </incomingServer>
    <incomingServer type="imap">
      <hostname>{{ config.domain_name }}</hostname>
      <port>143</port>
      <socketType>STARTTLS</socketType>
      <authentication>password-cleartext</authentication>
      <username>%EMAILADDRESS%</username>
    </incomingServer>
    <outgoingServer type="smtp">
      <hostname>{{ config.domain_name }}</hostname>
      <port>465</port>
      <socketType>SSL</socketType>
      <authentication>password-cleartext</authentication>
      <username>%EMAILADDRESS%</username>
    </outgoingServer>
    <outgoingServer type="smtp">
      <hostname>{{ config.domain_name }}</hostname>
      <port>587</port>
      <socketType>STARTTLS</socketType>
      <authentication>password-cleartext</authentication>
      <username>%EMAILADDRESS%</username>
    </outgoingServer>
  </emailProvider>
 </clientConfig>
--- a/deploy-chatmail/src/deploy_chatmail/journald.conf
+++ b/deploy-chatmail/src/deploy_chatmail/journald.conf
@@ -1,2 +0,0 @@
 [Journal]
 MaxRetentionSec=3d
--- a/deploy-chatmail/src/deploy_chatmail/nginx.conf.j2
+++ b/deploy-chatmail/src/deploy_chatmail/nginx.conf.j2
@@ -1,47 +0,0 @@
 user www-data;
 worker_processes auto;
 pid /run/nginx.pid;
 error_log /var/log/nginx/error.log;
 events {
 	worker_connections 768;
 	# multi_accept on;
 }
 http {
 	sendfile on;
 	tcp_nopush on;
 	# Do not emit nginx version on error pages.
 	server_tokens off;
 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;
 	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
 	ssl_prefer_server_ciphers on;
 	ssl_certificate /var/lib/acme/live/{{ config.domain_name }}/fullchain;
 	ssl_certificate_key /var/lib/acme/live/{{ config.domain_name }}/privkey;
 	gzip on;
 	server {
 		listen 80 default_server;
 		listen [::]:80 default_server;
 		listen 443 ssl default_server;
 		listen [::]:443 ssl default_server;
 		root /var/www/html;
 		index index.html index.htm;
 		server_name _;
 		location / {
 			# First attempt to serve request as file, then
 			# as directory, then fall back to displaying a 404.
 			try_files $uri $uri/ =404;
 		}
 	}
 }
--- a/deploy-chatmail/src/deploy_chatmail/postfix/master.cf.j2
+++ b/deploy-chatmail/src/deploy_chatmail/postfix/master.cf.j2
@@ -32,7 +32,7 @@ submission inet n       -       y       -       -       smtpd
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
-  -o smtpd_proxy_filter=127.0.0.1:10080
+  -o content_filter=filter:unix:private/filtermail
 smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
@@ -47,7 +47,7 @@ smtps     inet  n       -       y       -       -       smtpd
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
-  -o smtpd_proxy_filter=127.0.0.1:10080
+  -o content_filter=filter:unix:private/filtermail
 #628       inet  n       -       y       -       -       qmqpd
 pickup    unix  n       -       y       60      1       pickup
 cleanup   unix  n       -       y       -       0       cleanup
@@ -76,5 +76,5 @@ scache    unix  -       -       y       -       1       scache
 postlog   unix-dgram n  -       n       -       1       postlogd
 filter    unix -        n       n       -       -       lmtp
 # Local SMTP server for reinjecting filered mail.
-localhost:10025 inet  n       -       n       -       10      smtpd
+localhost:10026 inet  n       -       n       -       10      smtpd
-  -o syslog_name=postfix/reinject
+        -o content_filter=
--- a/online-tests/benchmark.py
+++ b/online-tests/benchmark.py
@@ -0,0 +1,34 @@
 def test_tls_serialized_connect(benchmark, imap_or_smtp):
    def connect():
        imap_or_smtp.connect()
    benchmark(connect)
 def test_login(benchmark, imap_or_smtp, gencreds):
    cls = imap_or_smtp.__class__
    conns = []
    for i in range(20):
        conn = cls(imap_or_smtp.host)
        conn.connect()
        conns.append(conn)
    def login():
        conn = conns.pop()
        conn.login(*gencreds())
    benchmark(login)
 def test_send_and_receive_10(benchmark, cmfactory, lp):
    """send many messages between two accounts"""
    ac1, ac2 = cmfactory.get_online_accounts(2)
    chat = cmfactory.get_accepted_chat(ac1, ac2)
    def send_10_receive_all():
        for i in range(10):
            chat.send_text(f"hello {i}")
        for i in range(10):
            ac2.wait_next_incoming_message()
    benchmark(send_10_receive_all)
--- a/online-tests/conftest.py
+++ b/online-tests/conftest.py
@@ -1,34 +1,19 @@
 import os
 import io
 import time
 import random
 import subprocess
 import imaplib
 import smtplib
 import itertools
 from email.parser import BytesParser
 from email import policy
 from pathlib import Path
 from math import ceil
 import pytest
 conftestdir = Path(__file__).parent
 def pytest_addoption(parser):
    parser.addoption(
        "--slow", action="store_true", default=False, help="also run slow tests"
    )
 def pytest_configure(config):
    config._benchresults = {}
    config.addinivalue_line(
        "markers", "slow: mark test to require --slow option to run"
    )
 def pytest_runtest_setup(item):
    markers = list(item.iter_markers(name="slow"))
    if markers:
@@ -69,49 +54,6 @@ def pytest_report_header():
        return ["-" * len(text), text, "-" * len(text)]
@pytest.fixture
 def benchmark(request):
    def bench(func, num, name=None):
        if name is None:
            name = func.__name__
        durations = []
        for i in range(num):
            now = time.time()
            func()
            durations.append(time.time() - now)
        durations.sort()
        request.config._benchresults[name] = durations
    return bench
 def pytest_terminal_summary(terminalreporter):
    tr = terminalreporter
    results = tr.config._benchresults
    if not results:
        return
    tr.section("benchmark results")
    float_names = "median min max".split()
    width = max(map(len, float_names))
    def fcol(parts):
        return " ".join(part.rjust(width) for part in parts)
    headers = f"{'benchmark name': <30} " + fcol(float_names)
    tr.write_line(headers)
    tr.write_line("-" * len(headers))
    for name, durations in results.items():
        measures = [
            sorted(durations)[len(durations) // 2],
            min(durations),
            max(durations),
        ]
        line = f"{name: <30} "
        line += fcol(f"{float: 2.2f}" for float in measures)
        tr.write_line(line)
@pytest.fixture
 def imap(maildomain):
    return ImapConn(maildomain)
@@ -133,24 +75,6 @@ class ImapConn:
        print(f"imap-login {user!r} {password!r}")
        self.conn.login(user, password)
    def fetch_all(self):
        print("imap-fetch all")
        status, res = self.conn.select()
        if int(res[0]) == 0:
            raise ValueError("no messages in imap folder")
        status, results = self.conn.fetch("1:*", "(RFC822)")
        assert status == "OK"
        return results
    def fetch_all_messages(self):
        print("imap-fetch all messages")
        results = self.fetch_all()
        messages = []
        for item in results:
            if len(item) == 2:
                messages.append(item[1].decode())
        return messages
@pytest.fixture
 def smtp(maildomain):
@@ -173,11 +97,6 @@ class SmtpConn:
        print(f"smtp-login {user!r} {password!r}")
        self.conn.login(user, password)
    def sendmail(self, from_addr, to_addrs, msg):
        print(f"smtp-sendmail from={from_addr!r} to_addrs={to_addrs!r}")
        print(f"smtp-sendmail message size: {len(msg)}")
        return self.conn.sendmail(from_addr=from_addr, to_addrs=to_addrs, msg=msg)
@pytest.fixture(params=["imap", "smtp"])
 def imap_or_smtp(request):
@@ -279,72 +198,4 @@ class Remote:
        )
        while 1:
            line = self.popen.stdout.readline()
-            res = line.decode().strip().lower()
+            yield line.decode().strip().lower()
            if res:
                yield res
            else:
                break
@pytest.fixture
 def maildata(request, gencreds):
    datadir = conftestdir.joinpath("mail-data")
    def maildata(name, from_addr=None, to_addr=None):
        if from_addr is None:
            from_addr = gencreds()[0]
        if to_addr is None:
            to_addr = gencreds()[0]
        data = datadir.joinpath(name).read_text()
        text = data.format(from_addr=from_addr, to_addr=to_addr)
        return BytesParser(policy=policy.default).parsebytes(text.encode())
    return maildata
@pytest.fixture
 def cmsetup(maildomain, gencreds):
    return CMSetup(maildomain, gencreds)
 class CMSetup:
    def __init__(self, maildomain, gencreds):
        self.maildomain = maildomain
        self.gencreds = gencreds
    def gen_users(self, num):
        print(f"Creating {num} online users")
        users = []
        for i in range(num):
            addr, password = self.gencreds()
            user = CMUser(self.maildomain, addr, password)
            assert user.smtp
            users.append(user)
        return users
 class CMUser:
    def __init__(self, maildomain, addr, password):
        self.maildomain = maildomain
        self.addr = addr
        self.password = password
        self._smtp = None
        self._imap = None
    @property
    def smtp(self):
        if not self._smtp:
            handle = SmtpConn(self.maildomain)
            handle.connect()
            handle.login(self.addr, self.password)
            self._smtp = handle
        return self._smtp
    @property
    def imap(self):
        if not self._imap:
            imap = ImapConn(self.maildomain)
            imap.connect()
            imap.login(self.addr, self.password)
            self._imap = imap
        return self._imap
--- a/online-tests/pytest.ini
+++ b/online-tests/pytest.ini
@@ -0,0 +1,3 @@
 [pytest]
 addopts = -vrsx --strict-markers
 markers = slow: mark test as slow (requires --slow option to run)
--- a/online-tests/test_0_basic.py
+++ b/online-tests/test_0_basic.py
@@ -0,0 +1,15 @@
 def test_remote(remote, imap_or_smtp):
    lineproducer = remote.iter_output(imap_or_smtp.logcmd)
    imap_or_smtp.connect()
    assert imap_or_smtp.name in next(lineproducer)
 def test_use_two_chatmailservers(cmfactory, maildomain2):
    ac1 = cmfactory.new_online_configuring_account(cache=False)
    cmfactory.switch_maildomain(maildomain2)
    ac2 = cmfactory.new_online_configuring_account(cache=False)
    cmfactory.bring_accounts_online()
    cmfactory.get_accepted_chat(ac1, ac2)
    domain1 = ac1.get_config("addr").split("@")[1]
    domain2 = ac2.get_config("addr").split("@")[1]
    assert domain1 != domain2
--- a/online-tests/test_0_login.py
+++ b/online-tests/test_0_login.py
@@ -1,5 +1,4 @@
 import pytest
 import smtplib
 def test_login_basic_functioning(imap_or_smtp, gencreds, lp):
--- a/online-tests/test_1_deltachat.py
+++ b/online-tests/test_1_deltachat.py
@@ -1,4 +1,3 @@
 import time
 import random
 import pytest
@@ -82,29 +81,3 @@ class TestEndToEndDeltaChat:
        ch = ac2.qr_setup_contact(qr)
        assert ch.id >= 10
        ac1._evtracker.wait_securejoin_inviter_progress(1000)
    def test_read_receipts_between_instances(self, cmfactory, lp, maildomain2):
        ac1 = cmfactory.new_online_configuring_account(cache=False)
        cmfactory.switch_maildomain(maildomain2)
        ac2 = cmfactory.new_online_configuring_account(cache=False)
        cmfactory.bring_accounts_online()
        lp.sec("setup encrypted comms between ac1 and ac2 on different instances")
        qr = ac1.get_setup_contact_qr()
        ch = ac2.qr_setup_contact(qr)
        msg = ac2.wait_next_incoming_message()
        assert "verified" in msg.text
        lp.sec("ac1 sends a message and ac2 marks it as seen")
        chat = ac1.create_chat(ac2)
        msg = chat.send_text("hi")
        m = ac2.wait_next_incoming_message()
        m.mark_seen()
        # we can only indirectly wait for mark-seen to cause an smtp-error
        lp.sec("try to wait for markseen to complete and check error states")
        deadline = time.time() + 3.1
        while time.time() < deadline:
            msgs = m.chat.get_messages()
            for msg in msgs:
                assert "error" not in m.get_message_info()
            time.sleep(1)
--- a/scripts/deploy.sh
+++ b/scripts/deploy.sh
@@ -1,15 +1,10 @@
 #!/usr/bin/env bash
 : ${CHATMAIL_DOMAIN:=c1.testrun.org}
 export CHATMAIL_DOMAIN
-echo -----------------------------------------
+chatmaild/venv/bin/python3 -m build -n --sdist chatmaild --outdir dist
 echo deploying to $CHATMAIL_DOMAIN 
 echo -----------------------------------------
-echo WARNING: in five seconds deploy to $CHATMAIL_DOMAIN starts
+deploy-chatmail/venv/bin/pyinfra --ssh-user root "$CHATMAIL_DOMAIN" \
 sleep 5
 venv/bin/python3 -m build -n --sdist chatmaild --outdir dist
 venv/bin/pyinfra --ssh-user root "$CHATMAIL_DOMAIN" \
    deploy-chatmail/src/deploy_chatmail/deploy.py
 rm -r dist/
--- a/scripts/init.sh
+++ b/scripts/init.sh
@@ -1,8 +1,14 @@
 #!/bin/sh
 set -e
-python3 -m venv venv
+python3 -m venv deploy-chatmail/venv
-pip=venv/bin/pip
+deploy-chatmail/venv/bin/pip install pyinfra pytest
 deploy-chatmail/venv/bin/pip install -e deploy-chatmail
 deploy-chatmail/venv/bin/pip install -e chatmaild
-$pip install pyinfra pytest build 'setuptools>=68' tox deltachat
+python3 -m venv chatmaild/venv
-$pip install -e deploy-chatmail 
+sudo apt install -y dovecot-core && sudo systemctl disable --now dovecot
-$pip install -e chatmaild 
+chatmaild/venv/bin/pip install --upgrade pytest build 'setuptools>=68'
 chatmaild/venv/bin/pip install -e chatmaild
 python3 -m venv online-tests/venv
 online-tests/venv/bin/pip install pytest pytest-timeout pdbpp deltachat pytest-benchmark
--- a/scripts/test.sh
+++ b/scripts/test.sh
@@ -1,4 +1,3 @@
 #!/bin/bash
-tox -c chatmaild
+chatmaild/venv/bin/pytest chatmaild/ $@
-tox -c deploy-chatmail
+online-tests/venv/bin/pytest online-tests/ -vrx --durations=5 $@
 venv/bin/pytest tests/online -vrx --durations=5 $@
--- a/tests/chatmaild/test_filtermail.py
+++ b/tests/chatmaild/test_filtermail.py
@@ -1,82 +0,0 @@
 from chatmaild.filtermail import check_encrypted, check_DATA, SendRateLimiter, check_mdn
 import pytest
@pytest.fixture
 def maildomain():
    # let's not depend on a real chatmail instance for the offline tests below
    return "chatmail.example.org"
 def test_reject_forged_from(maildata, gencreds):
    class env:
        mail_from = gencreds()[0]
        rcpt_tos = [gencreds()[0]]
    # test that the filter lets good mail through
    env.content = maildata("plain.eml", from_addr=env.mail_from).as_bytes()
    assert not check_DATA(envelope=env)
    # test that the filter rejects forged mail
    env.content = maildata("plain.eml", from_addr="forged@c3.testrun.org").as_bytes()
    error = check_DATA(envelope=env)
    assert "500" in error
 def test_filtermail_no_encryption_detection(maildata):
    msg = maildata("plain.eml")
    assert not check_encrypted(msg)
    # https://xkcd.com/1181/
    msg = maildata("fake-encrypted.eml")
    assert not check_encrypted(msg)
 def test_filtermail_encryption_detection(maildata):
    msg = maildata("encrypted.eml")
    assert check_encrypted(msg)
    # if the subject is not "..." it is not considered ac-encrypted
    msg.replace_header("Subject", "Click this link")
    assert not check_encrypted(msg)
 def test_filtermail_is_mdn(maildata, gencreds):
    from_addr = gencreds()[0]
    to_addr = gencreds()[0] + ".other"
    msg = maildata("mdn.eml", from_addr, to_addr)
    class env:
        mail_from = from_addr
        rcpt_tos = [to_addr]
        content = msg.as_bytes()
    assert check_mdn(msg, env)
    print(msg.as_string())
    assert not check_DATA(env)
 def test_filtermail_to_multiple_recipients_no_mdn(maildata, gencreds):
    from_addr = gencreds()[0]
    to_addr = gencreds()[0] + ".other"
    thirdaddr = gencreds()[0]
    msg = maildata("mdn.eml", from_addr, to_addr)
    class env:
        mail_from = from_addr
        rcpt_tos = [to_addr, thirdaddr]
        content = msg.as_bytes()
    assert not check_mdn(msg, env)
 def test_send_rate_limiter():
    limiter = SendRateLimiter()
    for i in range(100):
        if limiter.is_sending_allowed("some@example.org"):
            if i <= SendRateLimiter.MAX_USER_SEND_PER_MINUTE:
                continue
            pytest.fail("limiter didn't work")
        else:
            assert i == SendRateLimiter.MAX_USER_SEND_PER_MINUTE + 1
            break
--- a/tests/mail-data/encrypted.eml
+++ b/tests/mail-data/encrypted.eml
@@ -1,66 +0,0 @@
 From: {from_addr}
 To: {to_addr}
 Subject: ...
 Date: Sun, 15 Oct 2023 16:43:21 +0000
 Message-ID: <Mr.UVyJWZmkCKM.hGzNc6glBE_@c2.testrun.org>
 In-Reply-To: <Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>
 References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>
 	<Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>
 Chat-Version: 1.0
 Autocrypt: addr={from_addr}; prefer-encrypt=mutual;
 	keydata=xjMEZSwWjhYJKwYBBAHaRw8BAQdAQBEhqeJh0GueHB6kF/DUQqYCxARNBVokg/AzT+7LqH
 	rNFzxiYXJiYXpAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUsFo4CGwMECwkIBwYVCAkKCwID
 	FgIBFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX9A4AEAnHWHp49eBCMHK5t66gYPiW
 	XQuB1mwUjzGfYWB+0RXUoA/0xcQ3FbUNlGKW7Blp6eMFfViv6Mv2d3kNSXACB6nmcMzjgEZSwWjhIK
 	KwYBBAGXVQEFAQEHQBpY5L2M1XHo0uxf8SX1wNLBp/OVvidoWHQF2Jz+kJsUAwEIB8J4BBgWCAAgBQ
 	JlLBaOAhsMFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX/INgEA37AJaNvruYsJVanP
 	IXnYw4CKd55UAwl8Zcy+M2diAbkA/0fHHcGV4r78hpbbL1Os52DPOdqYQRauIeJUeG+G6bQO
 MIME-Version: 1.0
 Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
 	boundary="YFrteb74qSXmggbOxZL9dRnhymywAi"
 --YFrteb74qSXmggbOxZL9dRnhymywAi
 Content-Description: PGP/MIME version identification
 Content-Type: application/pgp-encrypted
 Version: 1
 --YFrteb74qSXmggbOxZL9dRnhymywAi
 Content-Description: OpenPGP encrypted message
 Content-Disposition: inline; filename="encrypted.asc";
 Content-Type: application/octet-stream; name="encrypted.asc"
 -----BEGIN PGP MESSAGE-----
 wU4DhW3gBZ/VvCYSAQdA8bMs2spwbKdGjVsL1ByPkNrqD7frpB73maeL6I6SzDYg
 O5G53tv339RdKq3WRcCtEEvxjHlUx2XNwXzC04BpmfvBTgNfPUyLDzjXnxIBB0Ae
 8ymwGvXMCCimHXN0Dg8Ui62KOi03h0UgheoHWovJSCDF4CKre/xtFr3nL7lq/PKI
 JsjVNz7/RK9FSXF6WwfONtLCyQGEuVAsB/KXfCBEyfKhaMwGHvhujRidGW5uV1no
 lMGl3ODmo29Lgeu2uSE7EpJRZoe6hU6ddmBkqxax61ZtkaFlGFFpdo2K8balNNdz
 ZsJ/9mmI9x3oOJ4/l1nhQbUO9ADbs7gJhFdV5Qkp30b5fCI7bU+aoe1ccBbLe/WM
 YUty1PqcuQT7XjA+XmYuL261tvW8pBetT+i33/E2d8PzzYt2IuK9qeevyS+yxdwA
 kfwejFWzzsUlJaDxs1x4XOxkMgSj+jo+g12dFOb7fyClsAnq23iDb8AuaT/BScAI
 +lO+gher69+6LmM7VGHLG5k762J1jTaQCaKt1s8TAWV99Eo4491vL6fyvk3l/Cfg
 RXSwiWFgj19Pn0Rq7CD9v22UE2vdUMBTcV4aw79mClk1YQ23jbF0y5DCjPdJ62Zo
 tskBgFt3NoWV80jZ76zIBLrrjLwCCll8JjJtFwSkt2GX5RFBsVa4A8IDht9RtEk7
 rrHgbSZQfkauEi/mH3/6CDZoLqSHudUZ7d4MaJwun1TkFYGe2ORwGJd4OBj3oGJp
 H8YBwCpk///L/fKjX0Gg3M8nrpM4wrRFhPKidAgO/kcm25X4+ZHlVkWBTCt5RWKI
 fHh6oLDZCqCfcgMkE1KKmwfIHaUkhq5BPRigwy6i5dh1DM4+1UCLh3dxzVbqE9b9
 61NB19nXdRtDA2sOUnj9ve6m/wEPyCb6/zBQZqvCBYb1/AjdXpUrFT+DbpfyxaXN
 XfhDVb5mNqNM/IVj0V5fvTc6vOfYbzQtPm10H+FdWWfb+rJRfyC3MA2w2IqstFe3
 w3bu2iE6CQvSqRvge+ZqLKt/NqYwOURiUmpuklbl3kPJ97+mfKWoiqk8Iz1VY+bb
 NMUC7aoGv+jcoj+WS6PYO8N6BeRVUUB3ZJSf8nzjgxm1/BcM+UD3BPrlhT11ODRs
 baifGbprMWwt3dhb8cQgRT8GPdpO1OsDkzL6iikMjLHWWiA99GV6ruiHsIPw6boW
 A6/uSOskbDHOROotKmddGTBd0iiHXAoQsJFt1ZjUkt6EHrgWs+GAvrvKpXs1mrz8
 uj3GwEFrHS+Xuf2UDgpszYT3hI2cL/kUtGakVR7m7vVMZqXBUbZdGAEb1PZNPwsI
 E4aMK02+EVB+tSN4Fzj99N2YD0inVYt+oPjr2tHhUS6aSGBNS/48Ki47DOg4Sxkn
 lkOWnEbCD+XTnbDd
 =agR5
 -----END PGP MESSAGE-----
 --YFrteb74qSXmggbOxZL9dRnhymywAi--
--- a/tests/mail-data/fake-encrypted.eml
+++ b/tests/mail-data/fake-encrypted.eml
@@ -1,25 +0,0 @@
 Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=
 Chat-Disposition-Notification-To: foobar@c2.testrun.org
 Chat-User-Avatar: 0
 From: <{from_addr}>
 To: <{to_addr}>
 Date: Sun, 15 Oct 2023 16:41:44 +0000
 Message-ID: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>
 References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>
 Chat-Version: 1.0
 Autocrypt: addr={from_addr}; prefer-encrypt=mutual;
 	keydata=xjMEZSrw3hYJKwYBBAHaRw8BAQdAiEKNQFU28c6qsx4vo/JHdt73RXdjMOmByf/XsGiJ7m
 	nNFzxmb29iYXJAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUq8N4CGwMECwkIBwYVCAkKCwID
 	FgIBFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJCX3gEAhm0MehE5byBBU1avPczr/I
 	HjNLht7Qf6++mAhlJmtDcA/0C8VYJhsUpmiDjuZaMDWNv4FO2BJG6LH7gSm6n7ClMJzjgEZSrw3hIK
 	KwYBBAGXVQEFAQEHQAxGG/QW0owCfMp1A+vXEMwgzWcBpNFr58kX2eXuPpM6AwEIB8J4BBgWCAAgBQ
 	JlKvDeAhsMFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJDg1gEAwLf8KDoAAKyYgjyI
 	vYvO9VEgBni1C4Xx1VjcaEmlDK8BALoFuUCK+enw76TtDcAUKhlhUiM6SDRExkS4Nskp/BcK
 MIME-Version: 1.0
 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no
 -----BEGIN PGP MESSAGE-----
 Hi!
 -----END PGP MESSAGE-----
--- a/tests/mail-data/mdn.eml
+++ b/tests/mail-data/mdn.eml
@@ -1,33 +0,0 @@
 Subject: Message opened
 From: <{from_addr}>
 To: <{to_addr}>
 Date: Sun, 15 Oct 2023 16:43:25 +0000
 Message-ID: <Mr.78MWtlV7RAi.goCFzBhCYfy@c2.testrun.org>
 Auto-Submitted: auto-replied
 Chat-Version: 1.0
 MIME-Version: 1.0
 Content-Type: multipart/report; report-type=disposition-notification;
 	boundary="Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi"
 --Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi
 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no
 The "Hi!" message you sent was displayed on the screen of the recipient.
 This is no guarantee the content was read.
 --Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi
 Content-Type: message/disposition-notification
 Reporting-UA: Delta Chat 1.124.1
 Original-Recipient: rfc822;barbaz@c2.testrun.org
 Final-Recipient: rfc822;barbaz@c2.testrun.org
 Original-Message-ID: <Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>
 Disposition: manual-action/MDN-sent-automatically; displayed
 --Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi--
--- a/tests/mail-data/plain.eml
+++ b/tests/mail-data/plain.eml
@@ -1,23 +0,0 @@
 Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=
 Chat-Disposition-Notification-To: foobar@c2.testrun.org
 Chat-User-Avatar: 0
 From: <{from_addr}>
 To: <{to_addr}>
 Date: Sun, 15 Oct 2023 16:41:44 +0000
 Message-ID: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>
 References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>
 Chat-Version: 1.0
 Autocrypt: addr=foobar@c2.testrun.org; prefer-encrypt=mutual;
 	keydata=xjMEZSrw3hYJKwYBBAHaRw8BAQdAiEKNQFU28c6qsx4vo/JHdt73RXdjMOmByf/XsGiJ7m
 	nNFzxmb29iYXJAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUq8N4CGwMECwkIBwYVCAkKCwID
 	FgIBFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJCX3gEAhm0MehE5byBBU1avPczr/I
 	HjNLht7Qf6++mAhlJmtDcA/0C8VYJhsUpmiDjuZaMDWNv4FO2BJG6LH7gSm6n7ClMJzjgEZSrw3hIK
 	KwYBBAGXVQEFAQEHQAxGG/QW0owCfMp1A+vXEMwgzWcBpNFr58kX2eXuPpM6AwEIB8J4BBgWCAAgBQ
 	JlKvDeAhsMFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJDg1gEAwLf8KDoAAKyYgjyI
 	vYvO9VEgBni1C4Xx1VjcaEmlDK8BALoFuUCK+enw76TtDcAUKhlhUiM6SDRExkS4Nskp/BcK
 MIME-Version: 1.0
 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no
 Hi!
--- a/tests/online/benchmark.py
+++ b/tests/online/benchmark.py
@@ -1,60 +0,0 @@
 def test_tls_imap(benchmark, imap):
    def imap_connect():
        imap.connect()
    benchmark(imap_connect, 10)
 def test_login_imap(benchmark, imap, gencreds):
    def imap_connect_and_login():
        imap.connect()
        imap.login(*gencreds())
    benchmark(imap_connect_and_login, 10)
 def test_tls_smtp(benchmark, smtp):
    def smtp_connect():
        smtp.connect()
    benchmark(smtp_connect, 10)
 def test_login_smtp(benchmark, smtp, gencreds):
    def smtp_connect_and_login():
        smtp.connect()
        smtp.login(*gencreds())
    benchmark(smtp_connect_and_login, 10)
 class TestDC:
    def test_autoconfigure(self, benchmark, cmfactory):
        def autoconfig_and_idle_ready():
            cmfactory.get_online_accounts(1)
        benchmark(autoconfig_and_idle_ready, 5)
    def test_ping_pong(self, benchmark, cmfactory):
        ac1, ac2 = cmfactory.get_online_accounts(2)
        chat = cmfactory.get_accepted_chat(ac1, ac2)
        def ping_pong():
            chat.send_text("ping")
            msg = ac2.wait_next_incoming_message()
            msg.chat.send_text("pong")
            ac1.wait_next_incoming_message()
        benchmark(ping_pong, 5)
    def test_send_10_receive_10(self, benchmark, cmfactory, lp):
        ac1, ac2 = cmfactory.get_online_accounts(2)
        chat = cmfactory.get_accepted_chat(ac1, ac2)
        def send_10_receive_10():
            for i in range(10):
                chat.send_text(f"hello {i}")
            for i in range(10):
                ac2.wait_next_incoming_message()
        benchmark(send_10_receive_10, 5)
--- a/tests/online/test_1_basic.py
+++ b/tests/online/test_1_basic.py
@@ -1,63 +0,0 @@
 import smtplib
 import pytest
 def test_remote(remote, imap_or_smtp):
    lineproducer = remote.iter_output(imap_or_smtp.logcmd)
    imap_or_smtp.connect()
    assert imap_or_smtp.name in next(lineproducer)
 def test_use_two_chatmailservers(cmfactory, maildomain2):
    ac1 = cmfactory.new_online_configuring_account(cache=False)
    cmfactory.switch_maildomain(maildomain2)
    ac2 = cmfactory.new_online_configuring_account(cache=False)
    cmfactory.bring_accounts_online()
    cmfactory.get_accepted_chat(ac1, ac2)
    domain1 = ac1.get_config("addr").split("@")[1]
    domain2 = ac2.get_config("addr").split("@")[1]
    assert domain1 != domain2
@pytest.mark.parametrize("forgeaddr", ["internal", "someone@example.org"])
 def test_reject_forged_from(cmsetup, maildata, lp, forgeaddr):
    user1, user3 = cmsetup.gen_users(2)
    lp.sec("send encrypted message with forged from")
    print("envelope_from", user1.addr)
    if forgeaddr == "internal":
        addr_to_forge = cmsetup.gen_users(1)[0].addr
    else:
        addr_to_forge = "someone@example.org"
    print("message to inject:")
    msg = maildata("encrypted.eml", from_addr=addr_to_forge, to_addr=user3.addr)
    msg = msg.as_string()
    for line in msg.split("\n")[:4]:
        print(f"   {line}")
    lp.sec("Send forged mail and check remote postfix lmtp processing result")
    with pytest.raises(smtplib.SMTPException) as e:
        user1.smtp.sendmail(from_addr=user1.addr, to_addrs=[user3.addr], msg=msg)
    assert "500" in str(e.value)
@pytest.mark.slow
 def test_exceed_rate_limit(cmsetup, gencreds, maildata):
    """Test that the per-account send-mail limit is exceeded."""
    user1, user2 = cmsetup.gen_users(2)
    mail = maildata(
        "encrypted.eml", from_addr=user1.addr, to_addr=user2.addr
    ).as_string()
    for i in range(100):
        print("Sending mail", str(i))
        try:
            user1.smtp.sendmail(user1.addr, [user2.addr], mail)
        except smtplib.SMTPException as e:
            if i < 80:
                pytest.fail(f"rate limit was exceeded too early with msg {i}")
            outcome = e.recipients[user2.addr]
            assert outcome[0] == 450
            assert b"4.7.1: Too much mail from" in outcome[1]
            return
    pytest.fail("Rate limit was not exceeded")
--- a/tests/pytest.ini
+++ b/tests/pytest.ini
@@ -1,2 +0,0 @@
 [pytest]
 addopts = -vrsx --strict-markers
		`@@ -1,2 +0,0 @@`
			`[pytest]`
			`addopts = -vrsx --strict-markers`